What is New Account Fraud (NAF)? How to Prevent NAF Attacks?

New Account Fraud (NAF) is a significant threat to traditional identity verification systems. Fraudsters can easily obtain and falsify personal information, bypass two-factor authentication (2FA), and open new accounts for illegal activities. This leads to economic losses and trust crises, especially in highly digital industries. The banking and financial services sector is particularly vulnerable, with fraudsters applying for loans and credit cards using fake identities for money laundering. E-commerce and online payment platforms also face risks of unauthorized purchases and misuse of promotions. Fraudsters use fake accounts for illegal transactions, causing economic damage and market disruption. According to AARP’s report, losses from new account fraud exceeded $5.3 billion in 2023, up from $3.9 billion in 2022.

What is New Account Fraud (NAF)?

New Account Fraud (NAF) refers to the fraudulent opening of new accounts using forged or stolen personal information at financial institutions, e-commerce platforms, or other digital platforms. With advancements in technology, particularly AI and deepfake technology, fraudsters can now bypass identity verification systems more easily, making NAF a growing threat in digital security.

Limitations of Traditional Fraud Methods

Fraudsters once relied on the dark web to purchase forged identity documents or personal data, usually as low-quality scanned files. These documents could pass basic identity verification systems, but as verification technology advanced, these methods became less effective, especially when facial recognition was required. Traditional static images and scanned documents struggle to pass dynamic biometric checks.

The Rise of Deepfake Technology: ProKYC’s Deepfake Tool

To counter modern identity verification systems, fraudsters have turned to advanced technologies like deepfake. ProKYC is a deepfake tool sold on the cybercrime black market, designed specifically to bypass 2FA at platforms like cryptocurrency exchanges. It can create high-quality digital files of government-issued IDs and deepfake videos simulating facial movements such as head tilting during recognition processes.

In a demonstration video, fraudsters show how they used this tool to attack the identity verification system of ByBit cryptocurrency exchange. The fraud process is broken down into several steps:

1. Generating Fake Identity Data: Fraudsters use AI tools to generate fake facial photos, which is now a common practice on sites like “thispersondoesnotexist.com,” which produces realistic virtual faces.
2. Creating Forged IDs: Fraudsters apply the fake faces to forged government-issued IDs like passports or driver’s licenses. ProKYC generates high-quality forged documents in seconds, even adding details like official stamps and watermarks for authenticity.
3. Creating Deepfake Videos: Using the fake photos, fraudsters create videos that meet facial recognition requirements, simulating movements like head tilts. Although the videos may have minor flaws, such as unnatural eye movements or slight errors at the end, these are often undetected by typical verification systems.
4. Bypassing Facial Recognition: Fraudsters upload the forged passport to the cryptocurrency exchange’s verification system. When the system requests a live camera feed for facial recognition, they input the deepfake video, successfully bypassing biometric checks.
5. Opening a New Account: After the forged documents and videos are verified, the fraudsters receive a notification confirming the new account. They can now use the account for money laundering, illegal transactions, or other criminal activities.

Impact of NAF on Various Industries

The NAF process typically involves four stages:

1. Data Collection: Fraudsters gather enough personal information to forge a new account via phishing, data breaches, or buying personal data on black markets.
2. Identity Forgery: Using forged or stolen personal information, fraudsters create fake identities with AI-generated images and forged documents.
3. Criminal Activities: Fraudsters use the forged identities to open accounts for money laundering, applying for credit cards or loans, and exploiting promotions.
4. Account Abandonment: After completing their illegal activities, fraudsters quickly abandon the accounts to avoid detection.

NAF can severely impact various industries, especially those with high levels of digitalization, as they face greater risks.

• Banking and Financial Services: Fraudsters use fake identities to apply for loans and credit cards for money laundering, directly damaging financial institutions’ assets. These activities lead to economic losses and long-term reputational harm. Fraudsters also open multiple fake accounts to move funds, increasing risk management challenges for financial institutions.
• E-commerce and Online Payment Platforms: Fraudsters exploit fake accounts for unauthorized purchases or promotional abuse, causing platforms financial losses. They may also use these accounts for illegal money transfers, disrupting the market and increasing operational risks for platforms.
• Telecommunications: Fraudsters open new mobile accounts, obtain equipment, fail to pay bills, and quickly abandon the accounts. This leads to direct financial losses for telecom companies, especially from unrecoverable hardware costs.
• Insurance: Fraudsters use fake identities to file fraudulent claims, increasing payout risks and adding to investigation costs. This presents a challenge for insurance companies’ risk control mechanisms, affecting profitability.
• Sharing Economy Platforms: Fraudsters use fake identities to create accounts on sharing economy platforms (e.g., rental services, ride-sharing), conduct illegal transactions, and harm the trust environment crucial to these platforms, negatively affecting user experience and long-term platform growth.

How to Prevent NAF Attacks?

Since fraudsters use AI and deepfake technology to generate high-quality fake documents and videos, traditional identity verification systems are easily bypassed. However, overly strict biometric systems may lead to high false positives, impacting user experience. Conversely, overly loose systems leave room for fraud. Striking a balance is crucial. Here are some effective NAF prevention strategies:

1. Multi-factor Authentication (MFA)

MFA enhances security by combining multiple verification methods, such as passwords, device verification, and biometric data. This reduces the risk of any one layer being breached. For example, the system may require users to input a code from their phone or perform fingerprint or facial recognition in addition to entering a password. MFA can effectively reduce the success rate of new account fraud.

2. AI and Machine Learning (ML) Technology

AI and ML can detect potential fraud by analyzing user behavior patterns. These technologies identify anomalies, such as deviations in account usage, IP address changes, and unusual login locations, increasing the accuracy of fraud risk alerts. Machine learning can also continuously learn and update to detect emerging fraud patterns.

3. NFC Chip Verification

NFC chip verification is a powerful tool for document authentication. Unlike static image-based verification systems, NFC chips provide highly reliable validation, ensuring that document data cannot be tampered with or forged.

4. Behavioral Biometrics

Behavioral biometrics analyze user-specific characteristics such as typing speed, mouse movement patterns, and touchscreen pressure to determine whether the user is the legitimate account holder. This technique can detect anomalies when fraudsters attempt to mimic genuine user behavior, enhancing the reliability of identity verification.

5. Data Analytics Platforms

Data analytics platforms integrate data from various sources to provide real-time risk assessments. Through cross-referencing multiple data points, the system can quickly detect unusual activities and respond promptly to potential fraud. These platforms also continuously update risk models to address evolving fraud tactics.

6. Patching System Vulnerabilities

Fixing system vulnerabilities is critical to preventing NAF attacks. Blocking injection attacks, such as SQL injections, prevents fraudsters from exploiting system weaknesses for illegal operations. Businesses should conduct regular security tests and patch known vulnerabilities quickly to ensure system safety.

Authme Offers Identity Verification Solutions

Facing the rising threat of New Account Fraud (NAF), strengthening identity verification is key to building a digital security defense. Authme provides a comprehensive identity verification solution that reduces the risk of forged identities and fraudulent account openings.

• NFC Chip Verification Technology: Authme uses NFC chip verification to ensure the authenticity of identity documents. This technology prevents fraudsters from altering or forging document data, addressing risks associated with self-uploaded documents.
• App Verification: Compared to web verification, we recommend users verify their identity through an app. This method significantly reduces the risk of injection attacks and eliminates the vulnerabilities that fraudsters exploit in web verification, as seen in ProKYC’s demonstration video.
• Camera Permission Management: Authme’s SDK directly obtains phone camera permissions, eliminating the need for users to manually upload identity documents. This not only simplifies the process but also ensures security, reducing the risk of data tampering or forgery during the process.
• Ongoing Anti-fraud Technology Updates: We continuously improve our technical solutions to combat increasingly sophisticated fraud tactics and technical challenges, providing higher levels of security for businesses and users to ensure that identity verification systems remain resilient against fraud.