fraudlent account

Linked fraudulent accounts: A threat and an opportunity

According to market research company Forrester, trust in consumer technology will decline by 15 percent in 2023. 

One of the biggest reasons for this prediction? The growing prevalence of all types of fraud. 

For businesses that require high levels of consumer trust to thrive — think online marketplaces, e-learning platforms, digital health platforms, and fintechs — managing this decline in consumer trust is essential. 

Fighting fraud at every stage of the customer lifecycle — from onboarding to high-risk moments and account management — is a vital part of this. Better yet, finding a way to identify and eradicate entire fraud rings instead of just chipping away at fraudsters one by one will empower you to quickly protect your users’ trust. 

The threat — and opportunity — of linked fraudulent accounts

When bad actors create an account to commit fraud, they rarely create just one. After all, the more accounts a fraudster has on your platform, the more opportunities they have to carry out their attacks — and the easier it is to hop to a new account if another is identified and closed.

Case in point: When gaming developer nWay used link analysis to better understand fraudulent accounts on their platform, they discovered that 43.8% of all fraudulent accounts were linked to at least one other account. 

The sad truth is that spotting a fraudster on your platform is like spotting ants in your kitchen. If you see one, there are probably hundreds or thousands hidden behind the wall. 

While that’s a problem, it also presents an opportunity. Understanding how fraudulent accounts are linked by activity or shared data points — such as IP addresses, browser or device fingerprints, payment details, etc. — makes it easier to quickly investigate, flag, and ban bad actors. Instead of taking action against a single fraudster, you can bring down entire fraud rings all at once. 

Unfortunately, this isn’t always easy to do. Disparate tools and data sources create frustrations and inefficiencies. Applying the same level of friction to all users during your onboarding and identity verification flow often requires you to choose between maintaining a high conversion rate and keeping out as many bad actors as possible. Repeat offenders are hard to catch, which leads to a lot of wasted time and effort. And, of course, fraudsters are constantly evolving — making it necessary for businesses to quickly adapt their anti-fraud strategies in order to keep up. 

The importance of an end-to-end fraud strategy

Fraud can occur at virtually any moment in the customer lifecycle. But when the data and actions associated with different stages of that lifecycle are owned by technologies and systems that don’t communicate or coordinate with each other, it becomes very difficult to identify links between accounts. 

This often means repeat offenders and sophisticated fraud rings must be picked off one by one — frustrating your team and costing your business money and resources.

The good news is, by embracing an end-to-end fraud strategy, it’s possible to proactively fight fraud wherever it happens in the customer lifecycle — while also making it harder for repeat offenders to reestablish themselves on your platform. This means using the anti-fraud measures best suited to that particular moment at each stage of the customer lifecycle. It also means using tools and systems capable of “talking” to one another. 

How to identify and fight fraudulent accounts

Below is a look at how you might implement an end-to-end strategy capable of fighting fraudulent accounts.

Deterrence at onboarding

Think of your user onboarding process as the first hurdle a fraudster must cross before gaining access to your platform. By filtering out as many potential fraudsters as you can during this step, you lower the overall risk for both your business and your legitimate users. It’ll also likely translate into a lower caseload for your manual review team, saving you time and money. 

What does deterrence during onboarding look like? In most cases, it will include some form of identity verification. Depending on your industry and the riskiness of your user base, this could involve some combination of government ID verification, database verification, phone and/or email verification, selfie verification, and more. 

Of course, the key is to introduce just enough friction to keep your conversion rates high while still filtering out fraudulent accounts. Progressive risk segmentation — the process of tailoring your IDV flow to each individual user based on their risk signals — empowers you to do exactly that. 

Strategically-placed friction at high-risk moments 

Friction isn’t just a tool you can use during onboarding. By reverifying users at specific, high-risk moments of the user journey, it’s possible to identify bad actors who made it through the initial onboarding flow while also keeping your legitimate users safe from account takeover attacks.

Reverification involves reverifying a user’s identity. Selfie verification and government ID verification are often used to reverify users. 

Some moments where it may make sense to reverify users include:

  • When someone logs into their account using an unrecognized device
  • When someone attempts to change key account information, such as their password, payment information, or contact information 
  • When someone attempts to initiate or complete a high-risk transaction
  • When an account that was previously dormant is reactivated

As in the onboarding flow, progressive risk segmentation can also be leveraged here to ensure you’re introducing only as much friction as is necessary. For example, you may only reverify users attempting to change information if their IP address indicates they’re not logging in from their usual location.

Expose all connected fraudulent accounts

Once a fraudulent account is identified, it’s important not to treat it as a one-off event. 

Through link analysis, you can automatically look at all of the accounts the known bad actor is connected to. Then, if accounts share suspicious details with the known fraudulent account (such as an IP address, device fingerprint, browser fingerprint, etc.), you can quickly and easily ban, block, or flag those accounts as you see fit. 

Best-in-class tools even allow you to bring your own internal data into the mix — such as a user’s hashed bank account, promo ID, or crypto wallet address — allowing you to create custom properties for link analysis. Ideally, you’ll want a tool that is capable of finding connections that are multiple degrees, or “hops,” away from the known fraudulent account, as this will increase the likelihood of you uncovering full fraud rings. 

The right solution makes all the difference

When implementing the strategies outlined above, it’s important to note that the solution you choose will dictate how successful you are in reaching your goals. The ideal solution will be the one that allows you to be proactive instead of reactive in your fight against fraud. 

Some questions you should ask as you evaluate your options include: Does it play well with my other systems? Can it scale alongside my business? What options for automation does it allow? Does it allow for progressive risk segmentation? Can it identify links between accounts that are multiple degrees away from the known bad actor? Does it make it easy for us to adjust our processes based on what we learn from each fraud event?

If you’re ready to fight fraud and build trust, learn more about how you can partner with an end-to-end identity platform to fight fraud throughout your customer life cycle at

Tagged with:
Posted in: ,
Author: Jeff Sakasegawa

Jeff Sakasegawa is Persona’s Trust & Safety Architect. With over a decade of experience in the Trust & Safety space across companies such as Google, Facebook, Square, and Sift, Jeff is an expert on Risk Management and Compliance. He is passionate about ensuring safe online experiences for all users.