Businesses are no strangers to the risks and challenges posed by fraudulent activities. One such threat that continues to cause problems for businesses is account takeover fraud.
Account takeover fraud occurs when a malicious individual gains unauthorised access to a customer’s account, exploiting it for personal gain. This can range from financial theft to the compromise of sensitive information.
In this article, we will explore the risks and costs associated with account takeover fraud, discuss how businesses can protect themselves, and delve into its impact on financial services and eCommerce businesses.
The consequences of account takeover fraud can be severe for businesses. Not only does it erode customer trust, leading to reputational damage, but it also results in substantial financial losses.
In the first half of 2022, the occurrence of account takeover attacks increased dramatically by 131%.
Victims of account takeover fraud are likely to seek reimbursement, making businesses responsible for the financial implications. Additionally, the costs associated with investigating and resolving cases of account takeover can be significant, requiring dedicated resources and expertise.
Fortunately, there are several steps businesses can take to shield themselves from account takeover fraud:
Account takeover fraud poses a significant threat to banks and financial institutions, impacting both their customers and their own operations:
For eCommerce businesses, account takeover fraud poses a unique set of challenges. With the rise in online shopping, fraudsters exploit the vulnerabilities of weak security systems to gain unauthorised access to customer accounts. This not only leads to financial losses but also damages the business’s reputation. eCommerce businesses must prioritise security measures such as regular security audits, enhanced encryption protocols, and strict password policies to protect customer accounts and minimise the risk of fraud.
Account takeover fraud poses unique challenges for insurance companies, affecting both their customers and the overall stability and profitability of their business:
We’ve all seen them in multiple variations for years. My uncle has a diamond mine — the original and the greatest. We tried to deliver your parcel (even though you weren’t expecting one). Contact us to arrange the unlocking of your tax rebate. Yeah, right.
The fraudsters simply never let up. But they also never stand still — and not all attempts are as easy to spot as these. And that means that it’s essential for the security of their customers that businesses don’t stand still either: they have a responsibility to be aware of trends in the fraud industry.
It may perhaps seem odd to refer to fraud as an industry but as it’s happening on an industrial scale what other term could you reasonably use? The National Crime Agency estimates that the cost to the UK economy annually is some £190 billion. To give that some perspective: the entire UK fishing industry is worth just £430 million, or almost 500 times less.
Phishing is plainly a lot more lucrative than fishing.
And more than most other enterprises. Which is why it’s happening on such a massive scale. So it’s difficult to overstate just how important it is to be alert to trends — and to be ready to respond to them swiftly.
Right now, one of the biggest new fronts in the war between bona fide business and fraud is on the issue of knowing who’s in charge of a mobile phone.
Because with mobiles at the heart of much human interchange and an ever-increasing proportion of trade and commerce, if the fraudsters can control a mobile number, they can control a lot of other stuff too, including accounts and bank cards linked to that number.
When Experian evaluated the new trends in fraud for 2022, one of their biggest concerns was digital authenticity during smartphone use. As their report put it: “Password-free experiences led by the ubiquitous smartphone and the ability to make real-time payments has resulted in a demand for a seamless, uninterrupted customer journey. But central to all of this is identity authentication.”
We at TMT ID have found that the two most prevalent ways the fraudsters use to hack phone numbers are SIM swap and call forwarding.
Your SIM card is the cornerstone of your mobile phone account identity. If the fraudsters can persuade your mobile provider — typically with a story about a lost handset and an urgent situation — to move your number to a new SIM card and then obtain that card and insert it into an alternative device that they control, they can control your accounts. Once they’ve pulled this off they will be able to intercept your calls and messages and even impersonate you for other services like online banking. To all intents and purposes they have then taken over your digital identity.
In call forwarding fraud, criminals trick a network into forwarding calls and messages from a victim’s phone to their own number — again typically starting with the story that they’ve lost or damaged a handset and are now temporarily on another device. They’ll forward some messages to the genuine account holder to keep them from raising any alarm, while using their new access to the device to confirm their ID for a new account or to authorise a withdrawal request they have fraudulently activated.
If they target an individual they can often find enough information from their publicly available profiles — on social media and so on — to give them the means to approach the phone companies sounding plausible and then successfully pull off either scam. Their victim can be sitting there with their mobile phone in their hand as normal, scrolling carefree, unaware that they are about to lose tens of thousands of pounds because their number has been switched to a surrogate device.
I talked earlier about the responsibility that all companies have to their customers to be informed about such potential dark acts and to be alert to them.
So how do they exercise this responsibility? Well, just as the weakness in a customer’s online security can stem from their intimate relationship with their mobile phone, that phone can also provide the solution to protecting them.
And, similarly, it’s the insight that we get from the phone companies whose security the fraudsters have managed to evade that can catch them: by using data obtained from the mobile phone companies we at TMT ID are able to detect unusual activity linked to a phone number in a moment.
If fraudsters have managed a SIM swap or call forwarding scam, our checks will detect that there’s more than one handset linked to a number or that data is flowing to two places — or to a new place. All these anomalies and sub-variations are visible in the data in a matter of microseconds if your system is sensitive to them. And ours really is.
Because we are connected to the telephony network globally the information we are able to provide is based on live data rather than a back history of behaviours. The fraudsters can move quickly so this live data is key to detecting them quickly too.
So although it’s alarming that your customers can be targeted in these ways, it is also reassuring that you can protect yourself — and them — from being targeted by simply making sure your security procedures are robust.
Telephony fraud is not new — in fact there were fraud schemes reported as far back as the 1950s. Over the years, as the complexity of telephone networks has increased, so has the creativity of fraudsters looking to make money. The 2021 CFCA Global Telecommunications Fraud Loss Survey estimated the amount of revenue loss resulting from fraud schemes to be $40 billion, which was over a 25% increase from the 2019 survey estimate.
Phone number verification plays an essential role in the detection and prevention of telephone fraud. The TMT ID TeleShield service uses TMT ID’s unique data assets — consistently extended and updated — as its foundation. It includes analysis of mobile and fixed phone numbers, with the goal of identifying phone attributes that contribute to assessing the fraud risk for a number. Through integrating a variety of data sources, TeleShield provides an accurate and living representation of the propensity for a number to be fraudulent, putting the power to identify and stop global telephony fraud in our customers’ hands.
We recently worked with a customer who was being billed a high level of surcharges as a victim of Origin Based Routing (OBR) fraud schemes. In an OBR scam, fraudsters can spoof the calling number (A number) to make it appear as if it is coming from a country with a low call termination rate. This is a type of telephony bypass fraud, which in the 2021 CFCA Survey was estimated to cost $2.6 billion.
We were approached by an international wholesale provider that had been billed tens of thousands of euros in call surcharges because originating numbers were identified as invalid by the terminating operator. The service provider wanted an independent analysis of the originating numbers, most of which they suspected were spoofed.
TeleShield’s analysis confirmed the customer’s suspicions — 91% of these calls were not valid numbers:
In summary, TeleShield can be easily integrated into customer business processes to facilitate significant savings on fraud damages. It provides:
In conclusion, account takeover fraud is a pressing issue that businesses must address to safeguard their customers and protect their own interests. By implementing robust security measures, educating customers, and utilising advanced fraud detection solutions, businesses can fortify their defence against account takeover fraud.
Taking proactive steps will not only save businesses from potential financial losses but also ensure their reputation remains intact in the face of ever-evolving cyber threats.
Have you ever wondered who are the most common victims of online fraud? Find out more in our related article.
Last updated on June 25, 2026
Implementing MFA adds an extra layer of security by proving device possession. Authenticate silently confirms the device is the expected one without the need for an OTP.
Check out AuthenticateWe provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >