Resources / The Evolution Blog
Digital Signatures: A New Approach to Identifying Account Takeover Attempts
Natalie Lewkowicz

Digital Signatures: A New Approach to Identifying Account Takeover Attempts
Account takeovers (ATO) are a significant and growing threat, where fraudsters gain unauthorized access to user accounts to steal personal information, make fraudulent purchases, or exploit accounts for other malicious activities. Traditional ATO detection methods often fall short, especially as attackers use increasingly sophisticated tactics like bot-assisted credential stuffing and social engineering. Digital signatures, a behavior-based security measure from Darwinium, offer a new approach to detecting these threats in real time. This blog explores how Darwiniumdigital signatures work, their advantages over traditional methods, and how Darwinium’s digital signature technology enhances ATO protection across the customer journey.
Understanding Account Takeover Fraud
What is Account Takeover (ATO) Fraud?
ATO fraud occurs when unauthorized users gain control of legitimate user accounts, often through tactics like phishing, credential stuffing, or brute-force attacks. Once inside a user’s account, fraudsters can access sensitive data, steal funds, redeem rewards, or even use the account as a launchpad for further attacks.
Common Tactics in ATO
Fraudsters employ various strategies to take over accounts, including:
- Credential Stuffing: Automated bots test stolen username-password pairs across multiple sites, relying on password reuse to gain access.
- Phishing and Social Engineering: Attackers deceive users into sharing credentials or one-time passcodes (OTPs), which they then use to log in.
- Brute-Force Attacks: Automated tools systematically attempt passwords, especially targeting accounts with weak or common passwords.
- The Risks and Impact of ATO on Businesses and Users
For businesses, account takeovers damage customer trust, lead to financial losses, and increase the risk of regulatory penalties. For users, ATO means a loss of privacy, potential financial damage, and a long process of account recovery.
Limitations of Traditional Account Takeover Detection
Reliance on Static Security Measures
Traditional ATO prevention tools often rely on measures such as active authentication checks e.g. username and password and two-factor authentication, as well as passive authentication checks such as analyzing device, location and digital identity intelligence. The challenge is, fraudsters have found ways to bypass nearly all of these approaches using a combination of brute force tactics, tools such asproxies and emulators, or social engineering and phishing attempts.
High False Positives from Rule-Based Detection
Rule-based systems often generate high false-positive rates, especially when users travel or access accounts from multiple devices. Excessive false positives frustrate genuine users and don’t necessarily prevent sophisticated fraud.
Siloed Data and Lack of Context
Many traditional ATO solutions focus on isolated data points like login behavior, rather than a holistic view of the user journey. This limited perspective makes it difficult to detect ATO attempts that occur gradually, that hit exposed API endpoints, ortarget multiple sessions.
What Are Digital Signatures and How Do They Work?
Defining Digital Signatures in Account Security
In account security, digital signatures are probabilistic identifiers created from a combination of device, network, and behavioral data. Each user interaction is recorded, allowing the system to establish a “signature” or behavioral profile based on past interactions.Digital signatures can be compared in real time for percentage similarity, rather than against a fixed identifier. This gives businesses the ability to test and choose their similarity threshold to uncover new patterns of unwanted behaviors and fraudulent networks.
How Digital Signatures Differ from Static Identifiers
Unlike static identifiers (e.g., IP addresses or device IDs), digital signatures are dynamic and adapt to each user’s evolving behavior. This makes it harder for fraudsters to replicate genuine user behavior, even if they gain access to the user’s device or credentials.
The Role of Behavioral Biometrics in Digital Signatures
Behavioral biometrics, such as typing patterns, mouse movements, and navigation habits, play a key role in creating behavior-based digital signatures. By capturing these unique traits, digital signatures differentiate between genuine users and fraudsters or automated trafficattempting to mimic legitimate behavior.
How Darwinium Uses Digital Signatures for Enhanced ATO Detection
Comprehensive Monitoring Across the Customer Journey
Darwinium’s solution tracks interactions across the entire customer journey, from login and profile updates to checkout and payment. This end-to-end view allows digital signatures to capture subtle anomalies over time, providing early indications of suspicious behavior.
Adaptive Digital Signatures for Evolving User Behavior
Darwinium’s digital signatures adapt as users’ behaviors change, allowing genuine users flexibility while still identifying fraudsters. For example, if a user consistently logs in from the same device and suddenly switches to a new device and location, Darwinium’s adaptive system can detect whether this change aligns with genuine behavior or signals potential fraud.
Behavioral Biometrics for Precision Detection
By incorporating behavioral biometrics into digital signatures, Darwinium detects small deviations in interaction patterns. For instance, a fraudster may have login credentials but may not replicate the typing speed, mouse movement, or navigation habits of the legitimate user, allowing Darwinium to detect the anomaly.
Real-Time Anomaly Detection and Dynamic Remediation
When Darwinium’s system detects suspicious behavior, it can respond in real time by flagging the account, requiring additional authentication, or even blocking access if necessary. This real-time response minimizes the impact of ATO attempts, protecting accounts before fraudsters can cause harm.
Key Benefits of Using Digital Signatures for Account Security
Early Detection of Account Takeover Attempts
Digital signatures can help detect ATO attempts early in the process by identifying small, behavior-based inconsistencies that traditional methods may miss. This allows businesses to intervene before fraudsters can fully access or exploit the account.
Reduced False Positives for a Better User Experience
Unlike rigid rule-based systems, digital signatures are context-sensitive and can adapt to user behavior. This reduces false positives, ensuring legitimate users aren’t unnecessarily interrupted while suspicious accounts receive targeted interventions.
Scalability for High-Volume Environments
Darwinium’s solution can scale easily, making it suitable for businesses with high transaction volumes or large user bases. By automating behavior-based risk assessments , digital signatures can helpbusinesses better separate trust and risk across millions of interactions in real time.
Future-Proofing Against Sophisticated Fraud Tactics
Digital signatures are designed to adapt as fraud tactics evolve, learning from each interaction and updating profiles dynamically. This continuous adaptation makes them effective against new, emerging ATO tactics that might evade detection by traditional methods.
Real-World Examples of Darwinium’s Digital Signatures in Action
Case Study 1: Building Trust and Detecting Account Takeover Attempts on a Financial Platform
Background
This financial services organization, specializing in business banking, was struggling to verify its online users’ authenticity.
The existing device fingerprinting solution had poor persistency, resulting in excess challenges at login via a one-time passcode (OTP).
This increased friction for good customers, andrequired significant operational resource and budget.
The organization wanted a better way to improve UX while keeping accounts secure, reserving OTPs for genuinely high-risk interactions.Challenges
Several other fraud solutions had been discounted due to the high cost of covering multiple touchpoints in the customer journey. This meant that the financial institition had poor visibility of customer behavior across interactions, and was therefore imposing unnecessary friction on every customer, regardless of trust or risk.
How Darwinium Helped
Darwinium’s digital signatures provided the financial platform with behavior-based insights that went beyond static checks, providing the backbone for recognizing more users and identifying risky behavior in real time. By monitoring each user’s unique interaction patterns, such as typing speed, navigation sequence, and session duration, Darwiniumcould create adaptive behavioral profiles for legitimate users. In scenarios where fraudsters might attempt to access accounts, subtle differences in their interactions, could be flagged, including:
- Location and Device Changes: Darwinium’s signatures can take into account the user’s historical device, location, and network usage patterns. When these elements change without a corresponding change in user behavior, the platform canflagthese interactions as potentially fraudulent.
- Variations in Typing Speed and Patterns: Fraudsters attempting to rush through account processes often exhibited typing speeds and rhythms that differed from those of genuine users. Even slight inconsistencies could be flagged by Darwinium’s digital signatures.
- Navigation Sequence Anomalies: Legitimate users typically followed consistent navigation patterns based on their historical behavior. However, fraudsters unfamiliar with the platform’s layout can navigate pages inconsistently or in a different sequence, triggering alerts.
- These combined indicators helped alert the financial services institution to potential ATO attempts, prompting additional verification steps, such as multi-factor authentication (MFA), before high-risk actions (e.g., fund transfers) were completed.
Outcome
By implementing Darwinium’s digital signatures, the financial provider increased returning user recognition to 97% at login and reduced the use of OPTs by 46%, with associated cost savings. Darwinium’s behavior-based approach enabled the platform to block unauthorized transactions early while allowing legitimate users to complete transactions seamlessly. This proactive detection enhanced the platform’s security, prevented fraud, and minimized disruption for genuine users.
Case Study 2: Preventing Credential Stuffing on an eCommerce Platform
Background
A large eCommerce providefaced a surge in credential stuffing attacks, where bots used stolen username-password combinations to attempt logins. These attacks, often fueled by data breaches and credential leaks, allowed fraudsters to gain access to user accounts and make unauthorized purchases. The bots were programmed to mimic human-like navigation patterns; bypassing basic CAPTCHA defenses, adding unnecessary friction for good users.
Challenges
The bots employed sophisticated tactics to evade detection, such as varying login times, randomizing page clicks, and appearing to follow typical browsing patterns. As a result, the platform’s standard CAPTCHA and rate-limiting tools were ineffective in identifying these attacks, leading to potential account compromises, poor customer experience, and resource strain on the platform’s backend.
How Darwinium Helped
Darwinium’s digital signatures introduced a new level of detection by analyzing each session’s behavioral data in real time, distinguishing between human users and bots through:
- Behavioral Biometrics: Bots often exhibited typing, mouse movement, and click patterns that differed from those of genuine users. Darwinium’s system can detect these slight variations, such as faster-than-typical typing rhythms or predictable navigation sequences, flagging sessions likely driven by automated scripts.
- Anomalous Login Frequencies: Darwinium’sanalyzed the frequency of login attempts within a session. The system flagged accounts showing unusually high login attempts within a short period, indicating potential credential stuffing.
- Profiling Traffic Further Up the Digital Journey: Darwinium sits further up the customer journey to profile traffic as it hits a website, detecting and providing recommendations on malicious bots, credential testing and account takeovers in real time without the need for additional step-ups.
Outcome
- 70% reduction in step-up costs associated with credit card testing.
- Significant reduction in operational costs to detect automated bots – 1 million events detected and blocked in one month alone.
- Reduction in manual review within fraud system, with associated reduction in customer friction across account creation and login.
The Future of Digital Signatures in Account Security
AI-Enhanced Digital Signatures for Improved Accuracy
Digital signatures become more precise with every interaction, detecting nuanced patterns and learning from each touchpoint to further distinguish between genuine users and fraudsters.
Privacy-First Approach to Behavioral Security
As digital signatures rely on user data, privacy is a growing concern. Darwinium’s approach is privacy-first, using anonymized and encrypted data to ensure user information is secure while still enabling robust fraud detection.
Integration with Multi-Layered Security Measures
Digital signatures are powerful on their own but can be even more effective when combined with other security measures like behavioral analytics and other machine learning techniques. In addition, darwinium’s platform easily integrates with other third-party tools, such as KYC checks, email verification and phone intelligence creating a cohesive, layered defense.
Continuous Learning and Adaptation
As fraud tactics evolve, digital signatures will continue to adapt, learning from each new interaction. This constant adaptation ensures that Darwinium’s solution remains effective against emerging threats, future-proofing account security.
Key Takeaways
Proactive Fraud Prevention with Early Detection
Both examples highlight how Darwinium’s digital signatures enable early detection of ATO attempts. By capturing and analyzing nuanced behavioral changes, Darwinium helps businesses identify potential fraud before attackers can fully exploit accounts.
Minimizing Friction for Legitimate Users
Darwinium’s digital signatures minimize disruptions by only intervening onto high-risk sessions. This ensures that genuine users are not subjected to unnecessary challenges, resulting in a better overall user experience.
Adaptability to Sophisticated and Evolving Fraud Tactics
As shown in both case studies, Darwinium’s behavior-based approach adapts to various fraud tactics, including credential stuffing and more behavior-based ATO. This flexibility allows businesses to respond effectively to evolving threats while remaining resilient against future attack vectors.
Comprehensive Security Across Diverse Industries
The success of Darwinium’s digital signatures in both the financial services and eCommerce sectors underscores the versatility and effectiveness of behavior-based security in safeguarding accounts across multiple industries. By integrating digital signatures into their security strategies, businesses can protect their users and maintain trust, regardless of industry-specific risks.
Conclusion
Digital signatures represent a transformative approach to account takeover detection, using behavior-based insights to detect unauthorized access in real time. Darwinium’s digital signature technology, combined with a flexible decision engine and conditional orchestration capabilities, provides businesses with a powerful toolkit to protect accounts, prevent fraud, and maintain a seamless user experience. By implementing Darwinium’s advanced ATO protection, businesses can stay resilient against evolving threats, ensuring a safe, secure environment for their users.