New Account Fraud: How to Apply Fraud Data to Reduce Risk

Nov 29, 2017 | by Heidi Bleau

We’ve seen an explosion in digital commerce and online banking over the last few years, as people spend more time on the Internet, and complete transactions from a wider range of devices, including mobile phones and tablets. Although the growth in transactions is good news for banks, retailers and other online service providers, it also means a correspondingly high rate of growth in digital fraud.

The challenge for fraud management teams is to develop ways to distinguish good transactions from fraudulent ones, without impacting negatively on genuine customers. Analysis of large volumes of data to identify the behavioral patterns associated with genuine and fraudulent activity—such as setting up of new accounts—is essential for businesses wishing to improve the accuracy of fraud risk assessments. 

Distinguish good transactions from bad

The use of machine learning and behavior analytics is increasingly being used in advanced fraud detection technologies to evaluate transactional risk, especially in banking and payments. The self-learning capabilities enabled by machine learning allow risk models to adjust quickly to new threats when new patterns of fraud are uncovered.

Our data science team recently evaluated a series of fraud patterns across a number of use cases as identified by the RSA Risk Engine, including the relationship between fraud, new accounts, and device. Highlights of the analysis showed:

  • Fraud is fifteen times more likely to originate from a new account than from one that has been established for over thirty days.   The probability of fraud drops dramatically for new accounts after ten days, when it is only about three times more likely. 
  • Similarly, when an existing (genuine) user appears to make a transaction from a new device, we see a three-fold rise in fraud. By contrast, 80 percent of genuine activities originate from known devices (one that's been used by an individual for more than 30 days). When an existing user switches to a new device, this should raise a red flag, as it may indicate that a fraudster is accessing the account from their own device.
  • Analysis of fraud patterns shows that while a device used to commit fraud may be new for an individual user, it might not be new to fraud detection engines. Fraudsters tend to use the same devices again and again, which signifies the importance of device identification as an indicator of fraud.
  • It’s not just new accounts that indicate the risk of fraud: we can see a similar pattern with new payees for money transfers. Our research shows that more than 70% of fraudulent payments are made to new payees, or mule accounts.

Machine learning leads to better risk-based decisions

There is no single factor that can be used on its own to predict fraud, as cybercriminals are constantly changing their tactics, so it is important to consider several fraud indicators when conducting a risk assessment.   This is why technologies leveraging machine learning for fraud detection are appealing as they are capable of continuous learning to identify these patterns to improve prediction accuracy and decrease false positives. 


The ability to incorporate insights from your business and other anti-fraud tools to enrich risk assessments is important as organizations look to get the most value out of their existing technology investments.  Watch the video to learn more about RSA’s innovative ecosystem approach for improved fraud detection.

Author: Heidi Bleau

Category: RSA Fundamentals

Keywords: Account Takeover, Mule Accounts, Risk-Based Authentication, Fraud Detection