The term multi accounting refers to when the same individual creates multiple accounts on the same service. The reason for this is typically to take advantage of something that the service offers to new accounts, such as free trials, free credits, promotional cash-back. In the most simple case of multi accounting, you'd just sign up a second time from a new (or aliased) e-mail address. Whereas in more sophisticated cases, fraudsters use proxies and device emulators to give the appearance of multiple individuals signing up.
In multi accounting scenarios, it is common that the fraudster exposes a common trait that allows you to link together the fraudulent accounts. For example, using the same IP, IP range, Card number or ISP, or the same device fingerprint when using the same device.
Depending on which link, you can be more or less confident of multi-accounting:
device.fingerprintCastle's device fingerprint is very accurate in determining the same device, so if you encounter two accounts sharing the same device fingerprint, you can be very confident that this is the case.
ip.addressThe IP address is usually very specific to an individual user account. However, there are legitimate exceptions to when IPs are shared, for example in Office buildings or mobile networks (referred to as Carrier-grade NAT, CGN)
- Payment method fingerprint or physical address fingerprint. Both of these are very strong links, and when multiple accounts are sharing these, it is usually a suspicious sign
The Castle Explorer makes these links super easy to discover, and once you've found a criterion that isolates the multi-accounting behavior (such as the one in the demo below), you can create a policy to either block or challenge these users.
Updated 10 months ago