Fake Bank Accounts: How to Prevent Neobank Fraud

Digital banks and neobanks are having to combat fake bank accounts daily. It’s a well-known issue and most of these financial organizations have teams of people trying to stay on top with various fraud protection measures. These fraudulent accounts can cause significant financial losses. Fraudsters use advanced methods that make it difficult for banks to stay ahead when setting up defense strategies.

The creation of fake bank accounts often involves sophisticated schemes including the use of synthetic identities, purchasing pre-created accounts, and configuration spoofing, among others. This article delves into the various tactics used to perpetrate these frauds and explores effective strategies to combat them, ensuring a secure banking environment for genuine customers.

Using synthetic identities

Synthetic identity fraud represents one of the most complex financial crimes right now. A synthetic identity is constructed by fraudsters using a combination of real (often stolen) and fabricated information to create a new identity. This identity is then used to open fake bank accounts, obtain credit, and carry out fraudulent transactions undetected.

The process begins with the acquisition of sensitive information, such as Social Security numbers—which may be complete fabrications or derived from real numbers with altered digits. Fraudsters then craft a credible but entirely fictional identity by adding other fake details such as names, addresses, and birthdates. These identities are gradually nurtured over time, often starting with small credit applications to build credit history. As the synthetic identity gains legitimacy, larger and more destructive frauds can be executed.

Banks and financial institutions struggle with synthetic identities because they do not match real individuals but often pass initial verification checks. This makes detection particularly challenging, necessitating advanced analytical tools that can spot inconsistencies and patterns indicative of fraud. Machine learning algorithms, for instance, can analyze vast amounts of data to identify anomalies that humans might overlook, such as unusual transaction patterns or discrepancies in credit application details.

Purchasing pre-created accounts

Another alarming trend in the landscape of financial fraud involves the purchasing of pre-created accounts. These accounts are typically set up by individuals who sell them to fraudsters, who then use them to bypass the stringent KYC (Know Your Customer) procedures implemented by banks. Neobanks often conduct a variety of fraud checks, but not all of them are as effective. Some digital banks are starting to implement highly efficient pre-KYC checks based on digital footprint analytics to ensure better fraud protection measures. 

The underground market for these accounts is thriving, facilitated by dark web marketplaces and online forums where they are bought and sold. Prices vary based on the perceived quality of the account, such as the history and credit limit attached to it. These pre-created accounts are particularly valuable to criminals because they come ready-made with a history that can be exploited for larger frauds, including loan applications and large transactions that might otherwise raise alarms.

To combat this, financial institutions are increasingly turning to advanced verification technologies that can detect signs of account manipulation. These include analyzing the digital footprints left by devices used to create and access the account, assessing behavioral patterns, and employing biometric verification methods that make it difficult for fraudsters to use accounts they did not originally create. Ensuring that each account creation is accompanied by rigorous checks can diminish the utility of these pre-created accounts for fraudulent purposes.

Fake account statistics and financial losses

According to a recent report published by the FTC, consumers lost $7.0 billion to fraud in the first 9 months of 2023. While these losses aren’t necessarily related to new account fraud or account opening, they are related to major crimes, financial loss, and personal data loss, including bank account and credit card information. Also, it was reported that over 5% of corporate revenue is lost to similar scams every year, and that amounts to a shocking $4.7 trillion worldwide.

Europe isn’t shielded from these types of payment fraud and bank account scams either. UK Finance revealed that There were also losses from contactless and face-to-face card thefts in retail stores of £33.6 million during Q1 of 2022 (source: UK Finance).

Banks, particularly neobanks and digital payment companies, are not looking to implement a variety of protection measures that might detect potential financial fraud in the early stages.

The fraudster’s account opening process

The process of opening a bank account has become a key vulnerability that fraudsters exploit to further their illicit schemes. Next, we examine the specific tactics employed by these criminals to subvert this crucial step in financial operations.

How do fraudsters manipulate the account opening process?

Fraudsters are becoming increasingly cunning and will abuse the account opening process to establish a convincing profile. By manipulating this process, they can create accounts that appear legitimate but are intended for fraudulent purposes.

Fraudsters typically use forged or stolen documents such as IDs, utility bills, and bank statements to meet the KYC requirements. This deception is often supported by sophisticated techniques such as digital document forgery and the use of technology to spoof biometric data. Additionally, they exploit the minimal face-to-face interaction required in digital banking to avoid detection.

To counter these tactics, banks are employing increasingly sophisticated verification technologies. These include the use of AI and Machine Learning (ML) for document verification, facial recognition technology to match identities with biometric data, and behavioral analytics to detect any anomalies in the application process. This approach not only strengthens the security at the point of entry but also helps in building a more secure foundation for all future transactions within these accounts.

Configuration spoofing

Configuration spoofing allows fraudsters to obscure their digital trails, complicating efforts to trace malicious activities back to the source. By adopting various technical methods to alter how their devices appear to network security systems, they can operate undetected for extended periods. This section delves into the technical underpinnings of these methods and the strategies to detect and mitigate their use.

How do fraudsters hide their digital footprints?

Configuration spoofing is a critical technique used by fraudsters to disguise their digital identities and evade detection by security systems. By altering device configurations, such as IP addresses, MAC addresses, and browser fingerprints, criminals can obscure their true locations and device characteristics, making fraudulent activities harder to trace.

IP masking and the use of VPNs, Proxies, and Tor: fraudsters commonly use VPNs (Virtual Private Networks), proxies, and the Tor network to hide their IP addresses, which are otherwise easily traceable back to their actual location. These tools reroute internet traffic through different servers worldwide, masking the user's original IP address and thus their geographical location.

Emulators and virtual machines: beyond IP masking, fraudsters employ emulators and virtual machines to simulate different operating systems and hardware environments. This allows them to create numerous seemingly unique device identities from a single machine. Emulators like Nox or VMWare can mimic mobile devices or other operating systems, enabling fraudsters to bypass device-based security measures implemented by financial institutions.

Combating configuration spoofing: to counteract these tactics, banks and financial services must implement advanced detection technologies that can recognize even sophisticated spoofing techniques. This includes analyzing network behavior for signs of VPN or proxy use, employing device fingerprinting technologies that detect emulations or inconsistencies in device reports, and integrating these tools into a comprehensive security strategy that adapts to evolving threats.

Quite a number of these problems can be addressed by intricate risk-scoring methodologies, based on gathered alternative data. Additionally, implementing efficient IP intelligence can have a significant impact on trust and risk assessment.

Using fake bank accounts for money muling

Money mules play a pivotal role in the landscape of financial fraud, acting as intermediaries who move and launder illicit funds. This section explores how criminals exploit individuals, often unknowingly, to facilitate the transfer of stolen money, and the strategies that financial institutions can employ to detect and prevent these schemes.

What role do money mules play in financial fraud?

Money mules are typically recruited by fraudsters to transfer stolen funds through their own bank accounts, thereby obscuring the origin of these funds. This can occur in several ways: individuals may be duped into these schemes through job offers, romance scams, or unwitting involvement, while others might knowingly participate for a share of the stolen money.

The process involves depositing or transferring illicit funds into a mule's account, who then moves it according to the fraudster's instructions, often to foreign accounts or into other financial systems like cryptocurrencies. This step is crucial for the money laundering cycle, helping to integrate dirty money into the financial system as clean money.

Detection and prevention: financial institutions are increasingly vigilant about detecting patterns that suggest money muling, such as unusual transaction activities that do not match the customer’s profile or history. Advanced analytics, machine learning techniques, and collaboration with law enforcement play critical roles in identifying and stopping these activities. Customer education is also paramount; by informing clients about the signs of money muling and the consequences of participating in such schemes, banks can significantly reduce the risk of their accounts being used for these purposes.

Other ways for scammers to use fake accounts

Fake bank accounts are not just a problem for the banking sector; they have far-reaching implications across various industries. This section explores how these accounts enable fraud in e-commerce, online gaming, and the insurance industry, particularly through underwriting fraud.

How do fake accounts facilitate fraud across different industries?

Fraudsters are extremely capable when faking ID and account information. When a fake bank account is established, they can then make a seemingly legitimate, albeit fake credit history, thereby creating a fake profile so to speak. This is text-book definition of synthetic identity (a topic which we covered earlier in the article). From hereon, it's an easy road for fraudulent behavior and every industry that's dealing with digital payment or transaction is currently fighting to prevent this process.

In the realm of e-commerce, fake accounts can be used to buy goods with stolen credit card information. Once the purchase is made, the goods are typically shipped to anonymous drop locations before being moved into the black market. This type of fraud not only causes financial losses but also damages the reputations of online retailers.

Online gaming platforms are similarly vulnerable. Here, fake accounts may be used to exploit signup promotions, manipulate game outcomes, or launder money. The virtual nature of these platforms makes them particularly susceptible to such abuses.

In the insurance industry, particularly concerning is underwriting fraud. Fraudsters use fake accounts to apply for policies, manipulating personal details to lower premiums or inflate claims. This not only causes financial strain on the providers but can also lead to increased premiums for honest policyholders.

Countermeasures: to combat these fraudulent activities, industries are employing sophisticated fraud detection systems that use machine learning to analyze patterns and predict fraudulent transactions. Also, stricter verification processes at signup and transaction levels are being enforced to ensure the legitimacy of every account and transaction.

Fighting fake bank accounts

Preventing fake bank accounts requires a multifaceted approach that denotes several stages of the customer journey, from initial account creation to ongoing monitoring.

How to prevent fake account creation and misuse?

Effective strategies during customer onboarding can significantly reduce the risk of fraud, setting a strong foundation for account security. While traditional authentication processes typically follow account creation, integrating elements of authentication during onboarding can enhance security from the outset:

• KYC verification strategies: preventing fake bank accounts starts at the very beginning of the customer journey—during the onboarding process. Implementing advanced identity verification measures is crucial at this stage. on-target silent checks: both KYC and AFC/AML compliance can be maintained by screening customers silently; this reduces unwanted friction that often occurs during the onboarding process.
• Positive vs. negative phone / email signals: business accounts linked to a reputable company, detecting premium online services linked to both phone and email with prior porting history and genuine usage can go a long way when discerning between valuable customers and fraudsters.
• Customized and pre-set risk models:  regardless if it’s money mule detection or detecting fraud at an early stage, allowing you neobanks to create bespoke models matching their risk policies, complete with the flexibility to define specific rules, triggers, and scoring weights.
• AI-driven biometric authenticity checks: artificial intelligence or ML analyzes information and immediately isolates suspicious activities based on a variety of actionable risk signals, therefore red-flagging potential fraud.
• Incorporating authentication during onboarding: while traditional authentication processes typically follow account creation, integrating elements of authentication during onboarding can enhance security from the outset:
• Pre-KYC Multi-Factor Authentication (MFA): although MFA is generally post-account creation, introducing a simplified version during onboarding—for instance, a one-time passcode sent to a phone number or email—can add extra layer of verification that the user is who they claim to be.
• Behavior-based analysis: implementing preliminary behavior-based authentication techniques, such as analyzing the device or IP address consistency, can flag potential frauds early on. This method assesses whether the onboarding attempt fits the user's typical pattern or geographical location.

Closing thoughts

The challenge of combating fake bank accounts demands vigilance and innovation across all sectors of the financial industry. As fraudsters continue to refine their tactics, financial institutions, e-commerce platforms, and other affected industries must remain proactive. The implementation of advanced detection systems, continuous monitoring, and comprehensive customer education programs are essential to safeguard assets and maintain trust.

This article has explored various aspects of financial fraud, from the creation of synthetic identities to the use of sophisticated spoofing techniques. We have seen how these deceptive practices not only affect banks but also permeate other industries, increasing the urgency for cross-industry collaborations and enhanced security measures.

To dive deeper into fraud prevention solutions, streamlined AML, and improved KYC processes, please turn to our experts and we’ll help you learn more.

Questions and Answers

How do synthetic identities differ from stolen identities in the creation of fake bank accounts?

Synthetic identities are fabricated identities that blend real and fake data, unlike stolen identities which are entirely genuine but used without the owner's consent. Fraudsters create synthetic identities by piecing together real and artificial information to form a new, non-existent identity that can pass initial security screenings, making them particularly challenging for banks to detect.

What are the latest technologies that neobanks are using to detect pre-created fake accounts?

Neobanks are increasingly utilizing technologies such as artificial intelligence (AI) and machine learning (ML) to analyze patterns and behaviors during the account creation process. They also implement biometric verification and real-time document verification to ensure the authenticity of the account holder, significantly reducing the success rate of fraudulent account registrations.

Can you explain how money mules are detected in digital banking?

Money mules are detected through sophisticated anomaly detection systems that analyze transaction patterns. Neobanks use machine learning algorithms to flag unusual transactions that don’t match the customer’s profile, such as sudden large transfers or frequent cross-border transactions. Additionally, ongoing education programs help customers recognize and avoid participating in money muling schemes.

What steps are being taken to prevent account takeover in neobanks?

Neobanks prevent account takeover by implementing multi-factor authentication (MFA) and behavior-based authentication protocols, which assess the context and patterns of user interactions. They also conduct regular security training for customers on recognizing phishing attempts and social engineering tactics, alongside deploying advanced email and transaction monitoring systems to detect and alert on suspicious activities promptly.