New Account Fraud

What is new account fraud?

New account fraud occurs when a fraudster or money mule has been successfully onboarded by a financial institution after applying using their own identity (first-party fraud), a stolen identity (third-party fraud) or a synthetic identity. That means a fraudster’s laptop and phone have already been registered with the bank, the fraudster has already been successfully enrolled for authentication, and the account appears to be legitimate. However, the account has been opened for the sole purpose of committing fraud, such as applying for credit cards lines and committing credit card fraud, and then disappearing.

New account fraud is sometimes confused with application fraud, which is when a new applicant is trying to open an account with a stolen or fabricated identity. Application fraud happens before the account has been opened, since the fraudster is still trying to pass themselves off as a legitimate prospective customer and get through the bank’s KYC checks.

How new account fraud works

In the case of new account fraud, fraudsters or mules can successfully open a deposit account or credit card account without detection if a financial institution lacks robust identity verification technology and processes. For example, a fraudster or mule can make it through the application process (especially remote bank account opening done entirely online or via mobile) using their own identity documents or a stolen or synthetic identity. Failing to catch the fraudster or mule during the onboarding process or during their early account activity can lead to significant financial losses later on for financial institutions.

Social Engineering eBook

Social Engineering Attacks on Banking Transactions

Learn more about social engineering techniques and how transaction authorization with Cronto can help combat these attacks in this informative ebook.

Download Now

Types of new account fraud

Criminals are constantly adapting their techniques for committing fraud. While many fraud techniques such as account takeover (breaking into someone else’s bank account and draining any funds available through phishing, malware and other methods) continue to surge, criminals have also set their sights on opening new bank accounts of their own, explicitly for purposes of fraud and other types of criminal activity. Let’s look at some of the ways new account fraud is perpetrated.

First-party fraud (How does it facilitate new account fraud?)

First-party fraud occurs when someone has opened an account with the intent to commit fraud, but they are misrepresenting their own identity. This can be a fraudster themselves or it can be a money mule recruited to transfer funds on behalf of a criminal organization.

  • Scenario 1: When individuals max out credit and disappear
    In cases where the account owner has not misrepresented their identity or committed identity theft, they will behave like a typical customer to avoid suspicion. This makes such a fraudster challenging to identify early on because their behavior appears to be typical. A first-party fraudster can take some months to develop a good credit profile as they apply for a loan, or a line of credit, or a credit card. They may even make regular payments to establish a good credit profile. At this point, the fraudster still would be under the radar with their seemingly legitimate behavior. However, once the fraudster believes that they have built up sufficient credit lines, they will withdraw cash or take out a large loan without repaying anything and drop out of sight. These accounts are often sent to debt collection and written off by the financial institution as a loss instead of being recognized as first-party fraud.
  • Scenario 2: When money mules are recruited by criminals
    When criminals need to either get stolen funds out of a bank or launder money, they will often recruit mules to do so in order to shield themselves from the authorities. According to Wikipedia, a money mule “is a person who transfers money acquired illegally (e.g., stolen) in person, through a courier service, or electronically, on behalf of others. Typically, the mule is paid for services with a small part of the money transferred.

    ”New account fraud is a top concern for financial institutions due to the COVID-19 pandemic and the resulting high unemployment that can lead to fraudulent activity. According to an Aite Group report on mule activity, “Evidence suggests that the recent coronavirus pandemic and the global economic recession resulting from this unprecedented disruption will further contribute to an expansion of the labor pool that mule recruiters have to draw from.

    ”The way this happens is a mule is contacted by cybercriminals through social media, email, mail or phone. The scammer will make an appealing offer, such as the opportunity to work at home, win a prize, or even attract a mule through a romance scam, and will request personal information in return, including bank account information. The money is transferred from the mule's account to the scam operator, typically in another country. According to the United States Computer Emergency Readiness Team (US-CERT), “Typically, a criminal will only use a money mule once. After the money mule performs his or her role in the transaction, the criminal usually dissolves the relationship completely and recruits someone else for the next scheme.”

Common money mule scams

  • Work-from-home scams
    Fraudsters use online job sites, social media and websites to make fake job postings that look legitimate to job seekers who want the flexibility and convenience of working at home. Typically, the job will require the new employee to open a new bank account to allow the mule to collect and transfer funds for their “new job.” What’s happening is criminals are using the mule’s account to move the financial proceeds of a crime, likely out of the country never to be recovered. Work-from-home scams are popular due to their appeal, but the mule will likely never see a regular paycheck or they could receive money and be asked to send some of it to a fake supplier or client. This leaves the victim vulnerable to the possibility of being arrested for taking part in the money laundering scheme.
  • Romance scams
    The use of online dating apps or social networking sites to meet someone can lead to a scammer trying to trick you into sending them money under the guise of romance. The scammer seems genuine in their affection and puts time into the budding online relationship. The scammer may say they are working overseas on an oil rig, or with an international organization, are in the military, or are a doctor who’s part of an aid organization. Once trust is established through regular contact and a promise to meet and eventually marry, the scammer usually asks for money. It could be for plane ticket or other travel expenses, to pay customs fees to retrieve a package, to pay for a visa, or to pay off gambling debts. They could ask their love interest to wire money, use their credit card, get them gift cards or to reload gift cards, or ask for bank account information. Or, they could ask you to send money to one of their friends who needs some financial help.
  • Deposit scams
    Criminals will post on social media and other websites to recruit mules to make quick money in exchange for opening a bank account. The scammers will tell the mule to set up an account to deposit stolen, forged or counterfeit checks. Then the mule is told to make withdrawals at an ATM, bank branch or through an e-transfer before the check bounces. However, the mule may find that the bank closes the account due to fraud, bans them from being a customer and reports them to the police.

Third-party fraud (How does it facilitate new account fraud?)

Third-party fraud occurs when a fraudster, or a group of fraudsters, uses another person’s identity or personal details to open a new account without the knowledge of the person whose identity is being used. Fraudsters can illegally attain personally identifiable information (PII), such as a person’s full name, driver’s license number, bank account number, passport number, email address and other information, on the Dark Web as a result of a data breach. They use this information to open fraudulent accounts in other people’s names. Fraudsters can also steal information from deceased or elderly persons and even children, in order to open fraudulent accounts. In third-party fraud, the fraudster is positioned to open a new account since their mobile device and laptop have already been registered with the bank and they have been successfully enrolled for authentication, which could be attributed to a financial institution’s lack of robust identity verification technologies. Once they have access to the new account, they will apply for credit, max it out, and disappear. The best practice is to monitor all new accounts closely, especially in the first 30 days when fraud is mostly likely to occur.

Synthetic identity fraud (How does it facilitate new account fraud?)

Synthetic identity fraud happens when a fraudster combines fake and real information, such as street addresses, email addresses, date of birth and other personally identifiable information (PII) to create a fictitious identity in order to open a new account. The synthetic identity fraudster will apply for a credit card but has no credit history, and they will often apply with a credit card issuer that offers a low amount of credit, such as $300 or $500. They will legitimately use the credit account and make payments to establish good history to be able to get more credit cards or a loan before maxing them out and slipping away.

Fraudsters can go to great lengths to pass a bank’s Know Your Customer (KYC) tests by making their synthetic identities appear real, including fake social media profiles, fake identification credentials and other fake documents. Some will even apply to open a new account in-person to appear legitimate. The fraudster also can add a synthetic identity as an authorized user on an account belonging to another person with a good credit history to use that account to build their own positive credit score.

Synthetic identity fraud differs from traditional identity fraud, where a fraudster pretends to be a real person and uses their credit. Traditional identity fraud is usually detected and reported more quickly because the victim tends to notice any unusual charges. Increasingly, criminals are creating synthetic identities because this is more challenging for financial institutions and financial services institutions to detect.

How to protect against new account fraud

New account fraud is profitable for scammers because it can mimic legitimate customer behavior, making it challenging for banks to detect. However, a fraud prevention system should continuously monitor a person’s behavior with their account - especially in the first 30 days of a new account.

An anti-fraud system can help detect and prevent new account fraud when the new customer is being onboarded by the financial institution, bank, or credit union. When the new customer is registering their mobile device with the bank, the fraud prevention system can determine if the device was stolen or used in a previous fraud scheme. It can look for indicators of fraud, such as whether there are multiple new accounts associated to or created by that same device.

Banks should consider a risk-based anti-fraud system that also looks at all actions and events, whether they are monetary or non-monetary, and this includes things like changes to an account owner’s profile, adding a beneficiary or payee, login times and device registrations across all channels.

When the new account is opened, a financial institution usually doesn’t have enough information to establish patterns of behavior with newly registered users and devices the way they do with existing users. However, an anti-fraud system should catch a known behavior profile that has been previously identified as malicious. In this situation, the best practice is to compare the new account holder’s behavior against a representative pool of customers, which will analyze things like:

  •     Spending behavior compared to the average
  •     Payee profile
  •     Sequence of actions
  •     Navigation data related to machine-like or bot behavior
  •     Abnormal and risky locations
  •     The account owner’s relations to other users

The risk engine needs to be able to collect and score all data across all digital channels to allow the financial institution to detect all possible relationships to users, IP addresses and devices that have proven fraud behavior. That includes information about the user, the account, the location, the device, the session and the payee, among others. If the system notices any unusual changes in the account holder’s personal information, the decision engine will flag it as suspicious or indicate that it requires review. It can then be actively monitored and investigated, if necessary.

As best practice, newly registered users should be monitored closely until the financial institution has built a reliable profile and trust level. If the account is inactive for a period of time and then the account holder attempts a high-risk transaction, this should be caught by the risk engine. In addition, a risk-based fraud detection and prevention system should be analyzing each payee and detecting mule accounts.

According to Javelin, "Account takeover fraud is one of the hardest types of fraud to identify because of the multichannel account access and the desire to reduce friction in the consumer experience."

Technologies that can help prevent new account fraud

Digital identity verification
Increasingly, financial institutions are implementing digital identity verification technology as part of the remote account opening process to help prevent identity fraud before it turns into new account fraud. Solutions such as OneSpan Identity Verification rely on document verification and facial comparison algorithms to detect fraudulent and stolen identity documents. Used together, facial biometrics and digital ID document verification can ensure an applicant is in fact the person they claim to be instead of a cybercriminal This can also be combined with risk intelligence (e.g., leveraging a risk engine to flag known malicious devices, ISPs, locations, etc., from a blacklist) during the application stage, before accepting the applicant as a customer.

Here’s how this works from the customer’s perspective. A customer opening a new online account remotely would be asked to verify their identity digitally by scanning the front and back of their driver’s license or government-issued ID with their mobile device. Catching new account fraud right away by identifying fraudulent government identification reduces the chances of having to mitigate fraud later. Also, passive liveness detection can be used to determine if a selfie that a would-be fraudster has been asked to provide proves genuine human presence. Liveness detection helps to prove that an image hasn’t fraudulently created using methods such as high-resolution printouts or pre-recorded videos.

Real-time fraud prevention systems with behavioral monitoring:
Systems like OneSpan Risk Analytics monitor all new accounts closely and in real-time, which is critically important in the first 30 days when new account fraud is mostly likely to occur. Systems with behavioral monitoring capability enable financial institutions to track dormant accounts; dormant-to-warmed-up accounts; and high transfers in/out beyond what would make sense based on salary data in the customer’s application.

Machine learning:
This is a type of artificial intelligence (AI) that can analyze vast amounts of disparate data, across digital channels, in real time, unlike humans. Anti-fraud systems based on machine learning have the ability to aggregate and analyze data on multiple levels. This allows a financial institution to instantly detect all possible relationships across users, devices, transactions and channels to more accurately identify fraud behavior.

When suspicious behavior is detected via a high-risk score, the risk engine can then drive a dynamic workflow change to step up security or drive a manual review process. It can then be actively monitored by the fraud prevention team and escalated for investigation.

Get in touch with us

Get in touch with one of our security experts to learn more about how our solutions can help with your digital security needs