Remembering that the account owner is not himself a fraudster is not the same thing as verifying that the account hasn't been compromised and is now being used fraudulently.

(Granted that the OP's questions seemed to focus on the former, rather than the latter)