Account registration abuse is when fraudsters create multiple accounts in order to take advantage of promotions or vouchers, commit payment fraud, or commit other types of fraud.
Fraudsters may use fake or stolen identities, or their own identity, to create multiple customer or supplier accounts. To avoid detection fraudsters will often use a variety of devices, email addresses, and phone numbers.
Identifying and blocking account registration abuse is an important part of fraud prevention.
Read MoreWe support registration recommendations for both customer and supplier accounts.
The process for requesting recommendations is the same for both types of account.
The only differences are the data you provide in the request and the point at which you request the recommendation.
Before you request a recommendation, you should have already completed the following steps:
Registration form validation
Validating the form data can include checking that the email address or phone number is in the correct format and that the password is strong enough.
Read MoreSending us updates on the outcome of each registration attempt will allow us to improve our recommendations. It also ensures that our dashboard will provide accurate reports on registration attempts.
After receiving a recommendation
You should update us with the outcome of the registration attempt after receiving and acting on a recommendation.
In addition to helping us improve our future recommendations, if you notify us that a registration was successful,
we will create the customer or supplier in our system so that we can associate future activity with the account.
Breached credentials are used by fraudsters when committing credential stuffing attacks. Attackers get credential combinations (usernames and passwords) from data breaches. Fraudsters can then automatically try all these combinations against your login page to see if there are any matches.
Breached credentials pose a significant risk at the point of account registration. Allowing users to create accounts with breached credentials increases the risk the account will be compromised in a future ATO attack.
Read MoreTo test your integration we allow you to send specific requests to force specific recommendations to be returned.
You should then ensure that you handle each of the possible recommended actions correctly.
These test recommendations are only supported in your sandbox account. See Authentication for how to use your sandbox account.
To force us to respond with specific recommendations send a request to the Registration endpoint, and set the customer.email or the supplier.email field to an email address with one of the email domains shown below.
Read MoreWas this page helpful?