With an 8 percent increase from the previous year, identity fraud is on the rise. More fraud means more victims, but the victims do not exist without perpetrators, and it’s important to understand exactly who these perpetrators are. The bad actors fall broadly into three main types of fraud: those who commit first-party, second-party, or third-party fraud.
First Party Fraud
Have you ever thought about slightly distorting your personal details to receive a credit card or perhaps a more attractive mortgage from a bank? Misrepresenting your identity or personal circumstances in any way – however minor – to procure unsecured banking credit is, in fact, one of the types of first-party fraud.
First-party fraud also encompasses taking out a loan or using credit without ever intending to repay the money. For example, someone may order a new flat-screen TV on credit, spending a larger sum than usual. An unusual purchase event can cause a bank to diligently call their customer to ask if the unusual purchase is authentic.
If the account holder claims they made no such purchase or did not receive the goods, the bank will often refund the money, leaving the retailer out of pocket as the bank demands a chargeback.
Everyone’s doing it
The most worrying thing is that people believe that this type of fraud is some form of ‘acceptable fraud.’
Shockingly, as many as one in seven Britons have committed consumer fraud, a statistic that’s mirrored elsewhere in the world. However, this kind of first-party fraud is causing companies huge losses, but it is also driving up the premiums for innocent customers.
Second-party fraud is more complex. This is when legitimate account holders knowingly give their personal details or credentials to a friend or acquaintance to commit fraud. The associate can order goods or services from a device not linked to the account, making the fraud appear realistic.
It is challenging for banks to prove that the customer was complicit in the crime. This is known colloquially by the oxymoron ‘friendly fraud’, which we discussed in our previous blog post.
An interesting twist to this type of fraud comes when customers are seduced by fraudsters advertising ways to ‘make $200 fast’.
To receive the cash, the legitimate account holder will agree to accept and transfer funds in and out of their bank account on behalf of a second party. In return, they get to keep a share of the money for themselves. In reality, this is money laundering, and the people who have shared their bank details are ‘money mules.’
But since the affected accounts belong to real people with legitimate credentials, detecting fraudulent activity can be problematic.
This is what usually springs to mind when people think about types of fraud. It is distinct from first and second-party fraud in that the customer does not know the fraudulent activity; in this situation, they are clearly the victim. The fraudster impersonates their identity, taking uses real-life facts about them to deceive their bank.
A common example of this type of fraud is account takeover (ATO). A fraudster gains access to a victim’s account using their personally identifiable information (PII), either being hacked or acquired through social engineering techniques such as phishing.
This is when a fraudster poses as a trusted entity to dupe their victim into revealing confidential information. This leads to an account takeover of the victim’s account, resulting in fraudulent transactions or purchases or drain funds.
Loan Stacking is another commonly used trick. This is when the criminal uses one person’s details to apply for multiple small loans from a wide variety of lenders. The gains can be huge, whilst it wreaks havoc on the victim’s credit score.
Why each type of fraud can be difficult to detect
These types of fraud are not easy to detect, but for different reasons.
- You can’t interrogate the customer: In the case of first-party fraud, it can be challenging to establish whether customers are truthful. It is not a customer service best practice to interrogate a customer’s monthly spending, and a bank can’t go into their customers’ homes to see if there’s a brand new TV hanging on the wall. This type of fraud is hard to spot and even harder to prove.
- No one will confess: Similar difficulties arise with second-party fraud. Asking an individual outright if they have ever shared their banking details with anyone else isn’t going to get the bank anywhere – as the answer will inevitably be a defensive ‘no, of course not.’ As the individual has knowingly allowed this fraud to occur, all personal details are correct, and most of the usual signals of fraudulent behavior are not present. When individuals refuse to acknowledge their involvement, the banks will be hard-pressed to find firm evidence to prove they were. It’s a case of one person’s word against another’s.
- Shrouded in complexity: A fraudster will often combine different techniques to complicate attempts to detect suspicious activity. For example, they might target individuals with low credit scores who are unlikely targets of fraud. Next, they may use credit piggy-backing, which adds another cardholder’s information to boost the credit score.
That additional user could be based on a synthetic identity, where the fraudster combines real and falsified information to create a new, more credible account holder.
This is a widely used technique, and Aite Group estimates synthetic identity credit card fraud will reach $1.25 billion in losses for American financial institutions in 2020. From here, the fraudster could ‘loan stack’ to make as much money – in as short a timeframe – as possible.
It’s this combination of so many different, highly sophisticated types of fraud that allow fraudsters to evade detection so often.
Combatting these diverse crimes
With the perpetrators of fraud ranging from organized crime gangs to long-term, highly valued customers, it’s hard to envisage an all-encompassing solution capable of combatting all three main types of fraud.
However, there is a way. By combining device assessment, malware detection, and behavioral biometric analytics, banks can build unique profiles for each customer and understand what ‘normal’ looks like. If anything deviates from the norm, they can decide whether to take action.
This could even be the most subtle of changes; for example, if a user is misstating the truth to apply for a loan, they might dither over some of the answers while wrestling with their conscience. While typing slowly or retyping information doesn’t make anyone guilty, it might warrant investigation.
Want to know more about our behavioral biometric technology? Request a demo now.