Account opening fraud prevention: stop bad actors without hurting conversion

• The goal is simple: keep genuine users moving while raising the bar for attackers. The lever is risk-based decisioning, not blanket strictness.

• Calibrate paths so controls scale with risk, not with your appetite for features.

• Light: minimal document capture plus quick screening for clean histories and low-risk markets.

• Standard: stronger liveness, selfie match, and targeted KBA or proof of address when inconsistencies appear.

• Enhanced: manual review, additional documents, short cooling-off windows, and video when signals justify it.

• Long checklists are tempting and often counterproductive. Start with measures that tend to survive contact with real attackers.

• These moves are practical, measurable, and reversible when they miss the mark.

• Guided capture with glare and blur tips to lift first-try success and reduce fake ID retries.

• Selfie liveness and document anti-tamper tuned by document family and device profile.

• Device binding early to track retries and cap accounts spawned from one device.

• Phone and email reputation combined with velocity limits per artifact.

• IP reputation and ASN rules that escalate checks for proxy ranges and suspicious prefixes.

• Name-DOB-address fuzzy consistency to catch synthetic blends.

• Payment instrument pre-validation where permitted to detect recycled cards at signup.

• Cooling-off windows that slow farmed attempts without trapping legitimate users.

• Referral integrity that defers rewards until risk cools or usage criteria are met.

• Post-onboarding monitoring to catch delayed fraud once an account is warmed.

• A few realistic examples help align teams on how decisions evolve step by step.

• Clean cohort: domestic ID, known device, stable IP, selfie match passes. Route to light path and complete in minutes with full audit trail.

• Suspicious cohort: foreign ID plus proof-of-address mismatch and proxy ASN. Escalate to enhanced path with extra documents and manual review when needed.

• Provider instability: IDV A times out for a country-device slice. Orchestration falls back to IDV B, keeps the lineage of both attempts, and decision quality is preserved.

• Signup defense should not become a separate island. It shares data and outcomes with verification, risk scoring, monitoring, and investigations across your KYC/AML stack.

• KYC workflow with evidence retention and reason codes per decision.

• KYC orchestration to switch vendors, define fallbacks, and run A-B or shadow tests.

• Customer risk assessment that updates scores as new signals arrive.

• AML case management for investigations, maker-checker, and SAR preparation where applicable.

• Data warehouse and BI to analyze losses, false positives, and step-level drop-offs over time.

• Keep the metric set small and stable so trends mean something. Review them weekly with product, risk, and compliance together.

• Acceptance rate for legitimate signups by country and device profile.

• Fraud catch rate and false positive rate on escalations and declines.

• Time to decision at signup, including manual review queues.

• Loss per new account and cost per successful verification.

• Big-bang releases increase risk. A phased rollout proves impact and limits surprises.

• Use a narrow start and expand on evidence, not on hopes.

• Define risk segments and required checks, plus evidence to store for each outcome.

• Integrate one vendor per control first and set clear timeouts and fallbacks.

• Instrument events and webhooks so analytics, support, and compliance share the same clock.

• Choose a test method: A-B when you want allocation control, shadow mode when you need safety without traffic split.

• Maintain a change log with rationales so audits are fast and repeatable.

• Good defense feels simple. You can be strict and still be clear.

• Inline, localized guidance for document capture and selfie steps.

• Smart retries that offer the next best document instead of restarting from zero.

• Plain language status and typical review times when a case enters manual review.

• Accessible flows that hold up on mid-range phones and variable bandwidth.

• Controls matter as much as checks. Express rules as policy-as-code with versioning and approvals, and keep a clear audit trail for every change.

• Encryption in transit and at rest with managed key rotation.

• Data minimization with deletion flows that run on schedule.

• RBAC with SSO and least-privilege access to evidence and raw images.

• Regional data residency when law or contracts require it.

• Data lineage for inputs, decisions, and vendor calls so you can explain outcomes step by step.

Updated October 2025. Reviewed by a compliance lead and aligned with public guidance from FATF and European supervisory bodies.

If you are building account opening fraud prevention, start by mapping segments and the signals you trust. Choose a platform that supports risk-based orchestration, clear reason codes, and native handover to AML case management. Ondorse provides policy-as-code, portable vendor integrations, and evidence-first decisioning so teams can fight fraud without losing speed.