New Account Fraud: What It Is And How To Prevent It?
Vijay Kandari
Digital Marketing Executive
Summarize this article with
Digital onboarding helps businesses acquire new customers in minutes. It has also opened new doors for fraudsters. Using stolen identities, synthetic identities, and AI-powered tricks, criminals open accounts that look legitimate, then use them for loan fraud, money laundering, promo abuse, and other financial crimes.
This is called new account fraud, and it is now a major problem for banks, NBFCs, fintech companies, and digital platforms. This blog breaks down what new account fraud is, how it works, the warning signs, and how to prevent it.
What Is New Account Fraud?
New account fraud occur when someone opens an account using an identity that is not theirs. The identity can be stolen from a real person, completely fake, or a mix of real and fake details (Synthetic Identity).
The account passes all the signup checks and looks like a normal account. Later, it is used for things like taking loans without repaying, misusing promo offers, moving scam money, or cheating other users.
“According to TransUnion, 8.3% of all digital account creation attempts in 2025 were flagged as suspected fraud. That makes account creation the riskiest stage of the whole customer journey. In India, banks reported frauds worth Rs 48,021 crore in FY 2025-26, up 46% from the year before.”
How Does New Account Fraud Work?
Fraudsters usually follow a set process to open fake accounts and bypass past onboarding checks.
Identity Data Collection: Fraudsters buy stolen names, phone numbers, and PAN or Aadhaar details from data leaks or build fake identities using AI tools.
Set Up Multiple Devices: They use cheap phones, emulators, or app cloning tools. Each device pretends to be a new user.
Bypass Identity Checks: Stolen documents pass verification because the documents are real. Fraudsters also use deepfakes to pass selfie and face checks.
Execute Fraud: They take loans and disappear, drain promo budgets, or use the accounts to move money.
Types Of New Account Fraud
Here is the main types of ATOs that a business must know:
Stolen Identity Fraud
The fraudster uses a real person's identity and genuine documents. KYC checks pass because the documents are real. The problem is that the person applying is not the person on the documents.
Synthetic Identity Fraud
The fraudster mixes real and fake details to create a person who does not exist. For example, a real PAN number with a fake name and a new mobile number.
Mule Account Fraud
A real person opens a real account but gives it to criminals for money. Sometimes the person is paid for it, and sometimes he is tricked. The RBI has asked banks to do stronger checks at onboarding to detect such mule accounts.
Multi-Accounting And Promo Abuse
One person creates many accounts to misuse referral bonuses, signup rewards, and discount offers. No stolen identity is needed here. One device simply pretends to be many different users.
What Are The Common Warning Signs Of New Account Fraud?
You can find most fake signups by watching for these signals.
Same device is used to create multiple accounts
Signup using an emulator or a cloned app instead of a real phone
Device was factory reset just before signup
Location is hidden using a VPN or GPS spoofing
SIM card was recently swapped, or the number is a virtual number
Device is only a few minutes old, something real users never have
Form is filled too fast and too perfectly, like a bot
One signal alone does not confirm fraud. But when several signals show up together, it is almost always a fraud attempt.
How to Prevent New Account Fraud?
You need to implement device intelligence, identity verification, behavior checks, and ongoing monitoring together to let you flag risky applications before the account is even created.
Here are the steps to follow.
Identify the device at signup
Give every device a permanent device ID that does not change after a factory reset or reinstall. This way, a banned fraudster cannot come back as a new user just by resetting their phone.
Check the device trust score
Before account creation, check if the device is an emulator, a rooted phone, or a device already linked to fraud. Blocking such devices at signup also saves your KYC costs, because you do not spend money verifying fake applications.
Verify the identity
Document verification, liveness check, and face match are still important, especially for banks and NBFCs. The device check makes them stronger. A genuine document on a trusted device is a customer. The same document on a device linked to 40 other accounts is fraud.
Sim Binding
For fintech apps, SIM binding detects SIM swaps and number changes in real time. This closes the OTP loophole and helps with RBI compliance.
Monitor new accounts for 90 days
New accounts are 9.5 times riskier than old accounts. Watch for device changes, sudden beneficiary additions, and quick money transfers in the first few months.
More and more businesses now pair identity verification with device intelligence to harden onboarding. Deep ID is a device intelligence and device fingerprinting tool. It tells trusted devices from high-risk ones, identifies repeat fraud attempts even after a factory reset or app reinstall, and exposes fraud rings where many accounts trace back to one device. It works across Android, iOS, Flutter, React Native, and web.
Key Regulations
For banks, NBFCs, fintech companies, and other regulated businesses, new account fraud is a compliance problem. Indian rules require you to verify customer identities, watch for suspicious activity, and reduce financial crime risk across the customer lifecycle.
The RBI KYC Master Directions require proper customer identification at onboarding and ongoing due diligence. The RBI has also asked for device binding in mobile banking apps, so device identity and SIM binding are now a regulatory expectation.
Under the PMLA, businesses are accountable if fraudulent accounts on their platform are used to move illegal money. Weak signup checks can create direct legal exposure.
What Are Common Mistakes a Business Should Avoid?
Using device IDs that reset after a wipe or reinstall. Fraudsters know this trick very well.
Checking every signup separately. Fraud rings are only visible when you link accounts by device.
Adding OTPs and CAPTCHAs for everyone. This annoys real users and barely slows down fraud farms.
Ignoring promo abuse because it looks small. It quietly drains marketing budgets and shows fake growth numbers.
Only counting the fraud you caught. Also track the fraud that slipped through and was found later.
Conclusion
New account fraud starts at onboarding, which is exactly why stopping it early beats chasing it after the account is live. Identity verification matters, but on its own it misses stolen and synthetic identities and repeat offenders. Pair it with device intelligence, behaviour checks, and steady monitoring, and your onboarding gets much harder to fool. Tools like Deep ID flag high-risk devices, identify repeat fraud, and keep your signup clean without getting in the way of real users.
FAQ’s
What is new account fraud?
New account fraud is when someone opens an account using a stolen, fake, or synthetic identity to commit fraud.
How is new account fraud different from account takeover?
In account takeover, a fraudster hacks a real customer's existing account. In new account fraud, the fraudster creates a new account himself using a false identity.
Why do KYC checks fail to stop new account fraud?
Stolen documents are genuine documents, so they pass verification. Deepfakes can also pass selfie checks. KYC verifies the documents, not the person using them.
Can a fraudster escape by factory resetting the phone?
Not with modern device fingerprinting. It keeps the same device ID even after a factory reset or reinstall, so a banned device is recognized when it returns.
Which businesses face new account fraud?
Banks, NBFCs, digital lenders, payment apps, e-commerce, food delivery, ride-hailing, and gaming platforms all face new account fraud in different forms.
All article tags
Related Articles
Identify your web and
mobile traffic in minutes
Collect visitor IDs and signals instantly for free,
or reach out to our team for a demo.
250+
countries and territories where we identified devices_
4 Billion +
unique browsers and mobile devices identified_
50 Million +
real-time device intelligence API events per day processed_
