Request a demo

Find out today the difference that Callsign’s unique solution can make to your business.

Seeing is believing.

General enquiries, support and press

By submitting this form, you agree to Callsign’s Privacy Policy



Thank you for your request


In the meantime, connect with Callsign for insights on authentication and fraud prevention

Back to Knowledge & Insights

Account takeover: protecting your front door

Customer Experience Digital & Commerce Fraud & Scams Payments

According to a recent report by Mastercard global fraud losses reached $41 million in 2022. Account takeover fraud (ATO) is one of the most persistent approaches and according to CIFAS in the UK, online retail is the most targeted product for ATO, due to many retailers offering credit before payment.

Dan Ayoub highlights the challenge in the 2024 Gartner® Emerging Tech: 5 Elements to Prevent Digital Commerce Fraud report. He comments that ‘Despite advances in technologies, account compromise remains one of the top vectors for perpetrating online fraud. Many retail organizations are reluctant to introduce any significant friction to the user journey.’ Callsign is named as a Representative Vendor in this report.

The reason it’s such a pernicious threat is that it’s the initial gateway to more fraud problems. Once a criminal has gained access to an account the possibilities are endless from payment fraud to chargebacks – causing an unfortunate domino effect. Which as the Merchant Risk Council puts it, ‘is a serious risk that can cost businesses money, as well as damage their reputation in the long run’.

The gateway to greater fraud

The focus for the majority of merchants is to combat the problems of chargebacks and friendly fraud. Which makes sense, it’s where the main bulk of fraud comes from and solutions such as Visa’s 3DS2.0 go some way to helping tackle this. You can find out more about how we can help here.

However, the increase in account creation among online retails leads to great fraud opportunities and opens the door to increases in payment fraud including:

  • BOTs: sites selling limited edition drops or high value goods are no doubt seeing high volumes of bots making purchases
  • Data harvesting: customer data from email addresses to card details are a valuable commodity on the dark web, only fuelling other types of fraudulent attacks.
  • Fake accounts: These may be used to buy products on credit to sell on or used to build fake identities for further malicious intent.
  • Fraudulent orders: once in, fraudsters have run of the house and are able to make fraudulent orders sent to accommodation addresses that are difficult to trace.
  • Loyalty points and account credit theft: loyalty accounts protected by weak passwords are like fish in a barrel for fraudsters. Once in, points can be switched for cash or transferred to other accounts.

Online accounts store a range of personal details from card and bank information to addresses and payment history, yet are only protected by a username and password – which are easily compromised using a range of methods including:

  • Brute force attacks: using automated tools to systematically guess passwords, often targeting easy-to-guess passwords.
  • Credential stuffing: When attackers already have usernames and password combinations from previously leaked accounts, they will often test these credentials on a number of platforms.
  • Keylogging: Using malware installed on a user’s device, fraudsters are able to record and capture the keystrokes of a given individual. As a result, they can gain the necessary login credentials as well as additional sensitive information needed to conduct ATO.
  • Phishing: This occurs when attackers send emails, texts or other communications designed to look like an authentic business in order to steal credentials, or to install malware (such as keylogging software).

How Callsign can help

Implementing new solutions can often be seen as complex and costly. That’s why we’ve designed a bespoke solution for businesses that not only reduces the risk of account takeover, it’s accessible and customer friendly as it doesn't rely on email or SMS OTPs to validate the account.

Callsign One, is simple to deploy via a single SDK and combines device intelligence and keystroke analysis on the users email to provide layered intelligence that confirms the customers genuine identity at login.

This all sits passively in the background meaning the customer experiences minimal friction, aiding account creation and logins. With 50% of consumers willing to switch to a merchant with less friction in the shopping experience, it’s worth being the merchant they turn to (rather than from).

If you’d like to see it in action. Simply fill in the form and we’ll set up a demo.


1 Gartner, Emerging Tech: 5 Elements to Prevent Digital Commerce Fraud, By Dan Ayoub, 15 February 2024 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

See Callsign One in action

By submitting this form, you agree to Callsign’s Privacy Policy



Thank you

Callsign One

A fraud solution designed with UX in mind

See Callsign One in action