What do Annu Kapoor, Virendra Sehwag, Mark Zuckerberg, Katy Perry and Andy Cohen all have in common? Other than all of them being famous in their respective line of work, be it Bollywood, cricket, business, or entertainment, they all are victims of account takeover. Some lost money while others lost access to their social media accounts.

If there’s anything we have learned, it is that education, status in society, and wealth ranking doesn’t mean anything – anyone can become a victim of fraud.

Getting Behind the Tactics and Motives

Account takeover (ATO) fraud is a pervasive threat with many nuances. In India, documented fraud losses last year amounted to over 302 billion rupees with more than half (55%) of all reported fraud cases classified as account takeover. Understanding the tactics and motives of a fraudster is critical to building a robust defence.

There are many different techniques used in the execution of ATO, with phishing, vishing, smishing, and social engineering tactics perhaps the most common and prevalent. However, malware, the misuse of screen-sharing tools and SIM swap, including E-SIM swap, are also among the many tactics in a fraudster’s toolbox.

Recognizing the motive is also crucial. Here, the question becomes, “What is the fraudster hoping to accomplish?” Some of these motives include:

1. Financial activity - Transfer funds out of the account or route funds obtained fraudulently through the account.

2. Access or update information: Access static information like mobile number, relationships with the bank, address of the customer or transactional information like debit & credit transactions, account balance to do SIM swap, answer callbacks for fund transfer requests submitted through a branch or update an email or mobile number.

3. Request/confirmations: Request for top-up loans, supplementary cards, cheque book, issuance of a replacement card, positive pay confirmation, and more.

Indicators and Strategies to Prevent Account Takeover

Despite the many types of account takeover, here are five recommended strategies and indicators that banks can deploy to mitigate account takeover risk.

1. Monitoring Financial and Non-Financial Activity

ATO can occur for distinct reasons, making it essential to scrutinize both financial and non-financial activities. Indicators include changes in device, IP, and geo-location, such as abrupt changes or multiple logins from various locations within a brief period.

2. User Behaviour and Device Activity

Analysing changes in user behaviour such as typing speed, mouse clicks and navigation patterns can reveal potential ATO attempts. Detecting the presence of screen-sharing tools or malware on devices is also crucial in identifying ATO activity and are easy to identify as their behaviour is distinctly different than genuine user behaviour.

3. Cross Channel and Non-Financial Activity

Anomalies in cross-channel activity, such as a transaction initiated in one location but digital activity indicating the customer is in a different location, can be a highly reliable indicator. Unusual non-financial requests or activities on customer accounts, such as excessive inquiries or unexpected requests, may also signal a potential ATO attempt.

4. Real-Time Monitoring and Rule Flexibility

Due to the complex nature of ATO, implementing frameworks to prevent it requires real-time monitoring of diverse data feeds. The system should allow flexibility in changing thresholds, parameters, and conditions promptly, to adapt to evolving fraud trends.

5. Automated Action and Customer Experience

Automation of actions triggered by alerts ensures a seamless response to potential ATO incidents. Close monitoring helps mitigate false positives, striking a balance between enhanced security and maintaining a positive customer experience.


Preventing ATO necessitates more than transaction monitoring; it requires visibility into the customer's digital session and cross-channel transactions. The RBI's Master Direction on Digital Payment Security Controls outlines these as minimum standards for robust security.

Implementing an effective framework involves considering diverse data feeds, including digital fields and various customer-level activities. Real-time processing without impacting customer experience is crucial. Flexibility in modifying rules is equally vital, given the dynamic nature of fraud trends.

When deploying any system against ATO, financial institutions should carefully plan actions based on alert generation. Automation is key, but vigilant monitoring ensures false positives remain within tolerance levels, safeguarding customer experience while fortifying security.

With the increase in limits for instant payments through UPI, the risk of account takeover is only going to increase. RBI and banks continually emphasize customer awareness, a commendable initiative. But education alone cannot shield customers against sophisticated frauds. An integrated approach that combines technology, vigilant monitoring, and dynamic response mechanisms is essential to stay one step ahead of evolving threats.

Recent Posts