How DreamHost prevents new account fraud and multi-accounting
New Account Fraud
Cloud Services
250
USA
DreamHost is a web hosting provider that has been around for over 25 years providing services such as Wordpress and website hosting, domain registration, email services, and cloud hosting.
As a popular website and server host, DreamHost's primary fraud challenge is mitigating bad actors signing up for multiple accounts to make illegitimate purchases or utilize their service space for nefarious or illegal purposes. For example, if successful with their account creation, these bad actors could use DreamHost to execute spam campaigns or mine Bitcoin.
These use cases presented a challenge because some bad actors attempted to create multiple accounts — sometimes dozens of times. DreamHost tried to prevent this through a process that included manual reviews, but that takes time and may not catch every instance or spend time reviewing legitimate account signups.
Because of this and the gap in data to accurately identify visitors on a returning basis, especially when bad actors were using multiple IP addresses and credit cards, they were struggling to compete with the rise in multiple accounts.
DreamHost came to Fingerprint to solve that gap in accurate returning visitor identification. Fingerprint became a crucial step in their visitor identification process, offering a solution from traditional methods such as IP address and verified contact information.
With Fingerprint, they could identify visitors attempting to sign up for accounts even if they intentionally obfuscate their identity through false or stolen contact information, spoofed or distorted IP addresses, and stolen credit card information. Combining Fingerprint with their existing system meant strengthening their processes and limiting the friction for legitimate visitors looking to create an account.
"With Fingerprint, we're now able to really see an impact in the number of duplicate accounts we're able to detect. This reduces the need for heavy protections on legitimate signups and the need for manual reviews on signups."
- Calvin Schneider, VP of Data Science at DreamHost
Once DreamHost implemented Fingerprint, their main guidepost for success was detecting and identifying duplicate account signups or instances of multi-accounting. From there, they're now able to associate direct and indirect financial impact from being able to see those signups. In their updated process, Fingerprint provides a third, crucial layer of identification in addition to contact and payment information during the signup process, improving the successful identification of multiple signups, for good or not-so-good reasons.
Additionally, in an unexpected way, implementing Fingerprint shed light on a problem DreamHost was previously unaware of: referral bonus abuse. DreamHost realized that people were trying to sign up multiple times — sometimes even dozens of times to claim a referral bonus offered by DreamHost.
"I recommended the use of Fingerprint to the planning team based on my past usage with Fingerprint and their bot detection solution. In my past experience with Fingerprint, the implementation has been very easy, and the results were immediate — no malicious traffic ever since.
The documentation is easy to understand, whether you use the provided client libraries, or you need to consume the endpoints directly."
- Damian Nowak, VP of Software Development at DreamHost
Fingerprint proved an effective and powerful solution to thwart bad actors in several ways, including for nefarious purposes such as email spam campaigns or bonus abuse. They have reduced the manual effort previously required to check any suspicious sign-ups and can now streamline the manual review process for only the sign-ups flagged by their system as fraudulent.