How to Detect Multi-Accounting Fraud in Cryptocurrency

Multi-accounting fraud, where the same user of a service signs up to more than one account in the interest of criminal financial gain, poses particular problems to cryptocurrency.

The crypto community has long been characterized by anonymity, with the decentralized nature of the traded currency lending itself to “staying off the grid”. This environment, often referred to as a digital Wild West, sadly also fosters lots of criminal intent for the same reasons.

We look further into multi-accounting fraud below, especially in the context of cryptocurrency, including what such fraud is, how to detect it, and how SEON can help combat it.

What Is Multi-Accounting Fraud in Crypto Exchanges?

Multi-accounting fraudsters will register for a crypto exchange using fake or altered personal data, making sure to create distinct usernames for each account. Depending on the crypto domain they approach, there are a number of malicious exploits that a fraudster can execute when in control of many accounts.

Having a dozen or more accounts helps to evade detection, which is important when there are so many opportunities to defraud people and businesses of their funds. Examples of such fraud include tricking potential investors into crypto trading, abusing promo or signup offers, or carrying out complex phishing scams.

Why Is Multi-Accounting a Problem for Cryptocurrency?

Multi-accounting is a problem due to a number of sticking points that are specific to the context of crypto. One of the most prominent is the fact that cryptocurrency is decentralized and accommodates pseudonymous and/or anonymous account activity.

Let’s look at the nature of decentralization, anonymity, and pseudonymity (the presence of individuals with fake identities) in cryptocurrency before moving on to other problems that exacerbate multi-accounting in this market.

These two core problems can both be categorized by another, overarching sticking point in the context of multi-accounting fraud in cryptocurrency: Crypto activity is very hard to trace, and it is therefore an industry that fraudsters, especially impostor fraudsters, can exploit.

With this in mind, let’s now examine further problems that multi-accounting brings to the crypto market.

• ‘Pump and dump’ crypto scams: One or more multi-accounting fraudsters use multiple accounts to voice their interest in a less-than-valuable cryptocurrency. They then exploit the resultant hype (i.e. ‘pump’ up interest) for investors in order to receive an inflated offer for the holdings. They then ‘dump’ the over-hyped currency by selling it on and enjoying the profit.
• Money laundering: Fraudsters can use multi-accounting fraud to break up their sums of money into small, dispersed transactions that can be harder for authorities to detect, especially in the decentralized world of cryptocurrency.
• Phishing attacks: Fraudsters using multiple accounts throughout the cryptocurrency marketplace can exploit its potential for false identities. This can help them remain undetected and also scam other crypto traders with the illusion of urgency – and, in particular, urgency being stressed by multiple sources. For example, multi-accounting fraudsters can pick a target and use their numerous fake identities to convince the victim that more than one person believes their account has been hacked and they must share their account details to help “IT” fix the problem. 
• Ponzi schemes: These schemes, wherein a fraudster takes money from new investors and uses it to pay their old investors, can be further exploited in the crypto market due to its decentralization, anonymity, and pseudonymity. In fact, multi-accounting in crypto allows fraudsters to trick investors with the illusion of a large investor base. As early as 2013, the US Securities and Exchange Commission (SEC) released an investor alert that warned against the rising popularity of virtual currencies in investments. The authority explained that fraudsters are likely to capitalize on the privacy offered by digital money.

How Do You Detect Multi-Accounting in Cryptocurrency?

Detecting multi-accounting in crypto means being proactive with initial precautions, such as Know Your Customer (KYC) checks. It also means being reactive by maintaining and utilizing security systems, like transaction analysis technologies, that can flag or thwart suspicious activity in the crypto market.

In other words, anyone who wishes to detect multi-accounting fraudsters in cryptocurrency needs to ensure that crypto exchanges are holding up a sturdy shield, right at the gate. No new registrant should be able to enter the crypto market without undergoing KYC checks, customer due diligence (CDD) checks, and – in more complicated or suspicious instances – enhanced due diligence (EDD) checks. 

After ensuring that new crypto registrants undergo the initial precautions at the onboarding stage, anyone who wishes to detect multi-accounting crypto fraudsters should utilize their own initiative and technology to record and label suspicious IP addresses, transaction patterns, and user behavior.

It is therefore crucial to utilize software that can identify these tell-tale signs of malicious activity. Many modern fraud prevention systems can also carry out blockchain analysis (the very technology that cryptocurrency is based on).

According to TrustRadius, such risk mitigation solutions can determine the source, destination, and transaction amount related to blockchain exchanges and assets. The systems’ use of machine learning can even help determine the risk level associated with various crypto activities.

These software systems can help you bolster your KYC process with another vital precaution, known as KYT: Know Your Transaction.

Top Three Custom Rules for Multi-Accounting in Cryptocurrency

The top three custom rules for combating multi-accounting in cryptocurrency relate to IP address checks, password hashes, and unique browsers. Here, we’ll look at how SEON’s custom rules can address all three of these.

#1: Two or More Accounts Have the Same IP Address

SEON’s software can check the IP address of each user who is signed up for a service.

It is important to remember that, no matter how many accounts a fraudster signs up for, if they don’t cover their tracks (with such interventions as proxy servers), they will always have the same IP address. The use of VPNs or proxies is also a visible characteristic upon scrutiny.

Having more than one account with the same IP address is therefore a notable indication that a fraudster may be abusing your crypto platform’s account onboarding process with multiple logins.

Let’s have a look at the below screengrab:

As the rule parameter preview in the red window shows, the SEON customer has set the software to trigger a response when a user, within a two-day time frame, has the same IP address on two or more occasions, despite having two ostensibly separate accounts.

The software will then give anyone whose account activity matches these criteria a fraud score of ten – hence why the final entry in the parameter preview says “Modify score + 10”.

This is just one suggestion; there are plenty of other approaches to IP tracking that will aid crypto providers’ detection of multi-accounting fraudsters with SEON’s software.

#2: Multiple Accounts Have the Same Password Hash

Many multi-accounting fraudsters will try their best to cover their tracks with multiple IP addresses, pseudonyms, and so on, but they’re still only human: They may get sloppy and not change their password each time they set up a ‘new’ account.

According to LastPass, most people cannot remember many passwords, so they resort to reusing them. A robust way to find multi-accounting fraudsters such as these is to set SEON’s software to flag anyone with more than one account who also has the same password hash.

After all, what are the chances that one crypto platform happens to have two account users with exactly the same password? At the very least, such a scenario should be treated with suspicion. SEON’s users can flag up such accounts and assign a fraud score, or outright block them depending on their preferences and the specific circumstances at play.

#3: Multiple User IDs with Same Browser Hash Using Same Discount Code within 48 Hours

Many online sellers make their services more attractive to potential new customers by offering sign-up bonuses. In the case of crypto exchanges, these might be promo codes that deliver returns on invested funds or offer “free” money. The problem is that offers such as these risk attracting fraudsters.

Indeed, many crypto fraudsters scout for these opportunities, then apply the same promo code across all of their dummy accounts. These promos, of course, are intended to attract new customers rather than reward fraudsters. Businesses have to consider this when deciding how much of a red carpet to roll out.

An effective way to look out for suspicious, repeated use of the same discount code is to set SEON’s tool to flag any code entered on the same browser more than once within 48 hours. Even though these will be across multiple accounts, their browser hash will, in all likelihood, identify them as the same user.

The below screengrab shows how you can set a SEON rule to reflect this.

Only one account – and therefore one person – should use a discount code at a time. As such, if the same discount code is being used more than once, it is likely because a multi-accounting criminal is attempting to exploit that code. It is worth having SEON flag such suspicious activity for you to review. 

How SEON Helps Cryptocurrency Businesses with Multi-Accounting Fraud

SEON helps combat this form of fraud using checks that are tuned to catch multi-accounting activities, such as its ability to find accounts that have the same device hash and IP address. As the above animation shows, SEON even offers the ability to outright analyze IP addresses, such as by assigning a fraud score to each internet protocol under observation.

It’s essential that crypto business owners both know about and act on suspicious activity. SEON helps its customers further by allowing them to set certain rules and triggers based on their own risk appetites.

SEON and its multitude of online resources are also well-equipped to improve your understanding of how fraud scoring and fraud prevention work, and how you can best apply them to your specific needs.

Sources

• Securities and Exchange Commission (SEC): INVESTOR ALERT: Ponzi Schemes Using Virtual Currencies
• TrustRadius: Blockchain Analysis Software
• LastPass: Breaking the Cycle of Password Reuse