Ban Evasion: How can it be detected and prevented? Featured Image

Ban Evasion: How can it be detected and prevented?

Preventing ban evasion is crucial for safeguarding both platforms and users from repeated fraudsters. By implementing effective strategies to defeat fraud and maintain trust and safety, we can ensure a secure and reliable digital experience.

Online platforms have terms of use that set expectations for how users should interact with each other and with the platform itself. These policies help keep the user experience safe and enjoyable, but they have to be enforced in order to be effective.

Platforms have the right to permanently ban individuals that violate these policies, which would include fraudsters, policy abusers, and other types of bad actors. Unfortunately, however, bad actors rarely respect a permanent ban

Key TakeAways

  • Ban evasion happens when bad actors who have been banned from a platform find a way to rejoin by creating multiple accounts or stealing accounts from other people (account takeover)
  • Not being able to properly ban bad actors can hurt a platform's credibility and present increased Trust & Safety and fraud risks
  • Device intelligence enhanced with location data is a powerful way to stop ban evasion by taking away bad actors' ability to hide their identity and create new accounts 

What is ban evasion? 

Ban evasion is an attempt by an individual to circumvent an online platform ban or suspension by using a different account on that platform.

To give a sense of some methods used for evasion, Twitter’s official ban evasion policy prohibits actions like creating a new account or repurposing an existing account to circumvent a ban or suspension. It also prohibits unbanned users from allowing a suspended or banned user to operate their account.

For social media platforms and content moderation teams, the major concern with preventing ban evasion is safeguarding users from abusive content and bad user conduct.

For fraud teams, the focus is different. Fraudsters who commit policy violations and other abuses can use organized ban-evading tactics to continue defrauding the platform and its users even after being caught and penalized.

This issue of ban evasion is a major pain-point for many platforms, and some platforms have invested significant resources to try to solve it. Twitch, a leader in anti-ban evasion tactics, has a highly publicized machine learning algorithm that it uses to detect ban-evading users.

In this clip from Incognia's webinar Ban Evasion: The Great Fraud Enabler, Incognia CEO and co-founder André Ferraz does a good job of summarizing the vicious cycle of ban evasion: 

 

How does ban evasion work? 

There are several different tools and techniques that bad actors can use to successfully evade a ban or suspension.

1. Multi-accounting 

Multi-accounting is the foundational method that makes ban evasion possible. Short of infiltrating the platform’s networks, bad actors don’t have a way to unblock their accounts themselves. That means that any attempt at ban-evading necessitates the use of a separate, non-banned account.

Having multiple accounts at their disposal allows ban evaders to operate without fear of being banned from the platform. If one of their bad accounts is reported and blacklisted, they can simply switch to the next and continue on like normal. Spreading out their activity over dozens of accounts or more means that even a single bad actor can force anti-fraud teams to waste significant resources with repeated case reviews and bans on the same offender.

Multi-accounting is often a direct violation of platform policy, particularly in areas like food and grocery delivery in which accounts are directly associated with users' real-world identities for the sake of safety and transparency.

2. Using multiple devices

Having and using multiple devices can help fraudsters expand their multi-accounting ability exponentially. A bad actor with a single cell phone might be able to run multiple instances of the same app using an app cloner, but there’s a limit to what they can accomplish when dealing with the inefficiency of having to manually switch between accounts and app instances.

But adding new devices to the equation helps expand a bad actor’s influence by enabling them to open and run more accounts simultaneously. In large enough numbers, using multiple devices can reach the level of fraud farming, where teams of bad actors use dozens of devices at a time to maximize profits from a fraud scheme.

As Shawn Colpitts of JustEats said in an AboutFraud webinar on fraud farms, “How much damage can one person do with one device? [Then] you give that one person ten, twenty, thirty, forty, or fifty devices. Think about how much more they can do. And that's what these fraudsters are attempting.”

3. Manipulating device ID parameters or factory resetting affected devices

Device ID is one of the signals platforms can use to identify and even block certain individuals associated with high-risk or fraudulent behavior, but it isn’t a foolproof method. Ban evaders can manipulate their device ID parameters to defeat this identity signal by using tactics like doing a factory reset, updating their operating system, manipulating screen resolution, or changing downloaded apps.

4. Using stolen account credentials

Though not as easily scalable as some of the other tactics listed above, executing account takeovers (ATO) with stolen credentials is yet another way for bad actors to regain access to a platform after being banned or suspended. And unfortunately, in addition to the theft and defrauding risks inherent to ATOs, this method also puts the original account holder at risk of being held accountable for the ban evader’s actions.

Many of the tactics used for ban evasion require little to no technical skill, making them easily accessible and exploitable. Additionally, many ban evasion approaches like multi-accounting are abuses that organized fraudsters will already be committing, making ban evasion an easy integration into their existing operations. Unfortunately, what makes life easier for fraudsters makes life harder for good users and for fraud prevention experts.

Subscribe to Incognia's newsletter about fraud prevention and digital identity

The consequences of ban evasion for platforms

Ban-evading presents a significant resource drain for anti-fraud teams because it reduces a platform’s ability to combat both new and old threats (or even to differentiate new threats from old ones). Without the ability to ensure that bans are permanent and difficult to circumvent, fraud prevention teams run the risk of constantly banning and re-banning the same fraudsters without any way to attack the root of the problem.

Any amount of time that a ban evader can spend on a platform undetected is time in which they can commit fraud and abuse against other users or the platform itself, making ban evasion a high-risk concern for affected platforms. 

How can platforms detect and prevent ban evasion?

The question at the root of preventing ban evasion is how to identify a banned individual even if they switch accounts or devices. If fraud and user moderation teams have the ability to identify the individual behind the account, they can more effectively ensure that bans stay permanent and that no further harm comes to the platform or its users from previous offenders.

By leveraging the right identity signals, device identification can actually be done in a more persistent or ‘sticky’ way. One of the best signals for accurate identification while causing minimal user friction is device intelligence enhanced by location data.

Device intelligence is foundational for stopping ban evasion, because the ability to bind device to identity is key for recognizing previously banned users. Location data adds extra context that can help block bad actors even if they try to hide from their device fingerprint. For example, Incognia’s location intelligence with place-level accuracy can identify bad actors and the high-risk locations associated with them even if the individual switches devices or factory resets their existing device. 

Device intelligence is also powerful for its ability to check devices for risk indicators like the presence of app cloners, app tampering tools, GPS spoofing apps, and more. With this kind of risk assessment, it's even possible to decide to block some high-risk devices at the time of onboarding, so the bad actor never gets a chance to do harm on the platform. 

Platforms invest money into drafting and enforcing policies for a reason. Without the ability to properly enforce bans and suspensions, these platforms are at risk for rampant fraud, Trust & Safety breaches, reduced user retention, and loss of revenue.

By using persistent identity signals that can track bad actors across devices, fraud and user moderation teams can stay one step ahead of ban evaders.

To learn more about how Incognia's team is helping platforms tackle ban evasion, contact our team today to schedule an introductory call.