New account fraud detection: where behavioral signals still fail

TL;DR: New account fraud is harder to detect because fraudsters can combine real and synthetic identity data, bots, emulators, private browsing and fast form navigation to mimic legitimate registrations, according to Transmit Security. The analytical lesson is that registration risk depends on context quality, model tuning, and continuous monitoring, not on any single signal.

NHIMG editorial — based on content published by Transmit Security: new account fraud detection and machine-learning based prevention

Questions worth separating out

Q: How should teams reduce new account fraud without blocking legitimate users?

A: Use layered scoring across behavioural signals, device reputation, browser fingerprinting, and geolocation rather than relying on any single registration attribute.

Q: Why do registration flows create such a difficult identity decision point?

A: Because teams must decide whether a user is legitimate before they have much behavioural history to compare against.

Q: What do security teams get wrong about bot and emulator detection?

A: They often treat bot indicators as if they were stable, binary proof of fraud.

Practitioner guidance

• Weight enrolment signals by confidence, not presence Use behavioural, device, browser, and location features together, and suppress single-signal blocking unless the combination crosses a documented risk threshold.
• Separate human verification from trust assignment Require a second-stage control for high-risk registrations so the account is not fully trusted just because the form was completed successfully.
• Tune model thresholds to operational capacity Set alert and block thresholds against the team’s ability to review false positives, then revisit them as registration volumes and fraud patterns change.

What's in the full article

Transmit Security's full blog post covers the operational detail this post intentionally leaves for the source:

• Feature-level breakdown of the behavioural signals used during registration, including typing, mouse movement, and field timing.
• Model training and evaluation detail covering supervised and unsupervised approaches, confusion matrices, and threshold selection.
• Operational monitoring practices for retraining and tuning fraud models as user behaviour and attack patterns change.
• A customer example showing the reported reduction in new account fraud from a leading U.S. bank.

👉 Read Transmit Security's analysis of new account fraud detection →

New account fraud detection: where behavioral signals still fail?

Explore further

View Full Forum →  |  NHI Foundation Course →