New Account Fraud Prevention: Stop Fake Signups
Learn how to detect and prevent new account fraud with browser fingerprinting. Practical guide to stopping fake signups, multi-accounting, and free trial abuse.
Fake signups cost more than most companies account for. The direct losses — drained free trial capacity, wasted marketing spend, inflated acquisition costs — are visible. The indirect ones, including the engineering time spent investigating fraud and the chargeback exposure it creates downstream, are harder to quantify but just as real. New account fraud prevention is most effective when it starts at the signup checkpoint, before a fraudulent account has extracted any value.
What Is New Account Fraud (and Why It's Getting Harder to Stop)
New account fraud occurs when someone creates an account with the intent to exploit it rather than to become a genuine customer. That includes free trial abuse, multi-accounting to claim multiple bonuses or referral credits, fake signups generated to enable affiliate fraud, and ban-evasion accounts created after a previous account was shut down.
Industry research consistently places new account fraud among the fastest-growing fraud categories, with annual losses running into the billions across financial services, e-commerce, and digital platforms. The growth is driven less by increasingly sophisticated attackers and more by how low the barrier to entry has become.
Account creation fraud and new account fraud describe the same problem. A fresh email address takes seconds with any disposable address service. A new browser fingerprint is a cache-clear away. A new phone number is a VOIP provider. The friction that would have deterred most fraudsters five years ago now stops almost none.
The Most Common New Account Fraud Vectors
The specific attack pattern depends on what value a new account can yield. The most common:
Free trial abuse. A user signs up, exhausts the trial, clears cookies, and registers again. This is ubiquitous across SaaS, AI tools, and any digital service that offers meaningful value before the first payment. The fraudster isn't technically breaking any rules on each signup — the cost accumulates through repetition.
Bonus and referral multi-accounting. Marketplaces, gambling platforms, and fintech products with signup bonuses or referral credits are frequent targets. A coordinated multi-accounting campaign can claim dozens of bonuses in hours, draining a promotional budget before the fraud team identifies the pattern.
Affiliate fraud signups. Fraudsters target high-commission affiliate programs by generating fake signups through their own links. The signups appear real, the commission is paid, and the platform absorbs the cost of accounts that will never convert. Industries with high cost-per-acquisition payouts are disproportionately affected.
Ban evasion. A user removed for chargebacks, policy violations, or abusive behaviour creates a new account to continue. Without a persistent identifier tied to the browser environment, the ban only holds as long as the original account does.
How to Detect New Account Fraud Before It Scales
Detection is most reliable when it layers multiple signals rather than depending on any single check. Fraudsters adapt to any single checkpoint; a layered approach is significantly more resistant.
Email and phone hygiene. Checking whether an email domain is disposable, or whether a phone number belongs to a VOIP service, filters the least sophisticated signups cheaply. It's worth doing, but determined fraudsters route around it in seconds.
Velocity checks. Multiple registrations from the same IP address in a short window, or multiple accounts sharing the same billing information, are easy to miss at the individual-account level and easy to catch in aggregate. Automated velocity monitoring surfaces coordinated campaigns before they scale.
Browser fingerprinting. A browser fingerprint provides a signal that persists across cookie clears, new email addresses, and incognito mode — it identifies the underlying browser environment, not the identity the user presents. This is where repeat offenders are caught regardless of how they vary their identity details.
Bot detection. Fully automated account creation — common in affiliate fraud and large-scale multi-accounting — produces traffic patterns distinct from human signups. Datacenter IP ranges, missing browser characteristics, and anomalous timing patterns are all signals that a signup is not coming from a real person.
Building a Tiered Response: Block, Challenge, or Allow
Not every suspicious signal warrants the same response. A tiered framework applies friction proportionally, preserving a frictionless experience for the majority of users while stopping the small fraction that represent real risk.
Allow. Signups with no risk signals — clean fingerprint history, no velocity flags, human browser characteristics — proceed normally. This is the large majority of all signups, and they should never see friction.
Challenge. Signups with moderate risk signals get a soft check before the account is created. That might be a CAPTCHA, an SMS confirmation, or a stricter email verification step. A real user completes it; a bot or low-effort fraudster typically doesn't. This tier is where you catch the most fraud without affecting conversion for legitimate users.
Block. Signups with strong risk signals — a fingerprint matching multiple previously banned accounts, a confirmed bot, a high threat level score — are rejected at the door. This is a small slice of total traffic but the highest-cost segment if admitted.
The right threshold for each tier depends on what your product offers and how valuable a new account is to a fraudster. The more a free account can yield, the tighter your challenge threshold can reasonably be set.
Where Browser Fingerprinting Fits In
Browser fingerprinting's specific value in new account fraud prevention is persistence. An email address is replaced in seconds. A browser fingerprint represents an actual browser environment — a combination of hardware characteristics, graphics card, installed fonts, screen settings, audio configuration, and dozens of other signals that make one browser environment distinct. That combination changes much more slowly than an identity claim.
When a new account registers, you check its fingerprint against your history of flagged browsers. If there's a match, you've identified the same person before they've done anything wrong on the new account. That check doesn't wait for fraudulent behaviour to recur — it acts on the history the browser already has.
ThumbmarkJS is a browser fingerprinting API built for exactly this use case. At signup, it runs a fingerprint in the visitor's browser and returns the signals you need to make a risk decision: a bot detection flag, a 0–5 threat level score you can map onto your challenge and block thresholds, and a stable Visitor ID that persists across browser updates — which you store against each account and use to link future signups from the same browser. Used across 60,000+ websites, the signal quality is calibrated against real-world browser environments, not synthetic test data.
No detection signal is perfect, and browser fingerprinting is no exception. Attackers who understand the technology can invest the effort to evade it — but most fraudsters won't bother. In practice, fingerprinting catches the bulk of repeat signups, reducing the fraud volume your team needs to investigate to a manageable level. To understand the underlying technology, our browser fingerprinting overview covers how fingerprinting works and what it can and can't track.
Putting It All Together: A Practical Prevention Stack
New account fraud prevention is a layered problem. No single check is enough on its own, and the most cost-effective approach combines simple identity hygiene with browser-level signals that persist across the evasion tactics fraudsters use most.
An effective new account fraud prevention stack doesn't require a large infrastructure investment. The core components:
Email and phone validation at the form level — disposable email check, VOIP detection
Browser fingerprinting at the signup checkpoint — check the fingerprint against your flagged-browser history before the account is created
Bot detection on the same request — reject non-human traffic before it completes registration
A manual review queue for the challenge tier — accounts that pass the soft check but still carry risk signals worth a human look
This covers the full range of attack vectors: free trial abusers, multi-accounters, affiliate fraudsters, and ban evaders. It creates friction only where the signals justify it. And the fingerprint history it builds compounds in value over time — each account you've seen adds context to every new account that follows.
New account fraud also rarely operates in isolation. The same browser behind a fake signup is often the same one attempting promo code and referral abuse. And the browser fingerprinting layer you build for signups is equally useful when detecting account takeover fraud once accounts are in use. The investment in browser fingerprinting at registration pays dividends across the full fraud lifecycle.
If you're ready to add browser fingerprinting to your signup flow, see how ThumbmarkJS handles new account fraud. The ThumbmarkJS API has a free tier with no commitment — integration at a signup checkpoint is typically an afternoon of work for a developer, and your fraud team gets browser-level signals on every new registration from the first day it's live.