Risk Intelligence Insights

Can’t hide their habits: Preventing Account Takeover and Synthetic Identity theft by analysing fraudster behaviour

Jonathan Hart

Senior Product Manager, Digital Identity & Fraud
  1. Generative AI is breathing new life into two more traditional types of fraud: Synthetic Identity Theft and Account Takeovers.
  2. These fraud types can be difficult to identify in real-time. Behaviour analysis, which includes looking at key metrics related to historical bank account activity and transactions, can help signal fraudulent activity while it’s happening.

AI has breathed new life into traditional fraud

As AI continues its relentless advance, fraudsters are deploying ever-more sophisticated tactics to fleece individuals and businesses of significant sums of money. Developments in generating deepfake ID documents, voice prints, and even selfies, are catching all types of businesses off guard, including the largest financial institutions.

Two traditional fraud tactics have benefitted from the rapid advances in technology and, as a result, present an even greater threat to businesses and consumers: Synthetic Identities and Account Takeover.


Estimated cost of fraud scams globally in 2023


Source: Nasdaq & Oliver Wyman

Synthetic Identities (IDs) are created using a mix of real and fabricated personal information and are used by fraudsters to establish bank accounts. Fraudsters hide from financial institutions by processing small, occasional payments to make their accounts look legitimate. Synthetically created accounts are then used to receive and hide funds from many types of scams, including Authorised Push Payment (APP) and Business Email Compromise (BEC).

Account Takeovers (ATOs) occur where the login details to a bank account are compromised and a fraudster assumes ownership of the account. These can be difficult to detect for a variety of reasons:

  • Businesses want to avoid creating friction for their users
  • Credentials and passwords can be compromised in many ways (brute force attacks, credential stuffing, phishing and more)
  • GenAI is becoming increasingly effective at defeating biometrics, such as facial and voice recognition

Beyond having access to a customer’s fund balance, the fraudster can attempt to buy products with the hijacked account, and/or seek refunds, chargebacks, or other payouts illicitly.

What are the impacts of Synthetic Identity theft and Account Takeovers?

Account Takeovers and other fraud types, such as APP and BEC using Synthetic IDs, can financially ruin individuals and businesses before they notice a single dollar missing.

Businesses whose customers are victims of Account Takeover attacks or other similar attacks become responsible for costs of remediation (e.g. refunds) and take a reputational hit, losing revenue from current and potential customers. Additionally, by the time a fraudulent account has been detected and shut down by a financial institution, the fraudster will have moved their illicit gains to Synthetic ID-created accounts or other hidden assets, preventing victims, financial institutions and law enforcement from clawing them back.

If fraudulent accounts haven’t been detected, what can be done?

Synthetic IDs are designed to look and act like a legitimate person or entity. Account Takeover fraud stems from legitimate accounts being used for illegitimate reasons. Running a bank account verification in isolation can help, but it won’t detect a Synthetic ID created in the same name as your payee, or an Account Takeover.

However, one thing a fraudster can’t hide is their behaviour. Fraudsters who have taken over an account or ‘activated’ their Synthetic IDs will move fast to generate as much cash as possible before their financial institution detects their activities.

As an example, a fraudster who has created a bank account with a Synthetic ID may start applying for credit, buy-now-pay-later accounts, or loans with the intention of never repaying any money. They may create dozens of eCommerce accounts with the intention of buying goods with those illicit accounts, to keep or resell goods they haven’t originally paid for. They may use their accounts as part of a BEC scam and direct businesses to pay money to them for work they haven’t done. They may even be able to claim insurance or unemployment benefits.

This is where a consortium-style approach to fraud detection is hugely beneficial. When new payment or payee details are collected and verified, there is the potential to identify risky behaviour across participating businesses quickly, minimizing losses and stopping fraud in its tracks.

The ‘activation’ can be detected by analysing:

  • Recency: inquiries for a bank account made in the short, medium and longer term;
  • Popularity: number of participating businesses that have seen a bank account; and,
  • Velocity: total number of enquires made in short, medium and longer term.

In the aforementioned case, where a fraudster starts multiple credit, buy-now-pay-later or loan applications, or creates eCommerce accounts, their fraud attempts will detectable by reviewing recency, popularity and velocity behaviours of their bank account across participating businesses.

Getting ahead of the fraud landscape: leveraging behavioural signals

The reality is that bad actors, given enough time and effort, can overcome almost every type of individual security product or services available. This threat is amplified in the era of Generative AI.

However, criminals tend to go for the lowest-hanging fruit. If you add enough layers of fraud and security defenses, it will eventually take too much time, effort and expense for a fraudster push through, and they will move on to another opportunity.

Increasingly, a holistic, “always on” approach to fraud prevention, spanning the full customer life cycle, is recommended. This is based on consistent and continuous risk monitoring and rests on three pillars:

  1. Trust the identity of the client, via data-based verification to supplement document verification and biometrics;
  2. Trust the accounts, via bank account verification and account ownership verification; and,
  3. Trust the interaction, via account behaviour analysis collected across a consortium and other ID signals, to detect anomalous behaviour.

Behaviour analysis, used in conjunction with robust identity proofing and payments verification, can help strengthen the arsenal organisations need to effectively counter fraud.

Read more about

Stay updated

Subscribe to an email recap from:

Legal Disclaimer

Republication or redistribution of LSE Group content is prohibited without our prior written consent. 

The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.

Copyright © 2024 London Stock Exchange Group. All rights reserved.