By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

How to protect your customer journey from account creation fraud

Picture your last monthly revenue call. The digital, customer experience, and marketing leaders are all in their Brady Bunch squares on screen, running the numbers. The digital team shares a slide showing new accounts this month and the graph looks like a hockey stick.

This is either a great day for marketing … or it’s time to call in the risk team. Like, immediately.

According to TransUnion’s 2024 State of Omnichannel Fraud Report, across the customer journey, the point of registration presents the highest risk to the business. Last year, 13.5% of new accounts were deemed suspicious – more than four times higher than the rate of fraudulent logins.

Given all that, digital leaders may be tempted to make it a lot harder to get through the account registration process. But if you do that, real customers may get stymied and you risk losing real business.

So what’s a brand to do?

The great news is there’s a solution. It’s called customer identity and access management (CIAM). And the best CIAM options on the market block the majority of account creation fraud while actually removing friction for legit customers.

Better still, with the right CIAM solution, you can safeguard the entire customer journey – from registration through every log-in, account self-service, and other transaction. And yes, even including rewards and loyalty programs.

What is account creation fraud?

In a nutshell, account creation fraud is when someone makes a new online account to defraud your business. Other terms for this malicious practice include fake account fraud, new account fraud, and account opening fraud.

Bad actors use stolen credentials, create fake identities, or combine stolen and synthetic info to apply for loans or credit cards, abuse loyalty programs or promo codes, or spam your site with fake reviews or click-jacking. Small players might take a low-volume approach. Sophisticated operations use automation and bots to steal at scale.

Any online business can get hit, but TransUnion cites the most common targets as retail, travel and leisure, gaming, and financial services – including online academies that offer education loans.

Should digital leaders lead the fight against new account fraud?

Let’s go back to that monthly revenue meeting. Our scenario implies that the digital and revenue leaders think that  security and risk is some other team’s responsibility. It doesn’t have to be that way.

We believe that digital leaders belong at the head of the table when it comes to strategies for “de-risking revenue.” After all, they have a deep understanding of customer behavior. By analyzing data during the sign-up process, they  can spot anomalies that suggest fraud and implement strategies to detect it without creating hurdles for real customers.

Designing a smooth customer experience can – and should – encompass robust fraud prevention. A  secure, low-friction registration process empowers digital teams and equips them to tackle fraud head-on, safeguarding both revenue and customer satisfaction.

Let’s take a look.

3 ways great CIAM reduces account creation fraud

1. CIAM verifies the identity of the person creating an account

The first step in preventing account creation fraud is to make sure that the person creating an account is who they say they are. In the CIAM biz, we call this identity verification. And if your revenue is tied to online accounts in any way, it’s an absolute must-have.

Basically, an identity verification system takes information provided by the user and executes one or more confirmation steps. These steps may be totally invisible to the user or, when it makes sense for the business, they may require the user to do a little more work. For example:

  • Background data checks against a third-party source such as a trusted marketing database, phone carrier or breached password list
  • One-time codes sent to the users phone number or email address
  • Document verification such as the user’s driver’s license and a selfie

With a modern CIAM solution, your brand can optimize for risk and customer experience with just a few clicks.

2. Modern CIAM separates customers from fraudsters (and treats them accordingly)

If prevention is the first tactic, detection rounds out the initial one-two punch that enables strong CIAM to keep fraudsters out of your accounts. At Strivacity, silent fraud detection is one of our signature moves, encompassing technology scans and behavioral analytics.

The ideal CIAM solution will scan the (purported) customer’s device and network, evaluate them against third-party threat intel, and – if anything looks risky – either block the new account or divert the user into an identity verification step. For example, is their phone number a non-fixed VoiP? Has their SIM card pairing recently been changed? Both are indicators of risk, so a new account created with that number may be bogus.

The same is true for behavioral analytics – only instead of scanning the customer’s tech, it scans their actions. With machine learning and a smart risk engine, your CIAM solution lets the digital and security teams collaborate to define what “normal” looks like for your customer base.

For example, is this online loan application using an email and physical address that is real? If not, give ‘em the elbow. Conversely, if the new account passes all your built-in technology checks, your CIAM solution can allow the customer to sail through to the next step.

3. Great CIAM adapts to your customer experience and security needs

Beginning with account registration, CIAM can apply pre-built scenarios to customer interactions.

As the user passes or fails the checks you’ve put in place, things either get easier or harder for them to complete the process of creating an account. The same types of rules can be applied to the rest of the customer journey – each log-in attempt, account self-service, shopping or bill pay transactions, loyalty or rewards redemption, etc.

The CIAM industry term for this is adaptive access controls. And a modern CIAM solution makes it easy for your digital and risk teams to set flags for suspicious activity and configure step-up and step-down security rules. This can even include single sign-on for B2B brands.

Boosting digital security and customer trust with CIAM

Preventing account creation fraud benefits everyone – your business, your real customers, and the beleaguered victims of identity theft who don’t need another bogus transaction to chase down.

By confounding bad actors and their bots before they can do any damage, a strong CIAM solution can save considerable costs – from promo and rewards abuse, loan defaults, outright theft of services, and more. Best of all, with identity verification, fraud detection, and adaptive access controls in place, CIAM makes it better for your real customers. And the easier you make it for them to create accounts, the quicker they can access your services, fuel your revenue stream, and post the legit reviews that drive that virtuous cycle.

If your current sign-up and sign-in solution can’t do all this today – or if adding these capabilities to your proprietary system sounds like more hours than your devs can carve out this year, Strivacity can help.

We’re the powerhouse ally for digital teams just like yours. So if you’ve got a grudge match against new account fraudsters, contact our friendly sales team.

We’re ready to tag in.