New account fraud: What it is and how to stop it.
New account fraud is a type of attack on your business that can happen early in the customer journey, at account creation.
What attackers do with these falsified accounts depends on your business. They may take unfair advantage of sign-up bonuses, rig the odds in a lottery, or set the stage for further attacks to come. Preventing these threats is essential for protecting your bottom line, especially if you’re in spaces such as eGaming or the financial service industry.
Throughout 2025, companies may suffer a wave of new account attacks because the tools to synthesize false accounts out of stolen personal information are more sophisticated and widespread than ever before. You owe it to yourself and your customers to learn about the risks and be ready for them.
How does new account fraud work?
Account opening fraud is closely related to identity theft because it frequently involves the use of leaked and stolen customer information which was exposed through data breach incidents. In addition, account creation attacks are more scalable than account takeover tactics. A single attacker can produce hundreds of fake profiles if your defenses and controls aren’t sophisticated enough to stop them.
Specific goals for attackers include:
- Taking unfair advantage of account sign-up bonuses, such as store credit or free gifts for first-time customers.
- Avoiding controls that flag suspicious and seemingly fraudulent activity by creating synthesized new accounts and leaving them dormant long enough that they’re no longer considered risky.
First-party vs. third-party new account fraud
In some instances, customers combine real information with falsehoods to take unfair advantage of your company’s offerings on a relatively small scale. At the other end of the spectrum, third-party account creation abuse is carried out by organized criminals who can produce illegitimate accounts at an industrial level to exploit your services.
While these methods are different in intent and scale, the same prevention methods can work against them. Building subtle, automated protections into your sign-up pages and overall customer journey is the primary method of fighting back against fraudulent account creation.
Types of new account fraud
Not all falsified accounts are created in the same way. There are a variety of account opening fraud methods and techniques available to attackers. While a first-party incident may involve a customer switching some details to gain the benefits of having multiple accounts, organized criminals have a deeper bag of tricks. Methods include:
- Stolen identity fraud: Some criminals create false accounts using individuals’ leaked information following a data breach, or with credentials stolen through phishing or other direct methods. These details are convincing because they’re real, and they’re widely available — 1.35 billion people received data breach notices in 2024 alone.[1]
- Falsified identity fraud: Rather than recreating a real person, this method involves combining data from multiple sources to create a new identity. Thieves can use legitimate information from multiple people or generate the missing values using automated tools.
- Synthetic identity fraud: A synthetic identity is a person who doesn’t exist. Synthetic identity is built around an authentic data element such as a social security number, often belonging to a deceased person. The fraudster invents additional false details to create the full identity. Synthetic ID fraud is a fast-growing type of attack, especially against financial institutions, and is responsible for $20-40 billion in losses.[2]
Why does stopping new account fraud matter?
What kinds of losses can your organization suffer if criminals are able to create illegitimate new accounts and take advantage of your services? This depends on your industry and offerings.
- In the eGaming space, where new account sign-up bonuses are a common marketing tactic, a single criminal can spend large amounts of ill-gotten credit by starting dozens of accounts.
- A fraudster equipped with a seemingly valid social security number can open a bank account and incur credit card debt with financial service institutions. When it’s time to collect that debt, it’s not associated with any real person.
Beyond direct financial losses, your business can suffer a loss of customer trust if your account system is seen as weak or exploitable. When consumers associate your brand with weak controls, they may hesitate to create legitimate accounts with you.
How do you stop new account fraud?
As with many types of fraud prevention and account protection, preventing account creation attacks is largely a matter of strategically applying friction to the user journey. By balancing ease of use with protective features, your goal is to create an experience that’s easy for customers but provides stumbling blocks for potential fraudsters.
It’s worth noting that account creation is one step on the customer journey where it’s acceptable to add extra friction. In fact, consumers may find it unsettling if it’s too easy to create an account.
Strategies to prevent new account fraud include:
- Using a one-time email identity verification at account creation: This method is especially powerful against attackers who create accounts en masse using email addresses from false domains that they can’t access — they have no way of answering the emails, and thus can’t open new accounts.
- Applying biometrics or passkeys: Requiring forms of identity verification that go beyond written information can prevent users from creating accounts based on stolen or synthesized identities.
- Tracking true location: Location analysis can detect anomalies regarding where users purport to be and where they are. It is also a helpful way to detect criminals creating numerous fraudulent accounts from the same location and device.
- Monitoring user behavior: User behavior is often a telling indicator of new account fraud. Warning signs include a lack of mouse movements which could indicate the use of a bot, as well as pasting details into fields instead of typing them, which can occur when criminals are accessing stolen data from spreadsheets.
Criminals who create fake accounts in large numbers tend to have recognizable patterns, whether they carry out the fraudulent activity themselves or hire teams of contractors to do the manual work.
Build an ideal new account fraud prevention solution
Your account protection solution to defend against fraudulent account creation should combine accuracy and unobtrusiveness to produce an ideal balance between friction and ease of use.
Advanced behavioral analytics tools allow you to watch for warning signs such as activity at times that don’t align with authentic consumer motives, information that doesn’t match a person’s purported identity details, and the use of email credentials that are hard to verify.
Methods that use artificial intelligence and machine learning to detect these patterns can run in the background, creating a smooth experience for legitimate users while still delivering a high degree of security. The best protection solutions will combine these tech-driven methods with human intelligence, defending against a wide variety of criminal tactics.
Accertify’s account protection solution combines multiple types of features, defending against account takeover attacks and multi-account fraud in addition to new account fraud.
Since today’s fake account creators are more sophisticated in their capabilities than ever before, the solution’s processing of real-time signals through artificial intelligence algorithms is key to catching them. Support from Accertify’s subject matter experts ensures the new solution is tuned to your company’s real needs and finds the midpoint between friction and ease.
Learn more about our fraud detection and account protection solutions or request a demo and start moving at the speed of right.