New Account Fraud Prevention: 7 Strategies for Better Security

New account fraud is the use of stolen (or synthetic) identities to create new accounts. It is an increasingly common type of fraud that can have far-reaching consequences for your business, from financial loss to reputational damage.

In this guide, we will unravel the complexities of new account fraud to help you understand its various forms. We will also cover detection techniques and effective mitigation strategies for better fraud risk management. Whether you’re safeguarding your personal information or protecting business assets, this guide offers practical insights to improve your security posture against new account fraud.

What is new account fraud?

New account fraud is a type of identity theft where fraudsters use stolen or fabricated personal information to open new accounts that seem legitimate but are ultimately used for illegal purposes.

Understanding and addressing new account fraud is crucial across multiple industries. In the financial industry, it can lead to significant financial losses and damaged customer trust. In the retail industry, it can lead to revenue loss and compromised customer data. In all industries, it can lead to service abuse and privacy breaches. By preventing fake account creation, businesses can better protect their customers, preserve their reputation, and maintain operational integrity.

What industries are affected most by new account fraud?

New account fraud particularly affects industries where identity verification is a cornerstone of customer relationships. The most vulnerable sectors include banking, e-commerce, finance, and telecommunications.

• Banking: This sector is a prime target due to the high value of transactions and the sensitive nature of financial data. Fraudsters often use new account fraud to launder money, finance illicit activities, or commit credit fraud. Banks face the challenge of balancing stringent security measures with a seamless customer experience.
• E-Commerce: With the rise of online shopping, e-commerce platforms are increasingly targeted for all kinds of fraud. Fraudsters create new accounts to make fraudulent purchases, exploit promotional offers, or resell goods obtained through these accounts. This not only leads to direct financial losses but also damages the reputation of e-commerce brands.
• Finance: Beyond traditional banking, other financial services like investment platforms and peer-to-peer lending are at risk. New account fraud in these areas can lead to significant financial losses and undermine the integrity of financial markets.
• Telecommunications: Telecom companies are targeted for the valuable services they offer. Fraudsters can exploit new accounts to access expensive mobile devices, international calling services, and data plans. This not only causes revenue loss but also leads to increased costs in managing fraud and customer dissatisfaction.

Techniques Employed by Fraudsters to Create New Accounts

Fraudsters use a variety of sophisticated techniques to create new accounts, often through both technological vulnerabilities and human errors. These techniques range from stealing real identities to fabricating entirely new ones, each with its unique approach and challenges in detection and prevention.

• Identity Theft: This involves fraudsters obtaining personal information of real individuals, such as social security numbers, addresses, and birthdates, often through data breaches, mail theft, or dumpster diving. They use this information to open new accounts, masquerading as the individual whose identity they have stolen. It leads to unauthorized financial transactions and credit applications.
• Synthetic Identity Fraud: With this method, fraudsters combine real and fake information to create a new, fictitious identity. For example, they might use a real social security number with a fabricated name and address. These synthetic identities are harder to detect because they aren’t real people but they seem like they are. Synthetic identities are often used to establish credit histories and commit fraud over time.
• Credit Card Fraud: This type of fraud involves using stolen credit card information to open new accounts or access existing ones. Fraudsters might obtain this information through skimming devices, hacking into databases, or phishing scams, and then use it to make unauthorized purchases or cash withdrawals.
• Phishing: Phishing is a technique where fraudsters trick individuals into revealing personal information through fake emails, websites, or phone calls that appear to be from legitimate sources. This information is then used to create new accounts or access existing accounts fraudulently. Phishing often targets not only personal details but also login credentials for online services.

What are the stages involved in a new account fraud attack?

New account fraud, also known as account origination (or creation), is methodical and often follows a specific number of stages. Understanding these stages can help devise ATO mitigation strategies to detect and prevent such attacks.

1. Data Collection: The fraudster begins by gathering personal data of individuals, either through illegal purchases on the dark web, phishing attacks, data breaches, or by using synthetic identity components.
2. Identity Creation or Theft: The fraudster either creates a new synthetic identity using the collected data or steals an existing one, preparing to use this identity in the account opening process.
3. Application Process: The fraudster applies for a new account using the stolen or synthetic identity. This could be for credit cards, bank accounts, loans, or other services requiring identity verification.
4. Verification Evasion: The fraudster uses techniques to bypass any verification processes in place, such as using fake or stolen documentation, exploiting system vulnerabilities, or using sophisticated software to mimic legitimate user behavior.
5. Account Use & Abuse: Once the account is successfully opened, the fraudster begins to use or abuse the account for various purposes. This might include maxing out credit lines, purchasing goods for resale, or laundering money.
6. Exit Strategy: In the final stage, the fraudster either abandons the account before detection or extracts maximum value from it, leaving the victim or the institution with the liability or loss.

What are the business impacts of new account fraud?

New account fraud can devastate your business financially, damage your reputation, complicate regulatory compliance, and erode customer trust. Let’s explore these impacts in more detail:

• Financial Losses: The most immediate impact of new account fraud is financial loss. According to a 2023 report from Javelin Strategy & Research, businesses lost an estimated $20 billion to new account fraud in 2022. These losses stem not just from the fraudulent transactions themselves but also from the resources spent in detecting, addressing, and preventing this type of fraud. This includes investments in security measures like account takeover protection and the operational costs associated with resolving fraud cases.
• Reputational Damage: The reputational impact of new account fraud can be long-lasting and more damaging than the immediate financial losses. A study by the Ponemon Institute found that companies experiencing significant fraud incidents saw a decrease in their stock value in the immediate aftermath. This damage to reputation clearly affects investor confidence and can also lead to a loss of current and potential customers.
• Regulatory Implications: New account fraud can also lead to severe regulatory implications. With regulations like GDPR in Europe and CCPA in the United States, companies face hefty fines for failing to protect customer data. In extreme cases, businesses might face legal action or increased scrutiny from regulatory bodies, leading to additional financial and operational burdens.
• Customer Trust Issues: Perhaps the most profound long-term impact is the erosion of customer trust. The 2023 Identity and Fraud Report by Experian revealed that 65% of customers would be less likely to do business with a company if their data was compromised in a fraud incident. Restoring customer trust can be a lengthy and challenging process, requiring significant effort and resources.

Each of these impacts underscores the critical need for your business to prioritize robust fraud protection software to safeguard your interests and those of your customers.

New Account Fraud Red Flags

Detecting new account fraud early is critical in preventing its detrimental effects. There are several red flags that businesses and security teams can monitor to take timely action against potential fraud. Here are five key red flags:

1. Unusual Account Opening Patterns: A significant indicator of potential fraud is atypical patterns in account openings. This may include a high volume of applications from the same IP address or geographic location, or a surge in applications with similar personal details. Such patterns often suggest a coordinated attempt to create fraudulent accounts.
2. Suspicious User Information: Red flags in user information include irregularities in application details, use of P.O. box addresses instead of physical addresses, or inconsistencies in names, birth dates, and social security numbers. Fraudsters may use slightly altered or completely fabricated personal information to create new accounts. It’s crucial to be careful when verifying new user information.
3. Anomalies in User Behavior: Unusual user behavior during the account creation process can also be a warning sign. This could manifest as rapid completion of online forms (suggesting bot fraud), skipping through important documents or terms of service, or erratic navigation through the application process.
4. Suspicious IP Addresses: A suspicious IP address can reveal potential fraud. Red flags include IP addresses from high-risk countries, requests that come through a VPN or proxy service, or IP addresses that have been flagged in previous fraud incidents. Monitoring for IP addresses that do not align with the provided personal or geographical information is important.
5. Previously Seen Device Data: If device data (like a unique device ID, browser fingerprint, etc.) has been flagged in fraudulent activities or is linked to suspicious activities across multiple accounts, it can indicate new account fraud. This kind of data helps identify devices used repeatedly in fraud schemes.

Business Strategies for Preventing New Account Fraud

As with most fraud threats, preventing new account fraud requires a multifaceted approach. Businesses can employ various strategies to detect and mitigate the risks associated with new account fraud.

1. Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring multiple forms of verification before account creation or access. This could include something the user knows (a password), something they have (a mobile device), or something they are (biometric verification). MFA is particularly effective to prevent account takeover attacks and phishing. It is widely applicable across all sectors, but is especially valuable in banking, finance, and e-commerce.

2. Advanced Identity Verification

Advanced identity verification tools like document verification, biometric analyses, and other ‘know your customer’ (KYC) processes help ensure the legitimacy of account applicants. It combats synthetic identity fraud and credit card fraud, and is particularly important (and often legally required) for the banking, financial services, and telecommunications industries.

3. Behavior Analysis

Behavior analysis refers to the process of monitoring users to see how they interact with the application process. It can reveal anomalies or irregularities indicative of fraudulent activities. Behavior analysis is most effective against scripted account openings and synthetic identity fraud. It’s useful in e-commerce, finance, and online services.

4. AI & Machine Learning

AI and machine learning can analyze vast amounts of data to identify patterns and red flags that human analysts might miss. It’s a technique that’s useful for all types of fraud, but it’s particularly effective against complex fraud schemes. It’s applicable across all industries where large-scale data analysis is feasible.

5. IP Address & Device Fingerprinting

Tracking IP addresses and device fingerprints helps in identifying suspicious sources and devices used in previous fraudulent activities. This technique is particularly useful to target fraud from specific geographic locations or known fraudulent devices. It’s essential for online retailers, financial institutions, and digital service providers.

6. Employee Training & Awareness

You can significantly improve your security posture by regularly training your employees to recognize fraud signs and understand the latest fraud trends. Employee training and awareness is particularly valuable against phishing. It’s beneficial for businesses in all industries, but especially those with significant customer interaction.

7. Collaboration & Information Sharing

Sharing information about fraud trends and tactics inside your business as well as with other businesses and industry groups can help in staying ahead of fraudsters. This is effective against cutting-edge fraud tactics and is particularly useful in sectors like banking, finance, and telecommunications, where industry-wide collaboration isn’t uncommon.

The Rising Threat of New Account Fraud

As technology advances, so do the tactics of fraudsters, making new account fraud an ever-evolving and escalating threat. To give you an idea of the severity, here’s are some account takeover fraud statistics:

• In 2022, the Federal Trade Commission (FTC) received over 725,000 reports of impostor scams, where a criminal pretended to be someone else to steal money or information.
• In the first half of 2022, UK Finance recorded 34,114 cases of card identity theft, for a gross loss of $25.65 million.
• Identity theft was the second-most common type of fraud attack in Europe in 2022, after monetary fraud.

As such, it is vital for your business to stay informed about these emerging threats so you can counter them effectively. Here are the latest emerging threats and evolving tactics:

1. Use of Artificial Intelligence & Machine Learning: Fraudsters are increasingly adopting AI and machine learning to go around traditional security measures. They use AI and ML to mimic legitimate user behavior, create more convincing synthetic identities, and automate the account creation process at scale.
2. Exploitation of Emerging Technologies: With the rise of technologies like blockchain and cryptocurrencies, fraudsters are finding new avenues to exploit. The decentralized and often less-regulated nature of these technologies makes them attractive targets for new account fraud.
3. Targeting Mobile Platforms: As mobile banking and e-commerce continue to grow, fraudsters are shifting their focus to these platforms. The proliferation of mobile apps creates new vulnerabilities, especially where security measures may not be as robust as in traditional web platforms.
4. Deepfakes & Biometric Fraud: The advancement in deepfake technology poses a significant threat to biometric security systems. Fraudsters can use deepfakes to bypass facial recognition and other biometric-based verification processes, making it a pressing concern for industries relying on these technologies.

Here are some potential future challenges and areas of concern:

1. Data Privacy Regulations: With stricter data privacy laws being enacted globally, fraudsters may exploit the complexities and loopholes in these regulations to carry out new account fraud or avoid detection.
2. Globalization of Fraud: Fraud is becoming more globalized, with fraud rings operating across borders. This internationalization makes it challenging to track and prosecute perpetrators, especially in jurisdictions with weaker cybercrime laws.
3. Internet of Things (IoT): The expanding network of IoT devices provides a new frontier for fraudsters. The security of these devices often lags behind, offering potential entry points for fraudsters to access networks and gather personal data.
4. Sophisticated Social Engineering: Social engineering tactics are becoming more sophisticated, making it harder to distinguish fraudulent from legitimate communication. This is particularly concerning for sectors where customer interaction is key.

Prevent New Account Fraud with DataDome

DataDome Account Protect is sophisticated fraud protection software that will protect your business against new account fraud and all other types of fraud. It acts as a powerful and comprehensive shield against all manner of automated threats, and is powered by artificial intelligence and machine learning to adapt and block new fraud patterns the moment they occur.

DataDome offers real-time protection and operates without requiring manual intervention or maintenance. It provides automated and instant detection and response to any suspicious activity, enabling your business to operate smoothly without having to fear automated fraud threats. Additionally, DataDome is versatile, scalable, and easy to integrate across all your endpoints. Our user-friendly dashboard provides you with clear insights and control over your fraud protection measures.

Take the first step towards fortifying your business against new account fraud. Visit our fraud protection page to learn more about how DataDome can provide the security your business needs in today’s digital landscape. Empower your business with the protection it deserves.