Did you use to google if a certain retail store was available to shop online? Ah, the simple times when browsing and actually seeing the items on their shelves were convenient. Now, the concept of convenience has transformed, opening new doors for businesses to sell their products and services in the digital sphere.
Fintech apps, crypto exchanges, NFTs, tokenization, and all the other buzzwords that fall into this category have changed how users think. While some might think balancing security and user experience is another cliche, practice shows otherwise. The rise of AI has come in a bundle with deepfakes, synthetic identities, and a heavy bag of other types of fraud.
So having a straightforward onboarding process isn’t enough — it opens a portal for fraudsters to create new accounts and damage your business reputation. That’s why new customers don’t automatically count as a win unless you make sure to create a bulletproof account opening process.
How? We discuss the best ways to detect and prevent new account fraud below.
What is New Account Fraud?
New account fraud is a criminal act where an account, like a user profile on an online banking platform, is established using either falsified identification or stolen information. Fraudsters might even blend genuine and counterfeit details, making tracking and preventing the crime complicated.
Fraudsters often use a fake identity to create a new payment card account. This happens either at the banking or the merchant level, with fraudsters using stolen or synthetic identities to secure new credit or debit cards. New account fraud often happens within the first 90 days after the account’s creation. Fraudsters start with small deposits in order not to get caught easily.
Fraudsters also engage in other criminal activities, which include tactics like social engineering, phishing, or ATO fraud to take out loans, conduct insurance fraud, or engage in illegal black market activities.
What is the Step-By-Step Process of an Account Origination Attack?
An account origination attack aims to get the fraudster access to systems, services, or benefits that are typically offered to legitimate users. Often, the credit card account or another type of online account already exists and belongs to another person.
The difference between new account fraud is that the account can be created from scratch, whereas here, the fraudster gathers information about the victim, creating a fake identity.
These steps illustrate the process of an account origination attack:
- The fraudster collects data about their victim.
- They then build a fake identity based on the gathered data conducting identity theft or synthetic identity fraud.
- The fraudster finds a bank or another financial institution to set up a new account and gain access to their services.
- The fraudster is now able to continue their plan to benefit from further crimes, including unauthorized transactions, loan applications, etc.
Top 5 Red Flags of New Account Fraud for Financial Institutions
Unfortunately, you can lose millions due to new account fraud. While it might appear that criminals are in charge sometimes, rest assured that there are certain strategies to counter account opening fraud.
Of course, the key factor lies in verifying customer identities during the application process. However, that’s not the only thing that matters in preventing new account fraud.
Here’s a brief compilation of the top red flags that suggest possible fraud:
1. Inconsistencies Between the Address on Applications and IDs
If there’s a mismatch between the address stated on the user’s application and the address indicated on the provided ID document, it’s a sign of fraud. In an attempt to avoid being caught, the scammer often supplies their own address or a real mail drop address in the application. This strategy prevents the victim from receiving any notifications regarding the new account.
Tip: To ensure effective detection, it’s crucial that the address on the presented ID always corresponds with the address provided in the new account application unless the account holder has recently moved and can substantiate the change of address with valid proof.
2. Suspicious Email Addresses
Due to accessibility and convenience, new account fraud is more likely to happen online than in a physical banking branch. Often, scammers use identity theft victims’ credentials except skip the email part. That’s why it’s important not to only verify the user’s name and address info, but also to check their email information.
Tip: Look for red flags, such as email addresses that cannot be confirmed, email addresses that the victims have never used previously, or identical email addresses applied across multiple new account requests.
3. Older Individuals Without Proper Financial Records
Let’s get this straight. If someone older than this age attempts to initiate an account opening, and you’re unable to locate any financial history associated with them, there’s a huge possibility that they could be a fraudster trying to commit new account fraud.
Tip: Always verify a person’s age and assess the risks associated with this data. When a person reaches the age of 25, there should be a record of their financial transactions either on their credit bureau report or at other banks.
4. Deposits of Fraudulent Checks
Scammers often try to artificially boost the balance in their newly created accounts by depositing fake checks. They use stolen, forged, and counterfeit checks, as well as checks drawn from fraudulent accounts held at other financial institutions.
The same principle goes for withdrawals. New account fraud also often revolves around executing withdrawals right after making deposits. By the time the deposited check is eventually returned to your bank, the fraudster has vanished with their funds, leaving you with an account that’s been overdrawn.
Tip: Screening and ongoing monitoring is a must. Since scammers often refrain from making deposits right after opening the new accounts to prevent detection, checking transactions means that your due diligence doesn’t stop at the onboarding stage.
5. Making Deposits Just Before the Holidays
In a fraudster’s mind, holidays are another opportunity to commit a crime. That’s why scammers use this opportunity to extend the period during which they can exploit fraudulent deposits. They commit new account fraud on bank holidays and make these deposits on Fridays or Saturdays. This strategic timing gives fraudsters enough time to execute withdrawals before the deposited checks are eventually processed and returned.
Tip: Always analyze the timestamps of deposits to identify suspicious patterns around holidays. Depending on the risk level, you can customize the KYC verification flow and add additional verification steps for withdrawals close to holiday-related deposits.
What Industries are Affected Most by New Account Fraud?
Financial institutions, online banks, iGaming websites, dating platforms, and e-commerce sites are only a few of the industries affected by new account fraud. In general, fraudsters target high-end products or high-risk financial institutions most because of the prize they potentially can get. The higher the financial risk, the better the reward for the criminal. That’s why criminals target services or products that have easy movement of funds or offer credit.
Keep in mind that new account fraud can be conducted either manually or through bots. Fraudsters use this technique to get their chances up. However, no matter the tactics used, new account fraud means that businesses lose their brand’s reputation, which is a horror chain of lost customers as well as revenue.
What Methods Do Scammers Use to Conduct New Account Fraud?
New account fraud works as a third-party fraud tactic at times when a criminal signs up on an online platform posing as someone else. Once the new account exists, it can be used to secure a payment card or multiple bank accounts at different financial institutions at the same time. Criminals use these accounts for their online purchases, often where security is less strict.
Here are the primary methods through which a new account scheme can be started:
- Creating a fake payment account. That means a fraudster designs a counterfeit payment account that, on the surface, appears authentic. The information can be fabricated from stolen data, which is accessed through methods like phishing or purchased from the dark web.
- Using a stolen identity. This works if a fraudster creates a new account posing entirely as a different person. Typically, identity theft doesn’t happen overnight, which means the fraudster collects details about their target for days and proceeds to establish an account using this forged identity.
- Using a “Frankenstein” identity. This is another term for the mentioned synthetic identity fraud. With this goal of financial deception, fraudsters aim to combine genuine and fabricated information to build legitimate identities and open accounts. In the past few years, synthetic identity fraud has been named the fastest-growing type of identity fraud in the world.
Scammers are aware that financial institutions always keep an eye on new account activity. They’re obliged to assess customer profiles as part of KYC compliance protocols. As a result, fraudsters sometimes use their accounts in a lawful manner until they think the bank’s scrutiny has been botched. Once they feel they have gained the bank’s trust, they will slowly begin to initiate fraudulent transactions.
Who is Obligated to Cover the Losses of New Account Fraud?
When the fraudster empties the bank accounts under their fake persona, you know they’re making money. But it has to come from somewhere.
If the new account were created using a real person’s identity, all purchases would impact that individual’s credit history. This situation persists until the actual account holder detects the fraudulent activity and reports it. At this point, either the bank or the merchant needs to take responsibility and pay for the fraud.
There are two possible scenarios:
- The bank takes responsibility and covers the fraud damages due to being unable to perform due diligence and detect the fraud in time.
- The merchant is held reliable, defending if they fail to comply with validation procedures or make transaction errors, the bank is able to request chargebacks.
Normally, banks have been the ones paying for it. But now, as fraudsters are getting more intense, banks might not always have to pay. Sometimes, the bank can make the store pay instead.
How to Detect New Account Fraud?
Effective new account fraud detection means that you are able to identify inauthentic accounts that can be used for illegal activity. This is an easy task on paper because, similarly to chargeback fraud, new account fraud can last for weeks or months before the fraudster is caught. Sometimes, they are quick enough to abandon the account and disappear with their purchases.
Here are some new account fraud indicators to keep an eye out for:
- Lack of valid identity proof. Applicants who cannot provide identity validation evidence issued over a year ago might attempt to hide their true identity, definitely raising suspicions of potential fraud.
- Unusual social security profiles. Pay attention to profiles that exhibit unusual traits, such as references to two different applicants with no credit history. These anomalies might be signs of new account fraud.
- Inconsistent social security numbers. Be aware of SSNs that don’t match the identity provided by the individual or the information on file with the bank and major credit bureaus.
- Non-residential addresses. Keep an eye on accounts that list non-residential addresses like P.O. boxes or recently established mail drop locations. These choices for contact information could be a sign of fraud.
Implementing robust identity validation processes and staying up-to-date with the latest fraud detection technologies will further enhance your defense against illicit activities, including new account fraud.
Stopping New Account Fraud With Automated Tools
Effective fraud prevention starts with integrating robust identity verification measures.
In general, this process of verifying identities can include multiple stages, including:
- Verifying government-issued ID documents (Identity Verification);
- Cross-referencing utility bills (Address Verification);
- Assigning a fraud risk score based on the user’s activity online (Fraud Scoring);
- Checking their IP address to detect potentially fraudulent activity (Proxy Detection);
- Screening their phone number to see if it was previously used for fraud (Phone Verification);
- Searching for negative news about that person (Adverse Media Screening).
Large data volumes require automated tools. And the best part is that iDenfy has all the fraud prevention tools that you need in one place. Our identity verification solution is backed with liveness detection technology and an entire in-house KYC specialist team that manually double-checks each verification result.