How to stop account takeover identity theft of customers?
Domas Diliƫnas


Account takeover identity theft is a common form of identity theft. Account takeover occurs when someone steals a customer's username and password and uses it to access their account. Account takeovers can be devastating for the victim, with many cases resulting in thousands of dollars in losses for the victim company and its customers. This guide will outline some steps companies can take to protect themselves against account takeover identity theft, including knowing their customers, implementing new procedures for identity verification, using intelligent fraud detection processes, implementing multi-factor authentication processes and finally having an effective recovery team ready to handle any incident that arises as soon as possible.

What is account takeover identity theft?

Account takeover identity theft is a type of identity theft in which an individual takes over an existing account. The thief may use the victim's personal information to open new accounts and make purchases, or they may also use it to commit fraud by requesting a change of address or other such changes.

Account takeover can happen through many channels:

  • Online: If you have an online account with a company that stores your credit card information (such as Amazon), then it's possible someone could attempt to take over your account by logging in as you and changing their billing details.
  • Telephone: This is similar to online account takeover except that instead of logging in via computer, they call customer service with false details about how much money has been spent using your card number on their behalf (and sometimes even pretend not knowing who they really are).
  • Why should you care about averting account takeover identity theft?

    You should care about averting account takeover identity theft because it's a growing problem. Account takeover identity theft has been an issue for years, but the number of these incidents has increased significantly in recent years. As more people use online services and make purchases online, there are more opportunities for criminals to steal sensitive information from their victims' computers or mobile devices. In addition to the financial costs that account takeover identity theft can incur on businesses, there are also other types of losses associated with this type of fraud: embarrassment and loss of reputation among them.

    Account takeover identity fraud can also be a serious threat to consumers. Once hackers have gained access to a victim's email account, they may use it to make purchases online or even try to access other accounts tied to that email address. This type of fraud has led many companies to offer two-factor authentication as an extra layer of security for their customers.

    Stop account takeover identity theft by knowing your customers.

    Account takeover identity theft is a major problem for customers and businesses. If you know what to look for and how to detect it, you can stop account takeover identity theft before it happens.

    The first step in preventing account takeover identity theft is knowing your customer. Not just their name and address, but also their financial habits and online behavior. For example:

  • Are they likely to make small purchases online? If so, then they may be more vulnerable than someone who buys big ticket items like cars or homes--especially if those items are paid for with cash or check rather than credit cards or other forms of payment that leave a digital footprint behind them (like ACH transfers).
  • Have they ever forgotten their password before? If so, then there's a good chance this could happen again--and if it does happen when someone else has access to their account information through social engineering tactics like phishing emails or phone calls from scammers posing as IT support staff members at banks/credit unions/etc., then those scammers could take over the account without even needing any information about its owner other than what was already available through public records such as social media profiles."
  • Start new procedures for identity verification.

    In order to stop account takeover identity theft, you need to implement new procedures for identity verification. This will help you identify the risks of not implementing a new procedure and how to implement a new procedure.

    There are many reasons why it's important for businesses to implement new procedures for identity verification. First, if you don't have an effective way of verifying customers' identities, then it can be easy for criminals who steal personal information from one person (a victim) and use it on another person's account (the victim's bank account). Second, if criminals successfully take over someone else's online accounts through phishing scams or malware attacks, they could use those accounts as leverage against the real owners by threatening them with blackmail or releasing their private information online unless they pay up--which would cause serious harm both financially and emotionally!

    Use multi-factor authentication.

    Multi-factor authentication is a security measure that requires more than one method of verification before granting access to an account. Multi-factor authentication can be implemented using a hardware token, SMS, email or biometrics.

    The most common form of multi-factor authentication is through the use of an app on your mobile phone that generates a one-time passcode that changes every few seconds. This makes it virtually impossible for anyone other than you (or someone who has access to your phone) to gain access to your account because they don't have access to the OTP generator app on your device.

    The other form of multi-factor authentication is through the use of a hardware token. This is an electronic device that generates one-time passcodes and can be used in conjunction with a mobile app or on its own. The most common form of hardware tokens are USB devices similar to flash drives that plug into your computer's USB port.

    Implement an effective recovery process and response team.

    This is the most important step in stopping account takeover identity theft. The recovery process should be an active and ongoing element of your company's identity protection strategy, so make sure you have a team dedicated to it.

    The first thing you need to do is identify the problem: how many accounts have been taken over? Which ones? Who were they opened with? What was purchased or sold? This information will help you understand what needs fixing and where your weaknesses lie. Then implement a solution: create new security protocols based on what happened during each takeover event, train employees on those new protocols, check whether those systems are working by monitoring activity levels after implementation (for example, compare the number of attempted logins before vs after), reevaluate solutions if necessary--and keep doing this until no further improvement can be found!


    Account takeover identity theft is one of the most common types of identity theft, but it's also one of the easiest to prevent. By implementing new procedures for identity verification and using intelligent fraud detection processes, you can stop account takeover in its tracks before it happens.