In a perfect world, every new user that joins a platform would be there to take advantage of that platform’s services as intended. Unfortunately, we don’t live in a perfect world, and sometimes, we have to enforce terms-of-use policies with a user ban to protect the integrity of our platforms and the experience of our legitimate users.
But what happens when banning fraudsters or other bad actors isn’t the end of the story?
Today’s fraudsters are organized, and they’ve learned which tools platforms use to identify them and block their access after a user ban. Unfortunately for fraud prevention teams, they’ve also learned how to circumvent those protections.
In this blog post, we’ll be looking at how fraudsters commit ban evasion, how ban evasion degrades the quality of fraud prevention efforts, and how fraud fighters can block banned users more effectively.
As the name implies, ban evasion happens when a fraudster or other bad actor finds a way to get around—evade—a ban on their account. Ban evasion might look like finding a way to make a new account, using someone else’s account, or using a previously-made backup account (or several).
When it comes to organized fraudsters, the third method is by far the most common. Fraudsters looking to make consistent money by defrauding a platform will almost always have multiple accounts to their name, and they avoid detection by circumventing device fingerprinting tools platforms use to re-identify users.
Reinstalling the app, factory resetting the device, using an app tampering or app cloner, using an emulator, and changing the device’s attributes are just a few of the ways fraudsters manipulate device ID systems to make as many accounts as they want.
When a fraudster can easily evade a ban, it reduces the platform’s ability to protect itself and its user base from abuse, and it increases the cost of fraud prevention efforts—banning the same fraudster over and over again is much more resource-intensive than executing a one-and-done user ban.
There’s also the time between bans to consider. When a banned user returns to the platform, they can keep doing whatever harmful action got them banned in the first place. Until that platform’s fraud prevention team identifies and bans that person again, they can inflict as much damage as they want. That makes ban evasion a significant threat to retention, revenue, and the user experience.
Ultimately, if a bad actor can’t access a new account after they’ve been banned, they can’t commit ban evasion. That means that to stop ban evasion, we have to stop multi-accounting.
Stopping multi-accounting relies on the platform’s ability to re-identify the same banned user even if they use device ID obfuscation tactics or switch devices entirely. Unfortunately, legacy device ID solutions and many internally-developed device IDs aren’t up to the level of persistence needed to stop repeat offenders.
For many platforms, all a fraudster needs to do to evade device ID is reinstall the app or factory reset their device. For others, app tampering tools, emulators, or switching between devices are all effective strategies.
Using secondary signals to help identify these obfuscation attempts can make a device ID more resilient and persistent. For example, tamper detection can help identify the presence of emulators or tampering tools. Precise location intelligence can help identify a device or user after a factory reset or even a device changeover.
If fraudsters can find a way to commit ban evasion, they’ll do it. It’s up to us as fraud fighters to make multi-accounting and ban evasion as difficult and costly as possible.