High Risk Customers: Types & How to Identify Them

In the online world, having more customers is always better.

Or is it? Here’s our guide on spotting high-risk users before they can damage your business in the long run.

What Are High-Risk Customers?

High-risk customers are individuals who could potentially turn into a threat to your company. In the online world, that threat is often related to cybersecurity, fraud, or compliance issues. 

Because risk takes on many forms depending on your industry, a risky user could be one who is likely to:

• take over another user’s account
• use a stolen credit card
• steal company information
• attempt to launder money
• borrow money with the intention of defaulting
• sign up with stolen IDs

The key, of course, is for companies to have a clear idea of where risk lies within their vertical, for instance by going through a fraud risk assessment checklist or using risk management software.  

5 Types of High-Risk Customers and How to Spot Them

Let’s look at some common types of high-risk customers you might face, when to look out for them, and how to prevent them from harming your business, including high-risk individuals such as:

• Stolen credit card customers
• Money laundering customers
• Multi-accounting customers
• Politically exposed persons
• Synthetic ID customers

Stolen Credit Card Customers

First on our list are users who are going to purchase a product or service from you using stolen credit card credentials. 

This is bad news for a number of reasons, especially when the original cardholder requests a chargeback:

• You have to refund the price to the original card
• You lose an item
• Your business reputation suffers
• You pay admin and extra processing fees
• Your chargeback rate with the bank increases

The last point can be particularly damaging. Card operators (Visa, Mastercard, AmEx) might consider your business high-risk, which would increase your card processing fee. In fact, they even ban from their network businesses that incur too many chargebacks.

Where to Spot Stolen Credit Card Customers

For most businesses, fraudsters with stolen credit cards are most obvious at the checkout stage. 

You need to have information about the user, and more importantly, their payment method. However, for companies that require a credit card to sign up, this is also a good touchpoint to check the payment details.

How to Spot Stolen Credit Card Customers

To spot a suspicious payment, you need to compare the card data with the user data. This will help to highlight suspicious discrepancies, such as:

• The user’s IP points to one country, but the card points to another.
• They are using a prepaid card from a foreign company.
• The email address points to social media sites where the name is different from the card. 
• Multiple cards have been declined for the same user.

A lot of the heavy lifting can be done thanks to a BIN lookup. This will help you extract valuable information from the first few digits of the card number alone. You can try out SEON’s card BIN lookup below:

Money Laundering Customers

A specific case in the world of finance, money laundering is a punishable crime for the perpetrator, but may also result in hefty compliance fines for the institution that enabled it. AML processes are standardized to help spot high-risk users who may be attempting to conduct such financial crimes.  

Where to Spot Money Laundering Users

This would be at the registration stage, and later at the transaction stage, where you can enable transaction monitoring.

How to Spot Money Laundering Users

Here is an example of using software to identify risky users, setting up controls to flag people operating in sanctioned countries. In this case, SEON’s engine will flag all users from high-risk countries as defined by the operator.

In the example above, we are creating a list that includes Pakistan, Burkina Faso, and Yemen, to ensure we meet regulations regarding customers in these countries. 

Then, if an IP address points to one of these countries, we can consider this user high-risk for our business. Of course, this does not necessarily mean they are a fraudster or criminal. 

However, scrutinizing their actions and assessing whether there are additional red flags can make all the difference in stopping this type of financial crime.

Multi-Accounting Customers

Multi-accounting users – fraudsters who sign up for a service multiple times under different names – are a huge problem in several industries. 

They mess with your analytics. They abuse your marketing promos via referral fraud. Plus, they tend to not be trustworthy individuals, who could be working for sophisticated fraud rings. 

This is why identifying them as high-risk users as soon as possible is paramount to operating safely online. 

Where to Spot Multi-Accounting Users

This would be at the registration stage, when you can get access to data such as their IP address, email address, and phone number. More importantly, the device they use to connect to your site can highlight similarities between ostensibly separate accounts. 

How to Spot Multi-Accounting Users

Here again, collecting as much data as possible will take you a long way down the road towards security. What’s particularly important is to pay attention to the device data, including:

• Device hash: data points such as screen size or operating system
• Cookie hash: data relating to the browser cookies
• Browser hash: data relating to the browser developer, build version, and other data points in the browser itself

High-risk users who sign up multiple times will attempt to make it look like they are doing so from different configurations of software and hardware. But you can still pick up on suspicious data, as shown in the demo below:

Politically Exposed Persons

A politically exposed person, also known as PEP, is one whose position makes them more likely to be at risk of corruption, bribery, or money laundering. Certain organizations such as banks and estate agents have a legal obligation to flag them as part of their AML compliance. 

PEPs may include heads of state, senior executives, members of the military, diplomats, ambassadors, and more. Failing to mark them in your system or flagging them to the relevant regulatory bodies may result in fines and legal issues. 

Where to Spot Politically Exposed Persons

The best place to find PEPs is during the user onboarding process (or signup process). This is when you will require them to submit a full name, usually as part of your KYC process. Cross-referencing that name against an official database of PEPs should be easy enough – especially if you can get the software to automate the search for you. 

How to Spot Politically Exposed Persons

There are three ways to spot PEPs. You can ask them if they are registered as one, look for their name on an official database, or get software to automate the search for you. Realistically, only the latter solution is feasible for online businesses, especially if you need to perform PEP screening for every new user who signs up for your service. 

Note that you will want a solution that checks for PEPs globally. This is because every government has its own database of politically exposed persons. Once again, this is why automating the process makes sense, but it is still possible to look for their name yourself. Just be aware of spelling variants and special characters that could point you in the wrong direction. 

Synthetic ID Customers

A synthetic ID customer is essentially a fraudster who combines a combination of made-up and real ID data. The data can be manipulated, blended, or manufactured.

For instance, a synthetic ID customer could rely on a real email address and a stolen ID document. Or they could be using a real name and a photoshopped ID document. The key is to identify inconsistencies in the data in order to correctly flag them as fraudsters.

Of course, the challenge is to separate real data from the fake. This is doubly demanding as they usually create these stitched identities specifically to bypass KYC (know your customer) checks and other forms of ID screening. 

Where to Spot Synthetic ID Customers

While the signup process is the point of the customer lifecycle where you are likely to receive the most valuable data (full name, address, email address, etc…), you shouldn’t ignore the login, browsing, or transaction stage. 

For instance, a suspicious IP address at the login stage could help raise red flags pointing to a synthetic ID. Similarly, a mismatch in the payment data (credit card) and customer data (name and address), could also be a worrying sign. 

How to Spot Synthetic ID Customers

Because synthetic ID customers are some of the most challenging to spot, you should deploy every single data analysis tool at your disposal to detect them. This may include:

• Device data: proxy usage, Tor connections, suspicious emulators, or hardware configuration, among others.
  
• Digital footprint analysis: you need to cast a wider net to catch user data, which may include social media profiles, reverse phone lookup, and email address analysis.
  
• Behavior analysis: logging data points relating to behavior can also help spot fraudsters, for instance by looking at how quickly they fill out a form, the kind of purchases they make, or how frequently they raise their credit limits.

And of course, it goes without saying that flagging stolen and made-up IDs should be a key part of your strategy to spot these high-risk customers.

Why Is It Important to Spot High-Risk Customers?

Spotting high-risk users using risk monitoring methods is paramount to operating a safe, successful online business. It may even be considered a form of customer segmentation.

Here are four key reasons to identify:

1. Reduce fraud: High-risk users may perform illegal activities relating to fraud such as account takeovers, fake ID theft, chargeback fraud, and return fraud.
   
2. Boost compliance: In some cases, high-risk users are a legal issue. For instance, in the world of banking, it’s your duty to spot potential bad actors due to AML and KYC verification regulations.
   
3. Maintain high cybersecurity standards: Risky users can pose an IT security threat. They could inject your website with malware, attempt to steal company data, or generally wreak havoc on your technical setup.
   
4. Ensure community safety: Risky users can sometimes affect how good customers enjoy your product or services. Nowhere is this more apparent than with a community website, where abusing or offensive users can be considered a high risk to the environment you are trying to foster.

Ensuring your business covers all these areas will ultimately help you boost revenue, operate safely, and remove potential threats that could harm your growth. 

Key Takeaways

How you define a high-risk user might depend on your industry and business model, but the idea is always the same: Fail to flag them early, and there could be a negative impact on your entire company.

In the online world, identifying high-risk customers always starts with better data. This goes beyond the identifying info they present themselves – name, address, credit card – but also alternative data you can gather via data enrichment.

That data can then let you automate your risk management and customer segmentation, allowing for safe, compliant operations, and empowering growth.

FAQ