Merchants & Banks Are Being Threatened by New Account Fraud. Here’s How They Can Fight Back.
New customers are great… unless they’re not really customers at all, that is.
A new buyer purchasing hundreds of dollars worth of merchandise seems like a positive thing. It’s also natural to want to presume that the buyer in question is who they claim to be. But, if the buyer is using a newly-created online account, there’s a chance you’re dealing with a scammer
This could be an example of a fast-growing threat called new account fraud. If so, then the “customer” that appears so promising may be an imposter out to rob you blind.
Identifying new account fraud before the fact is challenging, but it’s not impossible. In this post, we look at how fake information is used to con merchants and financial institutions. We’ll explain how new account fraud works, and list a few red flags that may help with scam prevention.
Recommended reading
- What is SIM Swapping Fraud & How Does It Work?
- The Top 5 Prepaid Card Scams to Watch Out For in 2024
- How do Banks Conduct Credit Card Fraud Investigations?
- Key Credit Card Fraud Statistics to Know for 2024
- Scammers See Opportunity as March Madness Begins
- Man-in-the-Middle Attacks: 10 Tips to Prevent These Scams
What Is New Account Fraud?
- New Account Fraud
New account fraud occurs when a fraudster adopts a false identity to create a new payment card account. This can occur at either the banking or the merchant level, with fraudsters using stolen or synthetic identities to secure new credit or debit cards.
[noun]/no͞o ● ə ● kount ● frôd/Fraud in the eCommerce space is nothing new, of course. With new account fraud, however, even the most advanced anti-fraud tools may not be able to flag the buyer as phony.
Most fraud detection solutions verify shoppers using information on file with the issuing bank. Until the fraud is uncovered, the personal information on the new account is considered legit.
New account fraud is a third-party fraud tactic. In a new account attack, the scammer will use stolen information to create a new user profile and try to get a bank account. The fraudster then uses that account to make purchases. Once the fraud is eventually discovered, the merchant will be left holding the bag.
How Does New Account Fraud Work?
A new account scheme starts with a fake payment account that, for all intents and purposes, looks like the genuine article. The data used to create the account may be stolen, obtained through devious techniques such as phishing, or purchased off the dark web for pennies. The fraudster may attempt to impersonate an existing cardholder, or create a synthetic “Frankenstein” identity with bits swiped from multiple individuals.
Once a new identity profile exists, it can be used to secure a payment card with either an issuing bank or a merchant. In some cases, the fraudster will open multiple accounts at different banks simultaneously. Using the newly acquired cards, the crook starts shopping (usually online, where customer validation tends to be more lax).
Fraudsters who engage in new account fraud know that the scam will eventually be detected. So, their goal is to max out the credit accounts and disappear before getting caught. Not surprisingly, new account creation fraud generally occurs within 90 days of securing a new card.
New account fraud incidents have been growing at an alarming rate recently. According to the Federal Trade Commission, fraud losses increased more than $5.8 billion from 2020 to 2021, representing a year-over-year jump of more than 70%.
But creating a fake identity and applying for new accounts can be a lot of work – especially when first-time credit limits tend to be comparatively low. How do crooks make it profitable?
Some fraudsters use a variation of new account fraud known as “bust out” fraud. Instead of immediately maxing out cards, the criminal uses the faux account to build a credit rating, apply for additional credit cards, and increase their credit limits. They may wait months or years before “busting out” by spending all their available buying power and absconding.
A single incident will have limited ROI. That’s why scammers have found ways to scale their operations.
Most fraudulent account creation can be automated using easy-to-acquire bots. These can run thousands of potential ID combinations in a fraction of the time it would take a human to do so. Specifics from any viable identities can then be used to automatically apply for credit cards.
As with most other facets of AI-enabled technologies, microwork can fill the gaps when bots can’t conduct every facet of the process. Teams of human workers may be sitting in click farms in other countries or regions, getting paid a few cents for each application form they complete and submit on a scammer’s behalf.
Obviously, the work happens more slowly when humans are involved. But, despite all the developments in AI-based writing, bot-written applications still sound stilted and sterile in comparison.
Human writers, on the other hand, can add subtle shading and refinement to their work, so they may be better equipped to handle things like creating reviews or liking social media posts. In some instances, humans are used to test and tweak data that bots have deemed credible.
Who Pays for New Account Fraud?
Obviously, if a fraudster is making money, that money has to come from somewhere. In cases where an account was set up in a real person’s name, any purchases would go against that person’s credit history… At least until the valid user reports the scam.
That leaves either banks or merchants to foot the bill. Traditionally, fraud costs have been absorbed by financial institutions. But, with the increase in fraudulent activity – especially friendly fraud – bank liability is not a given. Certain circumstances may allow the bank to shift responsibility to the merchant.
New Account Fraud | Bank at Fault
In many cases, the fault will lie with the bank that issued the line of credit. Using the example we outlined above, if a fraudster creates a fake profile to secure a new account and line of credit, the bank would be held liable. They were unable to perform due diligence and detect the impersonator; as such, they bear responsibility for the losses.
New Account Fraud | Merchant at Fault
If a fraudster uses stolen cardholder credentials to create a fake profile on a merchant’s site, the retailer in question can be held liable. This depends on whether the bank can make a compelling case that the merchant should’ve been able to detect the new account scam. For instance, if the merchant fails to adhere to proper validation protocols, or makes transaction errors, the bank may initiate a chargeback to recover funds.
Why Are We Seeing More New Account Fraud?
The simple answer: the internet. That’s obviously a little reductive, though. If we want to dig a little deeper, we see that there are three primary factors contributing to the problem:
How to Identify New Account Fraud
New account fraud prevention requires identifying illegitimate accounts before they can be used for fraudulent purposes. Like chargeback fraud, however, most new account fraud won’t surface until days — or even weeks — after the transaction. This leaves fraudsters plenty of time to abandon the account and disappear.
That said, there are a few red flags to watch for that can help with detecting suspicious accounts. These include:
- Social Security numbers that don’t match the identity on file with the bank or the three major credit bureaus.
- Social Security profiles with odd aspects, such as references to two different applicants with no credit history.
- Applicants who are unable to offer identity validation evidence that was issued more than a year ago.
- Non-residential addresses such as P.O. boxes or mail drop locations, especially ones created recently.
None of these items, on their own, are proof that a new account is bogus. That said, any one of these should be enough to make banks or merchants take a second look at the account and potentially ask for additional identification, such as biometrics.
New account creation fraud can be a profitable enterprise, but fighting it alone can be a time-intensive endeavor that often offers a limited ROI. That’s why many merchants find it more profitable to partner with a full-service fraud and chargeback provider. To learn more, contact Chargebacks911® today.
FAQs
How does new account fraud work?
Cybercriminals use phishing or social engineering attacks to steal personal data, such as names, birthdays, and Social Security numbers, then open new bank, loan, or credit accounts using stolen or synthetic identities. The new accounts are then used to make fraudulent purchases.
How do you avoid new account fraud?
New account creation fraud can be hard to prevent, but more stringent customer verification using IP address checking, comparing information against profiles from other authorities, and using biometric identification can all help reveal potentially bogus accounts.
Can someone create a fake bank account?
Sort of. It’s more accurate to say that hackers create code that either goes through, or works around, bank security to grab personal information. This could be used by the cybercriminal to open an account, but is more often sold on the dark web.
In the US, federal identity validation mandates make it harder to create fake accounts. That said, there are actually apps that will allow users to create realistic fake accounts. Although these are marketed as pranks, thieves use them to steal from real bank accounts.
Why do fraudsters open bank accounts?
The accounts can be used to make illegitimate purchases or be used to build credit for a larger scam.
What are some red flags for fraudulent new accounts?
Spotting phony accounts isn’t an exact science, but banks or merchants can look for red flags like newly issued identification documentation (address, driver’s license, etc.). Other signs of suspicious activity include a lack of credit history, small initial purchases or cash deposits, or using mail drops instead of street addresses.