How to Identify New Account FraudSpotting the Fakes in a Sea of Real Customers
How to Identify New Account Fraud: Red Flags to Watch for & Tips to Respond
Telling a legitimate customer from a fraudster apart during the signup process is difficult because scammers use a well-honed playbook to hide their tracks.
But synthetic identities are fundamentally different from real ones, so there are warning flags signs out there…if you know where to look. In this article, we identify some of the most common new account red flags so that you can keep this type of fraud at bay.
New Account Fraud
In this guide, we’ll take a closer look at new account fraud. We’ll talk about what it is, how it works, and how prevalent it is. We’ll also provide real-life case studies and examine how you can detect and prevent your business from falling victim to account creation scams.
Red Flags & Warning Signs of New Account Fraud
So, new account scammers might be draining your revenue without your knowledge. If it’s any consolation, though, fake signups come with reliable red flags that banks and merchants can be on the lookout for. These include:
Multiple Accounts Created From the Same IP/Device
Legitimate users will typically sign up for one account. After all, what’s the point of having two or more accounts?
Fraudsters, however, are playing a different game. For them, the more accounts they’re able to open, the more chances they’ll have to fly under the radar, bypass restrictions, and engage in illicit activities. That’s why scammers will often use one device or IP address to create several fake accounts at once. Doing so gives them more opportunities to participate in foul play and do harm to your business.
Geolocation Mismatches
Most legitimate account openings should occur in close proximity to the individual’s listed billing address.
By contrast, one telling indicator of a fraudulent signup is when an account is created in a region different from the address provided during account creation. Other times, fraudsters may use VPNs or proxy servers to mask their real location so as to appear legitimate and bypass fraud detection tools that flag access attempts from high-risk geographies.
Incomplete or Inconsistent Customer Data
Fraudsters rely on stolen or manufactured identities to open fraudulent accounts, so they may often have incomplete information about their victim. Other times, scammers may intentionally omit details so that they can cover their tracks. For example, when filling in account details, they may intentionally leave out their stolen identity’s full last name or zip code.
Unusual Purchasing Behavior From New Accounts
Fraudulent activities often differ dramatically from non-fraudulent ones in terms of both quantity and quality. That’s because scammers are trying to evade detection, while carrying out as much criminal activity as possible before they are caught.
As a result, scammers may make a large quantity of high-value purchases in a short amount of time, buy easily flippable items, or make identical purchases but have them shipped to different locations.
Use of Temporary or Disposable Emails and Phone Numbers
Email addresses and phone numbers make fraudsters more traceable, so scammers who create fake accounts may do so using fake, “burner” details instead.
Burner emails, for example, expire shortly after creation. This ensures that the bad actor’s primary email address remains unconnected from the fraudulent account activity, and thus makes it less likely that they’ll be caught.
SSN Mismatches
This one applies more specifically to banks, since merchants wouldn’t have access to an individual’s Social Security number.
Be suspicious of Social Security numbers that don’t match the identity on file with the bank or the three major credit bureaus. The same goes for Social Security profiles with odd aspects, such as references to two different applicants with no credit history.
How to Respond to New Account Fraud Attacks
You need to take a multilayered approach to new account fraud. If you suspect that a transaction might be a scam, take the following actions:
- 1. Freeze Suspicious Accounts: Temporarily disable accounts exhibiting signs of fraud to prevent further transactions while investigating.
- 2. Review & Reverse High-Risk Transactions: Audit transactions made by flagged accounts. Initiate reversals, refunds, or cancellations where appropriate to limit loss.
- 3. Notify Your Processor: Inform your payment processor about the incident. They may offer additional tools or freeze settlements for high-risk accounts.
- 4. Block Fraud Infrastructure: Blacklist IP addresses, email domains, and devices used in the attack. Consider velocity limits or CAPTCHA for high-risk regions or devices.
- 5. Monitor for Repeat Attacks: Keep a close eye on new accounts and transactions in the aftermath. Fraudsters often return with variations on the same tactics.
- 6. Analyze the Attack Pattern: Identify commonalities in fraudulent accounts. Use this data to strengthen fraud filters and block similar attempts.
- 7. Update Fraud Detection Rules: Tighten account creation rules based on what you learned, and adjust thresholds as needed for behavior-based alerts.
- 8. Audit & Patch Vulnerabilities: Review your sign-up and checkout processes for weaknesses. Ensure rate limiting, bot protection, and API security are in place and up to date.
