Topics Types of Bank Fraud 12 Most Common Types of Bank Fraud Account Takeover (ATO) Fraud Check Fraud ACH Fraud Real-time Payment Fraud First-Party Fraud Wire Fraud Zelle Fraud Types of Card Fraud Credit Card Fraud Debit Card Fraud Lost or Stolen Card Fraud Card Skimming Chargeback Fraud Card Not Present (CNP) Fraud Fraud Defenses Anti-Money Laundering (AML) Crowdsourced Abuse Reporting Device Fingerprinting Real-time monitoring Email Reputation Service IP Reputation Service SR 11-7 Compliance Supervised Machine Learning Suspicious Activity Reports (SARs) Two-Factor Authentication (2FA) Unsupervised Machine Learning Fraud Tactics Bot Attacks Call Center Scams Card Cloning Credential Stuffing Data Breaches Deepfakes Device Emulators GPS Spoofing Money Mule Scams P2P VPN Networks Phishing Attacks SIM Swap Fraud URL Shortener Spam Web Scraping Fraud Tech Device Intelligence Feature Engineering Identity (ID) Graphing Fraud Types Application Fraud Transaction Fraud Payment Fraud Bust-Out Fraud Buyer-Seller Collusion Content Abuse Money Laundering Loan Stacking Romance Scams Synthetic Identity Theft Cryptocurrency Scams Pig Butchering Scams What is First-Party Fraud and How to Prevent It What words would you use to describe a fraudster? Untrustworthy, sure. Deceptive, absolutely. Criminal, often true. Friend? “No way!” you might think. But in the case of first-party fraud, fraudsters aim to appear friendly as can be on the surface. To understand why first-party or “friendly fraud” is such a threat—and why it’s increasing—we need to examine how it flourishes. We need to break down the methods fraudsters use and the tools available to stop them. What is first-party fraud First-party fraud is when a person or entity commits fraud using their own unique information, not someone else’s. In third-party fraud, the fraudster assumes the identity of another to commit fraud. In first-party fraud, it’s the actual account holder or customer using their own credentials for fraudulent ends. This makes fraud harder for the bank or financial institution to detect. In some first-party fraud cases, the party committing the fraud may not even know what they are doing is fraudulent. Types of first-party frauds Chargeback fraud (or cyber shoplifting) Chargeback fraud happens when a customer makes a legitimate purchase, then disputes the charge with no intent to return or pay for the item. It’s also known as friendly fraud because their request appears genuine at first. The scheme is only revealed once they make off with a refund or free product. The term chargeback comes from the customer filing a chargeback claim with their bank or credit card company. They claim that they either didn’t receive what they paid for, something wasn’t as described, or they didn’t make the transaction at all. The bank or credit card company investigates, reverses the transaction, and the customer leaves with the money. Chargeback fraud has a serious financial impact on businesses. They lose revenue on top of incurring chargeback fees. Plus, they have to deal with damage their reputation. Refund and promotion abuse Customers abuse return and promotion policies to get something without paying full price. Sometimes, they’ll return items after using them to get a refund. Other times, they claim several discounts or promotions for a single purchase. This may seem innocuous, but it’s a serious form of fraud that costs merchants upwards of $89 billion. Refund and promotion abuse can be very difficult to detect. If a customer used legitimate payment, the fraud isn’t flagged by traditional detection. Wardrobing (or de-shopping) Wardrobing is a retail fraud where a customer buys something knowing they’ll only use it once or twice, then return it for a full refund. Some call this fraud “renting”. Wardrobing often involves items worn for special occasions, like formal dresses or suits. The customer will buy the item, wear it to the event, and then return it the next day or shortly thereafter. While it may still be in good condition, it cannot be resold as new. Retailers also need to cover the cost of cleaning before reselling. Buyer-Seller collusion Buyer-Seller Collusion occurs when both parties in a transaction conspire to commit fraud. In some cases, “customers” post fake positive reviews to prop up a fraudulent seller. Other times, both buyer and seller lie to a payment platform that a shipment was lost and request a refund. They may also work together to fix prices and defraud buyers not part of the collusion. First-party fraud in banking Application fraud and fake accounts Application fraud is when an individual uses false or stolen information to apply for credit cards, loans, or mortgages. Even though the fraudster is pretending to be someone else, it is first party fraud because they are the applicant. Fraudsters get the information to use from data breaches, call center attacks, and intercepted mail. Sometimes, they’ll create a frankenstein profile, or synthetic ID, using a blend of different people’s info. Once the fraudster gets the financial product they applied for, they use it for personal gain with no intent to repay. Remember, application fraud is the starting point for bust-out fraud. Bust-out fraud (or sleeper fraud) Bust-out fraud is a more sophisticated form of first party fraud. It involves coordinated acts of application fraud, most often organized by crime rings. In a typical bust-out fraud attack, fraudsters apply for many credit lines using stolen or synthetic identities. Once they’ve opened credit lines, they mimic legitimate customer behavior. They build good credit by making on-time payments for months or even years. This allows the fraud ring to open even more lines of credit. Finally, they begin the fraud exit and max out all credit lines within a short time. The fraudsters make off with the most cash they can get and leave the lenders with a mountain of credit defaults and losses. Because of the scale and length of a bust-out fraud scheme, plus the good credit of the scammer, it’s particularly damaging for lenders. They can take legal action to recover the outstanding debt. Often though the scammer has already moved on to another lender, leaving the financial institution with the loss. Money Mules Fraudsters recruit money mules to transfer their stolen or illegal funds. Many times the mules aren’t aware they’re part of a scheme. They may think it’s part of a legitimate job, and even receive a small fee or percentage of the transferred amount as compensation. In a classic money mule scheme, the fraudster contacts their mule through social media or email offering a job or quick cash opportunity. First, they send funds to the mule’s bank account, usually via wire transfer or authorized electronic payment. Then, they ask the mule to transfer the funds to another account, often overseas. This puts a layer of protection between the actual fraudster and their stolen funds—and the mule on the hook for the crime. Another common recruiting tactic is promising a romantic relationships, called a romance scam. These tend to target widows or older people, with the scammer posing as a soldier or overseas lover. In some cases, fraudsters even threaten violence or legal action if mules do not comply. How does first-party fraud impact businesses? First-party fraud can wreak financial havoc on businesses, especially in the financial sector. The financial losses have a direct impact on a business’s bottom line, and may even lead to bankruptcy in severe cases. Scams like chargeback fraud and promotion abuse can damage a business’s reputation with other buyers. That’s especially true if the fraud isn’t detected and the scammer keeps operating within the business’s ecosystem. This can lead to a loss of trust among customers and partners, which can be difficult to regain. Preventing and detecting first-party fraud increases costs as well. They need to install new fraud detection technology. They spend staff hours conducting investigations into suspicious activity. Many times, they need to hire more staff to check accounts and transactions. Financial companies especially need to worry about regulatory issues resulting from first-party fraud. As part of compliance, they need to report suspicious activity to regulatory bodies and prove they can prevent fraud. How common is first-party fraud? Alloy’s Annual State of Fraud Benchmark Report found first-party fraud accounts for 62% of financial fraud breaches. Experian found first-party fraud increased by 40% in 2020 thanks to new fraud opportunities from the COVID-19 pandemic. These statistics suggest that first-party fraud is a growing problem for businesses. The rise of AI gives fraudsters easier access to writing tools that simplify their schemes. As a result, first-party fraud projects to only continue its rise as a threat. Is first-party fraud a felony? First-party fraud is a form of fraud, which is generally considered a criminal offense. In many jurisdictions, fraud becomes a felony if it involves a significant amount of money or is part of a larger scheme. Specific classification and punishment depend on where the crime happened and how. What are the methods of first-party fraud detection? There are several methods to detect first-party fraud that have been around for a while. Biometric data like fingerprints or facial recognition can help identify real customers. Institutions use this to ensure a person opening an account or making a transaction is who they claim to be. Another similar tactic is device fingerprinting. It analyzes the unique characteristics of a customer’s device, like operating system, browser type, and IP address. This identifies potential fraudsters who may using several devices to conduct fraud. Fraudsters can get around or dupe these verifications, though. Plus, they’re at risk of producing many false positives. The best modern solutions incorporate machine learning and artificial intelligence. How to prevent first-party fraud with AI AI has a few capabilities to catch first party fraud. Behavioral analytics analyzes a customer’s behavior over time to identify possible fraud patterns. It looks at types of transactions customers make, their frequency, and the location they’re made from. Then, advanced machine learning algorithms analyze this data to identify fraud patterns. Because AI can analyze huge data sets, it can link fraudulent account activity that differs from normal, good user activity. Solutions like dCube can catch even small traces of fraud by analyzing accounts and doing pattern analysis at the same time. Holistic fraud platforms like DataVisor’s detect fraud attacks without historic labels or rules. They also don’t need lengthy training time to set up and don’t rely on large datasets to have the info needed to catch fraud. To learn more about how DataVisor can help your business prevent first-party fraud, book a time to talk with one of our experts today.