Fraud & Identity Featured Article

The Key to Preventing Mobile Account Takeover

By Alicia Young Web Editor

Account Takeover is quickly becoming one of the most worrisome types of fraud out there. This particular type of fraud is when a fraudster uses a victim’s identity to access the victim’s account information. It’s estimated that Account Takeover costs $2.16 billion in annual losses and accounts for about 5 percent of overall global communications fraud. Although that percentage may not sound like a lot, it’s scary to think about how easy it would be for that number to rise. One of the easiest ways for fraudsters to take over someone’s account is through mobile, and it’s becoming easier for them to steal people’s identities via mobile means.

Mobile Account Takeover, specifically, is a growing problem in the U.S. In 2013, 1,038 cases were reported to the FTC (News - Alert) and, by January 2016, that number had grown to 2,685. Those 2,685 cases represent 6.3 percent of all identity theft incidents reported that month, which is a bit disconcerting. Although email is still the primary method that fraudsters use to access people’s accounts, mobile is becoming a bigger threat as it becomes easier for criminals to access people’s mobile information.

According to IDology, the most common methods of Mobile Identity Takeover fraud are: ANI Spoofing (23 percent), Account Takeover via Porting (20 percent), Device Cloning (19 percent), Recycling Phone Numbers (11 percent), Call Forwarding (9 percent), SMS Intercept (9 percent), SIM Cloning (8 percent), Voicemail Hack (5 percent), and SIM Swap (3 percent). Through any one of these methods, fraudsters are able to obtain a victim’s phone number and then quickly gain access to victims’ bank accounts, bitcoin, payment services and more by having login passwords sent to the newly ported phone number.

Unfortunately, the stealing of this confidential information happens in mere minutes, before the victim or the institution even has a chance to realize that something is off. Chris Drake, Chief Technology Officer, iconectiv (News - Alert), commented on why it’s so difficult for service providers to discover the fraudulent activity while it is happening by saying, “Currently, individual service provider data is unable to efficiently detect account takeover fraud because there is a lack of knowledge of what is happening on other networks with a different device that gets provisioned with the same phone number…Access to cross-network information in a timely manner is the key to combating this type of mobile fraud, and would allow authentication through a consumer’s mobile identity to remain a powerfully simple yet effective version of multi-factor authentication.”

The only way to effectively stop mobile account takeovers is to use an identity verification system that can check if a number has been recently ported, is in the process of being ported, or if the mobile device has changed for any other reason. These changes can raise a red flag, giving organizations the go-ahead to carry out more detailed security checks.

As Mobile Account Takeover becomes an increasingly large threat, it’s important for consumers and operators alike to educate themselves on the topic. To this end, iconectiv has released a new white paper, “Never Underestimate the Power of Identity,” which addresses consumer fraud and the detrimental effects of Mobile Account Takeover. The white paper emphasizes the importance of protecting the integrity of the phone number, which is something we should all be trying to do. You can download the white paper HERE.