Account handovers: The new account takeover threat retailers need to catch
Guest: Shoshana Maraney
In this episode, I continue my conversation with Shoshana Maraney, and we go deeper into a topic I think more retailers need to be paying close attention to, account handovers. If you have not listened to part 1 yet, I really would go back first, because it gives important context for what we unpack here.
What makes this conversation so important is that account handovers are not always easy to spot if you are still looking for the same signals you would expect in a more traditional account takeover. That is part of the problem. AHO fraud can look different, behave differently, and create a very different kind of risk for ecommerce teams trying to protect customer accounts without overreacting to every unusual interaction.
So in this episode, I focus on how account handovers actually show up, the different forms they can take, how I would think about identifying account handovers inside a retail environment, and what preventative measures can reduce the risk. We also talk about the growing need for account security education, because some of these cases are not just about attackers forcing their way in. They are about customers being manipulated, persuaded, or pulled into decisions that weaken their own account security.
And that matters.
Because when ATO evolution starts blending more directly into customer behavior, consent, or social engineering, account takeover prevention gets more complicated. And fraud teams need language, signals, and practical ways to think about that shift.
Here is what that account handover risk means in practice:
- I need to treat account handovers as a distinct account security problem, not just a variation of the same old ATO playbook
- I need better ways of identifying account handovers when the warning signs do not look like traditional forced compromise
- I strengthen retailer account security when I account for manipulation, persuasion, and customer-enabled access risk
- I improve consumer account protection when I combine detection, controls, and account security education
What you’ll hear in this episode:
- How account handovers differ from more familiar account takeover patterns
- What types of account handover fraud more retailers are starting to encounter
- How I would think about identifying account handovers and spotting account compromise detection signals
- Which preventative measures can reduce fraudulent account access and ecommerce account abuse
- Why customer account security now depends more than ever on consumer account protection and education
You should listen to this episode if you:
- Work in ecommerce fraud, trust and safety, or retailer account security
- Want a stronger understanding of account handovers and AHO fraud
- Need better approaches for identifying account handovers before losses spread
- Are focused on account takeover prevention, account compromise detection, or customer account security
- Want practical ideas for reducing online account fraud through better controls and account security education
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
Why account handovers are changing the account security conversation
Let’s break this down.
One of the biggest reasons account handovers deserve their own conversation is that they sit in an uncomfortable gray area for a lot of fraud teams. With a traditional account takeover, I am usually looking for clear signs of unauthorized access. Stolen credentials. Suspicious devices. Login anomalies. Behavior that tells me the real customer is no longer in control.
With account handovers, the picture can get messier.
In some cases, the account owner may still appear to be participating. They may be manipulated into sharing access. They may be convinced to turn over control. They may not understand the risk until the damage is already in motion. That changes the way I need to think about customer account security, because the issue is not always just intrusion. Sometimes it is compromised decision-making.
This is exactly where the ATO evolution gets more interesting, and more difficult.
Because if I am only looking for obvious break-in behavior, I may miss the fact that fraudulent account access is still happening, just through a different path.
- Account handovers often involve a different risk pattern than traditional forced account takeover
- AHO fraud can include customer participation that is manipulated, pressured, or poorly understood
- Account security vulnerabilities now include not just technical access gaps, but social and behavioral ones too
- Account takeover prevention gets harder when the attack path looks less like intrusion and more like transfer
How I think about identifying account handovers in practice
Here’s what’s actually happening.
If I want to get better at identifying account handovers, I need to stop assuming the signals will always show up at login. Sometimes they will. But sometimes the more useful indicators appear after access is established, when account behavior starts changing in ways that do not fit the customer’s normal patterns.
That might mean changes in contact information, shipping behavior, saved payment methods, loyalty usage, order patterns, or customer support interactions. It may look like a legitimate account on the surface, but the intent and control behind it are no longer what they used to be.
That is the part fraud teams should care about.
Because account compromise detection in these situations often depends on context. Not just whether the customer passed authentication, but whether the account activity still makes sense for that customer. That is a very different question.
And honestly, that is where some fraud programs still struggle. They are very good at spotting bad logins. They are less prepared to spot a bad transition of control.
- Identifying account handovers often depends on post-login context, not just authentication signals
- Account compromise detection gets stronger when I compare current activity to known customer patterns
- Online account fraud may still look legitimate at first when the account itself remains technically valid
- Ecommerce account abuse often becomes visible through behavior changes after access is established
The types of account handover fraud retailers should be watching
This is where things get interesting.
Shoshana gets into the fact that account handovers are not one single scenario, and that really matters. Retailers can run into several versions of this problem depending on the business model, the customer journey, and what value sits inside the account.
Some cases may involve social engineering. Some may involve accounts being transferred or shared in ways that break trust and control. Some may start with fraudsters persuading users to hand something over voluntarily. Others may blend old and new account takeover methods, where a compromise starts as one thing and becomes something else over time.
That variety is part of what makes account handover fraud hard to reduce with one simple rule.
I need to understand the motive, the path, and the monetization angle. Is the attacker trying to use stored value, loyalty balances, purchase history, saved payment instruments, or just the trust attached to the account itself. Those questions shape how I respond.
We have seen this playbook before in other fraud areas too. The exact mechanics shift, but the principle stays the same. Criminals look for the lowest-friction path to value.
- Account handovers can take multiple forms depending on customer behavior, account value, and attack path
- New account takeover methods often reuse older fraud logic in less obvious ways
- Retailer account security improves when I map the value inside the account, not just the login risk
- Fraudulent account access becomes harder to stop when teams assume all takeovers look the same
Why account security education is becoming more important
One of the strongest points in this conversation is that prevention cannot rely only on detection. I still need better controls, better monitoring, and better escalation paths, of course. But I also need to think seriously about account security education.
Because if customers can be persuaded into weakening their own account security, then consumer account protection has to include more than backend controls. It has to include clearer education on what not to share, what warning signs matter, and how manipulation around account access actually works.
That usually gets overlooked.
A lot of companies still treat customer education as secondary, or as something that belongs in a help center no one reads unless something has already gone wrong. But with account handovers, education can be one of the few things that interrupts the problem before access changes hands.
And that matters.
Because customer account security is not just about whether my systems can reject bad actors. It is also about whether my customers understand when someone is trying to get them to give that access away.
- Account security education can help reduce account handovers before the compromise is fully underway
- Consumer account protection needs to address manipulation and social engineering, not just passwords and logins
- Account takeover prevention gets stronger when I combine controls with customer-facing warnings and guidance
- Retailers need to treat education as part of prevention, not just post-incident cleanup
The big takeaway from this episode is pretty straightforward. Account handovers are forcing fraud teams to think beyond the older, simpler model of account takeover. In my conversation with Shoshana, what stands out is that AHO fraud often lives in the space between security weakness, customer manipulation, and changing control over the account. The more clearly I understand that, the better I can improve identifying account handovers, strengthen retailer account security, and build consumer account protection that reflects how these threats are actually evolving.
