Account takeover (ATO) fraud originated as a social engineering tactic, where criminals would trick individuals over the phone into revealing their login credentials. It has since evolved into a highly automated operation, where bots and massive data breaches are used to test stolen credentials across countless websites. For attackers, one of its key benefits is that it makes it nearly impossible to distinguish legitimate users from bad actors.
Think about it this way: when a celebrity’s phone number gets leaked on Reddit, it becomes a playbook for fraudsters who could then use those numbers to hijack accounts. This illustrates a fundamental shift in the fraud landscape, and that is that we’re no longer just defending against stolen passwords. We now must contend with the potential for leaked personal information with every form of authentication, and the digital platforms we rely on are struggling to keep up.
AirKey: A Physical Key for the Digital World
The increasing complexity that’s employed in ATO attacks has rendered traditional deterministic fraud detection models obsolete, and has created a new imperative for adaptive, behavioral-based analytics to distinguish legitimate user activity from malicious incursions at scale.
At the recent Fraud Leaders’ Summit, Prove’s CEO Rodger Desai chatted with Chris Dorsey, Head of Partnerships for AirKey at Capital One about this very issue. AirKey is a new, innovative authentication solution that is powered by the Prove platform. Consumers can activate an AirKey-enabled card by simply tapping it to their smartphone. With a single tap, they can also use their AirKey card to authenticate when accessing their online accounts.
In the presentation, Rodger explained how AirKey turns the NFC chip on a credit card into a hardware token. It’s a "something you have" authenticator that requires physical possession of the card to authenticate high-risk transactions. It is a simple and highly effective way to reduce ATO fraud. It provides a frictionless experience for the user while creating a powerful barrier for fraudsters. It also tackles the convenience that digital wallets offer to fraudsters by requiring physical card possession for provisioning.
AirKey is delivering the future of authentication. The tech stack will be reinvented to tokenize payment credentials to the person, requiring a signature from their phone or a physical key. This approach mitigates the risk of credential compromise by shifting authentication to a physical possession-based model, making it nearly impossible for stolen digital data to be weaponized. By leveraging the NFC technology already embedded in millions of cards, AirKey delivers the efficacy of a dedicated hardware token with the convenience of an item consumers already carry, providing a powerful and scalable way to combat sophisticated account takeover fraud.
AI's Double-Edged Sword in the Fight Against Fraud
We’ve learned that AI makes it scarily easy to mimic voices and likenesses. A fraudster can now use a deepfake to sound like a trusted individual, and that renders traditional authentication methods like voice verification obsolete. This creates a new, and more lucrative strategy for attackers. Use AI to fake a voice or visual to gain access, update credentials, and with those stolen credentials, they now have unfettered access to accounts.
Prove’s defense against this new wave of AI-driven fraud begins with the phone line. Before we even get to the point of a biometric check, we verify the integrity of the phone line itself. If the line isn't trustworthy, any subsequent attempt to mimic a voice or face is immediately flagged as suspicious. This layered approach is essential in a world where AI can effortlessly create synthetic identities.
Looking ahead, we're entering a new era of "agentic commerce," where AI agents will be making transactions on our behalf. Imagine an AI buying your auto insurance for you. It’s convenient, but what happens when you get a bill you don't recognize and claim you didn't authorize the transaction? This will lead to a surge in chargebacks and the need for new security mechanisms to protect consumers, retailers, banks, and every other organization that participates in commerce.
The solution is to make transaction "signing" essential, and this requires a cryptographic signature that provides irrefutable evidence that a user authorized a transaction. This fuses identity verification and authentication into one seamless, secure process.
Looking Ahead: Know Your Agent
While some may see AI adoption as overblown, we’re bullish on its potential to save consumers time and money. However, this future demands a new level of trust and accountability. Beyond "Know Your Customer" (KYC) and "Know Your Business" (KYB), we'll need to "Know Your Agent" (KYA) as AI agents start interacting with each other and making transactions. The Gen Z and Generation Alpha cohorts are already embracing AI platforms over traditional search engines for commerce, and this generational shift will accelerate the need for new security solutions.
At Prove, our vision has been consistent since day one: to make digital transactions as easy and secure as a phone call. We've moved beyond vulnerable methods like SMS OTPs by connecting directly to mobile operators to track SIM and device age, which helps us detect SIM swap fraud. And we’re taking it a step further with Prove Key, our own cryptographic key that’s embedded in the phone after initial SIM verification. It’s a carrier-independent security layer that can regenerate on a new phone, giving our users a persistent and secure digital identity.
We need to stop guessing and start being deterministic. We need to move from probabilistic methods to cryptographic keys and authenticated signatures. With solutions like AirKey, we are building the foundation for a future where trust is not a guess, but a certainty.
Ready to learn more about how AirKey is redefining digital security and protecting against the next generation of fraud? Visit our website to discover how AirKey, powered by Prove, can help secure your digital transactions.
Keep reading
The Supreme Court's ruling on Texas's age verification law creates a new reality for digital identities, balancing the need to protect minors with concerns for free speech and privacy.
Improve 2025 is your essential event to the future of digital customer experience, offering cutting-edge insights and strategies to reimagine identity, authentication, and trust using AI and other innovative technologies.
Discover how sponsor banks can navigate increased scrutiny in the Banking-as-a-Service (BaaS) landscape. Learn strategies to ensure compliance, mitigate risks, and foster sustainable growth in this evolving era.
