Cybercriminals use stolen or synthetic identities to create new accounts using a victim’s personal information such as Social Security number, name and date of birth. Data breaches, website hacks, phishing attacks, web-accessible public records and the explosion of social networks make it easier than ever to pretend to be someone else on the worldwide web.
Account origination fraud, also called new account fraud or account creation fraud, is most frequently directed at financial institutions for new credit cards, bank and brokerage accounts, but is also directed at social networks, insurance, utilities and medical records. The impact can be substantial direct fraud losses, brand tarnish and escalating review costs based on regulatory requirements. Companies go to great lengths to secure their web servers, data and user logins but leave their front door “wide open” to anyone with stolen credentials.
How ThreatMetrix detects and prevents account origination fraud
Fraudsters must disguise their computer identity and hide their personal identity to commit the perfect fraud. Cybercriminals use compromised computers, proxies or botnets to spoof their true IP address or IP geolocation.
Conventional identity verification solutions require customers to provide personal information such as name and Social Security number when a person creates a new web account. ThreatMetrix does not require personal information to prevent account origination fraud, relying instead on anonymous data. ThreatMetrix combines packet signature data from the visitor’s computer and Internet connection with the transaction details and anonymized credentials to distinguish a fraudster and a customer.
Stop new account fraud at the first attempt based on device anomalies
- Go beyond simple IP proxy detection to detect accounts created from behind hidden proxies
- See through proxies to detect the true IP address and true geolocation of the fraudster’s computer
- Prevent fraudulent sign-ups from uncommon or suspicious computer configurations
- Detect botnets attempting to automate account creation
Instantly recognize device, credential and behavioral anomalies based on account creation context
- Detect inconsistencies in device, address and location information
- Use advanced device identification technology to detect multiple registrations even when identity and computer attributes are changed
- Create custom pattern and device recognition rules for profiling linking
- Score on custom attributes such as gender, airline route or product class to be included in real-time scoring models.
- Leverage a global network to detect suspicious sign-up behavior
Get actionable information from decision management tools to help you analyze, report and control account origination fraud
- SaaS portal and powerful reporting for trend analysis and optimization
- Customizable rules engine tailored to your application and business. Easily blacklist or whitelist device and transaction credentials
- Comprehensive API for real-time integration of scoring, reason code, device ID and underlying attributes into fraud, authentication and case management applications
Interrupt good customers less often by optimizing challenge and response requirements based on real-time feedback of device risk
- Has the device already been previously authenticated elsewhere on the site?
- Have the device and credentials used in the transaction been seen elsewhere on the ThreatMetrix Fraud Network to suggest a higher level of trust?
- Do the device and credentials have negative reputation across the network?
ThreatMetrix unique benefits to prevent account origination fraud include
- Enhance your existing investment in identity verification tools
- Reduce fraud loss based on real-time fraud prevention—not just monitoring
- Increase automation of account screening to reduce manual review costs and improve customer satisfaction
- Reduce customer abandonment caused by the inconvenience of existing identity verification techniques
- Protect your existing site members from harm and abuse
- Leverage global network without sharing personal identifiable information (PII)
- Integrate account origination fraud prevention intelligence with the rest of your online business including transactions and account logins
