The proliferation of stolen consumer information, commoditized tools and cybercrime-as-a-service have made it easy for bad actors to create fake accounts online. These new account creations act as sleeper cells, under the radar until activated by cyber criminals to spread spam, defraud, or commit other types of cybercrime. This activity can affect user experience, undermine data analysis and marketing strategies, and drive up the cost of customer support for digital businesses.

To detect fake account registrations, companies must deploy robust authentication measures without negatively impacting conversion rates or causing an unnecessarily frustrating user experience. Stringent security measures may lead to abandoned accounts or even loss of business; meanwhile, lenient registration requirements can leave a company vulnerable to fraudsters leveraging automation such as attack scripts and disposable email address services to successfully sign up for accounts.

Effective Methods to Detect Fake Account Registrations

Traditional methods of detecting fake account registrations such as IP reputation API, device fingerprinting, location spoofing and emulator detection are largely ineffective because fraudsters are continually evolving their tactics by using human CAPTCHA solvers, changing language used during the registration process, and adjusting frequency of use and their geographic location. To counter this, Clay opted for an approach that was flexible and adaptive enough to keep up with attackers’ evolution and provide advanced levels of protection against false signups.

The solution was to add additional verification checks during new user signup including requiring a verified email and deploying phone validation which performs live carrier lookups, detects VOIP and disposable phone numbers while also evaluating a user’s email reputation with the internet’s leading email verification provider. These additional verification checks combined with an integrated behavioral scoring engine to assess users’ risk profiles resulted in a significant reduction in the number of fake accounts created and their frequency of use.