Account takeover is a form of online identity theft where a fraudster gains unauthorized access to an individual’s account in a given system. Depending on the system, this unauthorized access can lead to severe consequences of privacy breach and financial loss to the victims, to the companies that maintain the system and to other users. In this paper, we present the work done in order to prevent and detect account takeovers at mobile.de, an online vehicle marketplace. To tackle the prevention problem, we first present a behavioral analysis of how fraudsters operate, and implemented a mutual two-factor authentication that achieved a reduction of 43% of account takeovers. To tackle the detection problem, we introduce a concept drift sensitive machine learning training approach that was able to improve our baseline methods by 18% in detection rates. The automatic detection reduced the exposure of fraudulent listings by 69%, resulting in a safer marketplace for buyers and sellers.
Authors: Ricardo Kawase, Francesca Diana, Mateusz Czeladka, Markus Schüler, Manuela Faust