Why Fake Accounts are a Starting Point for Fraud

There’s no better feeling for an e-commerce business than to watch its customer list grow as they welcome new buyers. After all, building a strong group of customers takes a lot of time, effort, and luck. That’s why it can be so tough to look at that same customer list and consider how many accounts aren’t actually real buyers.

Unfortunately, the reality is that fake accounts can lead to costly, damaging fraud—and they’re more common than we might want to think. Fraudsters use an array of tactics to steal merchandise and profits from stores. But you can get ahead of their methods, learn to detect their activity, and shut down fake accounts before they can act.

Let’s dive into how fraudsters use fake accounts and the solutions you have to stop them.

How scammers use fake accounts

When a fraudster creates a fake account, they’re doing it to hide their identity and erase any paper trail. Because accounts are the backbone of so many online retailers, service providers, and platforms, they’ve become easier to exploit.

The way fraudsters choose to use fake accounts depends on their goal. While each scam is different in its own way, there are some common attack types to watch for.

Buying with stolen credit cards

You might remember some of the major credit card data breaches in recent years where companies like Target and Home Depot had tens of millions of customer credit and debit card numbers stolen. Breaches like that set fraudsters up with access to real payment information for years afterward. Where better to use those stolen cards than in an online store?

Often fraudsters buy merchandise with fake cards to later resell themselves, costing both the original cardholder and the merchant who will be hit with a fraudulent purchase complaint and lose the sale.

Store owners can close the fraudulent accounts after they’ve been caught, but the ideal solution is to detect them before they can use fake payment methods (which we’ll explain how to do later.)

Promotions abuse

Bots have made it easier than ever to mass-create fake accounts for fraud. That makes signup promotions and money-back guarantee policies prime targets for fraud from new fake accounts.

While sign-up coupons and introductory offers are a proven way to bring in new customers and subscribers, fraudsters who abuse them often do so while hiding behind many fake accounts. It can be especially easy to miss these fake accounts when focusing on the number of active buyers or account holders as a key metric for growth.

The difficulty in finding these accounts is that most traditional fraud-prevention methods are designed to seek out compromised information—like stolen credit card numbers or customer information. Organized criminals can purchase legitimate customer information to list in fake accounts and commit first-party fraud while avoiding detection.

Policy abuse

Return policies are a must-have for many shoppers who choose to buy online. Fraudsters know this too, and they’ve devised a variety of methods to abuse return and refund policies for financial gain.

One method you might picture right away is the chargeback fraud scheme. This is when a buyer orders an item and claims to never have received it (though they have), meaning they can keep both the item and their original purchase fee. This is a form of first-party fraud, with variations of the same fraud also including accidental refund requests (because the buyer mistakenly didn’t recognize a charge) or a buyer knowingly buying a product to use it for a short period of time.

Buyer/Seller collusion

Simply making purchases with stolen credit cards isn’t the only way fraudsters utilize fake accounts and stolen information. In a buyer/seller collusion scheme, fraudsters act as both the buyer and seller, using fake accounts to post an item for sale and another fake account with a stolen credit card attached that they’ll use for the purchase.

After pumping up the price using other fake accounts for bids (or simply setting a high price for an item at the start) the fraudster completes this bogus transaction and cashes out the money from the stolen card. Catching these scams as they happen isn’t easy—the fake account activity seems unsuspicious on its face. However, they can be caught through a holistic analysis that reveals the connections between these fake accounts.

Shortcomings of traditional fraud prevention

How do fraudsters bypass firms’ fraud detection systems? The short answer is that, much like legitimate businesses, they invest in tools and strategize thoroughly to create schemes that will give them profits. The more lucrative their exploits, the more resources they are able to devote to perpetuating them.

Registration fraud

Modern criminals use sophisticated bots that bypass traditional account creation security checks like CAPTCHA and email verification. This ends up being a double blow for businesses, as CAPTCHAs cause friction for good customers while still allowing fraudsters to bypass and create seemingly real accounts, only to later use them for abusive ends.

What’s more, fraudsters know many businesses still rely on traditional systems looking for stolen identities and other information when creating accounts. So, they make sure to use hundreds or even thousands of names that haven’t been publicized widely as part of a data breach. They can even create synthetic identities from scratch and incubate them for years.

Mass registrations

Fraudsters who hide behind fake accounts don’t just make one alias. They make hundreds, if not thousands. Once they discover vulnerabilities in an online firm’s account creation processes, they create scripted computer programs that can mass-register fake accounts to exponentially multiply the scale of their gimmicks.

Traditional fraud prevention methods are not designed to leverage the real-time data signals needed to provide analysis that adapts to fraud quickly. They also require long configuration times and vendor support that cut their agility.

Finding the needle in this fraud haystack can be done with the right tools in your tech stack, specifically ones that prioritize agility and data orchestration so you can detect patterns that connect fraudulent accounts.

Ways to fight fake account fraud

While it might seem daunting to detect all the above forms of fraud, the truth is that a large portion of the respective attacks can be prevented with a comprehensive fake account management strategy.

The best way to stop fake account fraud in all its forms is to spot the accounts early on and block them before they act. Let’s break down the best way to accomplish each step in this approach.

How to spot fake accounts early

1. Use all the data available to you in meaningful and efficient ways.

Luckily for everyone—except fraudsters, of course—modern digital interactions leave behind more and more data points that firms can use as intelligence to fight fraud. The challenge is being able to gather that data, integrate it into their fraud strategies, and use it in meaningful forms.

For example, DataVisor has transformed the way several firms fight fake accounts by enabling them to gather and use behavioral information that unlocks insights about how users, good and bad, interact with their applications and websites. By leveraging behavior insights, firms can detect bot farms, scripted activity, and even coerced events in their interactions with customers and block bad accounts fast and early.

2. Apply the right level of friction to registration processes, preferably to a differentiated degree in connection with high-risk events.

In an ideal world, digital products would be designed to allow customer onboarding and subsequent interactions with little to no friction. Sadly, the reality of fraud and risk exposure makes this impossible.

But teams don’t want to add too much friction either, lest they risk turning away a large portion of customers and sacrificing revenue.

It’s all about finding the right balance, and constantly adapting it according to particular risk tolerances for each firm, market, and even product.

| DataVisor works with dozens of firms who are empowered to deploy account creation strategies, continuously monitor them, and adjust to achieve the best results.

3. Go beyond perimeter security and continuously monitor accounts to detect abnormal behavior before it’s too late.

Unfortunately, even the best account creation fraud prevention mechanisms are not enough to fight all forms of fraud. This is largely due to the fact that even good accounts can be taken over by fraudsters and used to wreak havoc in firms’ operations.

A solid continuous monitoring strategy that can single out abnormal account behavior is paramount. It can detect fake and synthetic accounts early in their incubation stages and promptly alert about account takeover (ATO) scenarios before fraudsters can cash in on their attacks—at your firm’s expense.

4. Let technology work for you and tap into the power of machine learning.

Last but not least comes the importance of leveraging machine learning to detect not just fake accounts, but more fraud overall. A multi-layered approach that combines the best of rules-based detection with supervised and unsupervised machine learning is by far the best strategy to detect fraud.

Spotting a fake account, or a network of them, is best accomplished at account registration. As we mentioned earlier, you’ll need to rely on more than the standard identity validation measures to spot fraudsters.

How to eliminate fake accounts

Once you’ve spotted fake account creation patterns through holistic data analysis, eliminating them becomes a matter of setting rules for your fraud platform to find and block these accounts from ever joining. In the end, it all comes down to building a fraud tech stack with the right tools capable of staying ahead of fraudsters’ technology and evolving methods.

If you want to learn more about how DataVisor’s supervised and unsupervised machine learning solution can advance your fraud strategies and give you the power to stop fake account fraud before it happens, book a time to talk with one of our fraud experts.