New Account Fraud: How to Prevent & Detect Against It?

There are few moments more critical in a business relationship than when a customer decides to open a new account. If all goes well, it’s an opportunity to create a strong relationship with a customer. Unfortunately, it also presents an opportunity for criminals to open new accounts and commit fraud. That’s why effective new account fraud detection and prevention is essential. New account fraud has recently resulted in losses of $5.3 billion for US consumers and $20 billion for US businesses.^{1, 2} As more customers open accounts digitally, it’s never been more important to know who’s behind the screen at the onboarding stage.

Read on to learn how new account fraud operates and how businesses can protect their reputations, their revenues, and stop criminals at the front door.

Key Takeaways

• New account fraud costs US consumers $5.3 billion in losses; and $20 billion for US businesses.
• Fraudsters can launch new account fraud at scale using synthetic IDs, stolen identities, and bot attacks.
• Industries commonly affected by new account fraud include financial institutions, social media platforms, and eCommerce sites.
• Feedzai tackles new account fraud by scrutinizing entities and identities. Entities refer to tangible, real-world elements, such as devices or IP addresses. Identities examine the way entities (like laptops or smartphones) connect and interact with one another.

“Creating a synthetic identity is just the first stage of a criminal’s plan…Ultimately, it’s a long-term scheme that can yield significant payouts for criminals.” – Andy Renshaw, SVP of Product Management, Feedzai.

What is New Account Fraud, and How Does It Work?

New account fraud (NAF), also known as account creation fraud or fake account fraud, occurs when fraudsters intentionally open accounts to commit fraud using stolen or fake information. Once their account is approved, they use it for money mule activity, abuse promotional offers, or exploit financial services like loans or credit cards. 

3 Key New Account Fraud Challenges

Three key factors contribute to business’ NAF challenges.

1. Fraudsters Can Create New Personas with Ease and At Scale

Opening a bank account requires access to personal information. Thanks to years of data breaches and advancements in Generative AI (GenAI), fraudsters have access to a trove of stolen and invented data. Here are some of the most prevalent methods criminals use to commit new account fraud.

• Synthetic Identities: Fraudsters create believable personas of apparently real people using real or stolen personal information or a combination of both. They can also automate account opening using brute force tactics to open new accounts at scale.
• Stolen Identities: Criminals steal personal information to access existing bank or other online accounts. With this stolen identity, they can open new accounts in their victim’s name, ruining their reputation and credit in the process.
• Money Mules: In the most severe cases, criminals manipulate or convince witting or unwitting victims into using their personal information to open new bank accounts at different institutions. Once created, criminals instruct victims to accept payments and transfer them to different criminally controlled accounts.
• Bots: Perhaps most startlingly, criminals can use bots to automate the account opening process. Bots can study a bank or business application form and automatically populate fields while sidestepping initial security protocols. With this technology, criminals can open new accounts at scale in a short period.

2. Customers Expect a Seamless Account Opening Experience

When customers open a bank account, they don’t want to jump through multiple hoops. They expect to be able to open their account quickly and start conducting business immediately without any fuss.

However, at this stage, there is no record of a customer’s prior activity and, therefore, no understanding of a customer’s “baseline” behavior. This could mean the customer faces additional barriers when onboarding that may cause them to abandon the process entirely and switch to another bank.

3. Costly Identity Verification

Adding to this challenge are the high costs of identity verification, which include validating application data against third-party providers (e.g., credit bureaus or telcos) and conducting manual investigations. In many cases, this data requires additional context to detect NAF activity. In other words, the money spent to acquire this data was wasted.

Industries Impacted by New Account Fraud

In the digital era, many customers initiate relationships with various businesses online, often without ever meeting a person face-to-face. This creates an opportunity for criminals to abuse the account opening process by creating fraudulent-purposed accounts. Here are some of the most commonly-targeted industries for new account fraud. 

Financial Services

Banks, credit unions, and other financial institutions are top targets for NAF. Criminals need to legitimize the profits from their illegal actions (e.g., money laundering, fraud, or scams), and financial institutions play a key role in this effort. By opening new accounts (or using money mules to open them), criminals can move money from one account to another and spend their illicit funds.

Online Retail & eCommerce Platforms

Who doesn’t enjoy retail therapy? Criminals love to shop online, especially when someone else is paying the bill. Fraudsters open accounts with online retailers and eCommerce sites using stolen credit cards or other payment information. They can rack up a large debt, leaving the legitimate cardholder to deal with the debt. They could also exploit return policies, first-time customer offers, or open seller accounts to scam unsuspecting buyers with too-good-to-be-true deals.

Digital Gaming Platforms

Fraudsters are playing a different kind of game on these platforms. Criminals target these services to commit in-game currency fraud, sell compromised accounts, or use phishing scams to target other players. 

Social Media Platforms

Criminals create fake new accounts to spread misinformation, engage in phishing attacks, or promote scams. The primary goal is often to establish credibility within the platform’s ecosystem to exploit other users later.

Subscription-based Services 

Whether it’s meal kits or receiving deliveries of coffee or clothes, fraudsters often subscribe to services without paying for them. They usually create new accounts to enroll in free trials or discounted services using stolen credentials. From there, they consume or steal the subscription offering without paying for it. Subscription providers lose their product, while an unsuspecting victim is charged for a service they never received. 

5 Types of New Account Fraud

New account fraud can lead to other forms of fraud, each with its unique risks and potential for severe losses. Here are some common fraud scenarios driven by NAF.

Bank Loan Fraud

Fraudsters engaged in bank loan fraud skillfully manipulate information during the application process to secure loans. They deceive financial institutions by providing false data and fabricating financial histories, ultimately burdening them with outstanding debt and contributing to financial losses.

Credit Card Account Opening

Malicious actors access personal information and use it to create unauthorized credit card accounts. This exposes unsuspecting individuals to severe financial jeopardy, as they become unwitting victims of fraudulent transactions and potential identity theft.

Promotional Offer Abuse

Fraudsters exploit special promotions offered by businesses. By creating new accounts to take advantage of these promotions, they manipulate the system for personal gain. This type of fraud is a dual threat as it undermines the institution’s integrity and drains resources allocated for genuine customers, highlighting the need for vigilant measures.

Bust-Out Fraud

Bad actors employing bust-out fraud tactics strategically pose as legitimate customers during the onboarding process. Once granted access to credit, they max out their credit limits and vanish without paying the bill. This form of fraud not only results in financial losses for the institution but also undermines the trust and security of the financial system.

Money Mule Accounts

Innocent individuals are pressured into opening accounts to aid the movement of illicit funds. These unwitting money mules become conduits for criminal activities, often facing legal consequences themselves. Tactics like these further underscore the need for robust safeguards in the account opening process to prevent vulnerable individuals from being targeted by money mule schemes.

How to Detect New Account Fraud?

Because there is little historical data to review when assessing a new customer’s risk level at onboarding, banks must be able to identify the signs of NAF as early as possible. Common red flags include:

Suspicious Applications

Keep an eye out for applications that don’t add up. For example, several account applications popping up from the same place or using almost the same phone numbers, devices, or IP address is a significant red flag. 

Inconsistent Information

When the data provided in an application doesn’t match other available details, that’s a red flag. It’s possible that the address doesn’t match or the job history differs significantly. These deviations could mean someone is not being truthful about their identity.

Identity Check Anomalies

Identity is like a puzzle. When the pieces don’t fit, something’s not right. If the ID documents are unclear or the answers during verification calls don’t match up, that’s suspicious. Plus, if a third-party verification provider can’t contact the people listed as references, that’s another red flag. 

Unusual Account Moves

Pay attention to what’s happening in the account. Is a large sum of money being deposited and then withdrawn too quickly? That’s a sign that fraudsters might be trying to sneak in and transfer money before getting caught.

Strange Activity on Holidays or Weekends

Be cautious of unusual activity, especially during quieter periods, such as holidays or weekends. Fraudsters often take advantage of these times when bank staff is reduced. It’s essential to be extra cautious during these periods.

Identifying these red flags is crucial to detecting potential fraud early. New account fraud can evolve quickly, so staying informed about emerging trends and remaining vigilant is vital. Banks and financial institutions should regularly refine their fraud detection and prevention systems to stay ahead of new threats.

6 Ways to Get Started with Preventing New Account Fraud

Banks can take several steps and measures in combination to catch new account fraud before fraudsters can onboard. A comprehensive blueprint for uncovering fraudulent applications is needed and should include:

1. Device Intelligence: Assess if an applicant’s device has been tampered with, enabling built-in security measures to be bypassed. Investigate if the device has connections or ties to known fraudulent devices or activities. Understand if the device has been used previously with other applications.
2. Embrace Data Orchestration: Using data orchestration provides your financial institution with real-time access to multiple internal and external data sources, enabling more informed risk decisions. Automate the collection, transformation, and analysis of data from different sources to detect synthetic identity fraud or stolen identity patterns early. 
3. Behavioral Biometrics: Learn how an account holder handles their device when engaging with an account. Pay attention to their keyboard shortcuts and patterns, data entry, and how quickly they enter information into forms. 
4. Network and Geolocation Data: Pinpoint anomalies in geolocation and IP addresses compared to the application data. Understand if someone previously used the network for other applications. Check whether a proxy, TOR, or VPN connection is masking the actual network.
5. Fraud Patterns: Look for patterns, such as suspicious software. This could indicate malware, browser spoofing, or location spoofing is in use. Check if the device has been rooted to evade built-in security measures to be bypassed.
6. Non-human Patterns: Identify scripts, automation, or emulation usage for brute force attacks. Stop bots before they open hundreds of fake accounts within minutes.

“When we talk about ‘behavioral biometrics,’ we’re talking about is the human-computer interface and taking signals away from how the device is being used by that human being. How are they clicking, touching, moving, and what are the patterns of hesitation?” – Lenny Gusel, Head of Fraud Solutions, Feedzai 

Prevent & Detect New Account Fraud with Entity & Identity Monitoring

Feedzai’s unique approach to new account fraud examines two key concepts: entity and identity. While both concepts are intertwined, key differences come into focus in terms of NAF detection and prevention.

Entities

Entities refer to tangible and concrete elements in the real world. They include devices, IP addresses, and physical objects, such as cell phones. Entities are traditionally associated with specific characteristics, such as fraud patterns linked to particular devices or IP addresses.

Historically, fraud prevention efforts have centered on questions like “Have I seen fraud happening on this device?” or “Have I seen fraud from this collection of IP addresses?” exemplify the entity-focused approach. It involves examining specific traits or attributes associated with devices or addresses to identify potential fraudulent activities.

The entity-centric approach may face challenges when dealing with sophisticated fraud schemes. Criminals can adapt and find ways to mask their activities, making it necessary to go beyond individual entities to understand the broader context and connections between them.

Identities

Meanwhile, identities represent a more comprehensive and connected view, focusing on the holistic way entities connect with each other. It involves understanding the behaviors and interactions that link entities. This ultimately forms a more nuanced picture of the roles of individuals and entities within a broader context.

Determining the relationships between entities becomes crucial in establishing identity, especially as criminals employ increasingly sophisticated tactics to evade detection.

In terms of NAF, Feedzai shifts focus from merely gathering entity-based knowledge (such as device type or geographic location) to analyzing user behaviors. Additionally, our solution introduces additional steps or information requests to build confidence in understanding the account holder’s identity. This adaptive approach is essential in a landscape where NAF can be more prevalent, especially in regions experiencing a surge in the opening of new financial accounts.

As online account openings become more common, businesses and banks must be confident that they are always dealing with a real person.  Onboarding presents a strong opportunity for malicious actors to create accounts without being detected. Implementing a robust new account fraud blueprint is a decisive step for all organizations to fortify their defenses while delivering a seamless experience for legitimate customers.

Resources

• Article: What is Data Orchestration? Key Benefits and Concepts

• Resource: Feedzai’s Acquisition of Demyst Is a Modern Response to Today’s Fraud

• Solution Sheet: Digital Trust for New Account Fraud

• Solution: New Account Fraud Detection & Prevention Solution