Catch synthetic identities, bot signups, and mule accounts at registration — before they reach your platform and cost you real money.
Fake account fraud happens when someone creates an account on your platform with no intention of being a real customer. The account might use a fabricated identity, a stolen one, or a real person's details acquired without their knowledge.
The goal varies. Some accounts are created to claim a welcome bonus or referral reward then immediately abandoned. Others are set up as mule accounts — used to receive and move funds from fraud committed elsewhere. Synthetic identities blend real and fabricated data to pass KYC, then sit dormant until they're needed.
What makes it hard to catch is that these accounts often look legitimate at signup. They pass document checks, match real identity records, and behave normally — until they don't. By then, they're embedded in your platform with verified status your downstream systems trust.
Strong fake account detection doesn't just check what the user submits — it reads how they behave during onboarding. For fraud that happens after signup, see our account takeover detection guide.
What real users rarely do during signup — but fraudsters almost always do.
Automated scripts create dozens or hundreds of accounts from the same device or IP range, often in rapid succession. Form fill speed, lack of mouse movement, and identical device fingerprints give them away.
A fabricated identity built from a mix of real and fake data — a valid PAN with a fictitious name, or a real address with invented contact details. These pass basic KYC but collapse under behavioral scrutiny.
Multiple accounts created from the same physical device, cycling through different phone numbers or email addresses. Device fingerprinting across sessions catches the overlap even when identity details differ.
Accounts created specifically to claim a signup reward or referral credit, with no intent to use the product. Velocity across referral codes, shared devices, and immediate withdrawal after reward credit are the key signals.
Real or synthetic identities used to receive and move funds obtained through fraud elsewhere — scams, ATO, or payment fraud. These accounts pass onboarding, sit dormant, then activate when they're needed as a cash-out point. Network-level signals — shared devices, overlapping registration metadata, and coordinated activation timing — are the only reliable way to surface them before they're used.
Identity verification confirms who someone claims to be. It doesn't confirm why they're signing up or whether they're a real customer.
A well-constructed synthetic identity uses valid ID numbers, real addresses, and plausible personal details. It clears Aadhaar or PAN verification without triggering a flag — because the underlying data is technically real, just assembled fraudulently.
A document check validates the submission, not the submitter. It won't tell you that the same device has registered 14 accounts this week, or that the form was filled in 800 milliseconds with no cursor movement — both strong signals of automated abuse.
Sophisticated fraud rings spread registrations across IPs, devices, and time windows specifically to stay below rate-limit thresholds. Static rules fire on volume; they miss coordinated low-and-slow attacks designed to look like organic signups.
Signals from device, behaviour, and network context — scored at the moment of registration.
Identify the device behind the signup — browser environment, app install, hardware signals — and check it against known fraud devices and prior registrations.
Measure how the form was filled — speed, field interaction, copy-paste patterns, hesitation on specific fields. Real users behave differently from scripts and coached fraudsters.
Look across registrations for shared devices, overlapping metadata, referral code clustering, and timing patterns that suggest coordinated abuse rather than organic signups.
One score at the point of signup — combining all signals — so your product can approve, flag for review, or block before the account is created and KYC is wasted on a fraudster.
We score every registration in real time — so you stop fake accounts before they're created, not after they've caused damage.
Device trust, behavioural signals, and velocity checks run before the account is created — not as a post-signup review queue.
Network-level analysis connects accounts by shared device, overlapping metadata, and registration timing — surfacing organised abuse that per-account rules miss.
Stop fake accounts before they enter your KYC flow — so you're not spending verification cost on synthetic identities that would have passed document checks anyway.
See your real signup risk baseline before turning on any blocks. Tune thresholds against your actual traffic — not a generic model trained on someone else's data.
We'll walk through how registration scoring fits your onboarding flow — and what signals matter most for your use case.
Related: Account takeover · Payment fraud · All use cases · Home