Fraud, Transaction Monitoring 8 min read
Battling first-party fraud with transaction monitoring
The different types of first-party fraud
Compelling Evidence 3.0 and First-Party Trust
Using transaction monitoring to combat first-party fraud
- Classify existing first-party fraud cases correctly
- Use data enrichment
- Tighten your AML processes
- Look for fraud rings, not individuals
- Use retrospective batch checks
First-party fraud, when a customer lies to you for financial gain by misrepresenting their identity or providing false information, is the quickest-growing fraud type there is.
Consider the following:
- 2024 Global Payments and Fraud reports found that first-party fraud (or first-party misuse) has increased according to 63% of their respondents, with 31% reporting a substantial increase of 25% - or more.
- Mercator (now Javelin Strategy & Research) estimated the financial impact of first-party fraud on US merchants being $50 billion annually in 2019, even before the Covid-eCommerce boom.
- During COVID-19, government relief loan programs were widely abused, with an estimated $136 billion stolen from the Economic Injury Disaster Loan Program (EIDL) and $64 billion from the Paycheck Protection Program (PPP). First-party fraud schemes are neither limited to merchants nor are they limited in their scope of harm.
As the saying goes, opportunity makes the thief, and first-party fraud was originally driven by the fact that merchants typically ignore these low-level monetary losses individually and often do not even bother to fight chargeback disputes.
The rationale behind friendly fraud is not just the low risk of detection and apprehension but widely shared consumer sentiments that these are essentially victimless crimes against companies, in which the money is insured anyway.
As we are living in uncertain economic times amid layoffs, rising inflation, and high corporate profits in certain sectors, more and more consumers are not only finding opportunities to "get back" at the system through friendly fraud but also easily rationalizing these acts.
The growing problem of friendly fraud has reached a breaking point, with Visa and Mastercard introducing new systems for affected merchants to fight back. But first-party fraud takes on different forms for different types of service providers, and as such, transaction monitoring systems play a key role in being prepared for fraud schemes.
This article walks you through not just the types of first-party fraud but also the key strategies fintech companies and financial institutions are employing to counter them effectively.
The different types of first-party fraud
Before employing strategies to reduce first-party fraud, it can be helpful to understand some of its most common forms. While first-party fraud is a universal phenomenon, it manifests differently depending on where the target resides within the wider payments ecosystem.
For example:
- Chargeback Fraud: The classic scheme that started it all, so to speak, in which customers abuse the chargeback protection system for financial gain. In effect, they purchase goods or services and later claim to their bank that the transaction was not authorized, leading to a loss for the merchant as the transaction is reversed and a penalty is applied.
- False Claims: A sister scheme to the former, false claims are when a customer asks for a refund from the merchant, claiming that the item was lost in transit, not as advertised, or that they did not make the purchase. The attack relies on lenient refund and return policies, in which case is commonly known as return fraud.
- Fronting: Fronting is the act of making a registration on behalf of someone else, typically to claim better pricing or offers. In other words, the true account beneficiary uses a frontman, including their details and better track record or credit history for monetary gain.
- Money Muling: With stringent AML rules and procedures in place in the financial system, criminals have figured out a way nonetheless to sidestep them. Money mules move funds on behalf of other people, usually in exchange for a cut or a fixed fee. The past few years have seen a veritable explosion of first-party money muling, as cybercriminals recruit people for lucrative "work from home" opportunities that are, in effect, running networks of mules.
- Ghost Funding: Ghost funding or ghost laundering is a complex scheme that requires complicit merchant accounts to work. In essence, while money is moved, actual products or services are not, or the nominal items traded are merely covers for illicit material. Similar to money muling, this frequently occurs because fraudsters want to circumvent AML regulations.
- Sleeper or Bust-Out Fraud: While this is commonly associated with synthetic identities, it occurs frequently enough in first-party fraud cases. The fraudster signs up for banking services and uses them like a model citizen, slowly building up their credit line, until they decide it is time to cash out by maxing out their loans with no intent to repay them. The plot relies on the difficulty of recollections, especially when it is easy to move around and switch countries.
- Application Fraud: Another popular fraud type is simply lying on the application form for services such as loans to get better terms. Application fraud involves the fabrication of income or employment documents to fool the service into thinking that the applicant is in better financial shape than they actually are.
The tricky thing about first-party fraud is that at the onset, fraudsters are virtually indistinguishable from good-intentioned, honest customers. It is only after some time has passed that ill-intent fraud manifests. As a result, first-party fraud is mostly detected after the fact, where the focus becomes preventing further losses.
Compelling Evidence 3.0 and First-Party Trust
Visa and Mastercard's updated policies on chargeback fraud are indicative of how the problem can be addressed. In essence, both programs allow merchants to dispute chargebacks, provided they can show that the user has made two good and approved transactions within a given time frame (between 120 and 365 days before the transaction in dispute). The idea is that if the user is using the same device, IP address, email, and phone number for the transaction, they are trying to claw back and previous ones they did not argue, it means that they, in fact, made the transaction willingly.
This is a significant change, as with a properly set up transaction monitoring system, merchants can now automatically dispute chargebacks that meet the criteria for Compelling Evidence 3.0 and First Party Trust. They simply have to check whether or not there are eligible transactions in the system using AND/IF mechanisms.
These policies did not come out of nowhere: They reflect the collective wisdom that has emerged over time regarding not just the most probable cases of first-party fraud but also the best practices for dealing with them. As such, they provide a guiding light towards developing one's own policies on countering these types of attacks.
Using transaction monitoring to combat first-party fraud
While first-party fraud by nature is harder to prevent than it is to detect, based on industry best practices, we have outlined the strategies fintech companies and financial institutions are employing to proactively protect themselves against first-party fraud:
1. Classify existing first-party fraud cases correctly
First-party fraud exists because a service or system may have a vulnerability that customers have learned to exploit. By looking at historical data of first-party fraud cases, regardless of which type they are, you may see patterns emerge in how these actors are different from your existing customers.
The theme emerging from best practices is that the more granular the approach, the better the results: Look at everything from transaction data to logins to user actions. You may find that users who come to your platform with the intent to abuse you have an identifiable profile one way or another because they are using your service with fraudulent intent. If you can classify existing first-party fraud cases correctly, you establish a baseline of patterns that can be used to identify future cases.
2. Use data enrichment
When customers lie to you, they are betting that they are smarter than your defenses, hence lying on signup forms or during transactions.
By deploying data enrichment on the records that matter, you often get a clearer picture of employment history or lifestyle, which you can use to build a story that might differ from the customer’s. Note that this can also work well retroactively: Enriching the data of your existing fraud cases might reveal the blindspots in your existing defenses.
3. Tighten your AML processes
AML regulations continue to get tighter as regulators react to new kinds of money-laundering and sanctions-evading schemes and increase scrutiny of the maturing fintech sector. While AML teams are being spread thin, the growing number of first-party fraud cases shows that a good portion of them fall under evading AML rules and procedures.
By taking a more proactive stance and stepping up AML measures, fintech companies and banks can curb the first-party fraud problem by serving as an early warning system. Setting up enhanced customer due diligence and verification processes that are triggered by user actions can uncover fronting, mules, and ghost funding schemes before they affect your bottom line.
Since these have more to do with procedures, such as scanning your transactions even if they are lower or simply outlier amounts, you do not have to introduce additional friction to the user journey unless necessary.
4. Look for fraud rings, not individuals
Like many things in the realm of anti-fraud, first-party fraud is a bit of a misnomer. When attackers figure out a weak spot in a given system, they will scale their operations quickly. First-party fraud is simply when there is a mix of user consent and factual, reliable, honest data with some amount of fabrication led by ill intent.
To that extent, companies frequently find that their application fraud or promo abuse cases were actually coordinated. It is often revealed that multiple accounts have been using shared devices, IP addresses, passwords, or even referral links—hinting at organized activity. By applying link analysis and risk scoring that incorporates these key data points, one can more proactively anticipate first-party fraud.
5. Use retrospective batch checks
Once a clear baseline for first-party fraud cases is established, many companies implement period, retroactive checks of user activity to uncover any risk signals early.
Depending on your company's operational cadence, these can be daily, weekly, bi-weekly, or monthly. The goal is that they are frequent enough to proactively uncover fraudsters without burdening operations further.
Since some forms of first-party fraud are so slow to unfold, these checks do not even need to be followed by immediate action, as monitoring and highlighting suspicious cases can already ease the burden of surprise when fraud hits.
Concluding thoughts
Make no mistake about it: first-party fraud is so popular that no merchant or service provider will be spared by it.
It took the credit card industry several decades to address the problem of chargeback abuse - something only possible because there are so few dominant players in the industry. Other players operating in less mature niches, such as fintech providers, have to rely on innovation and ingenuity to face the problem head-on.
Ultimately, it is about improving the balance between being proactive and reactive, something that often requires a second look at the tools at your disposal. In that sense, a company's transaction monitoring system lies at the heart of the matter by being uniquely fitted to the task of catching fraud—be it third—second, or first-party.