TL;DR: New account fraud is harder to detect because fraudsters can combine real and synthetic identity data, bots, emulators, private browsing and fast form navigation to mimic legitimate registrations, according to Transmit Security. The analytical lesson is that registration risk depends on context quality, model tuning, and continuous monitoring, not on any single signal.
NHIMG editorial — based on content published by Transmit Security: new account fraud detection and machine-learning based prevention
Questions worth separating out
Q: How should teams reduce new account fraud without blocking legitimate users?
A: Use layered scoring across behavioural signals, device reputation, browser fingerprinting, and geolocation rather than relying on any single registration attribute.
Q: Why do registration flows create such a difficult identity decision point?
A: Because teams must decide whether a user is legitimate before they have much behavioural history to compare against.
Q: What do security teams get wrong about bot and emulator detection?
A: They often treat bot indicators as if they were stable, binary proof of fraud.
Practitioner guidance
- Weight enrolment signals by confidence, not presence Use behavioural, device, browser, and location features together, and suppress single-signal blocking unless the combination crosses a documented risk threshold.
- Separate human verification from trust assignment Require a second-stage control for high-risk registrations so the account is not fully trusted just because the form was completed successfully.
- Tune model thresholds to operational capacity Set alert and block thresholds against the team’s ability to review false positives, then revisit them as registration volumes and fraud patterns change.
What's in the full article
Transmit Security's full blog post covers the operational detail this post intentionally leaves for the source:
- Feature-level breakdown of the behavioural signals used during registration, including typing, mouse movement, and field timing.
- Model training and evaluation detail covering supervised and unsupervised approaches, confusion matrices, and threshold selection.
- Operational monitoring practices for retraining and tuning fraud models as user behaviour and attack patterns change.
- A customer example showing the reported reduction in new account fraud from a leading U.S. bank.
👉 Read Transmit Security's analysis of new account fraud detection →
New account fraud detection: where behavioral signals still fail?
Explore further
New account fraud is an identity trust problem, not just a bot problem. The article shows that registration abuse succeeds because defenders are trying to infer legitimacy before they have enough behavioural history. That is an IAM decision problem as much as a fraud problem, because the first enrolment event often sets the trust baseline for the account lifecycle. Teams should treat registration confidence as a governed identity outcome, not a purely technical detection score.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% having no or low visibility and 47% having only partial visibility, according to The State of Non-Human Identity Security.
- The same research found that lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, which shows how often trust fails after issuance rather than at first access.
A question worth separating out:
Q: How do you know if a fraud model is still working in production?
A: Look for stable false-positive rates, predictable alert volumes, and preserved precision or recall against the outcomes your team actually wants. If registration behaviour changes, the model may be drifting even when its output volume looks healthy, so daily monitoring and retraining signals matter.
👉 Read our full editorial: New account fraud exposes the limits of behavioral context alone