Fraud fighters’ guide to handling suspicious logins

Account takeover leads to a number of negative downstream effects – from financial loss to customer churn to overall brand damage. There are many things a business can do to respond to an ATO attack, but at that point, it’s already too late and you may have lost users’ trust. So what can you do to prevent unauthorized access to accounts in the first place?

Here are some ideas to consider building to keep your customers safe:

Low-risk logins: Send simple notifications

Every so often, people go on vacation or change devices, and that’s all there is to it! In cases like this, you may want to let users log in but also send a friendly notification that there was something a bit different than usual about the login. Legitimate users often appreciate this notification, since it’s done in the name of their own account security.

In any notification you send out, it’s helpful to include some information like location and device so customers can take action in case it wasn’t them:

Riskier logins: Ask for extra verification

If a login is more suspicious than usual for any reason, you may want to prevent access to an account until that user can prove that they are who they say they are. One of the most common ways to do that is to require two factor authentication (2FA). This adds another layer of security, as it requires anyone who is trying to access the account to have more than just a username and password. “

Here is a prompt that you may be familiar with in which you enter a code from a second device to verify the login:

After login: Take more action

If you decide that allowing suspicious logins is a risk you want to take, but still want to keep your accounts secure, you could consider altering post-login experiences for users. Depending on your business model, there are a number of directions these experiences could go.

Here are some things you can consider implementing for customers until they verify themselves:

• Asking customers to re-enter payment details at checkout
• Limiting the amount someone can withdraw
• Hiding valuable personal or financial information
• “Shadow banning” any potential bad content they try to post
• Limiting actions like changing email address or password
• Implementing a “View Only” mode

Every business is different, as is their tolerance for risk. With more and more at stake when an account gets compromised, it’s important to take action on potential account takeover attempts as soon as possible. However, there’s always a tricky balancing act between adding friction and keeping customers safe. It’s important to have a smart solution in place that provides accurate detection.

Take a look at our Account Takeover Prevention integration guide to get started with accurately detecting suspicious logins, and building different experiences based on how risky those logins may be.

Or download our free ebook, the Complete Guide to Account Takeover Prevention, for more tips on how to stop ATO in its tracks.