E-commerce systems exist where members of the general pubic, using an Internet accessible website, can obtain sensitive information pertaining to individuals. Such information, by way of example, takes the form of credit histories and other credit sensitive data. These types of websites are prone to users trying to obtain (by fraudulent means) private information about others. Often, such attempts are made by imposters who have some, but not all, of the identification needed to identify a target. These imposters are trying to steal the target's identity.
In a typical scenario, the fraudster has obtained some piece of the target's personal information. Typically, this would be the target's name and perhaps his/her address. The fraudster then obtains a (typically stolen) credit card belonging to someone other than the target. The object then for the fraudster is to steal the full identity of the target. To do this the fraudster will make use of a website that provides access to a full range of credit history data pertaining to individuals. The fraudster will issue a query in the form of a credit report request.
Using this scenario, the fraudster creates an account on the website and then attempts to purchase a credit report belonging to the target using the stolen credit card number. In this scenario the fraudster is trying to pass him/her self off as the target. In order to obtain the report, the fraudster must go through an identity authentication process administered by one of the credit bureaus. In this process the fraudster engages in a computer-generated interview where a small number of questions are posed about some of the items that the real target would know about the credit report. Since the fraudster usually does not yet have access to sufficient information about the target and past credit transactions, the fraudster often fails the interview. Fraudsters being what they are, don't give up at this point.
The foiled fraudster then creates another account and tries again. Often the fraudster will use similar (but not identical) information to create each new account. This similar information can be, for example, password, security answer, e-mail address, credit card number, and the like. Once in a while, the imposter will succeed and obtain a target's credit report containing sensitive data that then facilitates the imposter's desire to trade off of the credit of the target.
The occurrence of clusters of many accounts that are similar enough to have possibly been created by the same individual is a strong indicator of potential fraud. Currently, trying to identify collections of similar accounts is a laborious and time consuming process which involves repeatedly querying the database for information and patterns.