Account takeover use case

Armed with stolen, up-to-date personally identifiable information (PII) data, criminals are successful in taking over legitimate accounts. Any company that offers a user account or membership system is at risk of an Account Takeover (ATO). All that's really needed is the ability to connect account information, such as card number, use name, password, etc., with a piece of personally identifiable information such as SSN, date of birth, etc.

Account takeover cost consumers $290 in out-of-pocket costs and 16 hours on average to resolve. This translates to more than 62.2 million hours of time consumers lost in 2017.

Javelin Strategy & Research Study, 2018



Reused passwords multiply consumer risk over multiple account types.

Email Account

With access to an email account, the fraudster can reset site passwords on commercial websites using a trusted email address.

eCommerce Account

Once a fraudster accesses an ecommerce account, they have access to all of the payment methods linked to that account.

Rewards Accounts

Another goldmine for fraudsters is rewards points stored online in retail store accounts.

Bank Accounts

With the right credentials, fraudsters can access online bank accounts.


Prevent account fraud in real time by verifying if and when an account holder or fraudulent applicant's PII was stolen.

COMPROMISED identifies stolen PII and delivers scored risk intelligence to help flag high, medium and low-level vulnerabilities for new account creation or account takeover. Risk scoring can be performed by single data descriptors or by weighting all of an individual’s exposed credentials.

Our workflows let you set up rules whenever specified events occur. These rules enable you to route users to different outcomes based on the risk score. When you send COMPROMISED an API call, the output of your workflow is immediately returned to help your risk engine make a time sensitive decision.

Risk scores are requested at the key events where fraud or abuse occurs (e.g. ask for score when sending a create order event, open new account, login to existing account, etc.).

How Account Takeover risk could be scored when considering compromised credentials:


API Call


Risk List


Try COMPROMISED for free with a full 30 day trial.

start your free trial