For many online businesses, it’s a red flag when a single device is used to create or access multiple accounts. It could be an account takeover (ATO) attempt by a fraudster with a list of stolen credentials. Or, if your business offers incentives for things like new account signups or referrals, it could be someone trying to game the system. You might be wondering how Castle can help in this area.
Last month, we launched Risk Signals, which exposed key signals used by Castle’s risk assessment engine. One of those signals, Multiple Accounts per Device, detects when a device is used to log into multiple user accounts, also known as multi-accounting, and is often indicative of fraud and abuse.
In the Castle Dashboard, if multi-accounting is detected then a button is shown that contains the number of accounts associated with a device.
The multi-accounting button can be clicked to retrieve the list of associated accounts. This is helpful for determining which accounts may be fraudulent. Additional investigation can be done within the Castle dashboard by clicking the associated user account(s) on this view. For offline analysis or reporting, a list can also be downloaded in CSV format.
The ability to detect multi-accounting and see the associated accounts has been a highly requested feature, and we’re excited to release it today!
If you’re looking for a solution that can protect your users and also detect abuse, sign up for a free 30 day trial of Castle and see how we can help!
*** This is a Security Bloggers Network syndicated blog from Blog authored by Kelly Chang. Read the original post at: https://blog.castle.io/introducing-the-detection-of-multi-accounting/