Fraudsters don’t need to take over an existing account to cause damage. Increasingly, they create new ones using stolen credentials, synthetic identities, or automated bots, then exploit those accounts for payments fraud, bonus abuse, chargebacks, or money-mule activity.
As more banks and financial services providers move to fast, digital onboarding, the challenge is the same: reduce friction for genuine applicants while catching risk early, before costly KYC checks and manual reviews kick in.
In this guide, we’ll explain what new account fraud is, how these attacks typically work, and the most practical ways to detect and prevent them during registration and onboarding.
What Is New Account Fraud?
New account fraud, also known as account opening fraud or account creation fraud, happens when a criminal signs up for a new account using false, stolen, or manipulated identity details.
In financial services, it usually shows up in a few common ways:
- Synthetic identity fraud: attackers combine real and fake information to look legitimate
- Stolen identity fraud: accounts are opened in someone else’s name
- Application manipulation: details are tweaked just enough to pass basic checks
It’s often confused with account takeover fraud (ATO), but the goal is different. New account fraud is about getting approved. ATO is about taking over an account that already exists.
The risk isn’t just the signup itself. Once the account is live, it can be used for credit fraud, promo abuse, money mule activity, and follow-on attacks. That’s why the best place to stop it is early — during registration and onboarding, before expensive KYC checks and manual reviews kick in.
Types of New Account Fraud
Once a fraudster gets a new account approved, the “why” becomes clearer. Some accounts are built to steal value immediately. Others are designed to look legitimate for weeks, then cash out when limits increase. In financial services, these are the most common new account fraud patterns to watch for:
- Loan and credit application fraud: Accounts created to apply for lending products using manipulated income, identity details, or supporting data, then defaulting or disappearing once funds are released.
- Unauthorized card / credit line openings: New accounts opened with stolen identity information to gain access to credit, run up balances, and leave the real individual dealing with the fallout.
- Promo and referral abuse: Repeat signups created to harvest incentives, signup bonuses, or referral payouts, often using automation and recycled devices, IPs, or contact details.
- Bust-out fraud (build trust, then max out): Fraudsters behave “normally” long enough to gain higher limits or fewer checks, then rapidly draw down credit and abandon the account.
- Money mule accounts: Accounts opened to receive, move, and cash out funds tied to scams or laundering—sometimes involving coerced or unwitting individuals, sometimes fully controlled by a fraud ring.
If you want, I can tailor the examples under each bullet to match your product focus (registration + onboarding) so it naturally sets up the “How to detect” section next.
How Do You Prevent New Account Fraud?
The strongest setups don’t rely on a single check. They layer a few core signals that fraudsters struggle to fake consistently, then only add friction when those signals don’t line up:
“The answer lies in designing onboarding journeys that respond to real risk — introducing additional checks only when justified.” — Mira Sidhu, Director of Growth, Compliance Solutions (IDV)
Pre-KYC Risk Signals
Enrich early signals (email, phone, IP) to gauge legitimacy before expensive verification kicks in. This filters obvious fraud before it hits KYC cost and queue time. It’s especially useful for catching brand-new identities, disposable contact data, and low-footprint signups at scale.
Device Intelligence
Fingerprint devices to catch emulators, spoofing, and repeat signup infrastructure. It also helps link “new” applicants back to previously seen risky setups. You can flag suspicious configurations, frequent resets, automation patterns, and reused devices across multiple attempted registrations.
Network Analysis
Connect accounts through shared devices, IPs, contact data, or near-duplicate attributes. This is how you surface fraud rings and account farms early. Instead of treating applications in isolation, you spot clusters that behave alike and share infrastructure.
IP + Geolocation Intelligence
Assess the connection itself: VPN/proxy/Tor detection, IP reputation, ASN/ISP type, and geo consistency against device timezone and session patterns. This catches location masking and high-risk routing even when the identity doesn’t yet connect to other accounts. Add velocity and anomaly checks for impossible travel and rapid switching.
Dynamic friction
Adjust verification depth based on risk instead of forcing one rigid flow on everyone. Low-risk users move fast, while risky sessions trigger step-ups or blocks. This keeps onboarding smooth while still escalating to stronger checks when signals suggest synthetic or stolen identities.
Explainable decisioning
Use transparent rules and scoring so teams can see why something was flagged. That clarity makes it easier to tune thresholds and reduce false positives over time. When investigators can audit the decision quickly, you shorten review cycles and improve consistency across analysts.
Catching new account fraud early means looking at more than what applicants type into a form, it’s about the signals around the signup and whether they line up. Because tactics change fast, financial services teams should keep tuning rules, thresholds, and step-up flows so they stay accurate without adding unnecessary friction.
How to Detect New Account Fraud
New account fraud is easiest to catch at signup, before you have much account history to work with. The goal is to spot patterns that don’t match normal customer behavior, especially when multiple signals point to the same story.
Common red flags include:
- Disposable or low-quality email signals: Newly created inboxes, disposable domains, and emails with no meaningful history can indicate account farming or synthetic identities (especially at volume).
- Suspicious phone patterns: VoIP numbers, invalid formatting, recycled numbers, or numbers that fail basic verification checks often show up in automated signup traffic and organized fraud attempts.
- Thin or inconsistent digital footprint: A complete lack of online traces isn’t always fraud, but when an identity has no supporting signals (or the signals don’t match), it’s a reason to step up verification.
- Risky network indicators: VPNs, proxies, Tor, poor IP reputation, and unusual ISP/ASN patterns can suggest masking, bot traffic, or repeat signup infrastructure.
- Identity mismatch signals: Details that don’t line up across the session—like name, address, device timezone, IP location, and submitted identity data—often point to manipulation or stolen credentials being tested.
- Emulators, virtual machines, and spoofed environments: Fraudsters use emulation to scale attempts and reset fingerprints. Signs of automation, tampering, or inconsistent device attributes are strong indicators of non-genuine signups.
- Repeat infrastructure across “new” applicants: Reused devices, shared network ranges, recurring email/phone patterns, or near-duplicate attributes across multiple signups can reveal account farms and coordinated fraud rings.
- Velocity and behavior anomalies: Form completion that’s too fast, repeated retries, rapid identity changes, high signup volume from a narrow set of signals, or sudden spikes by geography are often more predictive than any single identity field.
Red flags also vary by industry and risk appetite, but the principle stays the same: look for clusters and inconsistencies, then apply dynamic friction so low-risk users move fast while high-risk sessions trigger stronger checks.
Main Challenges in New Account Fraud Prevention
Preventing new account fraud sounds simple on paper: block bad signups before they become losses. In reality, teams usually run into three problems, balancing friction, dealing with tactics that bypass basic checks, and making the program workable day to day.
Customer Friction
Extra verification steps can protect your onboarding flow, but they can also slow it down. If the sign-up process feels painful, genuine users may drop off before they finish.
That drop-off creates a second issue. When fewer real users complete onboarding, you collect less clean data to learn what “normal” looks like. That makes it harder to spot anomalies with confidence.
Exploitability
Fraudsters don’t always invent identities from scratch. They often use stolen details or “blended” profiles that look legitimate at first glance.
This is where weak verification breaks down. If your controls rely too heavily on static personal data, you can end up approving applications that should have been flagged. That leads to false negatives at the exact moment you want the system to be strict.
Operational Obstacles
Even strong controls fail if they’re too heavy to run. Manual reviews, escalating KYC costs, new tooling, and training all add overhead.
On top of that, prevention isn’t a one-time setup. Fraud patterns shift, so teams must keep tuning rules, reviewing outcomes, and maintaining processes over time. Without a sustainable workflow, detection quality usually drops.
Together, these approaches are just the most basic framework to prevent new account fraud, and each component of that has the potential to place significant strains on an organization’s resources. This fact alone can make fraud prevention tactics challenging to implement effectively.
Are Merchants Liable for New Account Fraud?
Usually, the party with the biggest legal exposure is the financial institution that approved the fraudulent account in the first place. They control the account opening decision and the verification steps tied to it.
That said, merchants still have responsibilities. Most merchants must take reasonable steps to reduce fraud risk, protect legitimate customers, and report suspicious activity when required. In practice, that means spotting red flags early, ideally during registration or checkout, before losses stack up.
Merchants can face liability or penalties if they ignore required checks or fail to follow applicable rules. This can include gaps in customer due diligence, weak controls, or failing to escalate suspicious activity. The risk depends on your market, product, and regulatory obligations, so teams should align controls with their compliance requirements.
How SEON Helps Combat New Account Fraud
SEON helps fraud and risk teams stop new account fraud where it starts: during registration and onboarding. By enriching lightweight inputs like email, phone, and IP in real time, SEON builds a digital footprint that adds context fast, without forcing every applicant into high-friction checks.
From there, SEON layers in device intelligence to spot spoofing, emulators, and repeat signup infrastructure, plus network and IP insights to flag VPN/proxy/Tor usage, risky routing, and location inconsistencies. When patterns emerge across “new” applicants, network analysis helps connect accounts through shared devices, IPs, and behavioral signals, so you can surface account farms and organized rings early.
All of these signals roll up into transparent scoring and rules, giving teams clear decision drivers they can tune over time. The result is a more flexible onboarding flow: low-risk users move through quickly, while higher-risk sessions trigger step-ups, manual review, or automated blocks, so you reduce fraud without paying unnecessary KYC costs or sacrificing conversion.
Source:
- McKinsey & Company: Fighting back against synthetic identity fraud
