Overview
Account takeover (ATO) is when a fraudster gains control of an account that belongs to a genuine customer. Fraudsters can then make unauthorised transactions, sell the compromised accounts on and/or scrape personal information out of the account which can be sold.
In the Ravelin dashboard you have the ability to review customer activity as account takeover, in particular orders, devices or successful logins.
Analysts should only review as account takeover when they are sure that is the case, as this information will be used by our machine learning models and inaccurate reviews could have a negative impact on the performance of the model.
Review as Account Takeover
To start an Account Takeover review you need to select the order, device or login you want to review on the customer profile and select the option "Review as Account Takeover".
On the confirmation screen you can see:
- the order, device or login selected to review
- the device associated
- any other orders placed using that device on that customer account
The confirmation screen will vary depending on the starting point of the review:
- an order - it will show the device used and also any other orders placed by that device in that customer account.
- a successful login - it will show the device used and any orders placed using that device on that customer account.
- a device - it will show any orders placed using that device on that customer account.
Once you confirm the review:
- the order/device/login selected will be reviewed as Account Takeover.
- the device used to place the order or login will be reviewed as Account Takeover.
- any orders placed on that device for that customer will be reviewed as Account Takeover.
- any other orders placed on that device by other customers will also be reviewed as Account Takeover.
When you look at a reviewed order/device/login you will be able to know if this was the original entity reviewed or if it's a review via a linked device.
As part of the review you can also add a comment as an optional step. Comments added as part of an account takeover review will show on the comments list for that customer alongside an indication that this is a comment from an ATO review.
Undo an Account Takeover review
You can remove an Account Takeover review by going to the order, device or login and select the option to "Undo review".
If the option is not available then this may be because you are looking at a linked review via a device, and in that case you select the option "Go to linked review" and on that order, device or login you can "Undo review".
Undoing an Account Takeover Review also removes the review on the device and any orders placed by the device.
Other customers
As mentioned above, when you do an account takeover review on order or a login we will also review the device that was used to place that order or login.
This means that if that device is used by another customer account this device will also be reviewed as account takeover, and any others orders or logins done using that device will be reviewed as well.
Connect
In Connect you will see when a device has been reviewed as Account takeover. You will also be able to see if that device is connect to other customer accounts.
Filters in explore
In the Explore section of the dashboard, we have Account Takeover filters available in the list of customers, orders and logins.
The filters include:
- Account takeover review status
- Account Takeover
- Unreviewed (initial state with no review or when a review is removed)
- Account takeover review date