Are High-Security Checks Worth It?

by Jimmy Fong
Account takeover happens when someone logs into one of your users’ accounts without authorization.
It’s terrible for any business. But for lenders in particular, it can be a catastrophe.
Let’s see why, as well as how to prevent account takeovers in lending.
Losing control of an account could spell trouble for your customers and your business. There are two main scenarios here:
Whatever the outcome, a fraudulent loan application doesn’t bode well for you as a lender. It will confuse your analytics, increase security risk, and could potentially land you in legal hot waters, which could see your license revoked.
The last point is particularly salient as online lending is highly scrutinized by regulators. You may have to pay hefty KYC and AML fines, cease your operations, or engage in lengthy legal battles.
Learn how this telecom company lost accounts to fraudsters – but managed to regain control and bounce back with SEON.
Read the Case Study
Whether fraudsters access one of your customers’ accounts through phishing, credential stuffing, or by stumbling upon the login details in a data breach, the key for you remains to protect the login stage. This is how:
Above are examples of suspicious changes you should be monitoring. Let’s dive into specific risk rules below.
Unfortunately, there is no single risk rule that will allow you to definitively decide if you’re dealing with the right customer or not.
However, combining and layering risk rules, as SEON allows you to do, will give excellent results. Here are three examples of the top-performing rules when it comes to preventing online lending account takeover.
Fraudsters don’t always manage to take over an account on their first try. They can use bots, brute force, or manually run through long lists of illegally acquired logins. Whatever the scenario, it’s likely to result in some incorrect passwords being entered.
To monitor that stage, we’ve created a rule that looks at five failed login attempts as an indicator that something might be off.
Note that we don’t want to instantly block the account – this could be an honest mistake. We’ll set that rule to trigger a manual review instead, which should give you more time to check whether you’re dealing with the right borrower or not.
Users’ devices can act as unofficial IDs. Yes, they may log onto your platform using a desktop and mobile phone, but that device isn’t likely to change too regularly. The customer’s IP address is also an indicator, especially when combined with the device hash.
There are exceptions, of course, such as if they’re connecting abroad or from a newly purchased device. But consider all this information in tandem with other new actions and data points, such as a brand new loan application, and you may have reasons to be suspicious.
This is why this rule uses a previously unseen device as a potential red flag.
Here again, we want to err on the side of caution to avoid false positives.
This is why a new, previously unseen device will only add 10 points to our risk score, as you can see above. On its own, it is enough to make an impact but not to tilt the balance and outright block the account.
Another word for data manipulation? Spoofing. In the account takeover detection world, this is a strong indicator that someone is trying to pass for someone else.
In the screenshot below, you can see the data points we’ve gathered and fed through risk rules.
Among these data points are included browsers designed to let you change and control important data, such as your user agent, as well as unusual browser versions.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.
Book a Demo
SEON is known for giving online lenders alternative data to perform modern credit scoring and lower risk. That’s frictionless, real-time checks that work perfectly for thin-file customers and markets where credit bureau information is non-existent.
But there’s more. Because you can implement our data checks at the signup and login stage, this allows you to monitor customer behavior and flag suspicious logins. In fact, this frictionless monitoring can run under the hood at every touchpoint of serving a customer online.
In other words, SEON is your complete end-to-end fraud prevention solution – available via API, with free trial, short-term contracts and no integration or support fees.
Showing all with `` tag
Click here
Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.
The top stories of the month delivered straight to your inbox