Account sign-in fraud is surging, and controls are not keeping up

TL;DR: The FBI’s 2023 Internet Crime Report shows complaints up almost 10%, losses above $12.5 billion, and $2.5 billion in fraud starting at the online account level, according to Arkose Labs’ analysis of IC3 data. The pattern is clear: account registration and sign-in are now the front line for fraud deterrence, not just authentication.

NHIMG editorial — based on content published by Arkose Labs: FBI IC3 fraud trends and why account entry matters

By the numbers:

• The IC3 received an almost 10% increase in complaints compared with the prior year, averaging more than 2,400 complaints per day.
• Potential losses exceeded $12.5 billion in 2023, a 22% increase from 2022.

Questions worth separating out

Q: How should security teams stop fraud at account sign-in and registration?

A: Security teams should treat sign-in and registration as high-risk control points.

Q: Why do bots make online fraud harder to control?

A: Bots make fraud harder to control because they turn one attacker into many attempts.

Q: What breaks when fraud controls sit after authentication instead of before it?

A: Controls break when they are placed too late because the attacker has already gained a session or validated account state.

Practitioner guidance

• Instrument registration and sign-in as fraud control points Apply behavioural scoring, device reputation, and rate limiting to account creation and login flows so suspicious patterns are challenged before a working session is issued.
• Add friction where attackers scale cheaply Use step-up verification for risky account recovery, repeated failures, and abnormal geovelocity so automation cannot convert unlimited retries into cheap compromise.
• Tie authentication telemetry to fraud response Feed login anomalies, MFA fatigue signals, and sign-up abuse indicators into the same response workflow that handles payment fraud and account abuse escalation.

What's in the full article

Arkose Labs' full article covers the operational detail this post intentionally leaves for the source:

• The article breaks down how Arkose Global Intelligence Network data and ACTIR threat research inform fraud detection strategy.
• It explains the role of 125 real-time risk signals in spotting coordinated abuse across account entry flows.
• It describes how businesses can use top-of-funnel deterrence to reduce the ROI of financially motivated cybercrime.
• It covers the specific IC3 fraud categories and how Arkose Labs interprets them for enterprise response.

👉 Read Arkose Labs' analysis of FBI IC3 fraud trends and account-entry abuse →

Account sign-in fraud is surging, and controls are not keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →