With an 8 percent increase on the previous year, identity fraud is on the rise. More fraud means more victims, but the victims do not exist without perpetrators and it’s important to understand exactly who these perpetrators are. The fraudsters fall broadly into three buckets: those who commit first party, second party or third party fraud.
First Party Fraud
Have you ever thought about slightly distorting your personal details in order to receive a credit card or perhaps a more attractive mortgage from a bank? Misrepresenting your own identity or personal circumstances in any way – however minor – in order to procure unsecured banking credit is in fact first party fraud.
First party fraud also encompasses taking out a loan or using credit without ever intending to repay the money. For example, someone may order a new flat-screen TV on credit and therefore spend a larger lump sum than is usual. In events like these the bank will diligently call their customer to ask if the unusual purchase is authentic. If the account holder claims that they made no such purchase, or did not receive the goods, the bank will often refund the money, leaving the retailer out of pocket as the bank demands a chargeback.
Everyone’s doing it
The most worrying thing is that people seem to believe that this is some form of ‘acceptable fraud’.
Shockingly, as many as one in seven Britons has committed some type of consumer fraud, a statistic that’s mirrored elsewhere in the world. However, not only is this kind of first party fraud causing companies huge losses, it is also driving up the premiums for other, innocent customers.
Second Party Fraud
Second party fraud is more complex. This is when legitimate account holders knowingly give their personal details or credentials to a friend or acquaintance in order to commit fraud. The associate can order goods or services from a device that’s not linked to the account, making the fraud look more realistic. It is extremely difficult for banks to prove that the customer was complicit in the crime. This is known colloquially by the oxymoron ‘friendly fraud’, a topic we discussed in our previous blog post.
An interesting twist to second party fraud comes when customers are seduced by fraudsters advertising ways to ‘make $200 fast’. To receive the cash, the legitimate account holder will agree to accept and transfer funds in and out of their bank account on behalf of a second party. In return, they get to keep a share of the money for themselves. In reality, this is money laundering, and the people who have shared their bank details are ‘money mules’. But yet again, as the accounts belong to real people with legitimate credentials, detecting fraudulent activity can be problematic.
Third Party Fraud
This is what usually springs to mind when people think about fraud. It is distinct from first and second party fraud in that the customer does not have any knowledge of the fraudulent activity; in this situation they are clearly the victim. The fraudster impersonates their identity and uses real-life facts about them in order to deceive their bank.
A common example is account takeover (ATO), which is when a fraudster gains access to a victim’s account using their personally identifiable information (PII), which has either been hacked or acquired through some kind of social engineering technique, such as phishing. This is when the fraudster poses as a trusted entity in order to dupe their victim into revealing confidential information. This leads to the victim’s account being used to make fraudulent transactions or purchases, or simply just being drained of funds.
Loan Stacking is another commonly used trick. This is when the criminal uses one person’s details to apply for multiple small loans from a wide variety of lenders. The gains can be huge, whilst it wreaks havoc on the victim’s credit score.
Why each type of fraud can be difficult to detect
None of these types of fraud are easy to detect, but for different reasons.
- You can’t interrogate the customer: In the case of first party fraud, it can be extremely difficult to establish whether customers are being truthful. It is not best practice customer service for banks to interrogate their monthly spending and it’s impossible for them to go into their customers’ homes to see if there’s a brand new TV hanging on the wall. This type of fraud is hard to spot but it is even harder to prove.
- No one will confess: Similar difficulties arise with second party fraud. Asking an individual outright if they have ever shared their banking details with anyone else isn’t going to get the bank anywhere, as the answer will inevitably be a defensive ‘no, of course not’. As the individual has knowingly allowed this fraud to take place, all personal details are correct and most of the usual signals of fraudulent behavior are not present. When individuals refuse to acknowledge their involvement, the banks will be hard-pressed to find firm evidence to prove they were. It’s a case of one person’s word against another’s.
- Shrouded in complexity: A fraudster will often combine different techniques to complicate banks’ efforts to detect any suspicious activity. For example, they might target individuals with low credit scores who are unlikely targets of fraud. Next, they may use a technique called credit piggy-backing, where they add another cardholder to boost the credit score.
That additional user could be based on a synthetic identity, where the fraudster combines real and falsified information to create a new, more credible account holder. This is a widely used technique, and Aite Group estimates synthetic identity credit card will reach $1.25 billion in losses for American financial institutions in 2020. From here, the fraudster could ‘loan stack’ to make as much money – in as short a timeframe – as possible..
It’s this combination of so many different, highly-sophisticated methods that allow fraudsters to so often evade detection.
Combatting these diverse crimes
With the perpetrators of fraud ranging from organized crime gangs to long-term, highly valued customers, it’s hard to envisage an all-encompassing solution capable of combatting all three main fraud types.
However, there is a way. By combining device assessment, malware detection and behavioral analytics, banks can build unique profiles for each and every customer – and understand what ‘normal’ looks like. If anything deviates from the norm they can decide whether to take action. This could even be the most subtle of changes; for example, if a user is mis-stating the truth in order to apply for a loan, they might dither over some of the answers, while they wrestle with their conscience. While typing slowly or retyping information doesn’t make anyone guilty, it might warrant investigation.
Want to know more about our technology? Request a demo now.