How Can Online Lenders Detect Account Takeovers?

Account takeover happens when someone logs into one of your users’ accounts without authorization.

It’s terrible for any business. But for lenders in particular, it can be a catastrophe.

Let’s see why, as well as how to prevent account takeovers in lending.

Why Is Account Takeover Fraud a Problem for Lending?

Losing control of an account could spell trouble for your customers and your business. There are two main scenarios here:

  1. The fraudster applies for a loan and is successful: The money will likely be withdrawn to a bank drop account. It’s money you’ll never see again, and it could impact your legitimate customer negatively, as they’ll be chased for repayments. This, of course, also means that you, the lender, will not be able to recover the loan either.
  2. The fraudster applies for a loan and is declined: Your legitimate customer’s credit score may still be impacted. They will likely wonder who took out a loan in their name and blame you for your platform’s poor security. This leads to an erosion of trust and poor brand reputation.

Whatever the outcome, a fraudulent loan application doesn’t bode well for you as a lender. It will confuse your analytics, increase security risk, and could potentially land you in legal hot waters, which could see your license revoked. 

The last point is particularly salient as online lending is highly scrutinized by regulators. You may have to pay hefty KYC and AML fines, cease your operations, or engage in lengthy legal battles.

Rebtel Reduces ATO by 30%

Learn how this telecom company lost accounts to fraudsters – but managed to regain control and bounce back with SEON.

Read the Case Study

3 Steps to Detecting Online Lending Account Takeover

Whether fraudsters access one of your customers’ accounts through phishing, credential stuffing, or by stumbling upon the login details in a data breach, the key for you remains to protect the login stage. This is how:

  1. Deploy a monitoring tool at login: You want to look for any suspicious or unusual data points, such as a brand new, not before seen device and IP address.
  2. Don’t forget to analyze their behavior: Specific risk rules, such as velocity checks, allow you to understand how users interact with your lending forms. We’ll take a closer look at velocity checks below.
  3. Manage risk dynamically: Managing friction is a challenge for online lenders, so you do not want to interrupt legitimate customers in their journey. This is why we recommend risk scoring to allow through legitimate loan applications, instantly reject suspicious ones, and manually review medium-risk customers.

Signs of Account Takeover

Above are examples of suspicious changes you should be monitoring. Let’s dive into specific risk rules below. 

The 3 Top Custom Rules to Detect Online Lending Account Takeover

Unfortunately, there is no single risk rule that will allow you to definitively decide if you’re dealing with the right customer or not. 

However, combining and layering risk rules, as SEON allows you to do, will give excellent results. Here are three examples of the top-performing rules when it comes to preventing online lending account takeover.

#1: Multiple Failed Passwords Attempted

Fraudsters don’t always manage to take over an account on their first try. They can use bots, brute force, or manually run through long lists of illegally acquired logins. Whatever the scenario, it’s likely to result in some incorrect passwords being entered.

Wrong Passwords Entered

To monitor that stage, we’ve created a rule that looks at five failed login attempts as an indicator that something might be off.

Note that we don’t want to instantly block the account – this could be an honest mistake. We’ll set that rule to trigger a manual review instead, which should give you more time to check whether you’re dealing with the right borrower or not. 

Wrong Passwords Rule

#2: Unrecognized Device Hash and IP Address

Users’ devices can act as unofficial IDs. Yes, they may log onto your platform using a desktop and mobile phone, but that device isn’t likely to change too regularly. The customer’s IP address is also an indicator, especially when combined with the device hash.

There are exceptions, of course, such as if they’re connecting abroad or from a newly purchased device. But consider all this information in tandem with other new actions and data points, such as a brand new loan application, and you may have reasons to be suspicious.

This is why this rule uses a previously unseen device as a potential red flag.

Unrecognised Device Hash

Here again, we want to err on the side of caution to avoid false positives.

This is why a new, previously unseen device will only add 10 points to our risk score, as you can see above. On its own, it is enough to make an impact but not to tilt the balance and outright block the account.

#3: Browser Data Is Manipulated

Another word for data manipulation? Spoofing. In the account takeover fraud prevention world, this is a strong indicator that someone is trying to pass for someone else. 

In the screenshot below, you can see the data points we’ve gathered and fed through risk rules. 

Cookies Not Enabled

Among these data points are included browsers designed to let you change and control important data, such as your user agent, as well as unusual browser versions.

Reduce Fraud Rates by 70–90%

Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How SEON Helps Online Lenders Protect Customer Accounts

SEON is known for giving online lenders alternative data to perform modern credit scoring and lower risk. That’s frictionless, real-time checks that work perfectly for thin-file customers and markets where credit bureau information is non-existent.

But there’s more. Because you can implement our data checks at the signup and login stage, this allows you to monitor customer behavior and flag suspicious logins. In fact, this frictionless monitoring can run under the hood at every touchpoint of serving a customer online.

In other words, SEON is your complete end-to-end fraud prevention solution – available via API, with free trial, short-term contracts and no integration or support fees.

Share article

Speak with a fraud fighter.

Click here

Author avatar
Jimmy Fong

Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.

Sign up for our newsletter

The top stories of the month delivered straight to your inbox