Identity fraud continues to rise, with losses totaling $43 billion in 2023 alone. One form of identity fraud that is a particular concern – especially to the financial services industry – is account opening fraud, also called new account fraud.
Unfortunately, numbers may be even higher, since the warning signs of fraudulent new accounts frequently go undetected.
With so much at stake when it comes to fraud, it’s critical that teams understand the latest criminal tactics to protect their customers and themselves. To get a better understanding of account opening fraud, let’s dig into what it is and how you can proactively combat it.
What is new account fraud?
New account fraud, also referred to as “account enrollment fraud” or “account opening fraud,” occurs when fraudsters open accounts using stolen or fabricated identities and happens one of two ways:
True name application fraud
Fraudulent account opening using real, stolen identities is called “true name application fraud.” To open an account with a stolen identity, a fraudster acquires or purchases an identity kit, also known as “fullz,” with the victim’s personal information, including social security number, date of birth, payment information, and address, which they then use to apply for credit cards or loans, or open bank accounts in that person’s name. These accounts are opened to establish credit history and or launder funds.
Synthetic identities
Another way account opening fraud is perpetrated is with synthetic identities, which aren’t linked to a specific person because they are constructed using stolen PII and/or other forms of fabricated information to construct identities to open new accounts, launder money, make fraudulent purchases and build credit profiles. Synthetic identities are notorious for using data from children or a deceased person and can fly under the radar for years, since there isn’t a clear victim to alert, as opposed to true name identity fraud in which the victim is evident.
The importance of Know Your Customer (KYC) to prevent new account fraud
The financial services industry faces the greatest risk from new account fraud. Every financial organization is responsible by law for making sure that its customers are who they say they are. The Know Your Customer (KYC) regulations were established by the US Financial Crimes Enforcement Network (FinCEN) and “prescribes minimum standards for financial institutions and their customers regarding the identity of a customer that shall apply with the opening of an account at the financial institution.”
Failure to comply with these regulations can lead to strict penalties. For example, from January 2021 to March 2022, FinCEN imposed more than $600 million in fines for anti-money laundering violations in which banks’ failed to properly assess the risk of customers and follow up on suspicious transactions.
Per FinCEN, financial companies need to have an anti-money laundering program with strict rules related to Customer Due Diligence (CDD) to verify the identity of all customers and clients who own, control, or profit when an account is opened. For high-risk customers, the requirements for KYC go beyond CDD to Enhanced Due Diligence (EDD), which requires further verifications and ongoing checks. In these cases, it’s even more important to remain in compliance.
Examples of Customer Due Diligence gone wrong
For CDD, companies have to classify customers according to risk profiles and be ready to report on suspicion of fraud. According to PYMNTS, the lack of adequate CDD processes contributed to every case where FinCEN levied a fine during the January 2021 to March 2022 time period.
This includes a $140 million fine for a bank that failed to report thousands of suspicious transactions. FinCEN determined that this bank’s CDD process at account opening was insufficient to collect the necessary information to be able to effectively evaluate a customer’s risk and provide active risk monitoring.
Another bank was fined $390 million when it failed to comply with minimum requirements. In this case, the bank took a risk-based approach to identifying high-risk customers, but the system established by the bank didn’t allow the bank to get the complete understanding it needed of its customers’ activity and patterns in order to identify illegitimate behavior.
It’s clear that being able to fulfill the requirements of KYC and CDD is essential to maintain a trusted environment for customers, not to mention avoiding steep fines from FinCEN. In order to move forward, you need to know that you have KYC and CDD covered to prevent new account fraud. And you need to be ready to act before the damage is done.
How to prevent new account fraud before it happens
Being able to distinguish between fraudsters and legitimate customers early is imperative to prevent account opening fraud. And SpyCloud Consumer Risk Protection is designed to do just that – making it an essential addition to your KYC and CDD processes.
What makes SpyCloud different from other anti-fraud solutions is that it gives you the earliest access to stolen data from the criminal underground to uncover exposures that help you focus on stopping crimes across your consumers’ digital journeys. By shifting the focus to pre-crime, enterprises can mitigate compromised consumer accounts from account creation to account transaction – ensuring consumer identities are safeguarded, and protecting your business’ time and resources by avoiding fraud altogether.
How SpyCloud Consumer Risk Protection addresses risk and prevents fraud
SpyCloud goes beyond breach data to provide your team with insights into malware-infected customers, giving you definitive evidence, making it easy to remediate to reduce intentional and unintentional fraudulent activity.
By querying as little as an email or phone number, SpyCloud analyzes billions of recaptured data points from breaches and malware logs, to uncover exposures associated with a user’s identity. With over 200+ data types, like SSN, DOB, government IDs, names, addresses, and more, our data helps you identify illegitimate accounts created by criminals using stolen data. Paired with existing anti-fraud and identity verification solutions, this gives you the ability to intervene and prevent fraud before it can happen.
Furthermore, once you know who your high-risk customers are, you can focus your resources on them for a more efficient and cost-effective KYC process.
SpyCloud Consumer Risk Protection can provide actionable insights into a user’s security posture, like recency of breach or malware infection, password hygiene, and even detect compromised credit card numbers. For financial institutions, these underground insights placed at vulnerable points of fraud like new account creation, application submission, account modifications, or money transfers can provide them with real-time, comprehensive data to prevent fraud.
Alternatively, financial institutions can easily identify users at low risk of account takeover, preventing negative user experiences and friction, along with decreasing unnecessary time and resources allocated to manual review. With this increased ability to identify legitimate users versus threats, companies can feel confident that they’re doing all they can to know their customers – and not risking millions in fines.
Learn how you can use recaptured data to prevent new account fraud with SpyCloud Consumer Risk Protection.