In today’s highly competitive digital economy, organizations are under relentless pressure to acquire new customers and accelerate growth. Attracting and retaining loyal customers requires rolling out the virtual red carpet from the outset. The account opening process has become a make-or-break customer touchpoint for ongoing commercial success.
A seamless registration process requires demanding minimal information from the customer at the outset. This makes it increasingly difficult to determine if a customer signing up for a new account is who they say they are. According to estimates, nearly 1 in 10 people fall victim to identify fraud annually. Digital identities have been compromised as a whole. Fraudsters exploit the wealth of stolen identity data, alongside a wide range of freely available tools and technologies that are used to attack businesses with great effect.
It’s no surprise that the account registration process has historically been the most attacked customer touchpoint on the Arkose Labs network. Businesses offering freemium models and bonuses for new customers are particularly at risk from direct abuse at the account opening stage. All businesses must be vigilant. Creating a seamless sign-up process while also being vigilant about protecting against fraud can be a difficult tightrope to walk.
New Account Fraud: A Panorama of Abuse
Fraudsters have devised many inventive ways to the account monetization of fake new account registrations. Methods range from high-scale, bot-driven identity credential testing to low-scale, more targeted attacks. While the higher-volume attacks will be primarily driven by automation, fraudsters are also turning to low-cost human resources in so-called “sweatshops”. Attackers are trying to find what the lowest-hanging fruit is to carry out more nuanced attacks at scale. As a result, organizations need active protection against both human-driven and automated attempts across the spectrum of abuse use cases.
Recommended Solution Brief: New Account Fraud
Methods used to attack vulnerable businesses and monetize attacks
There are different ways to attack the account registration process, with different options for fraudsters to obtain credentials, high account monetization potential, and data in a number of ways. Fraudsters are constantly refining their ability to bypass standard fraud detection systems, a few methods include:
Fraudulent Applications: An example of these types of attacks are when fraudsters use stolen credentials to sign up for new accounts, such as signing up to take out a loan with a fintech lender that the fraudster has no intention of paying back or applying for a new credit card.
Promo Abuse at Scale: Large-scale abuse of new customer promotions falls under this category. These can range from fraudsters exploiting and selling free trials, gaining access to new products or introductory cash discounts or credits. This is usually carried out at scale using scripts or human sweatshops and can be a quick revenue source for the bad actors.
Account Validation Attacks: Fraudsters often use a new account origination process to test the validity and existence of an account or payment credential before launching organized account takeover or payment fraud attacks.
Affiliate Fraud: Fraudsters create fake accounts to take advantage of affiliate marketing programs at scale. Thus, abusing a legitimate business practice to get companies to pay them. Bots are most often deployed to commit affiliate fraud at scale.
Spam Abuse: Fraudsters often create new accounts at scale in order to write fake reviews or send spam and phishing messages with platforms, such as social media or dating services.
Recommended Whitepaper: How to Stop New Account Registration Attacks
Solutions to detect and stop fraud
The Arkose Labs Fraud and Abuse Prevention Platform provides the most effective protection against large-scale fake account registrations. Fraudsters are finding increasingly more ways to thrive and profit off of account monetization. As more customers interact with businesses through a mobile app or online, as opposed to a physical location, it is critical businesses protect themselves and their customers. To learn more about how Arkose Labs and the technology used to stop new account registration attacks, click Download below.