April 1, 2025
Imagine one day you receive a statement showing that you owe several thousand dollars on a credit card. The letter is addressed to you, but it’s the first you’ve heard of it – you’ve never even had a credit card with this company.
You call up to inform them of their mistake, only to discover that you’ve been a victim of new account fraud. Somebody posing as you has applied for a new credit card, using the credit lines to rack up fraudulent charges in your name. Now you’re dealing with the stress, potential financial loss, and a trashed credit score that makes it harder to get the loans, credit cards, or mortgage you actually need.
This has always been a problem. But the scale and sophistication of new account fraud have changed dramatically. In 2024, reported losses hit $6.2 billion – more than doubling over the past decade. And the methods have shifted: where fraudsters once relied on stolen mail and forged documents, they now use synthetic identities built with generative AI, deepfake imagery that passes basic verification checks, and injection attacks that bypass device cameras entirely.
Organizations that don’t verify the genuine human presence of every new applicant are unknowingly inviting fraudsters through the front door. If your onboarding can be completed with data alone, it can be accessed by a bad frauster.
What Is New Account Fraud?
New account fraud – also known as account opening fraud or account origination fraud – occurs when a fraudster opens an account using false or manipulated identity information to commit crime, steal money, launder funds, or access services they wouldn’t qualify for under their own identity.
There are two primary methods:
Stolen identity fraud: Using a real person’s information – typically sourced from data breaches or purchased on the dark web – to open accounts in their name. For many of us, a lot of personal information can already be found online: date of birth, address, phone number, and other data that can be pieced together to impersonate us. It takes an average of 151 days to detect new account fraud once it succeeds, during which time the damage compounds.
Synthetic identity fraud: Combining real data elements (such as a legitimate social security number) with fabricated information to create an entirely fictional person. This is one of the more sophisticated forms of fraud – and one of the fastest growing. Synthetic identity fraud now accounts for roughly 30% of all identity fraud cases, with a 311% increase in synthetic identity document fraud between Q1 2024 and Q1 2025.
Why New Account Fraud Is Accelerating
Three forces are converging to make this problem worse:
Generative AI Has Industrialized Identity Fraud
Deepfakes and AI-generated documents have transformed what was once a manual, low-volume crime into a scalable operation. The iProov Threat Intelligence Report 2025 found that face swap attacks surged 300% year-over-year, and native virtual camera attacks – where fraudsters inject synthetic imagery directly into the verification process – increased by 2,665%.
These aren’t theoretical risks. A single deepfake video call cost Arup $25 million. Operatives from OFAC-sanctioned nations have infiltrated over 300 companies using deepfake filters to pass remote video interviews.
Crime-as-a-Service Has Lowered the Barrier
Sophisticated attack tools are no longer the domain of skilled hackers. Crime-as-a-Service networks sell ready-made fraud toolkits to low-skilled operators. The iProov Threat Intelligence Report identified over 115,000 potential attack combinations from just three common tools.
Traditional Onboarding Checks Can’t Keep Up
Many organizations have tried to combat fraud simply by asking for more information during onboarding – more questions, more documents, more knowledge-based verification. But any information that can be typed can be stolen. Knowledge-based authentication is fundamentally vulnerable because the data it relies on is already compromised at scale.
Only biometric verification – confirming the genuine human presence of the person behind the screen – can address the gap that data-based checks leave wide open.
The Cost to Organizations and Consumers
For consumers: Beyond the financial damage, victims face destroyed credit scores and an average of 10 hours resolving each fraud incident. A poor credit score from unrepaid loans taken out in your name can prevent you from accessing the services you genuinely need.
For organizations: The losses go well beyond the maxed-out account that a fake individual simply abandons. Every fraudulent customer you onboard consumes KYC processing, customer service, and compliance monitoring resources that should be serving genuine customers. In regulated industries, inadequate onboarding verification can trigger KYC compliance failures, fines, and reputational damage. And a successfully opened fraudulent account becomes a launchpad for further crime downstream – money laundering, authorized push payment fraud, or staging for more complex fraud chains.
Tellingly, only one-third of financial organizations currently detect most fraud at onboarding. The majority identify it later in the transaction flow – by which point the damage is already done.
How Biometric Verification Prevents New Account Fraud
Biometric face verification addresses the fundamental weakness in traditional onboarding: it confirms that the person applying is who they claim to be, that they are a real human being, and that they are genuinely present at the moment of verification.
A user scans a trusted identity document (passport or driver’s license), then completes a brief face scan. The system matches the live face against the document photo and verifies genuine presence – all in seconds.
This stops new account fraud at its source. If a criminal has your identity document, the photo won’t match their physical face – only you can provide the biometric match. A synthetic identity has no real human behind it. And advanced liveness detection identifies and blocks deepfakes, face swaps, and digitally injected media.
But not all biometric verification is equal. The sophistication of modern attacks means basic liveness – simply checking that a face is “live” rather than a photo – is no longer sufficient on its own.
Why iProov’s Approach Stops What Others Miss
iProov’s Dynamic Liveness technology is purpose-built for the threats that define new account fraud today. It combines four capabilities that together create a defense no single feature can match:
Certified liveness and injection attack detection. iProov’s patented Flashmark technology illuminates the user’s face with a unique, unpredictable sequence of colors during each session. The reflection of this light from the user’s face is analyzed to confirm genuine presence in real time. Each session generates unique biometric data that cannot be replayed, intercepted, or pre-recorded. iProov is the first and only vendor independently certified to NIST SP 800-63-4, and the first to achieve CEN/TS 18099 Level High for injection attack detection – during 40+ days of accredited testing, no successful attack method was established.
Active threat management. The iProov Security Operations Center (iSOC) monitors attack patterns in real time across all customers, geographies, and platforms. When new attack methods emerge, defensive updates deploy globally without disruption. iProov’s defenses evolve continuously – critical when fraud techniques change faster than annual software updates can address.
Cloud-based verification. All verification happens in the cloud, not on the device. This separates the verification process from device-level vulnerabilities and enables the real-time monitoring that powers iSOC.
Effortless user experience. The entire process is passive – no head turns, nods, blinks, or spoken instructions. iProov is WCAG 2.2 AA and Section 508 compliant, with algorithms tested for performance across age, gender, and skin tone. Organizations can apply rigorous fraud prevention at onboarding without losing genuine customers to friction. iProov success rates are typically above 98%.
Beyond Customer Onboarding: Workforce Identity
New account fraud isn’t limited to consumer-facing services. The same techniques – deepfakes, synthetic identities, stolen credentials – are now being used to infiltrate organizations through the hiring process itself.
The iProov Workforce Solution Suite extends genuine human presence verification across the employee identity lifecycle: remote hiring and onboarding, shared device access, step-up authentication for privileged actions, and account recovery. It addresses the structural gap in enterprise identity systems that were designed to verify credentials and devices – not the humans behind them.
The 2025 iProov Threat Intelligence Report documents the attack methods driving new account fraud today. Download the full report here.
To see how iProov can secure your onboarding process against new account fraud, book a demo.
New Account Fraud FAQ
How does AI make new account fraud worse?
Generative AI enables fraudsters to create convincing deepfakes, synthetic identity documents, and face swaps at industrial scale. These tools can bypass basic identity checks that rely on document photos or simple liveness detection. Crime-as-a-Service networks make these AI-powered tools accessible to low-skilled operators, dramatically increasing the volume and sophistication of attacks.
How can organizations mitigate new account fraud?
The most effective defense is biometric face verification with genuine presence detection at the point of onboarding. This confirms a real human being is present, matches their face against a trusted identity document, and defeats deepfakes and injection attacks. Organizations should look for solutions independently certified to standards like NIST SP 800-63-4 and CEN/TS 18099, with active threat management that evolves as attack methods change.
What is the difference between new account fraud and account takeover?
New account fraud involves creating a new account using stolen or synthetic identity data. Account takeover fraud involves gaining unauthorized access to an existing, legitimate account. Both are growing threats, but they require different defensive strategies: new account fraud is best addressed at onboarding with identity verification, while account takeover is addressed through ongoing authentication.
