Account origination attack is a growing problem for businesses across all sectors. Criminals are using stolen or fake identities to create accounts that can be used for a variety of crimes, from applying for loans to stealing money and goods from ecommerce sites. This type of fraud is particularly difficult to detect, because it often happens on a large scale and is done quickly. In fact, Javelin Research reports that 40 percent of all account takeovers occur within 24 hours after the fraudulent account is created.
To get around this, fraudsters can use a variety of techniques. For example, they can change their device IP address to conceal their location and fudge their identity when signing up for an account. Additionally, they can utilize bots to help them fill out applications for fraudulent accounts. These bots can be incredibly sophisticated, utilizing typing pauses and human behavior to appear more like a legitimate user.
Unveiling the Threat: Understanding Account Origination Attacks and How to Defend Against Them
Another common way that fraudsters can get past the security measures of a business is by using a VPN to hide their true IP address. This allows them to create multiple accounts and use these accounts to purchase items on a website without getting caught by the site’s security measures.
To combat these issues, companies need to deploy advanced new account fraud screening to stop fraudsters before they get a chance to cause any harm. Thankfully, there are solutions out there that can help with this, which rely on passive biometrics to expose human fraud rings and other bad actors who rely on synthetic or stolen identities to commit fraud. These solutions can be deployed without impacting new account creations for legitimate users, and leverage a combination of user data, device signals, and abuser reports to prevent new account fraud and fake accounts at the point of origin.