User Guides
Home

Troubleshooting and FAQs

Common troubleshooting scenarios

Enrichment step returned an error

Make sure the fields required by the products utilized in the workforce verification workflow are passed in the RiskOS Evaluation API request. Please refer to the product documentation for Socure products utilized in the workflow to understand what fields are required by the respective products. For example, if you are utilizing Socure's Digital Intelligence in the account takeover workflow, you would need to pass di_session_token.

Document Verification or Selfie Reverification did not get triggered

Make sure the RiskOS Evaluation API request includes the docv.config field and docv.config.send_message is set to true.


FAQs

What is Account Takeover Fraud?

What is Account Takeover Fraud?

Account takeover fraud is a form of identity theft where a bad actor gains unauthorized access to a victim’s online account.

The process unfolds in three stages:

  1. Account Compromise: The fraudster breaches the victim’s account.
  2. Access Lockout: They alter account details to lock out the rightful owner.
  3. Fraudulent Activity: The compromised account is used for unauthorized transactions or abuse.

Targets include:

  • Banking and financial accounts
  • Ecommerce accounts
  • Social media profiles
  • Loyalty program accounts
  • Government benefit accounts
How does Account Takeover Fraud take place?

Account takeover attacks often begin with one of the following techniques:

  • Credential Stuffing: Using botnets to test stolen username/password combos.
  • Phishing & Social Engineering: Emails, SMS, or calls trick users into providing credentials or downloading malware.
  • Malware & Keyloggers: Software records keystrokes to steal credentials.
  • Brute Force Attacks: Automated tools guess passwords using dictionaries or randomization.

Once inside, fraudsters:

  • Change credentials, PII, and security settings
  • Add unauthorized users
  • Request new cards or conduct transactions
  • Abuse consumer protections like Regulation E to extract funds

What are the signs of Account Takeover?

Unusual Login Patterns
  • Logins from unfamiliar devices or locations
  • Access during atypical times
Authentication Anomalies
  • Multiple failed login attempts in a short time
  • Spikes in login frequency
Account Modifications
  • Changes to personal info or security settings
Suspicious Account Activity
  • Uncharacteristic transactions
  • Irregular navigation patterns
Communication Disruptions
  • Disabled alerts or unexpected contact info changes

Why is KBA ineffective for preventing account takeovers?

What are knowledge-based authentication (KBA) questions?

KBA asks users to verify identity via questions based on personal info.

Types:

  • Static KBA: User-defined questions
  • Dynamic KBA: Data-derived questions

Why it's flawed:

  • Adds friction before validating identity
  • Data used is often leaked or publicly available
How should organizations respond?

To prevent ATO:

  • Monitor for early warning signs
  • Deploy layered fraud detection (e.g., device, behavior, biometric signals)
  • Avoid outdated auth methods like KBA

Use Socure Sigma Identity and Account Intelligence for real-time ATO prevention.


Updated 10 days ago