What is Dormant Account Fraud?

Dormant account fraud is when an attacker unlocks an inactive account (credential stuffing, social engineering, or via insider lookups), then silently extracts any value: refunds, loyalty balances, stored payment instruments, payout privileges. Alert fatigue: an account that never moves is assumed to never change.

Signals: credential resets prior to payee name or account number changes; device fingerprints that have never been seen associated with the account; high‑risk transactions with no recent account activity; login attempts outside of working hours from new ASNs. Support tickets frequently arrive after the fact, referencing “surprise” emails.

powered by kycaid

Transform your KYC & AML journey

Experience seamless and efficient customer verification with KYCAID

Mitigation: tighten up reactivation flows, device rebindings, and introduce some cool‑off before high‑value activity. Trigger out‑of‑band alerts for critical changes and require confirmation before payouts get enabled. Anchor with identity verification and trigger a review if any funds or sensitive features get accessed. Align runbooks with a risk‑based AML compliance program to enable fast recoveries and reporting.

Don’t let dormant accounts be sleeper fraud risks. Wake them up carefully.

What is Dormant Account Fraud?

Dormant account fraud is when an attacker unlocks an inactive account (credential stuffing, social engineering, or via insider lookups), then silently extracts any value: refunds, loyalty balances, stored payment instruments, payout privileges. Alert fatigue: an account that never moves is assumed to never change.

Signals: credential resets prior to payee name or account number changes; device fingerprints that have never been seen associated with the account; high‑risk transactions with no recent account activity; login attempts outside of working hours from new ASNs. Support tickets frequently arrive after the fact, referencing “surprise” emails.

Mitigation: tighten up reactivation flows, device rebindings, and introduce some cool‑off before high‑value activity. Trigger out‑of‑band alerts for critical changes and require confirmation before payouts get enabled. Anchor with identity verification and trigger a review if any funds or sensitive features get accessed. Align runbooks with a risk‑based AML compliance program to enable fast recoveries and reporting.

Don’t let dormant accounts be sleeper fraud risks. Wake them up carefully.

Other Glossary Terms

Dark Web Financial Data Sales Data Breaches Data Capture Debit Card Fraud Deep Fake Identity Fraud Deposit Fraud Derived Identification Detection Error Tradeoff (DET) Device Emulator Device Spoofing Digital Banking Fraud Digital Identity Verification Digital Signature Fraud DNA Biometrics Document Fraud Drop Address

Related Blog Posts

KYC API for Fintech: How to Integrate in Under 1 Week

4 min read March 17, 2026

KYC API for Fintech: How to Integrate in Under 1 Week

How to Automate Ongoing Monitoring for High-Risk Clients (2026 Guide)

8 min read February 17, 2026

How to Automate Ongoing Monitoring for High-Risk Clients (2026 Guide)

Brazil’s Betting Regulation 2026: Post-Implementation Guide for Operators

5 min read February 7, 2026

Brazil’s Betting Regulation 2026: Post-Implementation Guide for Operators

Try out our services

Please provide your corporate email address before you start

By submitting this form, you confirm that you have read and understand KYCAID's Privacy Policy