Seeing an increase in new account creation can be exciting. After all, it could indicate that there's growing brand awareness and you're attracting new customers.
But that's not always the case. Sometimes, an extreme uptick in sign-ups could signal new account fraud — a common type of fraud that can result in significant financial losses and inaccurate customer data.
How do you prevent new account fraud and protect your businesses and your customers? Below, we'll look at new account fraud and how it's different from other forms of fraud. We'll also explore a few common types of new account fraud and offer some actionable prevention methods.
What is new account fraud?
New account fraud happens when a person creates multiple accounts, either with fake information or multiple identities, such as a second phone number or email address. Typically, they do this to exploit limited-time promotions or gain an unfair advantage.
It can also involve identity theft, where an imposter uses another person's information to open a new account (bank account, credit card, loan, etc.) without their consent or knowledge.
Fraudsters often use a combination of the victim's authentic data (like their Social Security number, date of birth, and name) and fake data (email address, phone number). Stolen identity fraud can result in significant financial losses for victims, from unpaid bills to damaged credit reports.
For businesses, new account fraud can cause financial losses, reputational damage, and significant customer trust issues. When fraudsters exploit customers’ stolen or fabricated identities, it leads to direct costs and operational strain. Failure to prevent fraud can result in regulatory penalties and legal risks, like hefty fines for non-compliance with KYC and AML laws, lawsuits from victims of identity theft (for failure to protect their information), and even license revocation (depending on your type of business).
New account fraud vs. identity theft
Identity theft is when a fraudster impersonates someone else and commits fraud using their identity. Creating multiple accounts isn’t automatically considered identity theft (unless the person creating the accounts is impersonating someone else). However, if creating multiple accounts involves using someone else's personal information, it is considered identity theft.
New account fraud vs. account takeover fraud
While new account fraud involves opening a new account with someone else’s information or with fake information, account takeover (ATO) fraud involves taking control of someone else’s existing account. The fraudster accesses the account by obtaining the victim’s login credentials or by manipulating security questions to reset passwords.
Once they control the account, they can:
- Access financial information like credit card and account numbers
- Change account information like mailing addresses and phone numbers
- Execute unauthorized transactions
- Transfer funds
- Make withdrawals
- Alter beneficiary information
Compared to new account fraud, ATO fraud can be harder to detect because it can be difficult to distinguish between legitimate and fraudulent login attempts if you don't have the right tools in place.
New account fraud vs. synthetic identity fraud
Synthetic identity fraud uses personal identifiable information (PII) to create a new false identity. It’s one of the fastest-growing financial crimes, with experts estimating its costs to be between $20 to $40 billion.
This type of fraud typically involves combining real and fake information to open fraudulent accounts or make fraudulent purchases. For example, fraudsters may use a real Social Security number and a phony name and street address to make it seem as though they're creating a legitimate account.
As you can see, there's an overlap between synthetic identity fraud and new account fraud. Both are forms of account creation fraud that rely on fake information. The difference is that synthetic identity fraud uses a combination of real and fake information. This isn't always the case for new account fraud, where a fraudster could use entirely fake information.
Common types of new account fraud
Before you can protect your business from fraud, you need to know what to look for. These are a few of the most common types of new account fraud that can significantly impact your business:
Multi-accounting
Multi-accounting occurs when one user creates and uses multiple accounts within a platform or system to gain unfair advantage or manipulate data or metrics.
For example, a user might create multiple accounts to cast more than one vote, skewing the results in their favor. Also, in an online game, a player might use multi-accounting to gain extra resources or advantages, distorting the game's balance and fairness.
Free trial fraud
Imagine developing an app and offering free one-week trials to encourage more subscriptions. But rather than pay the subscription fee when the trial period ends, some existing customers create new accounts with fake details to continue enjoying the “one-week” free trial.
This is free trial fraud.
Since you’re offering your services for free, the result can be financial losses. It can also make it challenging to determine the effectiveness of promotions or discounts in your marketing strategies, as it manipulates account registration data.
To mitigate financial losses from this type of fraud, companies can use services like Fingerprint to identify suspicious users who attempt to abuse free trials by creating multiple accounts or exploiting trial periods.
Coupon and promo abuse
Coupon and promo abuse happens when someone creates multiple accounts to exploit a coupon or promotion limited to one-time redemption (or once per individual account).
Say you offer new customers $50 off their first order. Fraudsters may create multiple accounts to enjoy the $50 off several times, rather than just once.
PayPal is one of the most notable victims of this type of fraud. In 2020, the fintech company began offering up to $10 for every new sign-up as part of its rewards and incentives program — problem was, fraudsters created bots to open multiple accounts to take advantage of the offer.
As with other types of new account fraud, coupon and promo abuse can impact profits and reduce the accuracy of marketing data. That means it's crucial to incorporate device intelligence solutions with advanced signals, like Fingerprint, into your operations.
3 ways to prevent new account fraud
You can help protect your business from new account fraud by using the following techniques and safeguards.
1. Use two- or multi-factor authentication
Implement MFA or 2FA at the account creation stage rather than just at log-in. Require users to confirm their identity during account creation through challenge questions, SMS 2FA, or SSO authentication through Apple iOS or Google. MFA can prevent an estimated 30–50% of security breaches, making this a must-have solution if you want to amp up your fraud prevention efforts. However, the downside is that it can cause additional friction for legitimate users, who may get frustrated.
To set up two- and/or multi-factor authentication as part of the account creation process:
- Select an authentication method: There are several options, including verification codes like one-time passwords (OTPs), biometric verification like facial or fingerprint recognition, and apps like Google Authenticator.
- Integrate authentication libraries and APIs: If you opt for OTPs, you can integrate your system with the Twilio Verify API to send customers verification codes via SMS messages.
- Set up 2FA or MFA: Include 2FA/MFA in your account creation process by asking customers to choose their preferred authentication method during account sign-up.
2FA/MFA helps prevent multi-accounting by adding an extra layer of identity verification, making it harder for users to create multiple accounts. It disrupts automated account creation by requiring real-time verification, which fraudsters can’t easily bypass. This increases the time and cost for fraudsters, which discourages the creation and management of multiple fraudulent accounts.
2. Implement a device intelligence solution
As security evolves, so do fraudsters' schemes. For example, they also have access to advanced bot technology, generative AI tools, and VPNs, which can make it easier for them to commit fraud.
So to combat them, you need to go beyond basic measures like password protection or even additional authentication steps and implement device intelligence solutions for fraud alerts. A device intelligence solution helps you better identify the physical devices responsible for fraud by monitoring signals that indicate multiple account creation attempts and suspicious user behavior.
For example, Fingerprint can identify devices during account creation workflows, helping you distinguish between the same user and new users. It works even if they're trying to conceal their identity with a VPN or incognito mode.
To maximize protection, choose a device intelligence solution that offers:
- Precision and accuracy in identifying fraudulent activities
- Adherence to data privacy and security regulations
- Real-time fraud detection
- VPN detection
- Device and browser fingerprinting
When you find a suitable option, integrate it into your application or website by getting the necessary API keys and following the documentation from your service provider. This requires technical know-how, so work with an experienced software developer or engineer.
3. Conduct regular audits to identify fraud trends
New account fraud is a growing problem, particularly for financial institutions that offer online banking or mobile banking. This is primarily due to the advanced mechanisms at fraudsters' disposal, like machine learning and AI-powered bots.
Conducting regular audits can help identify these mechanisms and stop suspicious activity before it impacts your processes. Educate your teams and establish processes for regularly auditing sign-ups for questionable trends, such as a sudden increase in new accounts or a surge in one specific region or location.
Consider implementing processes that limit users to one account per phone number or email, or take other steps, including:
- Reviewing documentation of all audits to identify trends.
- Updating your security protocols based on findings from the audits.
- Updating blocklists with details of known fraudulent accounts.
Enhance security with Fingerprint
New account fraud is a prevalent problem that can result in significant financial losses and inaccurate client data. To protect your business, start by implementing 2FA/MFA in the account creation process. Then, leverage device intelligence solutions to identify users who may try to conceal their identities, and conduct regular fraud audits to stay one step ahead of fraudsters’ new tactics.
Fingerprint can help prevent new account fraud (and other types of fraud) by accurately identifying all visitors who attempt to sign up for your service. Our unique visitor identifier uses advanced signals to detect dangerous bots, tampered browsers, and more, and works even when fraudsters use incognito mode or VPNs.
With Fingerprint, you can prevent fraudsters from creating multiple accounts and unfairly using your service, offer, or application — protecting your data and your bottom line. Curious to see how it works? Contact us today for a personalized demo.
FAQ
Usually, creating multiple accounts isn't considered fraud unless it's done with fraudulent intent. For example, creating multiple accounts to obtain more than one trial period on a streaming service or exploiting a promotion can be considered fraudulent.
However, one person can have multiple email accounts with the same email service, and that's not considered fraud. However, creating multiple accounts to impersonate or attack someone is fraud, especially if it involves identity theft and financial transactions.
This is a gray area. Some companies might have terms and conditions stating that only one account per person is permitted, and if someone is found to have multiple accounts, they might be banned from using their services.
However, creating multiple accounts for discounts is okay as long as it's within the website's rules and regulations.
In terms of emerging trends, fraudsters are continually developing new methods to commit new account fraud. For instance, they’re increasingly using artificial intelligence and machine learning to carry out sophisticated attacks.
On the other hand, businesses are also leveraging these technologies to enhance their fraud detection capabilities. Companies need to stay up-to-date with the latest trends in both fraud tactics and prevention methods to protect themselves (and their customers).