Do you know what fraudsters hear when you say “dormant account”? One thing: low attention.

Brief definition: While definitions vary globally, many banks typically classify accounts as inactive after 12 months with no customer-initiated activity, and dormant after 24 months. However, timeframes range significantly - from 6 months to 15 years depending on country and institution. The fraud risks below also apply to low-activity but still accessible accounts - savings or reserve accounts that don't see much action but remain fully operational.

Why fraudsters like dormant accounts:

💳 Low-activity accounts are ideal for fraudsters to launder funds quietly, keeping transactions small and subtle to avoid detection.

🏦 The long history of these accounts makes them appear trustworthy, sometimes even boosting internal credit scoring.

🕵️ Unusual activity often doesn’t stand out quickly because the account owner isn’t actively monitoring it.

👥 Dormant or low-activity accounts with large balances are attractive targets for embezzlement or abuse by bank staff with access.

📊 DataVisor found that 65% of account takeover attempts target accounts unused by their rightful owner for 90+ days, and 80% target those inactive for 30+ days. Javelin reports that account takeover fraud losses climbed to nearly $13 billion in 2023, up from $11 billion in 2022 - a clear sign this risk is growing.

🚨 What can we do?

For account owners: Even if you keep an account as a reserve, check it regularly. Close what you don’t use. If you keep it, enable alerts, use strong credentials, and add MFA.

For banks: Flag low-activity and dormant-status accounts as high risk. Apply enhanced monitoring, step-up authentication on reactivation or unusual transactions, and audit employee access to these accounts.

Fraudsters thrive where "quiet" equals "ignored". Let’s turn dormant into defended.