Did you know that a popular online trading platform lost $2 million to scammers who took advantage of the company’s offer to loan $5,000 to new account holders for immediate investment?
When banks and fintechs digitally onboard new customers, they often have to decide within seconds whether that customer is legitimate or a fraudster. Guessing wrong carries high stakes, including financial losses and compliance risks. So how can they quickly spot bad actors trying to open fraudulent new accounts?
This post discusses what new account fraud is, how it’s carried out, its consequences, and the strategies that can help banks and fintechs make split-second risk judgments to keep sign-ups smooth and efficient for good customers.
What is new account fraud?
New account fraud happens when someone creates multiple accounts, either with multiple identities, such as a second phone number or email address, or simply fake information. The fraudster uses these accounts to take repeated advantage of sign-up bonuses, abuse refund policies, manipulate sentiment through false reviews, or take out several fraudulent loans, among other reasons.
New account fraud differs from an account takeover (ATO) attack, which involves using stolen credentials to log in to someone’s existing account.
What is new account fraud in fintech?
In the financial sector, new account fraud is the act of creating one or multiple accounts under false pretenses to deceive a bank or financial services provider. For fraudsters, creating fraudulent accounts is a relatively low-risk, high-reward way to get access to money they shouldn’t have, and less complicated and detectable than an account takeover attack.
According to TransUnion’s 2024 State of Omnichannel Fraud Report, the account creation process is one of the highest risk steps in the customer journey for businesses, which have to walk a tightrope between risk and consumer patience. A survey from research firm ABBYY found that one in four customers abandons the online sign-up process for a bank account due to how long it takes, so these institutions must make very important decisions very quickly.
Why banks and fintechs are prime targets for new account fraud
Banks and fintechs are, of course, attractive to fraudsters because that’s where the money is, literally. Additionally, fraud technology is evolving to a point where even less experienced fraudsters can target financial institutions. There are several major trends driving that evolution:
- Generative AI is making it easier than ever to create difficult-to-detect false identity documents.
- Hackers are selling huge quantities of stolen credentials on the dark web.
- Sophisticated bots can sign up for many accounts simultaneously, maximizing successful account creation using false or stolen credentials.
- As companies get better at detecting ATO attacks, fraudsters are increasingly turning to new account fraud as an easier way to gain access they shouldn’t have.
This expanded access to the tools needed to successfully commit fraud has also changed the demographics of who is perpetrating it: A 2023 FBI report found that teenagers and young adults are increasingly driving fraud attacks, especially after the pandemic. Historically, fraud was more often perpetrated by adults in their 30s and 40s.
Common tactics fraudsters use to create fake accounts
With these factors making new account fraud more appealing than ever, what are the ways fraudsters use false personas to try to steal from banks and fintechs? There are three main ones: synthetic identity fraud, traditional identity theft, and fake business fraud.
Synthetic identity fraud
Around 80% of new account fraud is attributable to synthetic identity fraud. This tactic typically involves combining real and fake information to open bogus accounts or make fraudulent purchases. For example, fraudsters may use a real Social Security number and a phony name and street address to make it seem as though they're creating a legitimate account.
Traditional identity theft
While synthetic identity theft involves using some details from a real person to create an entirely new identity, traditional identity theft uses an existing person’s identity. The fraudster poses as this person when opening a new account. This type of fraud is more detectable than synthetic identity fraud and therefore less popular.
Business loan fraud
In many jurisdictions, it’s very easy to open a business. In the U.S., for example, several states do not require any proof of identification to set one up. The lax rules make it an attractive way for fraudsters to try to take out business loans, which often have higher limits than personal loans. When the fake business defaults on the loan, it can be difficult to trace the identity of the fraudster.
The impact of new account fraud on banks and fintechs
As mentioned earlier, a popular online trading platform lost $2 million over the course of four years to scammers who took advantage of the company’s offer to loan $5,000 to new account holders for immediate investment. The scammers took the money through straw man accounts and defaulted on the loans.
While this shows how expensive new account fraud can be for fintechs just in terms of monetary losses, the consequences for financial organizations stretch farther than that. Some of the other impacts that new account fraud has on fintechs and banks include:
- KYC and AML risks: High levels of new account fraud can pose Know Your Customer (KYC) and anti-money laundering (AML) compliance risks, because fake accounts are an attractive vehicle for money laundering.
- Reputational risks: Banks and fintechs that become associated with fraud may lose business from current and potential customers wary of doing business with them.
- Restricted growth: Some fintechs or banks may decline to expand into certain markets or cut back on the number of loans they offer due to fraud.
- Lost time and resources: Time spent anticipating and addressing fraud is not spent on other parts of the business.
Given all these impacts, it’s no surprise that, in a 2024 survey of executives conducted by FIS and Oxford Economics, fintech leaders estimated that fraud (all types) costs them an average of $21.6 million annually.
Prevention strategies and best practices
While fake account creation is a complex and formidable challenge, there’s plenty that fintechs can do to fight back. Some are well established, such as the use of multi-factor authentication (MFA) to make it harder to impersonate real people by asking for additional verification. Increasingly, many banks and fintechs are also using machine learning programs to detect anomalous behavior during the sign up process.
Financial organizations can also use blocklists, either ones they build or ones maintained by third-party companies, to keep out known offenders. This approach, however, often assumes fraudsters will use the same IP address or credentials they used previously. Sophisticated bad actors can easily get around these types of blocks.
Having a comprehensive device intelligence platform is one of the most accurate ways to identify suspicious behavior in real time. It provides the ability to spot when data doesn’t match the information a user provides, such as location. It can also help spot likely bots or agents, as well as things like whether the sign up is being attempted through a headless browser or a jailbroken device. And for fraudsters who attempt to come back and open more accounts with the same device, fingerprinting allows you to recognize a returning device even if the fraudster presents new credentials.
How device intelligence supports fintech fraud detection
Device intelligence is most useful when it is as accurate as possible. Fingerprint can provide you with industry-leading accuracy to identify devices used to sign up for your service, and it works even when fraudsters use incognito mode or VPNs. We use 100+ advanced signals to distinguish one device from among billions of others and assign it a unique visitor identifier. Our Smart Signals further enhance the accuracy of the visitor identifier while enabling you to detect dangerous bots, tampered browsers, and more.
Curious to see how Fingerprint works? Contact our sales team or start a 14-day free trial of our Pro Plus plan today.
