In today’s digitized world, financial institutions may have many reasons to encourage customers to open accounts electronically. Increasing customer acquisition is an ongoing business concern survey (Off-site) due in part to fierce competition, including from banking and payment services offered by fintechs and other emerging players. The digital onboarding process, whether online or in-app, typically is more convenient than in-person onboarding. It can offer a user experience more aligned to the shifting preferences of today’s consumers and businesses. In addition to competitive advantages, allowing digital account opening can be an attractive strategy for financial institutions to reduce costs and increase operational efficiencies.
However, without appropriate fraud detection or controls in place, digital account opening can expose financial institutions to numerous opportunities for criminals. Over recent years, advancements in generative artificial intelligence (AI), combined with widespread availability of personally identifiable information (PII) on the dark web, have made new account fraud easier to perpetrate and harder to detect. In 2024, reported losses from new account fraud hit $6.2 billion (Off-site), more than doubling compared to a decade ago.
New Account Fraud is Not ‘New’
New account fraud occurs when a criminal opens a new bank account with malicious intent. It may involve the use of a fake identity — either stolen or synthetic — or the use of an individual’s real identity. Criminals can monetize new accounts by making unauthorized purchases or withdrawals; obtaining credit with no intention of paying back the loan; receiving and transferring illegally obtained funds; depositing forged, stolen or counterfeit checks; or making purchases and later disputing them (e.g., chargeback fraud).
While new account fraud is not a new problem for financial institutions, the ways in which it is carried out have evolved significantly. This evolution has been driven primarily by a shift away from in-person banking interactions as financial institutions gradually adopted new technologies and business models to improve convenience for their customers. The transition has spanned the introduction of call centers and 24-hour ATMs to the more recent web- and mobile-based banking and payment apps. Each change has brought about a unique set of fraud risks for financial institutions to navigate during account onboarding and their increasingly remote interactions with customers.
For many decades, criminals have used stolen, altered or forged paper documents (e.g., birth certificates, passports, utility bills) to open new accounts for nefarious purposes, including writing bad checks and withdrawing funds, or maxing out on credit and disappearing. Today, large-scale data breaches have generated a plethora of PII for criminals to exploit. Automated bots and scripts have enabled criminals to open accounts more quickly and at scale, and to obtain information about an institution’s Know-Your-Customer (KYC) and onboarding requirements. More recently, generative AI tools have made the creation of fake digital documents and synthetic identities easier, more convincing and highly efficient.
Key Driver of New Account Fraud: Synthetic Identities
Synthetic identity fraud, which leverages combinations of PII to fabricate a person or entity to commit a dishonest act for personal or financial gain, has become increasingly common over the past decade. Some experts in the payments industry estimate (Off-site) that synthetic identities compose between 1% to 3% of bank and fintech accounts in the United States. A key challenge is that synthetic identities often are more difficult and expensive to detect.
Once an account is successfully opened, the criminal may wait months or even years before beginning to carry out fraudulent activities. During this period, the criminal can leave the account inactive or attempt to “season” the account with seemingly benign activity, such as making a series of small deposits and next-day withdrawals, applying for credit or ordering temporary checks. Before long, however, the criminal will begin monetizing the account. Two examples of how this can occur:
Appropriate Safeguards Help Facilitate Secure Digital Account Openings
In addition to causing direct financial losses, new account fraud can raise operational costs for financial institutions because of the increased time needed to investigate or close fraudulent accounts. Furthermore, organizations may face damage to their brands or a loss of customer trust.
Criminals often use automated bots and scripts to overwhelm digital account opening processes and exploit weaknesses, highlighting the need for financial institutions to adopt more sophisticated detection and mitigation approaches. It is critical to strike the right balance between convenience and security.
Before they enable digital onboarding for current and prospective customers, financial institutions might consider how to tailor their fraud mitigation tools accordingly, which could include more robust and sophisticated uses of identity verification, device assessment and transaction monitoring, as well as information sharing about scams and fraud.
Stay Connected
Keep informed about the Fed’s efforts to support payment security and mitigate fraud by joining the FedPayments Improvement Community.