April 11, 2024
What Is New Account Fraud and How Do You Prevent it in Your Business?
Anonybit’s first-party fraud prevention solution offers a vital tool to combat new account fraud. By leveraging this solution, you can safeguard your business and customer base from potential fraudulent activities
What Is New Account Fraud?
New account fraud is often a type of identity theft in which fraudsters use stolen or fabricated personal information to open new accounts that seem legitimate but are ultimately used for illegal purposes. Criminals use someone else’s identity to create a new account for their illegal activities, often involving financial fraud.
This fraud is alarming for businesses and individuals because it can result in significant economic losses, damaged customer trust, and even a tarnished reputation. Companies can prevent new account fraud by using state of the art identity verification systems, detecting fraud and risk signals and checking selfies for duplicates, blocklists and synthetic identities.
Why is New Account Fraud a Growing Concern Across Industries?
Understanding and addressing new account fraud is crucial across multiple industries. In the financial sector, it can lead to significant economic losses and damaged customer trust. In the retail industry, it can lead to revenue loss and compromised customer data.
How New Account Fraud Works
New account fraud works whenever fraudsters manage to sign up for service as someone they are not. However, it is worth noting that you cannot simply identify new account fraudsters based on the data they submit. They often rely on existing people’s information to open new accounts.
Here are three ways in which a new account may be fraudulently opened:
1. Invented information
In this case, the fraudster fabricates a person’s name and address and submits it at the account opening stage. If the company that verifies the account needs an email address, the fraudster will simply create one for that purpose.
2. Synthetic information
When fraudsters need certain documents to pass the account opening checks, they will simply steal them. Synthetic ID fraud involves using a person’s real ID and a fake email address, for instance. Synthetic fraud often combines real information and fake information to bypass security checks. According to McKinsey & Company, this is the fastest-growing form of financial crime in the US.
3. Stolen identity
Fraudsters sometimes sign up for an account entirely as another person. In this case, the attacker gathers information about their target, creates a fake identity based on that information, and opens an account with it. This is common with financial services, where the attacker will apply for loan applications or make unauthorized purchases.
Combating New Account Fraud by Identifying Patterns
New account fraud is also attempted at a large scale. Whether manually or using bots, fraudsters will try as many techniques as possible and repeat them numerous times to open their accounts successfully.
One often overlooked aspect is that the fraudster must present their face in the document verification process. This means that if a repository of selfies exists, those faces can be analyzed for repeat patterns, duplicate identities and synthetics;
While it may seem overwhelming and like you are fighting an uphill battle, you can actually leverage that fact against fraudsters by identifying similarities between the fraudulent account opening attempts and leveraging existing technologies to prevent selfies associated with fraud incidents from coming back.
Stages Involved in a New Account Fraud Attack
New account fraud, also known as account origination (or creation), is methodical and often follows a specific number of stages. Understanding these stages can help devise mitigation strategies to detect and prevent such attacks.
Data Collection
The fraudster begins by gathering personal data from individuals through:
- Illegal purchases on the dark web,
- Phishing attacks
- Data breaches
- Synthetic identity components
Identity Creation or Theft
The fraudster either creates a new synthetic identity using the collected data or steals an existing one, preparing to use this identity in the account opening process.
Application Process
The fraudster applies for a new account using the stolen or synthetic identity. This could be for:
- Credit cards
- Bank accounts
- Loans
- Other services requiring identity verification
Verification Evasion
The fraudster uses techniques to bypass verification processes, such as:
- Using fake or stolen documentation, combined with their real selfie
- Exploiting system vulnerabilities
- Using sophisticated software to mimic legitimate user behavior
Account Use & Abuse
Once the account is successfully opened, the fraudster begins to use or abuse the account for various purposes. This might include:
- Maxing out credit lines
- Purchasing goods for resale
- Laundering money
Exit Strategy
The fraudster either abandons the account before detection or extracts maximum value from it, leaving the victim or the institution liable or lost.
Related Reading
- Identity Providers
- Liveness Detection
- Biometrics Identity Verification System
- Online Banking Authentication
- Fraud Detection In Banking
Types Of New Account Fraud
First-Party Fraud
First-party fraud occurs when someone opens an account with the intent to commit fraud but misrepresents their own identity. They might be acting alone or as a money mule for a criminal organization.
How It Works
Fraudsters might build a seemingly legitimate credit profile over time, taking out loans or credit cards and making regular payments. Once their credit is robust, they might withdraw cash or take out a large loan without repaying it, disappearing before the debt is realized.
Money mules are often promised jobs or rewards, but their fundamental role is to move illegal money, which can lead to legal trouble. Common scams include work-from-home scams, romance scams, and deposit scams.
Third-Party Fraud
This involves using someone else’s details to open an account without their knowledge. The fraudster gains access to personally identifiable information (PII) through data breaches or other means.
Typical Scenario
The fraudster’s devices are already registered with the bank, making it easier to bypass security checks. They quickly exploit the account, leaving the victim unaware until it’s too late.
Synthetic Identity Fraud
This fraud combines real and fake information to create a fictional identity for opening new accounts. Fraudsters might use a combination of real and fake details to establish a new identity. They might start with:
- Small credit lines
- Build a positive credit history
- Applying for more credit
Key Techniques
- Fraudsters might create convincing but fraudulent documents to pass Know Your Customer (KYC) checks.
- They might also add their synthetic identity to an account of someone with good credit to boost their credit score.
Why It’s Hard to Detect
Unlike traditional identity theft, where victims quickly notice fraudulent activity, synthetic identity fraud can go unnoticed longer because the fraudster builds a seemingly legitimate profile.
How To Detect New Account Fraud (What Are The Red Flags)
While every company has its red flag system designed to detect fraudsters, common ones include:
Temporary/Disposable Email Address
While some users genuinely rely on them for privacy, fraudsters, scammers, and cybercriminals also favor them.
Virtual SIM/Invalid Phone Number
As phone verification becomes increasingly far-reaching, phone numbers are great pointers in identifying fraudsters.
Absence of Social Media Profiles
Thanks to data enrichment, it is possible to establish a link between phone numbers or email addresses and online profiles. If your customer has none, you have reasons to be suspicious.
Suspicious IP Address
VPNs are increasingly popular, but some IP addresses may raise more eyebrows than others. Those that point to:
- Tor usage
- Low-reputation ISPs
- Backlisted IPs
Non-Matching Data
A full name that isn’t the same as the one on a credit card can point to fraud. An IP address that points to one country and an ID that points to another can be a red flag.
Emulator or Virtual Machine Usage
Fraudsters often rely on these tools to multiply their attempts when opening fraudulent accounts.
Previously Seen Device Data
Your computer, phone, or tablet contains hundreds of software and hardware data points. If a device fingerprinting check returns a clean match, it means someone else has already signed up using the exact same configuration. It is unlikely and should be investigated.
Industry-Specific Red Flags for Fraud Detection
Note that red flags tend to vary depending on which industry you operate in. iGaming operators will keep a watchful eye on the customer’s age. An e-commerce company will double-check the shipping address, and a financial institution will be especially cautious about document verification.
Duplicate Selfies
One major overlooked parameter is the selfie that fraudsters use to open the accounts with, in the first place. By establishing a repository of selfies, enterprises can check at the account origination stage if the selfie is already registered in the system under another name or has previously been associated with fraud. Since most organizations at best will collect selfies at the account opening stage and discard them after 90 days, they lose the opportunity to benefit from this capability.
Protecting Your Business with Decentralized Biometrics
At Anonybit, our decentralized biometrics system design makes it palatable for companies to store selfies long-term, with the goal of preventing fraud. With a decentralized biometrics solution, companies can enable passwordless login, wire verification, step-up authentication, and help desk authentication. We aim to protect companies from data breaches, new account fraud, account takeover, and synthetic identity fraud.
To achieve this goal, we offer security solutions such as:
- Secure storage of biometrics and PII data
- Support for the entire user lifecycle
- 1:1 biometric authentication and 1:N biometric matching to prevent duplicates, synthetics, and blocklisted identities.
What Are The Business Impacts Of New Account Fraud?
New account fraud can lead to substantial financial losses for businesses. In 2022 alone, businesses reportedly lost around $20 billion to this type of fraud, which had devastating effects on their bottom lines.
This financial impact doesn’t just come from the actual fraudulent transactions and the costs associated with:
- Detecting
- Addressing
- Preventing new account fraud
Investments in security measures and operational expenses to resolve fraud cases contribute significantly to these financial losses.
Reputational Damage
The reputational consequences of new account fraud can be more damaging than the immediate financial losses. Companies that experience significant fraud incidents can see a decrease in their stock value, leading to a loss of investor confidence.
Reputation damage can result in losing current and potential customers. Building a good reputation takes time and effort; even a single fraud incident can tarnish a company’s image for years.
Customer Trust Issues
The erosion of customer trust is perhaps the most significant long-term impact of new account fraud. When customers’ data is compromised in a fraud incident, they will likely be less willing to do business with the affected company. The 2023 Identity and Fraud Report by Experian revealed that 65% of customers would be less likely to do business with a company if their data was compromised in a fraud incident.
Restoring customer trust can be challenging and time-consuming, requiring significant effort and resources. Businesses must prioritize customer trust and proactively prevent new account fraud to maintain a loyal customer base.
Related Reading
- Third Party Fraud
- Payment Fraud Prevention
- Fraud Detection Analytics
- AI Fraud Detection Banking
- Payment Fraud Trends
- First Party Fraud Detection
- Fraud Management System In Banking
- Fraud And Identity Management
- First Party Fraud vs Third Party Fraud
- ACH Fraud Prevention
- Biometrics In Banking
- Real Time Transaction Monitoring
- Digital Injection
- Payment Fraud Trends
- First Party Fraud Detection
- Fraud Management System In Banking
- Fraud And Identity Management
- First Party Fraud vs Third Party Fraud
- Fraud Detection Software For Banks
How To Protect Against New Account Fraud
Advanced Identity Verification
Advanced identity verification tools like:
- Document verification
- Biometric selfie verification
- Selfie deduplication, blocklist and velocity checks
Know-your-customer (KYC) processes help ensure the legitimacy of account applicants. They combat synthetic identity and credit card fraud and are particularly important (and often legally required) for the following:
- Banking
- Financial services
- Telecommunications industries
Behavior Analysis
Behavior analysis refers to monitoring users’ interactions with the application. It can reveal anomalies or irregularities indicative of fraudulent activities. Behavior analysis is most effective against scripted account openings and synthetic identity fraud. It’s helpful in:
- E-commerce
- Finance
- Online services
IP Address & Device Fingerprinting
Tracking IP addresses and device fingerprints helps identify suspicious sources and devices used in previous fraudulent activities. This technique is beneficial for targeting fraud from specific geographic locations or known fraudulent devices. It’s essential for:
- Online retailers
- Financial institutions
- Digital service providers
Employee Training & Awareness
You can significantly improve your security posture by regularly training your employees to recognize fraud signs and the latest fraud trends. Employee training and awareness are precious against phishing. It benefits businesses in all industries, especially those with significant customer interaction.
Collaboration & Information Sharing
Sharing information about fraud trends and tactics inside your business, as well as with other businesses and industry groups, can help you stay ahead of fraudsters. This is effective against cutting-edge fraud tactics and is particularly useful in sectors like:
- Banking
- Finance
- Telecommunications
Technologies That Can Help Prevent New Account Fraud
Digital Identity Verification
Financial institutions increasingly rely on digital identity verification technology to prevent identity fraud before it escalates into new account fraud.
Solutions like Anonybit allow enterprises to leverage biometrics without data protection headaches to search for duplicates, synthetics and blocked identities from coming back and conducting new account fraud. A simple selfie capture augmented by the latest liveness detection technologies can outsmart even the most deceptive actors, ensuring that a user is indeed the person they claim to be and not a cybercriminal.
Real-Time Fraud Prevention Systems with Behavioral Monitoring
Behavioral monitoring allows for identifying suspicious behavior that can indicate potential new account fraud.
These systems enable financial institutions to:
- Track dormant accounts
- Dormant-to-warmed-up accounts
- High transfers in/out beyond
Machine Learning
Unlike humans, machine learning artificial intelligence can analyze vast amounts of disparate data across digital channels in real time. Anti-fraud systems based on machine learning aggregate and analyze data on multiple levels to detect possible relationships quickly such as:
- Users
- Devices
- Transactions
- Channels for more accurate identification of fraud behavior.
When suspicious behavior is detected via a high-risk score, the risk engine can dynamically change the workflow to enhance security or drive a manual review process. This enables active monitoring by the fraud prevention team and escalation for further investigation.
Book A Free Demo To Learn More About Our First-Party Fraud Prevention Software
At Anonybit, we help companies prevent data breaches and account takeover fraud with our decentralized biometrics technology. With our decentralized biometrics framework, companies can prevent new account fraud and enable passwordless login, wire verification, step-up authentication, help desk authentication and more.
Comprehensive Security Solutions for Companies
We aim to protect companies from data breaches, account takeovers and synthetic identity on the rise, privacy regulations, and digital transformation. To achieve this goal, we offer security solutions such as:
- Secure storage of biometrics and PII data
- Support for the entire user lifecycle
- 1:1 authentication and 1:N matching for lookups and deduplication
Balancing Privacy and Security with Anonybit’s Integrated Platform
Anonybit eliminates the tradeoffs between privacy and security. Prevent data breaches, reduce account takeover fraud, and enhance the user experience across the enterprise using Anonybit. Book a free demo today to learn more about our integrated identity management platform.