April 1, 2022
Imagine one day you receive a statement showing that you owe several thousand dollars on a credit card. The letter is addressed to you, but it’s the first you’ve heard of it – you’ve never even had a credit card with this company.
You call up to inform them of their mistake, only to discover that you’ve been a victim of New Account Fraud (NAF). Somebody posing as you has applied for a new credit card, using the credit lines to incur fraudulent charges in your name. You now have to deal with considerable stress, as well as potential financial loss and a negative impact on your credit score, making it difficult for you to obtain loans, credit cards or a mortgage.
New account fraud has many other names – account opening fraud, or online account origination fraud – and it happens on a large scale. For instance, one 30-year-old Canadian man opened 600 fake bank accounts at 22 banks, racking up over $5 million in fraudulent charges before he was caught. And shockingly, when this scam succeeds, it takes an average of 151 days to detect.
Criminals can also use another tactic: instead of stealing the identity of a real person, they can create fake identities. This might seem like a victimless crime but it’s not – losses from identity theft fraud totalled $712.4 billion in 2020, up 42% from the previous year. Those ill-gotten gains can be used for money-laundering and crime that harms society.
Banks and credit card companies can prevent this happening by verifying the identity of the individual during the onboarding process. That’s where iProov’s biometric verification comes in: our technology helps to verify that an individual is the right person and a real person authenticating right now. This prevents both identity theft and the use of fake identities for new account fraud. Crucially, the trust established at onboarding will then carry through the customer lifecycle.
What is new account fraud?
New account fraud entails a fraudster creating an account to access goods or services under false pretenses to commit crime, steal and launder money, or gain access to services they wouldn’t be able to access using their own identity.
This can be done in a couple of ways:
- Using a stolen identity to create lots of different accounts. The information usually comes from data breaches or social engineering techniques (such as phishing, where people inadvertently disclose information, often because of physiological manipulation).
- Creating synthetic identities for more complex account opening fraud attacks, where some elements might relate to a real person, but others will be invented, randomized, or stolen from others.
For many of us, a lot of personal information can be found online – such as our date of birth, our address, our phone number, and other pieces of data that can be used to steal our identity.
Alternatively, an attacker might purchase an identity illegally on the dark web to use that real user’s credentials to open a new account.
Another frequent technique is inventing fake credentials that are based on formulas – such as social security numbers – to bolster the chances of an invented person passing as real.
How do you combat new account fraud?
Providers of an online service want to onboard as many new customers as quickly and easily as possible. But organizations must make the onboarding process as robust and secure as possible without impacting user experience. Once a fraudulent individual has been onboarded, it’s considerably harder to detect and remove them, which can lead to more fraud.
New account fraud is largely enabled by institutions failing to implement robust identity verification processes and technologies. Many organizations have attempted to make their onboarding processes more secure simply by asking the individual for more and more information to verify their identity. However, any knowledge-based data can be stolen or shared and is therefore not secure enough.
iProov adds trust to the onboarding process, which is the most crucial first step of the customer journey. Our biometric verification enables organizations to verify a user’s face against a government-verified identity document (usually by scanning a passport or driving license) and assuring the genuine presence of that person.
What does new account fraud mean for consumers and organizations?
New account fraud is extremely damaging for both consumers and organizations. Consumers unlucky enough to have their identity stolen to create new accounts can lose a lot of money very quickly – in 2020 alone, identity fraud scams generated around $43bn in losses. These attacks also end up with wider challenges, such as leaving victims with a poor credit score from unrepaid loans taken out in their name.
These victims then also struggle to open an account genuinely that they may desperately need. In 2020, there was a 2,918% increase in identity theft related to government benefits in the US, which reflects the rushed efforts to digitize services during the pandemic without the proper onboarding security in place. Even if financial losses are covered, the hassle and emotional stress to consumers is significant.
The financial losses for organizations can be huge. Imagine you’re a credit card provider. A card is maxed out and then the fake individual just ‘disappears’. False identities make it near impossible to recoup those losses, meaning organizations usually write it off as bad debt. Onboarding and keeping customers are overheads too – if you let a fictitious customer enroll into your system, and then continue to invest time and funds into keeping them onboard, this is more money wasted and less time for genuine customers.
In more regulated industries such as financial services, losses from fraud might not be the only cost to businesses. If onboarding hasn’t been done effectively, questions can be raised about whether the organization is complying with KYC (Know Your Customer) regulations, which can mean:
- Fines and other compliance penalties.
- Reputational damage and negative publicity, which may deter genuine customers from onboarding.
- Additional regulatory scrutiny.
How does biometric verification help prevent new account fraud?
Biometric verification helps to prevent new account fraud because it confirms that an individual is who they claim to be when they are accessing a service via mobile device or computer. It enables an organization to verify that a remote individual sitting on their couch is the right person and not a criminal.
A user scans a trusted ID document (for example a driver’s license or passport) and then completes a face scan. Face verification is needed for two reasons – firstly, ID tends to include photos, allowing a user to verify their physical face against a trusted source. Secondly, face verification does not require specialist hardware, unlike fingerprints and retinas and other biometric options. Face verification only requires a user-facing camera.
So for example, if a criminal tries to assert your identity to fraudulently apply for a credit card in your name, face verification would prevent that from happening. Even if they somehow had your ID document, the photo wouldn’t match the fraudster’s physical face. Only you could provide the necessary elements for biometric facial verification, because nobody can steal your physical face.
iProov’s face verification technology offers several unique benefits to make it easier for organizations to prevent new account fraud, as you will see below.
How does liveness prevent new account fraud?
Biometric face verification uses face matching to ensure that an individual is who they claim to be – that they are the right person. Liveness detection then ensures that the individual is a real person, and not a photograph or a mask. Without liveness detection, a criminal could use a photo or a video of a victim and present it to the camera during onboarding, enabling them to steal people’s identities to open fraudulent accounts.
However, not all liveness is equal. For ultra-secure onboarding, you also need to verify that the individual is authenticating right now – and that’s where iProov Dynamic Liveness comes in.
How does Dynamic Liveness prevent new account fraud?
iProov Dynamic Liveness offers a number of unique advantages for preventing new account fraud that you won’t find in other liveness detection technology.
- Security: Dynamic Liveness verifies that the online individual is the right person, a real person, and that they are authenticating right now. The last part – verifying the user is present right now and is not a digital injected attack or other criminal attempt – is the trickiest to do, and is achieved by iProov’s unique Flashmark technology. The user’s face is illuminated with a unique sequence of colors that act as a one-time biometric, which prevents fraudsters from re-using it. All of this combines to ensure that the person opening an account is a real person who matches their asserted identity in real-time.
- Threat management: Dynamic Liveness is a cloud-based biometric technology, meaning its defenses are far more challenging to reverse engineer. The online security suite is powered by machine-learning algorithms and active threat management which means Dynamic Liveness can adapt to new and emerging threats.
- Usability: iProov’s biometric face verification technology is unique in that it can deliver this security without compromising the user experience. In many cases, adding greater security to an online user experience means adding more friction for the user. With iProov, the user simply looks at their device’s user-facing camera to complete face verification. There’s no need to sacrifice security for usability while combatting new account fraud.
- High completion rates: Because iProov balances security and usability, organizations can carry out additional checks to prevent new account fraud without losing customers.
iProov also offers Express Liveness for lower-risk scenarios. However, Dynamic Liveness is highly recommended for onboarding use cases because initial user onboarding is a high-risk action: you don’t know anything about the individual or their risk until you have onboarded them. It’s vital to start off relationships with new accounts securely to tackle new account fraud.
New account fraud: a summary
- New account fraud – or account origination fraud – entails a fraudster opening an account using falsified or manipulated information to commit crime and benefit financially.
- This can be done either with a stolen identity or a synthetic identity, combining real, randomized, and invented information to pose as a fake person.
- Organizations need protection at the onboarding stage to verify a user is genuine.
- iProov technology has been designed to offer the highest level of assurance that an individual is genuinely present. This is especially valuable at the account creation stage, and is crucial for organizations seeking to reduce their risk of fraud without compromising user experience.
Ultimately, implementing iProov’s facial verification at the start can help mitigate pain in future, without causing friction for the user.
If you’d like to see how iProov’s technology can bring national-grade security to your onboarding and authentication processes – helping to combat new account fraud – book an iProov demo here.