Chapter 1: Why New Account Fraud Demands Renewed Attention

The surge of new account fraud (NAF) is a story playing out online and in call centers across industries.

Picture this: An ecommerce business launches a generous referral program, hoping to attract genuine customers. Instead, within weeks, hundreds of fake accounts flood the system, racking up promo credits and pushing the company to halt the program. Consumer trust erodes, and legitimate customers leave. The financial loss is significant, but the reputational damage is worse.

Fraudsters use synthetic identities, malicious bots, and stolen data to create fake accounts and exploit vulnerabilities. Keep reading to learn how NAF unfolds and what you can do to stop it. Through real stories and actionable strategies, we’ll explore how businesses can protect themselves without compromising their customer experience.

Chapter 2: The Increasing Prevalence of NAF

The rise of NAF is fueled by the rapid digital transformation of businesses, creating opportunities for fraudsters to exploit security vulnerabilities in online platforms. Coupled with the proliferation of stolen data from breaches and the scalability of automated tools like bots, fraudsters are now more equipped than ever to perpetrate identity-related crimes at an alarming scale.

• Digital Transformation: As businesses continue to shift their operations online to meet customer demand for convenience and accessibility, they inadvertently open themselves to new forms of risk. Digital onboarding has also exploded in volume due to the rise of global workforces and hybrid work environments, making hiring fraud more frequent and difficult to detect. Fraudsters have followed this migration, targeting digital platforms with security vulnerabilities.
• Data Breaches: The frequency of data breaches has resulted in millions of stolen records being made available on the dark web and underground markets. Fraudsters use this information, including names, addresses, Social Security numbers, and more, to take over existing real identities or piece together synthetic ones.
• Deepfakes: AI-generated audio, video, and images are making impersonation attacks far more convincing and harder to detect. Fraudsters use deepfakes to bypass identity verification, manipulate customer support agents, and socially engineer victims into approving fraudulent actions, eroding trust in traditional identity signals.
• Automation: Advances in automation, particularly through bots and scripting, have allowed fraudsters to scale their efforts significantly. Bots can register thousands of accounts in minutes, testing multiple combinations of credentials and personal data with speed and precision.

Chapter 3: How Bad Actors Perpetuate NAF

NAF is the result of deliberate techniques that exploit vulnerabilities in digital systems. Understanding these tactics is the first step toward effective prevention.

• Synthetic Identities: Fraudsters meticulously blend real personally identifiable information (PII) with fabricated details to construct identities that appear legitimate. These false identities can easily pass basic checks, especially when used to apply for loans, open credit cards, or claim rewards.
• Automated Bot Attacks: Automated bots can create thousands of fraudulent accounts in mere minutes, overwhelming traditional fraud detection systems. Increasingly, these attacks are paired with deepfakes that use AI-generated voice, video, and facial biometric data to bypass identity verification during account opening, making once-reliable verification signals more vulnerable to manipulation.
• Exploiting Promotions: Fraudsters frequently target promotional campaigns that reward new user sign-ups or referrals with monetary incentives. By exploiting these offers, they create hundreds or even thousands of fake accounts to claim rewards, draining marketing budgets and skewing customer acquisition metrics.
• The Dark Web: Fraudsters have access to complete identity packages, containing stolen personal data like Social Security numbers, addresses, and financial information for as little as $65, via the dark web. With millions of such records readily available, fraudsters can quickly set up fake accounts for various purposes, including siphoning benefits, conducting transactions, or laundering money.

Chapter 4: Measuring the Impact of NAF

When NAF takes root, the impact is rarely contained. It triggers a series of events that strain resources and erode trust. The consequences cascade quickly, leaving businesses with significant financial losses.

• Direct Costs: NAF directly impacts a company’s bottom line through chargebacks, refunds, and the misuse of promotions. These financial losses accumulate quickly, especially for businesses operating on thin margins. Additionally, compensating legitimate customers who are impacted by fraud—such as issuing refunds for unauthorized transactions—further increases expenses.
• Operational Burden: Fraud investigations demand time, money, and skilled personnel, diverting resources from core business growth initiatives. Fraud teams must identify, track, and mitigate the fraudulent activities, which often requires collaboration across departments and third-party service providers. This ongoing effort not only delays important projects but also overwhelms internal teams, forcing businesses to shift focus from innovation to damage control.
• Brand Reputation: A company’s reputation can suffer significantly when fraud is not effectively managed. Customers can also be indirectly affected, as companies often use out-of-date fraud tools in an attempt to stem the onslaught of AI-driven fraud attacks by adding friction and raising both application abandonment and false positives.

Chapter 5: Why Traditional Fraud Prevention Falls Short

Traditional fraud prevention has been shaped by cost containment, leading organizations to rely on static rules, manual reviews, and point tools optimized for a lower-volume, lower-velocity threat landscape. As fraud has become automated, AIdriven, and highly scalable, these legacy approaches struggle to keep pace, creating gaps that modern fraudsters exploit during account opening.

• Outdated Onboarding: Legacy onboarding controls haven’t evolved as quickly as fraud tactics, leaving gaps that criminals can exploit during account creation. Static rules, basic “Know Your Customer” (KYC) checks, and one-time verification signals are increasingly easy to bypass with synthetic identities, AI-generated documents, and coordinated fraud rings.
• Siloed Systems: Fraud detection systems often operate separately from identity verification tools, creating a fragmented defense against fraud. Without a unified approach, key signals are missed, allowing fraudsters to exploit gaps. This lack of integration not only reduces detection accuracy but also increases operational inefficiencies as teams scramble to piece together insights from multiple sources.
• Rigid Rules: Static rules in traditional fraud prevention systems struggle to keep up with the dynamic and evolving tactics of fraudsters. Fraudsters exploit these predictable systems by mimicking legitimate user behavior or launching low-and slow attacks that avoid triggering alerts. Businesses relying on inflexible defenses find themselves stuck in a reactive cycle, constantly updating rules after attacks occur.

Chapter 6: Tools to Prevent NAF

Traditional defenses aren’t enough. To stay ahead, companies must adopt proactive tactics that catch fraud at its inception.

• Behavioral Biometrics: Traditional defenses miss the subtle signs of fraud, but behavioral biometrics add an intelligent layer of protection. This capability analyzes how users interact with devices, such as typing speed, mouse movement patterns, or touchscreen swipes. Deviations from normal behavior—like erratic inputs or robotic precision—can indicate fraudulent activity. By identifying these anomalies at the registration stage, businesses can stop fraud before it takes root.
• Identity Verification: Static defenses often fail to differentiate between legitimate and fraudulent users, but modern identity verification capabilities bridge this gap. These tools validate user-provided information against trusted databases, such as government-issued IDs or financial records, and perform liveness detection to safeguard against deepfakes.
• Contextual Risk Assessment: Fraudsters exploit blind spots in traditional defenses, but contextual risk assessment provides a dynamic solution. By analyzing factors like device reputation, IP location, and behavioral data in real-time, businesses can assess the likelihood of fraud at the point of registration.
• Bot Detection: Traditional defenses are often powerless against the volume and precision of bot attacks, but advanced bot detection systems can prevent bots from creating fake accounts at scale, protecting a business’s platforms from exploitation.
• Device & Alternative Data: By incorporating device intelligence, network signals, and consortium-based insights, businesses can detect high-risk behavior early and distinguish legitimate users from fraudsters. When used alongside identity verification—often required for regulations like KYC, Anti-Money Laundering (AML), and Markets in Crypto-Assets Regulation (MiCA)—these signals strengthen registration decisions without introducing unnecessary friction.

Chapter 7: Building an Interconnected Defense

Fraud prevention is not a one-size-fits-all solution. It requires layers of defense that adapt to new threats. Just as fraudsters innovate, businesses must continuously evolve their strategies to safeguard their systems.

Implementation Steps

1. Audit the Vulnerabilities in Your System: The first step in implementing an effective fraud strategy is identifying weak points in the system. Conduct a comprehensive audit to uncover vulnerabilities across the customer journey, particularly during registration, login, and transaction phases. Analyze data flows, user interactions, and existing defenses to detect gaps fraudsters might exploit.
2. Integrate Identity Tools With Fraud Detection: To strengthen defenses, integrate identity verification and fraud detection tools into a unified system. Combine these capabilities with advanced bot detection, behavioral biometrics, and dynamic risk scoring to create a seamless, multi-layered defense. Integration across these tools allows for better data sharing and faster response times, ensuring that fraudulent activities are stopped before they escalate.
3. Continuously Refine Processes Based on Emerging Threats: Continuously monitor trends, analyze attack patterns, and update fraud detection processes to address new vulnerabilities. Leverage machine learning and data analytics to identify emerging threats and fine-tune detection algorithms. Regularly test and optimize tools like behavioral monitoring and risk scoring to maintain their effectiveness.

Ping Identity’s threat protection capabilities combine smart detection, dynamic policies, risk insights, seamless integration, and centralized management to effectively safeguard users.

Chapter 8: Leveraging Modern IAM to Thwart NAF

NAF is more than a financial loss—it undermines user trust and damages your brand’s reputation. Fraudsters exploit every vulnerability, from weak registration processes to outdated defenses, to compromise your platform and target your customers. However, with Ping Identity’s universal services, organizations can move from point-in-time authentication to continuous, verified trust across every interaction. By layering modular trust services, such as identity verification, behavioral signals, and adaptive enforcement, on top of existing identity infrastructure, you can close the gaps attackers exploit while reducing friction for trusted customers. The result is proactive fraud prevention that protects customers and the business without requiring a rip and-replace approach.

Don’t let fraudsters dictate the narrative—take control and protect what matters most: your customers’ trust.

¹ https://www.aarp.org/money/scams-fraud/info-2024/identity-fraud-report.html
² https://risk.lexisnexis.com/insights-resources/research/us-ca-true-cost-of-fraud-study
³ https://www.packetlabs.net/posts/what-is-the-price-of-data-on-the-dark-web/
⁴ https://risk.lexisnexis.com/insights-resources/research/us-ca-true-cos

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom. We let enterprises remove passwords, prevent fraud, support Zero Trust, and more. That’s why more than half of the Fortune 100 choose Ping Identity. Learn more at pingidentity.com.