Case Study

Delivery Hero brands secure over 7X ROI and significant fraud savings with Incognia | Read the case study >>
Stop Ban Evasion Even When Fraudsters Get Creative With Obfuscation Featured Image

Stop Ban Evasion Even When Fraudsters Get Creative With Obfuscation

Fraudsters are constantly finding new ways to evade bans—resetting devices, spoofing fingerprints, using emulators, and tampering with apps to create and manage multiple fake accounts. In this post, we explore the most common ban evasion tactics, why they’re so hard to detect, and how platforms can stop repeat offenders to make bans actually stick.

July 1, 2024 by Incognia

If breaking the rules didn’t have consequences, what would be the point of having rules at all?

For online platforms, policies are necessary help maintain order, protect users, and define the kind of community you want to foster. When someone breaks the rules, they put your users, your business, and your reputation at risk. A ban is supposed to stop that.

But what happens when a ban isn’t really a ban? What happens when banning someone isn’t enough to keep them off the platform?

Why ban evasion is more than just a policy problem

If you’ve banned someone from your platform, there's usually a good reason. Letting them come back under a different identity—whether it’s a new account or a new device—means they can keep threatening your platform. And they often do.

Ban evasion often goes hand-in-hand with multi-accounting—when someone creates a stash of fake accounts to use for promo abuse, phishing, fake listings, or just as backups in case one gets banned. It’s a classic fraud tactic, and if you have  a ban evasion problem, chances are you have a multi-accounting problem too.

As Cody Summers of TaskRabbit said in a Merchant Risk Council webinar, ban evasion also enables organized fraudsters to experiment with which attack vectors work best on your platform: 

It's a basic way to test your overall security readiness, like a litmus test. If they can evade being banned, they can throw a bunch of different schemes at you and see what works. And this is something that came up when talking to folks about their experiences fighting ATO or account takeover fraud. If you're unfortunate enough to be targeted by a more sophisticated group, you need to be able to effectively shut it down. You have to be able to effectively ban the fraudsters or it's going to hurt. Why else would they stop?

Fraudsters aren’t going to respect your ban just because you said so. Without real enforcement, they’ll just find their way back in.

Different ways fraudsters ban evade without being detected

Platforms already have some guardrails in place to prevent repeat offenders from coming back. But fraudsters have adapted, and traditional tools aren’t always enough to keep them out.

1. Device ID and device fingerprint spoofing 

Device ID is one of the most common ways to recognize a returning user—but it’s also one of the easiest to sidestep. A factory reset is often all it takes to change a device’s ID.

Device fingerprinting is stronger, but traditional methods are still vulnerable. Fingerprints that rely on things like screen resolution, device make/model, OS version, and installed apps can be manipulated. Obfuscating any of those attributes can make a device look completely new.

2. Buying multiple devices

Even if spoofing didn’t work, many organized fraudsters don’t need to fake it. They own dozens of real devices already.

That makes it easier to create new accounts that pass as “clean” to your systems. And if they can stretch each account’s lifespan long enough to turn a profit, the cost of those devices becomes a worthwhile investment.

When fraudsters are making a lot of money by performing these scams, for example, they can afford to use multiple devices. We've seen many cases of fraudsters that were leveraging 20 devices, 50 devices, even hundreds of devices because again, they were making a lot of money. So it was worth it to purchase a lot of phones or PCs.

– André Ferraz, Incognia CEO and Co-Founder

3. Using emulators and app tampering tools 

Sometimes, what your system thinks is a phone... isn’t. It’s an emulator.

Emulators make it easy to change the traits used in traditional device fingerprinting because the program lets fraudsters customize the virtual device however they want.

App tampering tools are another go-to tactic. They let fraudsters mess with the data their device sends to an app, making it harder for the app to collect accurate fingerprinting signals.

How to detect ban evasion even when fraudsters get creative 

Fraudsters know the basics of how platforms try to block them, and they’ve learned how to work around it. So how do you keep them out without blocking good users and false positives?

The answer is in attacking the root of the problem: multi-accounting.

That means being able to recognize the same person across different accounts and devices. If you're able to identify that a new account or device belongs to someone you’ve already banned, you can stop them from coming back.

Device intelligence

While traditional device ID has a lot of vulnerabilities, that doesn't mean we have to throw the whole concept away.

Instead, we think in terms of device intelligence.

With device intelligence, you can flag risky setups during onboarding for things like:

  • Emulators
  • App tampering tools
  • Location spoofing apps
  • Multiple app instances running

All of these signals feed into a risk score that helps you decide: Is this safe or suspicious?

Location intelligence

Location intelligence adds another strong layer. Phones are easy to replace. But moving apartments or houses? Not so much.

That’s why precise, apartment-level location intelligence is one of the strongest signals for tying a user to a device and account. It’s what allows platforms to go from identifying what to identifying who.

If you ban an iPhone 12, and a day later, a new, completely clean iPhone 12 reappears trying to make an account from the exact same apartment, it’s a pretty good bet that that device belongs to the same banned individual as before.

There’s probably no legitimate reason for three hundred different accounts to be accessed from the same house and the same five devices. That's a fraud ring.

The power of persistent identity

Fraudsters are notoriously persistent, but so are fraud fighters.

By recognizing users—not just devices—you close the loopholes that fraudsters rely on. You prevent banned users from coming back. And you block multi-accounting before it can scale into widespread abuse.

At Incognia, we’ve built our platform to do exactly that.

Our layered approach combines:

  • Device intelligence
  • Precise location
  • Tamper detection

Because banning someone should mean they’re actually gone.

And keeping them out? That’s how you protect your platform, your revenue, and your users.
Incognia

Incognia

Incognia is the leader in cross-device user recognition, delivering secure and seamless digital experiences for enterprises across consumer internet and financial services.
Subscribe

Most recent

Featured image for How Marketplaces Can Outsmart Seller Fraud in 2026 resource

How Marketplaces Can Outsmart Seller Fraud in 2026

Discover how to combat sophisticated seller fraud in 2026 with layered defenses, early detection, and strategic friction to protect your marketplace from...
Featured image for Episode 4: How Rapido Balances Driver Supply with Fighting Fraud resource

Episode 4: How Rapido Balances Driver Supply with Fighting Fraud

Learn how Rapido balances driver supply and fraud prevention, ensuring platform integrity with innovative strategies and automation.
Featured image for How App Cloners are Becoming a One-Stop-Shop for Fraudsters resource

How App Cloners are Becoming a One-Stop-Shop for Fraudsters

Take a deep dive into the rise of app cloners and what makes them a concern for fraud prevention.