Glossary / Fraud
New-Account Fraud
New-account fraud is when an attacker creates an account using a stolen or synthetic identity at registration, rather than taking over an existing one, to abuse promotions, launder funds, or establish a foothold for later fraud.
Also: New Account Fraud, New-Account Opening Fraud, Account Opening Fraud
New-account fraud attacks the front door rather than the lock. Instead of stealing access to an existing account, the attacker opens a fresh one using a stolen real identity or a synthetic identity assembled from real and fabricated details. The goal might be to claim sign-up promotions, launder money, access credit, or build an aged account that looks legitimate before later abuse.
It is the counterpart to account takeover. Takeover targets accounts that already exist; new-account fraud targets the registration flow itself. As businesses harden login against takeover, fraudsters shift to opening accounts, which is why onboarding has become a fraud surface and not just a conversion funnel.
The defense is proportionate identity proofing at registration, scaled to the risk of the action, plus risk signals that flag suspicious sign-ups. Synthetic identities are particularly hard because no single real person reports the fraud, so the account can age undetected. Tuning proofing friction to risk, rather than verifying everyone identically, keeps legitimate sign-ups smooth while raising the cost of fraudulent ones.
Sources
- NIST SP 800-63A, Digital Identity Guidelines: Enrollment and Identity Proofing: https://pages.nist.gov/800-63-3/sp800-63a.html