With an 8 percent increase from the previous year, identity fraud is on the rise. More fraud means more victims, but the victims do not exist without perpetrators, and it’s important to understand exactly who these perpetrators are. The bad actors fall broadly into three main types of fraud: those who commit first-party, second-party, or third-party fraud.
Have you ever thought about slightly distorting your personal details to receive a credit card or perhaps a more attractive mortgage from a bank? Misrepresenting your identity or personal circumstances in any way – however minor – to procure unsecured banking credit is, in fact, one of the types of first-party fraud.
First-party fraud also encompasses taking out a loan or using credit without ever intending to repay the money. For example, someone may order a new flat-screen TV on credit, spending a larger sum than usual. An unusual purchase event can cause a bank to diligently call their customer to ask if the unusual purchase is authentic.
If the account holder claims they made no such purchase or did not receive the goods, the bank will often refund the money, leaving the retailer out of pocket as the bank demands a chargeback.
Everyone’s doing it
The most worrying thing is that people believe that this type of fraud is some form of ‘acceptable fraud.’
Shockingly, as many as one in seven Britons have committed consumer fraud, a statistic that’s mirrored elsewhere in the world. However, this kind of first-party fraud is causing companies huge losses, but it is also driving up the premiums for innocent customers.
Second-party fraud is more complex. This is when legitimate account holders knowingly give their personal details or credentials to a friend or acquaintance to commit fraud. The associate can order goods or services from a device not linked to the account, making the fraud appear realistic.
It is challenging for banks to prove that the customer was complicit in the crime. This is known colloquially by the oxymoron ‘friendly fraud’, which we discussed in our previous blog post.
An interesting twist to this type of fraud comes when customers are seduced by fraudsters advertising ways to ‘make $200 fast’.
To receive the cash, the legitimate account holder will agree to accept and transfer funds in and out of their bank account on behalf of a second party. In return, they get to keep a share of the money for themselves. In reality, this is money laundering, and the people who have shared their bank details are ‘money mules.’
But since the affected accounts belong to real people with legitimate credentials, detecting fraudulent activity can be problematic.
This is what usually springs to mind when people think about types of fraud. It is distinct from first and second-party fraud in that the customer does not know the fraudulent activity; in this situation, they are clearly the victim. The fraudster impersonates their identity, taking uses real-life facts about them to deceive their bank.
A common example of this type of fraud is account takeover (ATO). A fraudster gains access to a victim’s account using their personally identifiable information (PII), either being hacked or acquired through social engineering techniques such as phishing.
This is when a fraudster poses as a trusted entity to dupe their victim into revealing confidential information. This leads to an account takeover of the victim’s account, resulting in fraudulent transactions or purchases or drain funds.
Loan Stacking is another commonly used trick. This is when the criminal uses one person’s details to apply for multiple small loans from a wide variety of lenders. The gains can be huge, whilst it wreaks havoc on the victim’s credit score.
These types of fraud are not easy to detect, but for different reasons.
That additional user could be based on a synthetic identity, where the fraudster combines real and falsified information to create a new, more credible account holder.
This is a widely used technique, and Aite Group estimates synthetic identity credit card fraud will reach $1.25 billion in losses for American financial institutions in 2020. From here, the fraudster could ‘loan stack’ to make as much money – in as short a timeframe – as possible.
It’s this combination of so many different, highly sophisticated types of fraud that allow fraudsters to evade detection so often.
With the perpetrators of fraud ranging from organized crime gangs to long-term, highly valued customers, it’s hard to envisage an all-encompassing solution capable of combatting all three main types of fraud.
However, there is a way. By combining device assessment, malware detection, and behavioral biometric analytics, banks can build unique profiles for each customer and understand what ‘normal’ looks like. If anything deviates from the norm, they can decide whether to take action.
This could even be the most subtle of changes; for example, if a user is misstating the truth to apply for a loan, they might dither over some of the answers while wrestling with their conscience. While typing slowly or retyping information doesn’t make anyone guilty, it might warrant investigation.
Want to know more about our behavioral biometric technology? Request a demo now.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
