The words “identity theft” strike fear into the heart of any average consumer. Now, thanks to ever-advancing technology, fraudsters can go a step further with account takeover, accessing all of your information, including your online passwords, balances, credit cards, and reward points, all the while pretending to be the rightful owner.

Some fraudsters take over accounts to impersonate the consumer, while others actually sell the data in an online black market where other dishonest people can buy your stolen account details and from there assume control of your money. What happens next? The thief makes purchases using your money.

 

Credit Card Fraud

According to NuData Security, the most popular way to use stolen credentials is by credit card fraud. This works especially well for online transactions where a card does not need to be present. The thief simply provides the stolen credit card number. If the thief is a salesperson who had actual contact with the original card at an in-store purchase, he or she may have copied the security code as well, opening up more options for using the stolen information literally anywhere with a replicated card.

Loyalty Fraud

Most consumers don’t check the balances on their loyalty or rewards points nearly as often as they might monitor their bank accounts and credit cards. This makes loyalty fraud an easy target. Not only are hotel or airline rewards accounts usually less protected and hence easier to access, but they also usually give the hacker more time to access and use before detection. Since loyalty points can be exchanged for merchandise and often even cash, it is an attractive option for a devious mind.

Bank Account Fraud

Although usually detected the quickest, bank account fraud wreaks havoc in the consumer’s personal account by a fraudster running up purchases on a fraudulent debit card, forging checks, and even occasionally impersonating the account holder in person.

How to Monitor for Account Takeover

Be vigilant to protect yourself from account takeover. If you receive notice that your online password has been changed, and it wasn’t you, contact your financial institution immediately. Also, be aware of any strange activity or multiple failed login attempts. This indicates that someone is attempting to access your personal information. Regularly change your password. But never assume your password is strong enough. No password is invincible against account takeover.