There are numerous types of online fraud that occur at various stages of the user lifecycle, including account takeover (ATO) fraud, new account fraud and checkout fraud. Bots can be used for all types of fraud, often as an initial test to see how your system responds.
There is a ripple effect with each type of fraud. Riskified's 2021 study found that account takeovers are on the rise, with 43 percent of U.S. merchants saying ATO fraud accounted for over 10 percent of their chargebacks. Since compromised accounts and fake accounts are often used multiple times, fraud detection stops more than an isolated incident.
Account Takeover Fraud
Account takeover (ATO) fraud can include transaction fraud and non-transaction fraud, such as stolen loyalty points. Fraudsters use compromised credentials obtained through phishing attacks, data breaches or bought on the dark web to access a legitimate user's account. After initial tests of the compromised credentials, such as changing a shipping address or password, the fraudster moves on to financial transactions. The personal identifiable information (PII) obtained through account takeover fraud allows fraudsters to open new accounts or take over additional accounts in the future.
New Account Fraud
Using stolen credit cards and/or PII obtained through account takeovers, new accounts are created by fraudsters to carry out a variety of activities. Coupon and promo codes designed for new users can be used by fraudsters to purchase goods and services. Referral codes can be exploited by bots or shared on social media, racking up referral points from strangers. After goods or services are purchased, the fraudster can seek refunds and leave merchants liable for chargebacks.
Checkout Fraud
To avoid creating new accounts, fraudsters use stolen credit card information and the "Guest Checkout" option on websites and apps to commit checkout fraud. Bad actors often use bots to automate the testing of stolen credit card numbers on one website or app, then manually enter the same card information at a later date on different sites, along with discount codes, to look more like legitimate customers.