Finding a reliable, customer-friendly way to protect your business against new account fraud is vital to surviving in today’s digital-driven economy. Not only can ignoring the problem cause you to lose valuable money and client goodwill, but implementing the wrong solutions can lead to onboarding issues that drive away potential customers.
The Experian® 2023 Identity and Fraud Report revealed that nearly 70 percent of businesses reported fraud loss in recent years, with many of these involving new account fraud. At the same time, problems with onboarding caused 37 percent of consumers to drop off and take their business elsewhere.
In other words, your customers want protection, but they aren’t willing to compromise their digital experience to get it. You need to find a way to meet both these needs when combating new account fraud.
What is new account fraud?
New account fraud occurs any time a bad actor creates an account in your system utilizing a fake or stolen identity. This process is referred to by different names, such as account takeover fraud, account creation fraud, or account opening fraud.
Examples of some of the more common types of new account fraud include:
- Synthetic identity (ID) fraud: This type of fraud occurs when the scammer uses a real, stolen credential combined with fake credentials. For example, they might use someone’s real Social Security number combined with a fake email.
- Identity theft: In this case, the fraudster uses personal information they stole to create a new scam account.
- Fake identity: With this type of fraud, scammers create an account with wholly fake credentials that haven’t been stolen from any particular person.
New account fraud may target individuals, but the repercussions spill over to impact entire organizations. In fact, many scammers utilize bots to attempt to steal information or create fake accounts en masse, upping the stakes even more.
How does new account fraud work?
New account fraud begins at a single weak security point, such as:
- Data breaches: The Bureau of Justice reported that in 2021 alone, 12 percent of people ages 16 or older received notifications that their personal information was involved in a data breach.1
- Phishing scams: The fraudster creates an email or social media account that pretends to be from a legitimate organization or person to gain confidential information.2
- Skimmers: These are put on ATMs or fuel pumps to steal credit or debit card information.2
- Bot scrapers: These tools scrape information posted publicly on social media or on websites.2
- Synthetic ID fraud: 80 percent of new account fraud is linked to synthetic ID fraud.3 The scammer just needs one piece of legitimate information. If they have a real Social Security number, they might combine it with a fake name and birth date (or vice versa.)
After the information is stolen, the rest of the fraud takes place in steps. The fake or stolen identity might first be used to open a new account, like a credit card or a demand deposit account. Over time, the account establishes a credit history until it can be used for higher-value targets, like loans and bank withdrawals.
How can organizations prevent new account fraud?
Some traditional methods used to combat new account fraud include:
- Completely Automated Public Turing Tests (CAPTCHAs): These tests help reduce bot attacksthat lead to data breaches and ensure that individuals logging into your system are actual people.
- Multifactor authentication (MFA): MFA bolsters users’ password protection and helps guard against account takeover. If a scammer tries to take over an account, they won’t be able to complete the process.
- Password protection: Robust password managers can help ensure that one stolen password doesn’t lead to multiple breaches.
- Knowledge-based authentication: Knowledge-based authentication can be combined with MFA solutions, providing an additional layer of identity verification.
- Know-your-customer (KYC) solutions: Businesses may utilize KYC to verify customers via government IDs, background checks, ongoing monitoring, and the like.
- Additional protective measures may involve more robust identity verification behind the scenes. Examples include biometric verification, government ID authentication, public records analysis, and more.
Unfortunately, these traditional protective measures may not be enough, for many reasons:
- New account fraud is frequently being perpetrated by bots, which can be tougher to keep up with and might overwhelm systems.
- Institutions might use multiple security solutions that aren’t built to work together, leading to overlap and inefficiency.
- Security measures may create so much friction in the account creation process that potential new customers are turned away.
How we can help
Experian’s fraud management services provide a multi-layered approach that lets businesses customize solutions to their particular needs. Advanced machine learning analytics utilizes extensive, proprietary data to provide a unique experience that not only protects your company, but it also protects your customers’ experience.
Customer identification program (CIP)
Experian’s KYC solutions allow you to confidently identify your customers via a low-friction experience. The tools start with onboarding, but continue throughout the customer journey, including portfolio management. The tools also help your company comply with relevant KYC regulations.
Cross-industry analysis of identity behavior
Experian has created an identity graph that aggregates consumer information in a way that gives companies access to a cross-industry view of identity behavior as it changes over time. This means that when a new account is opened, your company can determine behind the scenes if any part of the identity is connected to instances of fraud or presents actions not normally associated with the customer’s identity. It’s essentially a new paradigm that works faster behind the scenes and is part of Experian’s Ascend Fraud Platform™.
Multifactor authentication solutions
Experian’s MFA solutions utilize low-friction techniques like two-factor authentication, knowledge-based authentication, and unique one-time password authentication during remote transactions to guard against hacking.
Synthetic ID fraud protection
Experian’s fraud management solutions include robust protection against synthetic ID fraud. Our groundbreaking technology detects and predicts synthetic identities throughout the customer lifecycle, utilizing advanced analytics capabilities.
CrossCore®
CrossCore combines risk-based authentication, identity proofing, and fraud detection into one cloud platform, allowing for real-time decisions to be made with flexible decisioning workflows and advanced analytics.
Interactive infographic: Building a multilayered fraud and identity strategy
Precise ID®
The Precise ID platform lets customers choose the combination of fraud analytics, identification verification, and workflows that best meet their business needs. This includes machine-learned fraud risk models, robust consumer data assets, one-time passwords (OTPs), knowledge-based authentication (KBAs), and powerful insights via the Identity Element Network®.
Account takeover fraud represents a significant threat to your business that you can’t ignore. But with Experian’s broad range of solutions, you can keep your systems secure while not sacrificing customer experience.
Experian can keep your business secure from new account fraud
Experian’s innovative approach can streamline your new account fraud protection. Learn more about how our fraud management solutions can help you.
References
1. Harrell, Erika. “Just the Stats: Data Breach Notifications and Identity Theft, 2021.” Bureau of Justice Statistics, January 2024. https://bjs.ojp.gov/data-breach-notifications-and-identity-theft-2021
2. “Identity Theft.” USA.gov, December 6, 2023. https://www.usa.gov/identity-theft
3. Purcell, Michael. “Synthetic Identity Fraud: What is It and How to Combat It.” Thomson Reuters, April 28, 2023. https://legal.thomsonreuters.com/blog/synthetic-identity-fraud-what-is-it-and-how-to-combat-it/
