New Account Fraud
Prevent bots from creating new fake user accounts and protect your site and infrastructure from fraud and abuse
What is new account fraud and how does it operate?
The process of creating a new account for a service, software, or store is designed to be a relatively frictionless process. Attackers take advantage of the ease of the process, using fake or stolen identities to create hundreds or thousands of new user accounts for future use.
This practice can be overlooked, as the creation of new accounts is a positive metric. Attacker can use these accounts to abuse your marketing promotions, validate stolen credit card information, make fraudulent transactions, or sell them to another cybercriminal.
Common use cases
Stolen Credit Card ValidationFake accounts can be used to test stolen credit card information to see if the card still works
Promotion AbuseNew fake accounts are created to take advantage of welcome offers, promotions, or incentives for resale or financial gain
Selling Unauthorized AccessFraudsters will also create new accounts to sell to other cybercriminals interested in accessing your platform
4.5 million PayPal accounts were found to be completely fake, created by bots to take advantage of the free cash “welcome incentive” for new accounts. The discovery contributed to one of the company’s largest stock plummets.
What are the threats to
the Go-to-Market Operation?
- Fake traffic creating new accounts at scale affects your new customer acquisition budget and taxes your infrastructure, potentially decreasing the user experience for real customers.
- The activity on fraudulently created new accounts skews your data, analytics and measurement of KPIs, presenting you with a false picture of your marketing and business performance.
- Fake accounts open your site to risk of hosting and processing stolen credit card information, allowing fraudulent transactions, and being used as an entrypoint for additional cybercrime.
Secure your site from new account fraud
CHEQ provides of layer of visibility over all bots and fake users, testing each visitor with over 2000+ cybersecurity challenges and automatically blocking malicious traffic.