Watching Out for New Account Fraud
When we talk about ecommerce fraud, we’re often talking about the use of stolen credit cards. High-profile data breaches and a lucrative dark web market for compromised payment credentials have made this an extremely common way to encounter fraud, but older scams are still in use—like applying for a new credit card, charging it up to its credit limit, and walking away without ever making a single payment.
When new credit cards are obtained against stolen or synthetic identities, this scam can be repeated over and over again. How does new account fraud work, and what can merchants do to protect themselves from it?
Decades ago, before the PATRIOT Act made it more difficult to open up financial accounts without a lot of personally identifying documents, new account fraud was a well-known scheme.
While changing regulations may have made it more difficult to open up a credit card account under a fake name, fraudsters have gotten very good at pulling off identity theft in the digital era, and the internet makes it easier than ever to fill in the missing information required to substantiate a stolen or falsified identity.
New account fraud is on the rise and what makes it particularly concerning is that it doesn’t carry the same fraud indicators as stolen card fraud, which allows it to circumvent many of the anti-fraud tools and protocols designed to prevent fraudulent transactions from being processed. It can also carry a high price tag for victimized merchants, as the name of the game is to max out the card as quickly as possible before the bank realizes something is amiss.
What is New Account Fraud?
“New account fraud” describes the transactions made on a bank account that was opened for the purpose of committing fraud. The fraudster applies for an account with a financial institution, pretending to be a legitimate customer. They may attempt to use a stolen identity for this, but these days it is much more common for fraudsters to use a synthetic identity.
This is when fraudsters use multiple elements of unrelated personal identifying information to create a fake composite identity. For example, they may use one individual’s name, a second individual’s social security number, and a third individual’s address. Fraudsters prefer synthetic identities because they usually go undetected longer than true stolen identities.
Once the fraudster has been issued a payment card attached to their fake identity, they will attempt to use it to spend as much money as they can before the bank realizes what’s going on, or subjects the account to closer scrutiny. The vast majority of new account fraud takes place within the first 90 days of the account’s existence.
As with most fraud schemes, the objective is to turn credit into cash, so most of the time the fraudsters will purchase goods with a high resale value on secondary markets. Merchants who process new account fraud transactions may find themselves liable for chargebacks filed by the issuing banks once the fraud is discovered.
What are the Indicators of New Account Fraud?
It’s up to banks to identity and reject new account fraudsters when they’re applying for cards, but merchants should be aware of some of the telltale indicators that a new account applicant isn’t who they claim to be. Some of the same indicators may show up when the customer tries to open an account on the merchant’s site:
- The applicant’s government-issued ID is less than 60 days old.
- The applicant’s government-issued ID is of a type that does not confer driving privileges.
- The applicant’s address is a mail drop service.
- The applicant provides a different home address than the one on their identification.
- The applicant has no previous banking history.
- The applicant’s social security number doesn’t match their name, or matches multiple names.
How Can Merchants Protect Themselves from New Account Fraud?
New account fraud transactions aren’t “unauthorized” in the same sense that stolen credit card transactions are. With new account fraud, the fraudster and the cardholder are in one sense the same person, but it would be more accurate to say that the “cardholder” does not exist at all, and the fraud is carried directly against the financial institution.
Merchants who follow all of the correct procedures for verifying identity, authorizing transactions, and documenting their activities may be able to avoid or fight chargebacks resulting from new account fraud.
The better and safer approach, however, is to look at ways to reduce your chances of being targeted by a new account fraudster. While the transactions themselves may not set off any warning bells, customer behavior and data may tell a different story. Unusually large purchases, multiple orders, and other buying patterns that seem unusual are good reasons to look more carefully at a new customer.
Discrepancies between the customer’s location and their shipping address may also be a red flag. Device fingerprinting can provide useful information, too—if a device that placed orders with you in the past suddenly shows up under a brand new user account, you should proceed with caution.
Suspicious orders can be set aside for manual review. If you really aren’t sure whether it’s safe to process an order or not, you might want to reach out to the customer directly to obtain more information.
New account fraud poses a challenge for merchants, as it can be very difficult to detect and the usual fraud screening methodologies will often miss it.
While it’s not a guarantee that every instance of new account fraud will result in a chargeback to the merchant, merchants should proceed with the expectation that issuers will take advantage of any opportunity they can find to pass on liability for these transactions, and follow best practices at all times for authorizing and processing transactions.
Looking for ways to detect new account fraud can help merchants shore up their anti-fraud defenses at the CRM level, which can strengthen your security against all types of organized and sophisticated fraud and help lower your rates of true fraud chargebacks. Fraud has many faces and is always evolving, but diligent efforts to detect and block it can make a real difference to your bottom line.