Identity theft may get the ink – even a recent movie – but a nastycousin is account takeover, and that's now emerging as a crimegrowing at a steroid-driven rate.

Security firm ThreatMetrix recently reported that “based on data taken from October 2012 throughMarch 2013, ThreatMetrix customers saw account takeover attemptsnearly double (168%).”

The company also noted “a rise in the sophistication of accounttakeover attempts.”

Worse news: “We see fraudsters moving down market where thedefenses against account takeovers are not as sophisticated,” saidDavid Britton, an executive with security firm 41st Parameter.

His point: the money center banks have been spendingaggressively on technologies to outsmart account takeover artistsand the thieves are heading to institutions with less formidablebarriers.

That may mean you.

Are you ready?

Michelangelo Sidagni, chief technology officer at security firmNopSec, related that he knows of a case where the CEO of afinancial institution personally fell victim to accounttakeover. “This is a fast-growing problem,” he added.

Which brings us to the other, pertinent question: Are you reallyyou?

That is the account takeover question.Where it differs from identity theft is that in the latter a crookuses legitimate credentials belonging to a victim to open a newaccount which, typically, is used to incur debt that the thiefnever intended to repay.

What is especially maddening about an account takeover is thatyou, the victim, effectively cease to be. And the takeoverartist can simply loot the account, making this potentially alightning fast, in-and-out crime.

The onus, said the experts, is on financial institutions toprevent this – but that is not always easy, in part because victimsfrequently handover their login credentials to criminals.

That's unwittingly of course but via Zeus, phishing email, or other scams, many of us are all tooready to part with our sign in credentials, which makes the accounttakeover as simple as a few clicks on a computer mouse.

“This used to be rooted in dumpster diving. Now it is aboutmalware,” Brian Riley, an expert with CEB TowerGroup. He added: “Account takeover is growingbecause it is a relatively easy fraud to commit.”

“There is only so much a bank can do to stop account takeovers,”said Denis Kelly, author of The Official Identity Theft Prevention Handbook. He added: “If they have your name and password and Social Securitynumber, how can the bank decline?”

Criminals also are getting sophisticated in the looting. A smartcrook, with a victim on the line, will frequently open his ownaccount with the victim's institution. He then will transfer a fewdollars from the victim account to his. Maybe he will do a second,slightly larger transfer. Then he will pounce, emptying thevictim's account and quickly transferring the balance in hisaccount to another U.S. bank, then it will fly out of the countryand, for all practical purposes, it is gone.

Add this up and the sharp conclusion is that the burden is onfinancial institutions to up their defensive game when it comes toaccount takeovers. How?

“Banks need to be more proactive in their monitoring,” said GlenSgambati, chief risk and security officer at Early Warning. Monitor for anomalies — such as wire transfers and changes ofaddress or cellphone numbers — that correlate with accounttakeovers and, just possibly, institutions can go far towardminimizing this crime.

Meantime, at 41st Parameter, Britton preaches a doctrine ofdevice identification and authentication and it getsgranular. This company's argument is that doing anomalydetection on transactions is too late, that security has to catchthe thief before the money begins to move.

How? The 41st Parameter technology will check not just thedevice ID, but what the computer's time zone setting is (a settingfor Ukraine is a red flag on an account registered to a Peoria,Ill., home address). It will also look for language settings andmany dozens of other, subtle identity clues found on anycomputer.

How long does the check take? A fraction of a second, saidBritton.

Still other experts urge putting more of a security burden onthe members' backs, encouraging them, for instance, to sign up forSMS alerts regarding high-value transactions and also imploringthem to activate two factor authentication before high valuetransactions are processed.

Yes, those are burdens – and credit union executives have shiedaway from heaping burdens on members – but the payoff is anotherlayer of protection.

A bottom line: probably there is no silver bullet. Accounttakeover criminals are slick and smart and it is unlikely any onestep will be a cure all. But wary financial institutions arealready implementing multiple steps because this is one species ofcrime that is not going away.