Skip navigation
FDIC Logo.
Happy State Bank logo.

Account Takeover Fraud in the Card Industry

Person holding a credit card and phone

In recent years, account takeover fraud has become a significant threat to the card industry, exploiting vulnerabilities and causing financial losses for both consumers and businesses. Cybercriminals have been conducting socially engineered fraud scams, which allows them to gain unauthorized access to a cardholder’s account. Once the fraudster has control, they can make unauthorized transactions, rack up charges, and potentially damage the cardholder’s financial reputation.

Mechanics of Account Takeover Fraud

Account takeover fraud typically begins with criminals gathering personal information about their targets. Some methods they use to achieve this include phishing emails, fake websites, or malware. Once they acquire sensitive information such as login credentials or personal identification numbers, fraudsters can access the victim’s account.

Hackers are also able to exploit weaknesses in online security measures by their potential victims. For example, if a cardholder uses the same password across multiple sites, a breach at one site could compromise their other accounts. This is also true if a retailer’s website is not adequately protected, a hacker may gain access to large volumes of account information.

Fraudsters also create spoofed numbers showing up as a financial institution. The cardholder believes the person they are talking to is from the Fraud Center or Customer Service Center at their financial institution. The criminal then pretends to help victim out by giving them instructions on what to do with the SMS text they will receive about the transaction they are attempting to make. Through this method, the hacker then begin committing fraudulent transactions. The criminal could also act as if they are going to shut down the card and issue a new card for the cardholder. However, they do not shut down the current card and continue making fraudulent charges.

Strategies to Prevent Account Takeover Fraud

To combat account takeover fraud, it is important to adopt robust security practices. This can include reviewing your account(s) closely, checking your account(s) for any changes to your information (phone number, address, or PIN changes), using strong and unique passwords for each account, enabling two-factor authentication and being vigilant about phishing attempts.

If you feel you have been victimized by a fraud attempt, contact our Customer Care Center immediately at (800) 447-2265 or visit one of our branches.

Need help now?