Written by Guido Ronchetti, CTO at XTN Cognitive Security®
New Account Fraud is emerging as one of the biggest challenges for retail banking services. It happens when fraudsters use stolen or synthetic identities to open new bank accounts. The aim is to maximize their credit limits before disappearing, usually within 90 days. That’s why we can say that it is a fraud that generally happens in the first 90 days after the account is opened. The main illegal activities involved are receiving money from other illicit activities, fake deposit checks, or access to credit that will never be repaid.
HOW IS A SYNTHETIC ACCOUNT CREATED?
Theft accounts are generally the result of previously conducted data breaches, giving the fraudster access to many users’ personal information. Often those credentials are on sale on the dark web for a pretty small amount of money. The fraudster instead creates synthetic accounts by mixing the different identifiers. Sometimes they search for identifiers with little or no history in financial service, for example, children’s SSN, and are carefully crafted to have a good credit history associated with it. Once the accounts are ready, the fraudsters will register the fake accounts to the service, usually registering several accounts at once. At this point, “cash-cycling” starts with the goal of circulating money between the different accounts and imitating legitimate account activity. It is easy to understand how difficult it is to spot these activities with traditional fraud prevention tools and AML analysis.
WHAT ARE THE IMPACTS ON BUSINESS?
Fraudsters target those services as an easy way to produce mule accounts or extract credit cash and then disappear. On their side, banks struggle to prevent this kind of behavior, balancing easy and smooth client onboarding processes with identity checks. A great user experience is often preferred over security since proposing an easy onboarding procedure to attract new users. Consequences of new account fraud can impact the organization by:
- producing outstanding debts as often happens related to credit card and loan focused frauds;
- posing compliance and reputational issues to the organization because of the creation of mule accounts.
NEW DETECTION CHALLENGES
New Account Fraud imposes new challenges and requires new approaches in detection and protection. The financial institutions should let convergence traditional fraud monitoring with AML instruments.
A passive fraud scenario sees an actual customer as the victim of a scammer who takes over his account and targets the user’s assets, as with Account Takeover attacks. Instead, New Account Fraud is often related to an active fraud scenario. The fake customer tries to scam the service provider using its poorly designed validation processes. Preventing New Account Fraud requires a holistic approach that takes into consideration several factors:
- user information collected while onboarding. Consistency checks about IDs, age, credit reputation, delivery addresses, for example, can quickly reveal suspect accounts;
- user’s biometric behavior evaluation. Evaluating the interaction between the user and the app can help identify anomalies in the fraudster behavior compared to the average user or a specific cluster of users. For example, creating various fake accounts makes the fraudster an expert in using the app. He browses better than a sporadic user.
- device fingerprints reputation. Recognizing devices used by fraudsters helps identify them when they try to onboard a new fake user.
- real-time analysis of account behavior considering incoming and outgoing payments. Frequently, fake accounts have very little regular activity. They stay still until the fraudster drains the account in a short time range. Monitoring an account’s incoming and outcoming transaction is a good approach to spot out fraud related patterns.
Combining all this information makes fraud detection highly effective.
HOW XTN CAN HELP
XTN Cognitive Security Platform® offers dedicated modules capable of detecting New Account Fraud. XTN’s unique holistic approach corroborates the endpoint identity, the behavioral and transactional analysis. Cognitive Security Platform® effectively spots fraudulent attempts such as:
- new account registration based on a stolen or synthetic account;
- incoming fraudulent funds to mule accounts;
- cash-out transactions originating from a mule account.
XTN Cognitive Security Platform® lets you secure your high-value online services against New Account Fraud. Get started!