by Joao Veiga8 minutes • Fraud & Scams • January 17, 2024
Cracking the New Account Fraud Code: A Guide for Banks
Different banks employ different business strategies to meet their specific goals and needs. But there’s one critical element all banks rely on for success: customers. The more customers a bank serves, the better positioned it is for long-term success. Unfortunately, some bad actors pretend to be legitimate customers and commit new account fraud to open a bank account.
Banks and financial institutions can’t afford to allow these tricky actors to slip through the digital cracks. This type of fraud can be costly for banks as they enable bad actors to onboard and commit illicit activities. Read on to untangle the new account fraud challenge and the critical strategies banks need for new account fraud detection and prevention.
What is New Account Fraud?
New account fraud is a type of criminal activity where someone sets up a bank account for malicious purposes. These fraudulent accounts may be created using stolen or fabricated identities and exploit the bank’s onboarding process.
This is a particularly tricky type of fraud because it occurs at the start of a bank’s relationship with a potential new customer. Banks do not want to turn away legitimate customers. However, creating too many onboarding obstacles can result in a negative customer experience. The challenge with new account fraud detection is that there is very little historical customer data to review when the customer opens an account.
As financial institutions increasingly digitize their services, including the onboarding process, bad actors are expected to target these processes to create new accounts for financial abuse. Severe financial losses can result for banks if this is left unchecked. But the damage doesn’t end there. Regular people can also suffer financial – and possibly legal – harm if their personal information is used to commit new account fraud.
Key New Account Fraud Challenges
Several key factors contribute to banks’ new account challenges.
1. Increased Synthetic Identity Fraud, Identity Theft, and Money Mule Account Threats
Fraudsters open new accounts at banks using a variety of schemes. These tactics often involve stealing personal data to create fake identities. But they can also rely on existing information by stealing a legitimate account holder’s information or influencing the account holder directly.
Synthetic IDs. Fraudsters use stolen personally identifiable information (PII) such as names, postal addresses, email addresses, social security numbers, or other government-issued identifiers to create fake identities. These synthetic identities might combine real and fake information to make it more difficult to detect fraud.
- Once created, fraudsters may open accounts digitally, move illicit funds, and abuse financial services. Automation and brute forcing onboarding processes with synthetic identities using randomly AI-generated data are poised to increase significantly.
Identity theft. Fraudsters don’t have to create fake identities to create new accounts. Instead, they might steal other people’s personal information or obtain data from the dark web to open bank accounts at different institutions. Using social engineering, they could scan a real person’s social media account to fill in specific details and make the deception more convincing.
Money mule accounts. Money mule accounts can be opened by fraudsters using stolen identities or coercing victims to use their legitimate information to create accounts to move money from illegal activities. Account holders might be knowingly or unknowingly participating in the criminal’s scheme.
2. Consumers expect a seamless digital experience
At account opening, there is no baseline of a customer’s “normal” behavior because it is their first interaction with the bank. If genuine consumers are presented with unnecessary hoops, they might abandon the account opening process and opt for a competing financial institution. Fraudsters will inevitably take advantage of a bank’s efforts to keep the onboarding process as frictionless as possible by blending in among legitimate applicants.
3. Rising identity verification costs
Validating application data against third-party providers (credit bureaus, telco, and others) and manual investigations gets expensive. In many cases, data from third-party providers may need more context and, therefore, will be ineffective at detecting a fraudulent new account. If so, money spent on identity verification is ultimately wasted.
Examples of New Account Fraud
Some of the real-world scenarios where new account fraud manifests can include:
1. Bank Loan Fraud
Fraudsters engaged in bank loan fraud skillfully manipulate information during the application process to secure loans. They deceive financial institutions by providing false data and fabricating financial histories, ultimately burdening them with outstanding debt and contributing to financial losses.
2. Credit Card Account Opening
Malicious actors access personal information and use it to create unauthorized credit card accounts. This exposes unsuspecting individuals to severe financial jeopardy, as they become unwitting victims of fraudulent transactions and potential identity theft.
3. Promotional Offer Abuse
Fraudsters exploit special promotions offered by financial institutions. By creating new accounts to take advantage of these promotions, they manipulate the system for personal gain. This type of fraud is a dual threat as it undermines the institution’s integrity and drains resources allocated for genuine customers, highlighting the need for vigilant measures to safeguard against such deceptive tactics.
4. Bust-Out Fraud
Bad actors employing bust-out fraud tactics strategically pose as legitimate customers during the onboarding process. Once granted access to credit, they maximize credit limits and subsequently vanish without fulfilling their financial obligations. This form of fraud not only results in financial losses for the institution but also undermines the trust and security of the financial system.
5. Willing Money Mule Accounts
Innocent individuals are pressured into opening accounts to aid the movement of illicit funds. These unwitting money mules become conduits for criminal activities, often facing legal consequences themselves. Tactics like these further highlight the need for robust safeguards in the account opening process to prevent vulnerable individuals from participating in money mule schemes.
New Account Fraud Red Flags
Because there is little historical data to review a customer’s risk level when onboarding, banks must be able to spot the signs of new account fraud as early as possible. Common red flags for new account fraud include:
- Suspicious Applications
Keep an eye out for applications that don’t add up. For example, several accounts popping up from the same place or using almost the same phone numbers, devices, or IP address is a significant red flag. - Inconsistent Information
When the data provided in an application doesn’t match other available details, that’s a red flag. It could be that the address doesn’t fit or the job history differs considerably. These deviations could mean someone is not being truthful about their identity. - Identity Check Anomalies
If the ID documents are unclear or the answers during verification calls don’t match up, that’s suspicious. Plus, if a third-party verification provider can’t contact the people listed as references, that’s another red flag. Identity is like a puzzle. When the pieces don’t fit, something’s not right. - Unusual Account Moves
Pay attention to what’s happening in the account. Is a large sum of money going in and suddenly moving out too quickly? That’s a sign that fraudsters might be trying to sneak in and transfer money before getting caught. - Strange Activity on Holidays or Weekends
Watch out for strange activity, especially during quieter times like holidays or weekends. Fraudsters often take advantage of these times when bank staff is reduced. It’s essential to be extra cautious during these periods.
Spotting these red flags is critical to catching potential fraud early. New account fraud can evolve quickly, so staying informed about emerging trends and remaining vigilant is crucial. Banks and financial institutions should regularly refine their fraud detection and prevention systems.
A Blueprint for Banks to Catch New Account Fraud
Banks can take several steps and measures in combination to catch new account fraud before fraudsters can onboard. A comprehensive blueprint for uncovering fraudulent applications is needed and should include:
- Device Intelligence: Assess if an applicant’s device has been tampered with, enabling built-in security measures to be bypassed. Investigate if the device has connections or ties to known fraudulent devices or activities. Understand if the device has been used previously with other applications.
- Behavioral Biometrics: Learn how an account holder handles their device when engaging with an account. Pay attention to their keyboard shortcuts and patterns, data entry, and how quickly they enter information into forms.
- Network and Geolocation Data: Pinpoint anomalies in geolocation and IP addresses compared to the application data. Understand if someone previously used the network for other applications. Check whether a proxy, TOR, or VPN connection is masking the actual network.
- Fraud Patterns: Look for patterns like suspicious software. This could indicate malware, browser spoofing, or location spoofing is in use. Check if the device has been rooted, enabling built-in security measures to be bypassed.
- Non-human Patterns: Identify scripts, automation, or emulation usage for brute force attacks. Stop bots before they open hundreds of fake accounts within minutes.
Feedzai Scores High in Behavioral Biometrics
Feedzai’s Digital Trust Scores High in Behavioral Biometrics and Device Fingerprinting Account takeover (ATO) attacks remain one of the most […]
Entity vs. Identity: How Feedzai Detects New Account Fraud
Feedzai’s unique approach to new account fraud examines two key concepts: entity and identity. While both concepts are intertwined, key differences come into focus in terms of new account fraud detection and prevention.
Entities
Entities refer to tangible and concrete elements in the real world. They include devices, IP addresses, and physical objects like cell phones. Entities are traditionally associated with specific characteristics, such as fraud patterns linked to particular devices or IP addresses.
Historically, fraud prevention efforts have centered on questions like “Have I seen fraud happening on this device?” or “Have I seen fraud from this collection of IP addresses?” exemplify the entity-focused approach. It involves examining specific traits or attributes associated with devices or addresses to identify potential fraudulent activities.
The entity-centric approach may face challenges when dealing with sophisticated fraud schemes. Criminals can adapt and find ways to mask their activities, making it necessary to go beyond individual entities to understand the broader context and connections between them.
Identities
Meanwhile, identities represent a more comprehensive and connected view, focusing on the holistic way entities connect with each other. It involves understanding the behaviors and interactions that link entities. This ultimately forms a more nuanced picture of individuals’ and entities’ role in a bigger picture.
Understanding the context and relationships between entities becomes crucial in determining identity, especially as criminals employ more sophisticated tactics to avoid detection.
In the context of new account fraud, Feedzai shifts focus from merely gathering entity-based knowledge (such as device type or geographic location) to analyzing user behaviors. Additionally, our solution introduces additional steps or information requests to build confidence in understanding the account holder’s identity. This adaptive approach is essential in a landscape where new account fraud can be more prevalent, especially in regions experiencing a surge in the opening of new financial accounts.
As online account openings become more common, banks must be confident they are always dealing with a real person. Onboarding presents a strong opening for bad actors to create accounts without being noticed. Implementing a robust new account fraud blueprint is a decisive step for banks to fortify their defenses while delivering a seamless digital banking experience for legitimate customers.
Resources for New Account Fraud Prevention and Detection
Article: BIN Attacks: What Are They and How Can Acquiring Banks Protect Merchants?
Resource: Value-Added Services: Maximizing Revenue through Fraud Prevention
Solution Guide: Feedzai’s Digital Trust Solution
Solution: Feedzai’s Risk Management for Acquirers
and Payment Service Providers
All expertise and insights are from human Feedzians, but we may leverage AI to enhance phrasing or efficiency. Welcome to the future.