Are High-Security Checks Worth It?

by Bence Jendruszak
Forex trading became all the rage in recent years – especially so during the pandemic.
But attracting retail investors to your platform requires marketing elbow grease, which notably often comes in the form of welcome, deposit, or rebate bonuses.
Unfortunately, fraudsters professional and amateur jump at the opportunity to exploit incentives like these. Let’s see how you can detect bonus abuse at your forex trading platform today.
Bonuses are meant to help attract new customers and retain old ones. When fraudsters exploit them, your FX platform stands to lose a lot:
Mexico’s leading challenger bank, albo, reduced bonus abuse by flagging bogus email addresses with SEON.
Read the Case Study
As mentioned above, a key point to look at when looking to identify and stop bonus abusers are multiple accounts created by the same person.
It could be a lone, unsophisticated fraudster. Or it can be a large organized crime ring. The results are the same: dozens of accounts, all originating from the same source, attempt to take advantage of your bonus scheme.
This knowledge should inform how you fight back. Here are some options:
In addition to streamlining your bonus abuse prevention, you should also regularly reevaluate your bonus program and adapt it based on your reporting and findings, to find that sweet spot that brings in more customers without incurring too much risk.
Now that we have a better idea of our risk strategy designed to catch bonus abusers, let’s dive deeper into the rules to deploy on your FX exchange.
Bonus abusers who create multiple accounts can’t spend hours carefully crafting every signup detail to make a fake identity. Sometimes, they repeat certain elements. And this way, evidence of a connection between multiple accounts slips through the cracks.
Nowhere is this more evident than with a password hash. This is an encrypted, anonymized identifying parameter generated for each of your users’ passwords. When two of them are the same, it means the users have the exact same password, although you can’t see it.
And when two or more users share the same password hash, the likelihood that you’re dealing with the same person increases.
Note that the same rule can be created with a device hash or browser hash. These look at a number of parameters relating to software and hardware configurations (OS, window size, device version, etc.).
You can create unique identifiers based on these configurations to spot connections between users.
Speaking of browsers, the one your user chooses to connect to your site offers a treasure trove of information. We’ve already mentioned using their configuration as an identifier, but you can also focus on specific data points that are considered suspicious.
In the case of this rule, it’s an absence of data points that raises red flags: missing cookies on the user’s side.
Why is this suspicious?
Well, there are two potential scenarios. One, you’re dealing with a privacy-focused extension or a fresh new session.
But you could also be onboarding a user who relies on a browser specifically designed to avoid anti-fraud detection.
Here again, this is a pointer that you’re dealing with a fairly sophisticated fraudster who creates multiple accounts manually (or using bots). The fact that they’re trying to avoid identification is exactly what should ring alarm bells.
So far, we’ve looked at two rules deployed at the signup stage. There is another crucial time to monitor users: the time of their first deposit onto your FX platform.
Chances are that you only allow customers to collect their bonuses after that step, which is why there’s still time to collect more data in order to spot fraud.
Here, a simple custom rule is designed to help us spot cards linked to a geographical location that’s different from the IP address.
This covers two potential attempts at deception.
Finally, it’s also important to note that the type of card you are dealing with can indicate potential fraud. Pre-paid cards, for instance, tend to be higher risk than standard credit cards. These checks are the perfect job for a card BIN lookup tool, such as the one included with SEON.
Learn how SEON’s flexible system of APIs works, their benefits, and how they can stop fraud at your company.
Book a Demo
SEON was designed to let you gather as much data as possible from your users in real time. This includes gathering a wealth of additional information based only on their signup info: an IP address, email address, or phone number.
We even let you create rules that analyze user behavior in order to filter out low, medium, and high-risk interactions with your platform.
The goal is to let you manage risk more efficiently. For FX trading platforms, this is also key to spotting connections between customers designed to exploit your promos and bonus schemes – including between existing accounts and at signup stage.
Want to learn more about how SEON can help your forex trading company? Book a demo or sign up for free today.
Showing all with `` tag
Click here
Bence Jendruszák is the Chief Operating Officer and co-founder of SEON. Thanks to his leadership, the company received the biggest Series A in Hungarian history in 2021. Bence is passionate about cybersecurity and its overlap with business success. You can find him leading webinars with industry leaders on topics such as iGaming fraud, identity proofing or machine learning (when he’s not brewing questionable coffee for his colleagues).
The top stories of the month delivered straight to your inbox