Account Patterns
Account Takeover
Account takeover (ATO) is a fraud pattern in which an attacker gains control of a legitimate account through credential theft, credential stuffing, session hijack, SIM-swap, or social engineering, then uses the account to commit fraud, move funds, or harvest stored value.
How it works in practice
At a supported login event, Identity Graph linkage can surface identifiers associated with Known Threat activity. Enhanced device intelligence may add supporting evidence where available.
Operator-configured Rules Engine policy determines whether linked evidence merits allow, review, or block handling. Fraud Intercept does not claim behavioral baselines or session-management workflows.
Why it matters for fraud prevention
Account takeover turns a legitimate account into a risk surface. Supported linked-risk evidence can inform an operator response without claiming ownership of authentication recovery controls.
Account takeover and how the Identity Graph helps detect it in fintech is covered on the fintech vertical page, including the device-linkage and money-movement signals that flag a takeover before funds leave.
Browse all definitions on the Fraud Intercept glossary.