The impact of new account fraud on businesses is profound and multifaceted. Financial institutions, e-commerce platforms, and gaming companies face significant monetary losses, often running into millions of dollars annually.
What is new account fraud?
Every business needs one thing to survive - customers. But what happens when the customer itself causes the business damage? New account fraud is a type of criminal activity that involves opening new accounts with malicious intentions to profit illegally.
Additionally, new account fraud leads to damaged reputations, loss of customer trust, and increased operational costs due to fraud investigations and enhanced security measures.
Types of new account fraud in different industries
New account fraud opening is a criminal tactic used to create accounts for the sole purpose of conducting criminal activity. This shows up in different industries in different ways.
In the banking industry:
- Mule accounts: New accounts are created to launder money and mask its criminal origins. Witting mules may open multiple bank accounts to transfer these funds for a small commission. Unwitting mules, on the other hand, may unknowingly hand over their personal information or have their data stolen to create accounts under their name. These accounts will then become ‘mules’ that will help criminals carry out money laundering or financing criminal activities like drug trades, human trafficking, and more. Want to know more about money mules and how they operate?
Here are some recommended resources:
Thailand recently shut down 2 Lakh mule bank accounts, resulting in losses worth 60 billion baht over 2 years!
- Credit fraud: In this case, fraudsters create a blend of real and fake personal data to build a synthetic identity. These identities are then used to create new bank accounts for its credit services. In most cases, fraudsters will drive up their credit rating but behave “normal” for a while and then will take up a large cash loan and disappear!
In the eCommerce industry:
- Promo abuse: eCommerce apps often have multiple promotional offers that offer new customers certain benefits if they sign up for their platform. Fraudulent actors will try to manipulate the system by using different phone numbers to create multiple new accounts to utilize the benefits of these one-time promotional offers. Once the benefits case, they abandon these accounts, leaving the companies with inflated customer data.
Uber, in 2014, saw large-scale promo abuse after a user manipulated a referral code and put it up on Reddit! By the time Uber realized what was happening, they had lost eight weeks' worth of rides by then!
- Shipping fraud: Fraudsters will use stolen data to create new accounts that will then be used to place orders for high-value goods. These goods are then shipped to intermediary addresses often associated with unwitting mules. These mules then ship the order to the fraudster's real location, hence causing damages worth millions to the e-commerce companies and other customers.
In the gaming industry:
- Bonus abuse: Bonuses are often available to new customers in real money games. Bad actors would commit new account fraud to be able to collect this cash after sign-up and then disappear.
- Bot attack: Fraudsters will use bots and emulators to flood online games with fake accounts during tournaments to increase the winning pool or their own chances of winning. This causes losses to the gaming company and harms genuine players' gaming experience.
Bots are not necessarily restricted to the gaming industry. In fact, a report says that “bad bots” are now responsible for 32% of the global online traffic! These bots target the BFSI industry, travel industries, and social media to conduct data breaches and account takeovers.
Related read: How ‘collusion’ threatens gaming industries
How does new account fraud work?
Banking, eCommerce, and gaming companies with less stringent identity verification processes usually fall prey to the damages caused by new account fraud. These fraudulent accounts can cause direct damages to targeted businesses or can lay the foundation for a larger, more elaborate fraud that happens much later.
In the second scenario, it becomes that much harder to catch these bad actors in action, considering till the time comes, they pretend to be “normal customers,” hence bypassing basic identity verification checks during onboarding.
At Bureau, we don't like leaving things to chance. We assess factors like the user's digital footprint, device integrity, and behavioral patterns when interacting with their device. This holistic risk-based approach allows Bureau to make ‘decisions’ about an identity’s potential to commit fraud. Banks, eCommerce, and gaming players can increase or decrease onboarding friction or conduct an enhanced verification process based on these decisions.
These are the typical steps that a fraudster follows:
- Step 1: The fraudster obtains personal information through phishing, social engineering, data breaches, and buying data on encrypted communication platforms or the darknet.
- Step 2: This information can also create synthetic identities at scale.
- Step 3: The fraudster then gains access to multiple SIM cards or a SIM box.
- Step 4: Once they know they can seamlessly receive the OTP generated during the account creation process, they create multiple fraudulent accounts to abuse its services.
Challenges of New Account Fraud Prevention
- Dormant accounts: Many new accounts fraudsters create stay dormant until the need to use them as mules arrives. This delayed activation is extremely difficult to track and assess. This requires a robust transaction monitoring system, which can flag anomalies like sudden transactions of large volumes from a dormant account, suspicious purchases from illegal sources, etc., in real time.
- Expensive and complicated identity verification: The leading reason why online services suffer so deeply is because their initial defenses fall short. Identity verification stems are still seen as an AML compliance process rather than an actual weapon for fraud prevention. Rising costs of IDV services coupled with the increasingly complex tech integrations that legacy companies are not used to, they remain averse to adopting risk-based authentication service providers.
- Friction vs. verification: As the world digitizes, organizations are moving towards a more streamlined customer onboarding process. But this has also resulted in loopholes that criminals can exploit for illicit gains. Any organization would want to onboard as many customers as possible to see growth. But in this race of volume, unknowingly letting bad actors enter the system can cause damage to not just the company but also to other existing customers.
How does Bureau provide AI-powered fraud detection software to prevent account opening fraud?
1. Money Mule Score
The Money Mule Score is a risk assessment tool that evaluates the likelihood that a new account applicant could be a money mule.
By analyzing various data points, such as transaction patterns, account behavior, and historical data, the score helps banks and financial institutions flag high-risk accounts during the account opening process.
The score includes detailed insights, helping institutions understand the potential future risk of an account becoming a mule account. This foresight allows for proactive measures.
Accounts with a high Money Mule Score can be subjected to additional verification processes, reducing the chances of opening fraudulent accounts.
By identifying potential money mules early, institutions can prevent their platforms from being used for money laundering and other illegal activities, protecting the institution and its customers. This helps financial institutions protect their interests proactively rather than wasting time and resources tracking down criminals after committing the crime.
2. Device Intelligence
Bureau’s Device Intelligence gathers and analyzes data related to the devices used to access an online service. This includes both hardware signals and software signals, as well as browser signals.
Hardware Signals:
- Device Fingerprinting: Creating a unique fingerprint for each device based on hardware characteristics, such as device model, serial numbers, and hardware configurations.
- Anomaly Detection: Identifying anomalies in hardware usage, such as sudden changes in device type or use of multiple devices for the same account. It also includes identifying signs of a rooted device or the presence of emulators.
Software Signals:
- Operating System and Software Versions: Monitoring the operating system, software versions, and installed applications to detect inconsistencies or outdated software that may indicate a compromised device.
- Application Usage Patterns: Analyzing how applications are used, looking for patterns that deviate from normal behavior.
Browser Signals:
- Browser Fingerprinting: Collecting data on browser type, version, plugins, and settings to create a unique browser fingerprint.
Location signals:
- VPN Detector: Identifying when users are attempting to mask their true location by using virtual private networks (VPNs).
- Impossible Travel Detection: Monitoring for login attempts from geographically distant locations within a short time frame, which is not feasible for legitimate users.
3. Behavioral Biometrics
Bureau’s Behavioral biometrics analyzes the unique patterns of behavior exhibited by users when they interact with digital interfaces. This includes various signals that help create a behavioral profile for each user. It also helps detect bot usage patterns.
Bring it all together for a power-packed fraud verification software
By integrating Money Mule Score, Device Intelligence and Behavioral Biometric –, Bureau provides a comprehensive defense against new account fraud. Here’s how these tools work together:
- Layered Security: Each tool addresses different aspects of fraud, creating a multi-layered security approach that is harder for fraudsters to bypass.
- Real-time Analysis: The solutions work in real time, providing instant risk assessments and fraud detection, which is crucial during the account opening process.
- Improved Accuracy: The combination of these tools improves the accuracy of fraud detection, reducing false positives and ensuring legitimate users are not inconvenienced.
Schedule a free consultation with us to get a tailored fraud-prevention solution