In recent years, the sophistication of account takeover attacks has significantly increased. Account fraud can take many forms, but identity and the technology that supports identity is at the heart of how organisations protect their customers and data from having their accounts taken over from malicious third parties. To strengthen cyber resilience, organisations should look at how they can reduce the attack surface, increase monitoring and explore possibilities of moving beyond the password.