Fraud Management & Cybercrime , Fraud Risk Management , Video
First-Party Fraud's Big Comeback in Banking and Lending
Fraud Experts Share Challenges and Solutions for Managing Customer-Driven LossesBanks and lenders lose tens of billions of dollars every year to credit card fraud, bad checks and intentional loan defaults, but the main culprits in these losses are not third-party scammers. Most of these crimes are being committed by the bank's customers, making detection and prevention a formidable challenge.
See Also: Strengthening Operational Resilience in Financial Services
The latest report from Socure says that first-party fraud costs U.S. businesses about $100 billion annually. Mastercard-owned Ethoca estimated this type of fraud costs merchants about $50 billion each year. First-party fraud is a much larger problem than identity theft, said Frank McKenna, chief fraud strategist at Point Predictive.
"It is indeed growing but unfortunately, there are no industrywide statistics available for year-on-year tracking," McKenna said, "This is due to banks and finance companies not reporting such incidents on an industrywide basis. Therefore, we rely on these static statistics to gauge the magnitude of the problem."
Brad Crall, fraud consultant with Mission Omega, a financial crime-fighting company, calls it a "hidden fraud type" that often remains undetected and misclassified within financial institutions. While most people are familiar with identity theft and account takeover, first-party fraud - which includes money mules, tax claims abuse, and dispute abuse - "is the larger, unseen part of an iceberg below the water's surface," he said.
Credit card and checking account write-offs are nothing new to the financial services industry, and many banks put limits in place to reduce risk, but experts say first-party fraud is making a big comeback. Detecting and preventing first-party fraud has become more challenging with the rise of digital banking and the involvement of credit repair companies in facilitating fraudulent credit reports.
As the sector grapples with these issues, experts advocate a multifaceted approach that includes behavioral analytics, machine learning and behavioral biometrics to enhance the identification and mitigation of first-party fraud. They also suggest designing a program that takes into account all kinds of authorized fraud.
The Origin of First-Party Fraud
First-party fraud encompasses a wide array of deceptive practices, beginning with credit card fraud. Typically, customers falsely claim that they did not authorize transactions or they contact their banks to reverse the charges. "This type of fraud accounts for approximately 40% of all fraud claims faced by credit card issuers," McKenna said.
Another common tactic is bust-out fraud, in which individuals quickly run up debt on credit cards and take out auto loans without no intention of repaying - and then vanish. Lending fraud also poses a significant threat; fraudsters falsify their income or employment information, or even purchase vehicles in the names of others, without disclosing such arrangements to lenders.
Synthetic identity fraud involves a more sophisticated approach to first-party fraud in which individuals combine stolen Social Security numbers with their actual names to open accounts, effectively committing fraud under the guise of legitimate identities.
The Role of Credit Repair Companies
Some fraud investigators say illegitimate credit repair companies enable consumers seeking to exploit the financial system. About 70,000 U.S. credit repair companies help individuals improve their credit scores through various means. But a portion of these companies veer into questionable practices that artificially inflate credit scores or erase legitimate negative information from their credit reports. Tactics can range from disputing accurate but unfavorable entries to creating synthetic identities or staging false claims of identity theft.
Synthetic identity fraudsters are targeting the auto lending industry the most, leading to a 98% increase in attempts and a staggering $7.9 billion in losses for the industry in 2023. Point Predictive's study of 180 million loan applications shows that income and employment misrepresentation, synthetic identities and credit washing account for nearly 75% of the risks faced by auto lenders.
These practices not only undermine the integrity of financial systems but also pose significant risks to banks, lenders and merchants. Financial experts and regulatory bodies are increasingly scrutinizing the operations of credit repair companies, but distinguishing between legitimate and unscrupulous services is difficult.
"It's only a small fraction of the credit repair companies, but they cause most of the problems," McKenna said.
Designing a Good Authorized Fraud Program
Tackling first-party fraud requires a multifaceted approach. Experts say behavioral analytics and machine learning models are potent tools for identifying and mitigating first-party fraud. Unfortunately, the industry currently lacks the tools designed to monitor and prevent first-party fraud on the deposit side. "Our defenses on the deposit side are so transactional, we are not realizing that there is a core problem with the actual customer themselves," said Ian Mitchell, founder of The Knoble.
Seth Ruden, director, global advisory, Americas, BioCatch, said using behavioral biometrics to monitor how users interact with banking platforms can provide valuable clues to differentiating between legitimate customers and fraudsters. "What we can observe, however, is what their behavior looks like. If somebody is pushing through a lot of applications from the same device, from the same IP address, from the same background, from the same location and making very small changes," Ruden said, "you can go deeper. You can look into the behavior of those individuals as they're filling out those applications and say, 'Hey, look! The behavior of this is unlikely to be a true user, because they're moving through the application too rapidly.'"
To get the best from behavior analytics, FIs must create a data environment that enables them to view their customers' behavior. For example, banks could see how customers overcome challenges in the transaction process and step-ups for authentication and whether that differs from normal customer behavior.
Other Technical Solutions
Integrating comprehensive fraud detection systems that use a combination of rule-based and AI-driven approaches can help in identifying and preventing fraudulent activities. These systems should be capable of monitoring transactions in real time and flagging suspicious activities for further investigation.
Banks also can participate in data consortiums to share anonymized fraud data with other financial institutions. This collaborative approach helps identify fraudsters who might be targeting multiple institutions.
Finally, simply believing what customers submit for Know Your Customer checks is not enough. According to Identity firm Prove, KYC is an important tool but it needs to be verified with "digital signals outside of the information that is being provided."
For example, banks need to look at the ownership of the phone and take a pictures of the driver's license or passport and include that in the identity processes, depending on the services provided online. These signals can give banks a higher level of assurance.
Equally important is to have a comprehensive approach to programs specifically aimed at first-party fraud. This approach involves understanding the taxonomy of fraud, assigning roles and responsibilities, and creating a framework for prevention, detection and resolution.