Fraud Protection & Compliance
For many people, the word “fraud” evokes images of shadowy criminals using stolen identities and purloined credit card information to commit financial crimes. Perhaps surprisingly, consumers sometimes use their own personal information to commit fraud. Or they may unintentionally sell it to criminal gangs, which then rack up thousands of pounds of fraudulent credit card debt. Both of these crimes are first-party fraud.
Furthermore, you might automatically assume that first-party fraud only affects banks, but as telcos evolve into payment processing and handset financiers, they also are now feeling the pinch. Debt collection agencies (DCAs) are leaking more profits and costs, too, trying to collect on something that isn’t recoverable.
A Drain on Profitability
In my personal experience, first-party fraud typically comprises around 10% of the volume of credit losses (also known as bad debt) but, alarmingly, more than 20% of the value. This tricky and often very large problem can be easily missed as it lurks somewhere between the risk department, operations and the fraud team; in other words, first-party fraud frequently does not have a direct owner. Siloed fraud and collections departments further reduce the chance for fraudulent patterns to be discovered. Finally, while the relatively low volume of first-party fraud often reduces its priority, at many organizations it remains a significant profit drain that could be better managed
As pressure on the bottom line persists in 2021, it pays to put more focus on first-party fraud and take decisive action now.
Why First-Party Fraud Can Be Easily Missed
Traditional third-party fraud entails some form of impersonation or stolen identity, whether through stolen card credentials or someone taking over your identity. At some point, many victims of third-party fraud become aware of the crime when unknown transactions appear on statements, or a debt collection agency attempts to collect money the victim does not owe.
In contrast, first-party fraud often masquerades as a credit risk problem; delinquent accounts are sent to collections for a progression of treatment. Unlike third-party fraud, the transactions are committed with accurate information and seemingly legitimate intentions. This makes it much more difficult for a fraud team to spot. In this way, first-party fraud can be eventually written off as uncollectible and is sometimes sold unknowingly to external collections agencies.
Newer financial services providers are even more challenged, as well as telcos new to payment processing and retail finance. They often lack the historical data that banks can analyze to help define what legitimate first-party fraud looks like, in order to take the right course of action. Whether an online bank or a telco financing costly devices, these organizations all face similar challenges in fraud prevention.
Common Types of First-Party Fraud
- Sleeper fraud occurs when a fraudster acquires a form of credit and, over time, builds up what appears to be normal customer behaviour. As the customer builds trust with the service provider over months or even years, they eventually ask for more credit and then cash in, taking the maximum amount of cash and any goods with them, never to be seen again.
- Bust-out fraud, also known as hit and run, can happen on many types of financial services. It’s quick and sometimes easy, with credit cards and loans being the easiest prey today. In some countries where cheques are in use or have slower clearing cycles, fraudsters can exploit these inefficiencies to inflate a credit balance by up to 10 times the limit and cash out before these transactions are caught.
How First-Party Fraud Occurs
In general, first-party fraud can be characterized as either opportunistic — perpetrated on a small scale by a single fraudster or an informal group — or organized, carried out at scale by a criminal gang or fraud ring. Sleeper or bust-out fraud can be perpetrated in an opportunistic or organized fashion.
Some first-party fraud schemes can be executed in both ways. For example, in the UK, Europe and the Middle East, the highly fluid mobility of university students creates conditions ripe for fraud. In this scheme, criminal gangs have zeroed in on out-of-country students to buy their identity credentials and bank accounts as they leave to return to their home countries. There are many potential victims, as only 10% of foreign students stay in their country of study, with 90% returning to their home countries.
Student credential fraud often starts with criminal gangs advertising in student unions and social media and, in some cases, by infiltrating WhatsApp groups with friendly offers of quick cash. While these offers may be tempting to cash-strapped students, the fraudsters have much darker intentions. With 1.3 million students in the European Union (EU) at any given time, it’s easy to see why fraudsters target this lucrative group for both fraud and money laundering.
Another group that falls prey to fraudsters is those experiencing financial hardship; genuine customers can turn to fraud to help pay for expenses in the absence of employment. In Europe the unemployment rate increased in 2020 due to the pandemic and now stands at around 8%, or 40 million people, creating another very large, receptive target group.
Flush with comprehensive personal information, and banking apps now on the criminals’ phones and complemented by handset biometrics, criminals gangs can quickly acquire credit fraudulently. They extract their ill-gotten gains through credit cards and loans, or use the accounts to commit money muling and laundering. All of these crimes are highly lucrative for fraudsters, underscoring why more needs to be done to fight first-party fraud.
More often than not, foreign students and expats return to their home country, making collections difficult. While a debt collection agency can use pan-European tracing to locate debtors, there is no pan-EU pact to enforce payment –– and certainly nothing in Africa and the Middle East. Similarly, with cross-border payments, if first-party fraud is identified in one country and the funds have been sent to another, there is no recovery mechanism in place.
Cross-border fraud is also exacerbated in the UK, EU and Middle East by a lack of cross-border credit bureau facilities. While the UK has the Cifas national databases for fraud prevention, identity theft and protective registration, these resources are not available in or applicable to EU countries.
How to Get Ahead of First-Party Fraud
Awareness is the first step in addressing any problem, and first-party fraud is no exception. Working with fraud experts in FICO® Advisory Services, companies of all kinds can quantify their first-party fraud problem, and develop strategies, processes and technology solutions to improve detection and reduce fraud.
It’s important to start with your existing data within the collections and bad debt population, to create accurate first-party fraud definitions based on the industry or products you offer. In this way, the problem can be identified and quantified. Action comes next, but getting the first two steps right, as shown in the graphic below, comprises most of the hard work.
Uncover Evidence of Linked Crimes
The process of investigating potential first-party fraud should include efforts to detect the activity of identity and criminal gangs, fraud rings and other types of organized fraudsters. This can be readily accomplished with analytics software that systematically scans across disparate and siloed data sources, uncovering links between people, identities, places and events that can indicate connected fraud and money laundering.
The analytics software should provide social network analysis, using data points from credit applications to link it to other applications and accounts, even when they are several degrees moved. Ultimately, the analytic software should deliver entity resolution, automatically providing matching and relationship intelligence with precision.
Whether your company is a bank, telco or a debt collection agency, it’s a challenge to balance crime prevention with customer experience. Most companies are reluctant to impose controls that may stop fraud, but which may also dissuade legitimate prospects, new accounts and current customers. However, non-intrusive application and account analysis, and scoring, can identify and stop much first-party fraud, as well as fraud being conducted with synthetic identities.
How FICO Can Help You Fight First-Party Fraud
- Read 5 Strategies for Fighting First-Party and Synthetic Identity Fraud and our white paper Predicting First-Party Fraud: Bridging the Chasm Between Credit Risk and Fraud
- Explore our FICO Application Fraud Manager solution
Note: This post is an update of a post originally published in May 2021.