How to Prevent New Account Fraud
Kerry Coppinger
|Cyber Risks & Threats | August 19, 2022
There are many different types of fraud and malicious activities that take place on the internet. Some invalid traffic is driven by bots and automation tools, while other types are committed by malicious human users. One common type of fraud that resonates with consumers and businesses alike is new account fraud. Throughout this article, we will explain what this term means, why it occurs, and what businesses can do to protect themselves.
How is New Account Fraud defined?
New account fraud is the creation of profiles, accounts, or login details for malicious purposes. This can be committed on a singular basis by one human creating one or more fake accounts, but it can also be committed on a much larger scale in the form of an attack on a given website, app, or another forum.
What type of businesses does this impact?
Businesses that run on subscription models
These types of businesses are at risk of new account fraud because they typically require someone to sign up or enter their details in order to proceed with a subscription.
Businesses that are product-driven
Product-driven businesses are at risk because they often allow users to sign up for a free or discounted trial in order to drive mass adoption, rather than focusing only on revenue. This can be a good strategy, but it can also attract bad actors.
Businesses that offer promotions or incentives
When promotions or incentives are frequently offered to contacts in a company’s database, some malicious users may create several accounts just to have access to these benefits that they did not earn.
When we look at the bigger picture though, most businesses that operate online can be victims of new account fraud in one way or another since most businesses require their customers to provide some level of data or some information about themselves.
What are some reasons this type of fraud is committed?
Credit card validation
When someone steals a credit card, they might open new online profiles with the credit card credentials in order to test if the credit card is valid. Some companies ask for credit card details even before a purchase is made so these businesses can be particularly vulnerable to experiencing an influx of accounts created with stolen credit card information.
Abuse of promotions
Sometimes bad actors create an account under a different name or email than their own simply to take advantage of a promotion or special offer. In some cases, this person might already have a legitimate account, but decides to create another fake one in order to gain access to a coupon or discount that is provided to new users within a given time frame or with credentials different from their own.
Selling access to a platform or portal
Fraudsters can sometimes work in teams by creating fake accounts and then selling that information to other fraudsters. This is mutually beneficial because many malicious actors can take advantage of any benefits the account offers while also making a profit for themselves.
What damage does this cause?
The presence of fake accounts can cause businesses several critical issues. Discounts and promotions become wasted on fraudsters and revenue is lost, metrics are skewed because the amount of legitimate contacts in a database is inflated, and organizational efficiency is damaged as resources are wasted nurturing and marketing to these invalid users.
How can businesses prevent New Account Fraud?
A first step businesses can take is sifting through their database and identifying any accounts that appear to be duplicated. This can be done by checking for emails, IP addresses, names, or other credentials that repeat more than once in their system. If there appears to be multiple accounts attributed to one user, that user could be committing account fraud.
Another step businesses can take is updating their sign-up process. If the organization is currently only asking for limited details from each user and not verifying if that information is correct in any way, maybe it is time for them to consider adding a step to their process to filter out some bad actors.
While these steps are a good starting point, they are also quite time-consuming and do not guarantee the absence of all account fraud, and they run a risk of filtering out some real customers or false positives. For this reason, it is recommended to implement go-to-market security solutions in order to gain visibility into who is creating accounts on a company’s platform and block any malicious users when needed.