Blog

Fighting Fake Accounts: Simple MFA May Not Suffice

Post by:
Prove
May 4, 2021
Fighting Fake Accounts: Simple MFA May Not Suffice

In March 2021, the US Federal Bureau of Investigation (FBI) released its 2020 Internet Crime Report (ICR) data. The report indicated that the bureau had logged over 791,790 incidents of cybercrime in 2020, which resulted in about $4.2 billion in losses. This number rose by almost 69% in comparison to 2019.

Online fraud and identity theft are growing concerns. There is always a chance of a fraudster lurking in the background, trying to grab the right opportunity to take over your digital accounts. But, the good news is that agencies, companies, and countries are coming together to close the security gaps and stop fraudsters from preying on online customers.


This article explores the various facets of the rise in fake accounts, access to false information, and how companies like Prove with its Trust Score™ can combat these problems in real time.

The Case of Identity Theft Combat


Identity theft has been on the rise as more and more customers have taken to the digital space due to the COVID-19 pandemic. According to the Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), “About 4.8 million identity theft and fraud reports were filed by the FTC in 2020, up 45% from 3.3 million in 2019, mostly due to the 113% increase in identity theft complaints.”

To combat this rise in cybercrime, global fraud detection & prevention players are stepping up their game. According to reports, the size of the fraud detection & prevention market in 2020 stood $31.5 billion.

While the rising strength of the fraud detection market gives hope, it’s also crucial to understand how fraudsters are presently bypassing the checkpoints by following the typical user behavior journey.

Games Fraudsters Play


The role of digital in our lives is expected to be even more pivotal in the coming years. From banking and shopping to education, our reliance on digital is likely to grow multifold. Fraudsters are aware of this fact, too.

Here are a few key trends that anticipate new types of fraud to help businesses keep a check on lurking cybercriminals:

  • Synthetic Identity Fraud: A fraudster uses a combination of real and fake information to create an entirely new identity or a fake account. This is presently the fastest-growing type of financial crime. 
  • Automated Attacks: This includes the creation of scripts where fraudulently acquired information is used to activate fake accounts. According to a report by Experian, this fraud is expected to grow in 2021, especially as the industry moves away from the usage of usernames and passwords.
  • Account Takeover: Here, fraudsters pose as the ‘real’ user to gain access to their accounts and then share this stolen information to conduct unauthorized transactions such as third-party transfers, unauthorized purchases, and more.
  • New Account Fraud: In this case, cybercriminals use the information to open new accounts in the name of genuine users. This is often done by accessing a customer’s personal information and using it to circumvent identity verification checks to open a new fake account.

Fake accounts and the following unauthorized transactions are conducted where either the personal data is leaked or stolen. This is largely seen in account transactions and credit card identity theft, where information is used to make online purchases. 

In this case, where digital transactions are on the rise, companies who fail to up their fraud prevention techniques and online security technology are likely to suffer substantial financial losses and even lose their customers' trust. Building a robust security system will also add to the overall customer experience. But, fortunately, companies like Prove have a solution.

Augmenting Identity Verification with Trust Score™


The prevalent practices to prevent identity takeover and fake accounts usually involve using multi-factor authentication (MFA) using SMS-based one-time-passcodes (OTP). While SMS OTPs serve the purpose of Possession checks, they are susceptible to interception in several ways. One such fraudulent interception, SIM swap, is on the rise globally and poses a serious threat to standard identity verification and authentication practices. It is therefore critical to establish the Reputation of the phone number being used for opening an account, in addition to its Possession. The reputation of a phone number—providing insights into the characteristics, activity patterns, and events associated with it—is built over years of usage. This is prohibitively hard and expensive for fraudsters to replicate. Prove combines SMS OTP-based MFA with Trust Score™ to establish both Possession and Reputation, thereby reinforcing legacy authentication practices.


Mobile Auth™, which provides passive authentication, is a worthy alternative to using SMS OTPs to establish phone number possession. Mobile Auth uses mobile networks to verify that activity is coming from an expected device. A highly secure capability, Mobile Auth works silently in the background and is frictionless to the user. At Prove, we see several enterprises using Mobile Auth to adopt passwordless user experiences and digital journeys. As SMS-based OTP increasingly comes under scrutiny for its vulnerabilities in preventing sophisticated fraud, Mobile Auth presents an opportunity to look beyond it with an added benefit of a better and frictionless user experience.


The menace of fake accounts can be countered effectively only with the combined strength of Possession and Reputation checks. And Prove’s Trust Score and Mobile Auth are purpose-built for this.


Get in touch