Spot the signs of account creation fraud and suspicious recurring user logins

When discussing fraud issues, there is often a focus on the final stages - when fraudsters make purchases of high-value goods and leave your company reeling from the financial impact. By focusing on the latter online payment stage, there is a tendency to overlook the crucial early stages - account creation fraud and subsequent user logins undertaken by a fraudster. Naturally, every stage of the user life cycle is important, requiring effective measures to understand the true intentions of every single service user, but if fraud can be detected and prevented right at the beginning, a lot of pain can be avoided later on. So what are the early warning signs that online businesses should be aware of when fighting fraud? Let’s break it down.

Account creation fraud is just one method of many that fraudsters will attempt to utilise to fool anti-fraud systems - it is often used if a fraudster has already obtained stolen details with the aim of registering new online accounts. Using fake details or synthetic IDs (a mix of real and fake details) is also possible but can prove difficult to fool anti-fraud - it is difficult but certainly not impossible.

On the other hand, account takeover (ATO) fraud is one of the most common fraud types used to target online payment services, with fraudsters aiming to purchase high-value goods for later resale - this is, for most threat actors, the end goal. For more experienced fraudsters, however,  the ATO phase may just be one part of a greater plan - to then use the details of the original account holder to create numerous other fake accounts in their name, or even using a mix of real and fake details. How a fraudster will proceed depends on their overall gameplan.

Fraudsters can get crafty in their approach and create accounts using a mix of identities to commit account creation fraud - sometimes completely bypassing ATO fraud. 

• Identity fraud - Fraudsters can use stolen identities to commit identity fraud - either purchased on dark web forums and marketplaces or obtained through social engineering attacks (such as phishing). These details are used to register numerous accounts across various online services. Fraudsters know that anti-fraud systems can pick up suspicious behaviors at the registration stage, therefore, they will make every attempt possible to act like ‘John from London’ - this act of ‘warming up’ can sometimes take weeks, even months, before they commit fraudulent purchases. For some anti-fraud systems, it is enough for a fraudster to fool the system at the sign-up stage - if this is successful, it can lead to numerous fraud attempts being committed until later discovery. This is a major gap in cybersecurity that fraudsters are well aware of.
  
  
• Synthetic ID fraud is also a common method, using a mix of real and fake information to register an online account. Fake and synthetic IDs can be used not only by fraudsters but dishonest customers to commit fraudulent transactions and policy abuses. Dishonest often do not consider their actions to be fraudulent despite their actions negatively impacting a business with financial losses.
  
  Of course, synthetic IDs may hide the true identity of a fraudster, however, it takes a lot of time and effort to make a convincing fake or synthetic ID that can fool anti-fraud systems. Just because it’s harder, doesn’t mean it’s impossible, which is why efficient anti-fraud systems that use effective authentication are the only real solution to the growing problem of online fraud and policy abuse.

Let’s look at the worst-case scenario: a fraudster posing as ‘John Smith from London’ has succeeded in jumping the 1st security hurdle and has created an online account, fooling an ineffective anti-fraud system at the registration stage - what next? Fraudulent activities can go unnoticed until it’s too late, meaning high-value goods have been purchased and resold. A crafty fraudster will know that to fool anti-fraud, they must behave as convincingly as possible to the persona of the person they are pretending to be - either real or fake. This will include:

• numerous measures to match IP addresses
• network settings that match the geographic location they claim to be living in etc.  
• live user sessions can be purchased online - sometimes of real, unsuspecting victims of online accounts (effective in ATO fraud), or the use of anti-detect browsers that allow for software, hardware, device and network settings to be spoofed. 

Fraudsters can remain undetected indefinitely - either until anti-fraud systems pick up on suspicious signs, or an original bank account holder notices suspicious payments on their bank statement and they make requests for a chargeback - potentially leaving the original merchant out of pocket.

Reputation is critical - but it is earned, not simply given. In failing to spot and prevent account creation fraud, businesses may unwillingly build a reputation among fraudsters that they are a soft target. And where fraudsters know there is a golden opportunity awaiting, they will act. From a practical point of view, for a fraudster to try and outwit advanced fraud systems can be time-consuming and ultimately end in failure. The best option is to therefore focus attention on the weakest targets.

From our own darknet research, we have encountered online threads in cybercrime forums dedicated to specific eCommerce merchants with fraudsters sharing the tips, tricks and tools to be able to fool their anti-fraud systems successfully. If a target is particularly useful, fraudsters will even go to the effort of making tutorials with step-by-step guides (in the form of screenshots) showing exactly how they defrauded a target site - and crucially, how numerous further attempts can be made within the fraudster community. Fraudsters use such actions to build up their own credibility amongst fellow cybercriminals while showing off. In effect, your online service becomes not only a target of fraud, costing you financially, but also acts as a training ground for newbies and mid-level fraudsters.

It can be hard to recover from fraud, however, it is certainly not impossible. It can be harder still to recover from a tarnished reputation - but again, not impossible. The key to effective reputation management is not only to react to threats but to pre-empt them, understanding the fraud risks involved and implementing effective cybersecurity and anti-fraud measures from the word go. This could save you from becoming a fan favourite on darknet fraud forums.

When dealing with the security of any important government buildings or critically important large companies, security is never limited to just guarding the main entrance - this is usually one part of a larger security net - which can deal with threats that can perhaps get past the 1st level of security. The same applies to the security of online accounts, a holistic approach is necessary to prevent threat actors breaking your system. Ineffective anti-fraud systems may use what they claim to be the best tech to prevent fraudsters from committing fraud, however, their fraud rules may be trained to look for only a handful of specific threats.

The best approach is to deploy AI-powered fraud solutions that use:

• behavioral biometrics to understand user interaction with the keyboard, mouse, touch screen, touchpad and spot if we’re not attracting ie. bots.
• digital fingerprinting to automatically analyse device, browser, network data attributes that can indicate if a user is genuine or a potential threat actor.