August 24, 2016
Account Creation Fraud Gains Steam
Aug. 27, 2015
Using stolen personally identifiable information (PII) to create new accounts is gaining favor with fraudsters, according to new research from antifraud technology provider NuData Security. While network intrusions seem to continue unabated, many fraudsters had been using the illegally obtained information to take over existing accounts and commit fraud. While that tactic still is alive and well, Ryan Wilk, director of customer success at NuData told CardNotPresent.com, a slightly different scam has gained prominence lately: creating new accounts the consumer doesn’t know about that can be “aged” to better fool the victim. In fact, in the past six months NuData has seen account-creation fraud more than double. Of the more than 500 million account creations the company analyzed from May through July, it flagged 57 percent as high-risk or outright fraudulent compared to 28 percent in the three months before that.
“It’s a piece that really seems to be picking up,” Wilk said. “These are accounts that are being created that are allowed to sit for 20 or 30 days before they’re actually used for fraud. The array of accounts being created is very wide. The shape the fraud takes really ranges depending on the vertical we’re talking about and what the end goal of that fraud group is. Consumers can only do so much with all that data floating around out there. It’s really on the merchants and the FIs to take care of. Being able to identify the difference between a human interacting with that environment or some sort of automation and being able to do it at a more sophisticated level. We’re seeing a lot of these scripts being tuned to look as human as possible and they’re getting past a lot of the traditional checks.”