New Account FraudHow Fraudsters Scam Banks & Merchants Using Fake Credit Profiles

December 26, 2022 | 11 min read

New Account Fraud

In a Nutshell

Gaining new customers is always a win – as long as they’re real customers, and not fraudsters hiding behind phony account profiles. New account fraud is a growing threat on this front, but is there any way for banks and merchants to protect themselves?

Merchants & Banks Are Being Threatened by New Account Fraud. Here’s How They Can Fight Back.

New customers are great… unless they’re not really customers at all, that is.

A new buyer purchasing hundreds of dollars worth of merchandise seems like a positive thing. It’s also natural to want to presume that the buyer in question is who they claim to be. But, if the buyer is using a newly-created online account, there’s a chance you’re dealing with a scammer

This could be an example of a fast-growing threat called new account fraud. If so, then the “customer” that appears so promising may be an imposter out to rob you blind.

Identifying new account fraud before the fact is challenging, but it’s not impossible. In this post, we look at how fake information is used to con merchants and financial institutions. We’ll explain how new account fraud works, and list a few red flags that may help with scam prevention.

What Is New Account Fraud?

New Account Fraud

[noun]/no͞o ● ə ● kount ● frôd/

New account fraud occurs when a fraudster adopts a false identity to create a new payment card account. This can occur at either the banking or the merchant level, with fraudsters using stolen or synthetic identities to secure new credit or debit cards.

Fraud in the eCommerce space is nothing new, of course. With new account fraud, however, even the most advanced anti-fraud tools may not be able to flag the buyer as phony.

Most fraud detection solutions verify shoppers using information on file with the issuing bank. Until the fraud is uncovered, the personal information on the new account is considered legit.

New account fraud is a third-party fraud tactic. In a new account attack, the scammer will use stolen information to create a new user profile and try to get a bank account. The fraudster then uses that account to make purchases. Once the fraud is eventually discovered, the merchant will be left holding the bag.

How Does New Account Fraud Work?

A new account scheme starts with a fake payment account that, for all intents and purposes, looks like the genuine article. The data used to create the account may be stolen, obtained through devious techniques such as phishing, or purchased off the dark web for pennies. The fraudster may attempt to impersonate an existing cardholder, or create a synthetic “Frankenstein” identity with bits swiped from multiple individuals. 

Once a new identity profile exists, it can be used to secure a payment card with either an issuing bank or a merchant. In some cases, the fraudster will open multiple accounts at different banks simultaneously. Using the newly acquired cards, the crook starts shopping (usually online, where customer validation tends to be more lax).

Fraudsters who engage in new account fraud know that the scam will eventually be detected. So, their goal is to max out the credit accounts and disappear before getting caught. Not surprisingly, new account creation fraud generally occurs within 90 days of securing a new card.

New account fraud incidents have been growing at an alarming rate recently. According to the Federal Trade Commission, fraud losses increased more than $5.8 billion from 2020 to 2021, representing a year-over-year jump of more than 70%.

But creating a fake identity and applying for new accounts can be a lot of work – especially when first-time credit limits tend to be comparatively low. How do crooks make it profitable?

FRAUD FACTS:

Some fraudsters use a variation of new account fraud known as “bust out” fraud. Instead of immediately maxing out cards, the criminal uses the faux account to build a credit rating, apply for additional credit cards, and increase their credit limits. They may wait months or years before “busting out” by spending all their available buying power and absconding.

Learn more about bust out fraud

A single incident will have limited ROI. That’s why scammers have found ways to scale their operations.

Most fraudulent account creation can be automated using easy-to-acquire bots. These can run thousands of potential ID combinations in a fraction of the time it would take a human to do so. Specifics from any viable identities can then be used to automatically apply for credit cards.

As with most other facets of AI-enabled technologies, microwork can fill the gaps when bots can’t conduct every facet of the process. Teams of human workers may be sitting in click farms in other countries or regions, getting paid a few cents for each application form they complete and submit on a scammer’s behalf.

Obviously, the work happens more slowly when humans are involved. But, despite all the developments in AI-based writing, bot-written applications still sound stilted and sterile in comparison.

Human writers, on the other hand, can add subtle shading and refinement to their work, so they may be better equipped to handle things like creating reviews or liking social media posts. In some instances, humans are used to test and tweak data that bots have deemed credible.

Who Pays for New Account Fraud?

Obviously, if a fraudster is making money, that money has to come from somewhere. In cases where an account was set up in a real person’s name, any purchases would go against that person’s credit history… At least until the valid user reports the scam.

That leaves either banks or merchants to foot the bill. Traditionally, fraud costs have been absorbed by financial institutions. But, with the increase in fraudulent activity – especially friendly fraud – bank liability is not a given. Certain circumstances may allow the bank to shift responsibility to the merchant.

New Account Fraud | Bank at Fault

In many cases, the fault will lie with the bank that issued the line of credit. Using the example we outlined above, if a fraudster creates a fake profile to secure a new account and line of credit, the bank would be held liable. They were unable to perform due diligence and detect the impersonator; as such, they bear responsibility for the losses.

New Account Fraud | Merchant at Fault

If a fraudster uses stolen cardholder credentials to create a fake profile on a merchant’s site, the retailer in question can be held liable. This depends on whether the bank can make a compelling case that the merchant should’ve been able to detect the new account scam. For instance, if the merchant fails to adhere to proper validation protocols, or makes transaction errors, the bank may initiate a chargeback to recover funds.

Fraud schemes are often aimed at consumers, but it is banks and merchants who end up footing the bill. Turn to the experts to protect your business.REQUEST A DEMO

Why Are We Seeing More New Account Fraud?

The simple answer: the internet. That’s obviously a little reductive, though. If we want to dig a little deeper, we see that there are three primary factors contributing to the problem:

Easy access to consumer data

According to one source, there are over 1,073,741,824 gigabytes of data stored in the cloud. A good chunk of that is the personal data of people who’ve signed up for subscriptions, loyalty programs, free offers, and so on. Naturally, most of that data is highly secured, but that doesn’t stop professional hackers from doing everything they can to get at it.

Even if secured information is never accessed, there’s plenty of data to be had. For example, most people don’t think about the personal information they post on social media. Names, birthdays, addresses, phone numbers, photos – any personal information can be scraped and used to try and create bogus accounts.

Easy access to credit

Applying for a loan used to require a huge amount of paperwork. And, it was almost all filled out by hand. Nowadays, applications can be submitted — and in some cases, even approved — online within seconds.

Lines of credit can be available to the applicant almost immediately. This is especially true of store-sponsored credit cards, where qualifications are less rigorous than those required by traditional lenders. One store card may not be worth much on its own, but it’s a good starting point to build credit for opening other new accounts.

The perfect getaway

The anonymity of the web means fraudsters can wreak havoc, then disappear without leaving a trail. There are a number of ways to hide or disguise identifying information, such as hidden proxy servers that conceal IP addresses. One of these can make the scammer appear to be in one location while committing fraud from a different country altogether. 

Plus, remember that the fraudsters will be hiding behind a false profile or pseudonym. That can make it almost impossible to find the criminal, let alone bring a case to trial. As long as computers and people are vulnerable to hacking (and they always will be), cybercriminals will be leveraging internet anonymity to ply their trade.

How to Identify New Account Fraud

New account fraud prevention requires identifying illegitimate accounts before they can be used for fraudulent purposes. Like chargeback fraud, however, most new account fraud won’t surface until days — or even weeks — after the transaction. This leaves fraudsters plenty of time to abandon the account and disappear.

That said, there are a few red flags to watch for that can help with detecting suspicious accounts. These include:

  • Social Security numbers that don’t match the identity on file with the bank or the three major credit bureaus.
  • Social Security profiles with odd aspects, such as references to two different applicants with no credit history.
  • Applicants who are unable to offer identity validation evidence that was issued more than a year ago.
  • Non-residential addresses such as P.O. boxes or mail drop locations, especially ones created recently.

None of these items, on their own, are proof that a new account is bogus. That said, any one of these should be enough to make banks or merchants take a second look at the account and potentially ask for additional identification, such as biometrics.

New account creation fraud can be a profitable enterprise, but fighting it alone can be a time-intensive endeavor that often offers a limited ROI. That’s why many merchants find it more profitable to partner with a full-service fraud and chargeback provider. To learn more, contact Chargebacks911® today.

FAQs

How does new account fraud work?

Cybercriminals use phishing or social engineering attacks to steal personal data, such as names, birthdays, and Social Security numbers, then open new bank, loan, or credit accounts using stolen or synthetic identities. The new accounts are then used to make fraudulent purchases.

How do you avoid new account fraud?

New account creation fraud can be hard to prevent, but more stringent customer verification using IP address checking, comparing information against profiles from other authorities, and using biometric identification can all help reveal potentially bogus accounts.

Can someone create a fake bank account?

Sort of. It’s more accurate to say that hackers create code that either goes through, or works around, bank security to grab personal information. This could be used by the cybercriminal to open an account, but is more often sold on the dark web.

In the US, federal identity validation mandates make it harder to create fake accounts. That said, there are actually apps that will allow users to create realistic fake accounts. Although these are marketed as pranks, thieves use them to steal from real bank accounts.

Why do fraudsters open bank accounts?

The accounts can be used to make illegitimate purchases or be used to build credit for a larger scam.

What are some red flags for fraudulent new accounts?

Spotting phony accounts isn’t an exact science, but banks or merchants can look for red flags like newly issued identification documentation (address, driver’s license, etc.). Other signs of suspicious activity include a lack of credit history, small initial purchases or cash deposits, or using mail drops instead of street addresses.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
Embed code has been copied to clipboard