Ban Evasion: How can it be detected and prevented?
Preventing ban evasion is crucial for safeguarding both platforms and users from repeated fraudsters. By implementing effective strategies to defeat fraud and maintain trust and safety, we can ensure a secure and reliable digital experience.
Platforms have the right to permanently ban individuals that violate these policies, which would include fraudsters, policy abusers, and other types of bad actors. Unfortunately, however, bad actors rarely respect a permanent ban.
What is ban evasion?
Ban evasion is an attempt by an individual to circumvent an online platform ban or suspension by using a different account on that platform.
To give a sense of some methods used for evasion, Twitter’s official ban evasion policy prohibits actions like creating a new account or repurposing an existing account to circumvent a ban or suspension. It also prohibits unbanned users from allowing a suspended or banned user to operate their account.
For social media platforms and content moderation teams, the major concern with preventing ban evasion is safeguarding users from abusive content and bad user conduct.
For fraud teams, the focus is different. Fraudsters who commit policy violations and other abuses can use organized ban-evading tactics to continue defrauding the platform and its users even after being caught and penalized.
This issue of ban evasion is a major pain-point for many platforms, and some platforms have invested significant resources to try to solve it. Twitch, a leader in anti-ban evasion tactics, has a highly publicized machine learning algorithm that it uses to detect ban-evading users.
How does ban evasion work?
There are several different tools and techniques that bad actors can use to successfully evade a ban or suspension.
Multi-accounting is the foundational method that makes ban evasion possible. Short of infiltrating the platform’s networks, bad actors don’t have a way to unblock their accounts themselves. That means that any attempt at ban-evading necessitates the use of a separate, non-banned account.
Having multiple accounts at their disposal allows ban evaders to operate without fear of being banned from the platform. If one of their bad accounts is reported and blacklisted, they can simply switch to the next and continue on like normal. Spreading out their activity over dozens of accounts or more means that even a single bad actor can force anti-fraud teams to waste significant resources with repeated case reviews and bans on the same offender.
Multi-accounting is often a direct violation of platform policy, particularly in areas like food and grocery delivery in which accounts are directly associated with users' real-world identities for the sake of safety and transparency.
2. Using multiple devices
Having and using multiple devices can help fraudsters expand their multi-accounting ability exponentially. A bad actor with a single cell phone might be able to run multiple instances of the same app using an app cloner, but there’s a limit to what they can accomplish when dealing with the inefficiency of having to manually switch between accounts and app instances.
But adding new devices to the equation helps expand a bad actor’s influence by enabling them to open and run more accounts simultaneously. In large enough numbers, using multiple devices can reach the level of fraud farming, where teams of bad actors use dozens of devices at a time to maximize profits from a fraud scheme.
As Shawn Colpitts of JustEats said in an AboutFraud webinar on fraud farms, “How much damage can one person do with one device? [Then] you give that one person ten, twenty, thirty, forty, or fifty devices. Think about how much more they can do. And that's what these fraudsters are attempting.”
3. Manipulating device ID parameters or factory resetting affected devices
Device ID is one of the signals platforms can use to identify and even block certain individuals associated with high-risk or fraudulent behavior, but it isn’t a foolproof method. Ban evaders can manipulate their device ID parameters to defeat this identity signal by using tactics like doing a factory reset, updating their operating system, manipulating screen resolution, or changing downloaded apps.
4. Using stolen account credentials
Though not as easily scalable as some of the other tactics listed above, executing account takeovers (ATO) with stolen credentials is yet another way for bad actors to regain access to a platform after being banned or suspended. And unfortunately, in addition to the theft and defrauding risks inherent to ATOs, this method also puts the original account holder at risk of being held accountable for the ban evader’s actions.
Many of the tactics used for ban evasion require little to no technical skill, making them easily accessible and exploitable. Additionally, many ban evasion approaches like multi-accounting are abuses that organized fraudsters will already be committing, making ban evasion an easy integration into their existing operations. Unfortunately, what makes life easier for fraudsters makes life harder for good users and for fraud prevention experts.
Subscribe to get the Incognia newsletter on fraud prevention and trust and safety
The consequences of ban evasion for platforms
Ban-evading presents a significant resource drain for anti-fraud teams because it reduces a platform’s ability to combat both new and old threats (or even to differentiate new threats from old ones). Without the ability to ensure that bans are permanent and difficult to circumvent, fraud prevention teams run the risk of constantly banning and re-banning the same fraudsters without any way to attack the root of the problem.
Any amount of time that a ban evader can spend on a platform undetected is time in which they can commit fraud and abuse against other users or the platform itself, making ban evasion a high-risk concern for affected platforms.
How can platforms detect and prevent ban evasion?
The question at the root of preventing ban evasion is how to identify a banned individual even if they switch accounts or devices. If fraud and user moderation teams have the ability to identify the individual behind the account, they can more effectively ensure that bans stay permanent and that no further harm comes to the platform or its users from previous offenders.
By leveraging the right identity signals, device identification can actually be done in a more persistent or ‘sticky’ way. The best signals for doing accurate identification while causing minimal user friction are location data and device intelligence.
Location intelligence can provide the missing context that platforms need in order to ensure that bans stay permanent. For example, Incognia’s location intelligence with place-level accuracy can identify bad actors and the high-risk locations associated with them even if the individual switches devices or manipulates an existing device’s ID to avoid detection.
As an identity signal, this precise location data is even more effective when used in combination with Incognia’s proprietary device intelligence, which helps identify devices in addition to searching for risk indicators like the presence of app cloners, app tampering tools, GPS spoofing apps, and more.
Platforms invest money into drafting and enforcing policies for a reason. Without the ability to properly enforce bans and suspensions, these platforms are at risk for rampant fraud, Trust & Safety breaches, reduced user retention, and loss of revenue.
By using persistent identity signals that can track bad actors across devices, fraud and user moderation teams can stay one step ahead of ban evaders.