First Party Fraud
By Mike Betron, Infoglide VP of Marketing
Note: Today’s post is the first in a four-part series on first-party fraud. In this series, we’ll take a close look at what first-party fraud is, why it’s so difficult for banks to identify and block, and how Social Link Analysis (SLA) can serve as an effective and powerful tool for financial institutions combating this type of fraud.
Financial institutions are forced to combat many types of fraudulent activity, but few are as damaging and difficult to detect as first-party fraud. Analysts estimate that first-party fraud results in tens of billions in losses for banks every year. While this type of fraud is certainly not new, it remains a significant problem for banks because it’s so hard for them to identify and take action in time.
What is First-Party Fraud?
First-party fraud (FPF) is defined as when somebody enters into a relationship with a bank using either their own identity or a fictitious identity with the intent to defraud. First-party fraud is different from third-party fraud (also known as “identity fraud”) because in third-party fraud, the perpetrator uses another person’s identifying information (such as a social security number, address, phone number, etc.). FPF is often referred to as a “victimless” crime, because no consumers or individuals are directly affected. The real victim in FPF is the bank, which has to eat all of the financial losses.
To commit FPF, two things have to happen: an account must be established (or accessed) and funds have to be taken from the bank. Fraudsters typically open an account or get access to bank account information in one of the following four ways:
1) They use their own identity – This is a method typically employed by foreign nationals. The criminals arrive in the US on a J1 visa, establish a relationship with a financial institution, and then after six months to a year and a half, they “bust out,” take the money and disappear.
2) Identity manipulation – This is when a fraudster starts out with his or her own identity and manipulates it ever so slightly to get past application fraud screens. These fraudsters do their homework and understand what application fraud screens are looking for.
3) Spring boarding – In spring boarding, fraudsters add themselves to a real, valid account as a co-signer. The co-signer may or may not be participating with the fraudster. Most of the time, the co-signers get the same credit limits as the person with the valid account. In this type of fraud, spring boarders are often assisted by internal bank employees (which is a topic we’ll explore in another upcoming blog post).
4) Synthetic identity fraud – In this type of fraud, criminals combine real identity information (e.g., a social security number) with fake identity information (names, addresses, phone numbers, etc.) to create a new identity. This type of scheme has caused a phenomenon in the major credit bureau profiles called “piggy-backing.” Although true identity theft gets all of the press, according to a recent study by ID Analytics, synthetic identity fraud comprises of over 88% of all identity fraud events.
Once the fraudsters have established an account within the bank, they leverage their account for financial gain. The most common methods of committing first-party fraud include:
1) First-pay and early pay default – Once the fraudster has an account, he or she will write bad checks early in the process (or charge off their accounts) and disappear.
2) Bust-out fraud – In bust-out fraud, individuals will typically spend between a few months and a few years establishing themselves as engaged and trustworthy customers, setting up multiple accounts at the same bank. Oftentimes, to simulate activity, the fraudsters will “cycle cash” among the various fraudulent accounts without the payments ever leaving the bank. Over time, individuals within a network will accumulate several credit cards with increasing levels of credit, along with personal loans and checking accounts. Once a fraudster reaches a desired bust level or time in the scheme, he or she will rapidly increase spending, “max out” credit card limits and attempt to get additional credit cards, loans or accounts.
Organized bust-out fraud is by far the most damaging to the bank, and single instances can wipe out millions of dollars of unrecoverable loss. In organized bust-out fraud, a team of individuals will collaborate to create multiple accounts within a single organization. Their preferred method of access is via synthetic identities, and they are often assisted by insiders within the DDA and credit groups.
So just how much damage is being done – and why can’t banks put a stop to it? In next week’s post in our four-part series, we’ll attempt to quantify the pain banks experience with first-party fraud and also provide some thoughts on why it’s so hard to detect.