Seeing an increase in new account creation can be exciting. After all, it could indicate that there's growing brand awareness and you're attracting new customers.

But that's not always the case. Sometimes, an extreme uptick in sign-ups could signal new account fraud — a common type of fraud that can result in significant financial losses and inaccurate customer data.

How do you prevent new account fraud and protect your businesses and your customers? Below, we'll look at new account fraud and how it's different from other forms of fraud. We'll also explore a few common types of new account fraud and offer some actionable prevention methods.

What is new account fraud?

New account fraud happens when a person creates multiple accounts, either with fake information or multiple identities, such as a second phone number or email address. Typically, they do this to exploit limited-time promotions or gain an unfair advantage.

It can also involve identity theft, where an imposter uses another person's information to open a new account (bank account, credit card, loan, etc.) without their consent or knowledge.

Fraudsters often use a combination of the victim's authentic data (like their Social Security number, date of birth, and name) and fake data (email address, phone number). Stolen identity fraud can result in significant financial losses for victims, from unpaid bills to damaged credit reports.

For businesses, new account fraud can cause financial losses, reputational damage, and significant customer trust issues. When fraudsters exploit customers’ stolen or fabricated identities, it leads to direct costs and operational strain. Failure to prevent fraud can result in regulatory penalties and legal risks, like hefty fines for non-compliance with KYC and AML laws, lawsuits from victims of identity theft (for failure to protect their information), and even license revocation (depending on your type of business).

New account fraud vs. identity theft

Identity theft is when a fraudster impersonates someone else and commits fraud using their identity. Creating multiple accounts isn’t automatically considered identity theft (unless the person creating the accounts is impersonating someone else). However, if creating multiple accounts involves using someone else's personal information, it is considered identity theft.

New account fraud vs. account takeover fraud

While new account fraud involves opening a new account with someone else’s information or with fake information, account takeover (ATO) fraud involves taking control of someone else’s existing account. The fraudster accesses the account by obtaining the victim’s login credentials or by manipulating security questions to reset passwords. 

Once they control the account, they can: 

• Access financial information like credit card and account numbers
• Change account information like mailing addresses and phone numbers
• Execute unauthorized transactions
• Transfer funds
• Make withdrawals
• Alter beneficiary information

Compared to new account fraud, ATO fraud can be harder to detect because it can be difficult to distinguish between legitimate and fraudulent login attempts if you don't have the right tools in place.

New account fraud vs. synthetic identity fraud

Synthetic identity fraud uses personal identifiable information (PII) to create a new false identity. It’s one of the fastest-growing financial crimes, with experts estimating its costs to be between $20 to $40 billion. 

This type of fraud typically involves combining real and fake information to open fraudulent accounts or make fraudulent purchases. For example, fraudsters may use a real Social Security number and a phony name and street address to make it seem as though they're creating a legitimate account. 

As you can see, there's an overlap between synthetic identity fraud and new account fraud. Both are forms of account creation fraud that rely on fake information. The difference is that synthetic identity fraud uses a combination of real and fake information. This isn't always the case for new account fraud, where a fraudster could use entirely fake information. 

Common types of new account fraud

Before you can protect your business from fraud, you need to know what to look for. These are a few of the most common types of new account fraud that can significantly impact your business:

Multi-accounting

Multi-accounting occurs when one user creates and uses multiple accounts within a platform or system to gain unfair advantage or manipulate data or metrics.

For example, a user might create multiple accounts to cast more than one vote, skewing the results in their favor. Also, in an online game, a player might use multi-accounting to gain extra resources or advantages, distorting the game's balance and fairness.

Free trial fraud

Imagine developing an app and offering free one-week trials to encourage more subscriptions. But rather than pay the subscription fee when the trial period ends, some existing customers create new accounts with fake details to continue enjoying the “one-week” free trial. 

This is free trial fraud. 

Since you’re offering your services for free, the result can be financial losses. It can also make it challenging to determine the effectiveness of promotions or discounts in your marketing strategies, as it manipulates account registration data.

To mitigate financial losses from this type of fraud, companies can use services like Fingerprint to identify suspicious users who attempt to abuse free trials by creating multiple accounts or exploiting trial periods.

Coupon and promo abuse

Coupon and promo abuse happens when someone creates multiple accounts to exploit a coupon or promotion limited to one-time redemption (or once per individual account).

Say you offer new customers $50 off their first order. Fraudsters may create multiple accounts to enjoy the $50 off several times, rather than just once. 

PayPal is one of the most notable victims of this type of fraud. In 2020, the fintech company began offering up to $10 for every new sign-up as part of its rewards and incentives program — problem was, fraudsters created bots to open multiple accounts to take advantage of the offer.

As with other types of new account fraud, coupon and promo abuse can impact profits and reduce the accuracy of marketing data. That means it's crucial to incorporate device intelligence solutions with advanced signals, like Fingerprint, into your operations. 

3 ways to prevent new account fraud

You can help protect your business from new account fraud by using the following techniques and safeguards.

1. Use two- or multi-factor authentication

Implement MFA or 2FA at the account creation stage rather than just at log-in. Require users to confirm their identity during account creation through challenge questions, SMS 2FA, or SSO authentication through Apple iOS or Google. MFA can prevent an estimated 30–50% of security breaches, making this a must-have solution if you want to amp up your fraud prevention efforts. However, the downside is that it can cause additional friction for legitimate users, who may get frustrated. 

To set up two- and/or multi-factor authentication as part of the account creation process:

1. Select an authentication method: There are several options, including verification codes like one-time passwords (OTPs), biometric verification like facial or fingerprint recognition, and apps like Google Authenticator. 
2. Integrate authentication libraries and APIs: If you opt for OTPs, you can integrate your system with the Twilio Verify API to send customers verification codes via SMS messages. 
3. Set up 2FA or MFA: Include 2FA/MFA in your account creation process by asking customers to choose their preferred authentication method during account sign-up.

2FA/MFA helps prevent multi-accounting by adding an extra layer of identity verification, making it harder for users to create multiple accounts. It disrupts automated account creation by requiring real-time verification, which fraudsters can’t easily bypass. This increases the time and cost for fraudsters, which discourages the creation and management of multiple fraudulent accounts. 

2. Implement a device intelligence solution

As security evolves, so do fraudsters' schemes. For example, they also have access to advanced bot technology, generative AI tools, and VPNs, which can make it easier for them to commit fraud. 

So to combat them, you need to go beyond basic measures like password protection or even additional authentication steps and implement device intelligence solutions for fraud alerts. A device intelligence solution helps you better identify the physical devices responsible for fraud by monitoring signals that indicate multiple account creation attempts and suspicious user behavior. 

For example, Fingerprint can identify devices during account creation workflows, helping you distinguish between the same user and new users. It works even if they're trying to conceal their identity with a VPN or incognito mode.

To maximize protection, choose a device intelligence solution that offers:

• Precision and accuracy in identifying fraudulent activities
• Adherence to data privacy and security regulations
• Real-time fraud detection 
• VPN detection
• Device and browser fingerprinting

When you find a suitable option, integrate it into your application or website by getting the necessary API keys and following the documentation from your service provider. This requires technical know-how, so work with an experienced software developer or engineer. 

3. Conduct regular audits to identify fraud trends

New account fraud is a growing problem, particularly for financial institutions that offer online banking or mobile banking. This is primarily due to the advanced mechanisms at fraudsters' disposal, like machine learning and AI-powered bots.    

Conducting regular audits can help identify these mechanisms and stop suspicious activity before it impacts your processes. Educate your teams and establish processes for regularly auditing sign-ups for questionable trends, such as a sudden increase in new accounts or a surge in one specific region or location. 

Consider implementing processes that limit users to one account per phone number or email, or take other steps, including:

• Reviewing documentation of all audits to identify trends.
• Updating your security protocols based on findings from the audits.
• Updating blocklists with details of known fraudulent accounts.

Enhance security with Fingerprint

New account fraud is a prevalent problem that can result in significant financial losses and inaccurate client data. To protect your business, start by implementing 2FA/MFA in the account creation process. Then, leverage device intelligence solutions to identify users who may try to conceal their identities, and conduct regular fraud audits to stay one step ahead of fraudsters’ new tactics. 

Fingerprint can help prevent new account fraud (and other types of fraud) by accurately identifying all visitors who attempt to sign up for your service. Our unique visitor identifier uses advanced signals to detect dangerous bots, tampered browsers, and more, and works even when fraudsters use incognito mode or VPNs. 

With Fingerprint, you can prevent fraudsters from creating multiple accounts and unfairly using your service, offer, or application — protecting your data and your bottom line. Curious to see how it works? Contact us today for a personalized demo.