Skip to main content

Account Takeovers (ATOs)

Overview

Account Takeover Fraud (ATO) occurs when a fraudster obtains login credentials for your good user accounts. Most commonly, these login credentials will be username password combinations. Typically, these are the steps the fraudster will follow once they have obtained the login credentials:

  1. The fraudster logs into the good user's account with the stolen credentials.
  2. Once they are there, they use the card on file to transact.
  3. The good user will eventually notice the fraudulent charges on their account, and the merchant will eat the loss in either the form of a chargeback or a refund.

How does DyScan Protect help?

To combat the situation described above, you may ask a suspicious user to verify that they possess the card on file through DyScan or DyScan Protect. A common way to identify a suspicious user is by looking for transaction attempts on a a new device in a new location on an older account. DyScan or DyScan Protect can check that the user truly possesses the card saved on file, therefor verifying the user's identity as the owner of the account. You can think of this as a form of two-factor authentication, where the second factor besides the login credentials is the credit card saved on file.

Variant: Sometimes the fraudster may have access not only to the good user's login information, but also the good user's credit card number. In this scenario, DyScan Protect must be used to detect whether the card is a generated image. See our overview of stolen credit card fraud for more information.