That was the key takeaway from our recent webinar, The rise of first-party fraud and other 2023 trends to watch, featuring Frank McKenna, Co-Founder and Chief Fraud Strategist at PointPredictive and author of FrankOnFraud.com, Daragh McMeel, Fraud Analyst at Inscribe, and Anurag Puranik, Head of Risk at Coast.

But even if first-party fraud is a so-called “fact of life” as our panelists say, there are steps organizations can take to significantly reduce their own risk and improve their customer experience. In this post, we share some highlights from our recent panel about how organizations can assume the right mindset and adopt the ideal toolset to beat fraudsters at their own game. 

But first, what’s the difference between first- and third-party fraud? 

What is first-party fraud?

First-party fraud, also known as first-party application fraud, is a type of fraud in which an individual or entity uses their own personal information or resources to commit fraud against a financial institution or business. Unlike traditional third-party fraud, where a fraudster uses someone else's identity or financial information, first-party fraud involves individuals who have a genuine relationship with the institution or business but engage in deceptive or fraudulent activities for financial gain.

According to the 2023 Document Fraud Report, 30% of fraudulent personal loan applications showed signs of first-party fraud in 2022. However, despite its prevalence, first-party fraud can be particularly difficult for companies to catch and therefore counteract, as compared to third-party fraud.

“With first-party fraud, you never have a feedback loop,” explains Frank. “Companies don’t have a customer calling to report an issue, like you would with identity theft or third-party fraud. With first-party fraud, you're often left trying to examine what happened after the fact to confirm and quantify it.” 

“First-party fraud is notoriously difficult to detect,” agrees Daragh. “Companies tend to have a high level of trust in current and potential customers [but the reality is that these individuals are capable of] perpetrating crimes against the business just like a third-party.”

First-party fraud might be difficult to detect, but not impossible. Here are nine steps every organization can take to prevent defaults and losses due to first-party fraud. 

9 helpful steps from experts for preventing first-party fraud

1.  Know how first-party fraud manifests in your industry 

Every business may be at risk of first-party fraud, but the manifestation of that risk will vary from industry to industry, or even company to company.

For example, if you look at the financial services and lending space, in particular, the goal of the fraudster is often to secure a loan for a big-ticket item, such as a car or mortgage. In these cases, people tend to inflate their income and assets and provide fake or altered documentation to support their claims. 

On the other hand, for retailers or online merchants, you might see fraudsters try to exploit policies. For example, fraudulent returns occur when customers make a purchase online, claim the product never arrived, and then ask for credit or a refund.

“There are a lot of different flavors of first-party fraud,” says Anurag. “You can lie about your income, start a fake business, operate a shell company – the list goes on and on. On our platform, most of the fraud, about 80% of it, is first-party fraud.”

‍

 2.  Know what fraud techniques and methods to look out for

For financial services organizations, lenders, real-estate companies or any organization where customers are after a “big-ticket” item, the signs of first-party fraud can often be found in the customer’s application documentation, such as pay stubs, bank statements, investment portfolio statements, or tax documents. 

Customers and applicants knowingly alter their financial details, account information or both to inflate their assets, increase their salary, or otherwise demonstrate that they can afford the purchase they are being evaluated for. Data from the 2023 Veriff Identity Fraud Report showed a 31% increase in document fraud globally, with financial services companies seeing a 79% increase in 2022.

Catching cases of document fraud is so immensely important because there is often a direct link between document fraud and early payment default.

“Our investigators have gone through early payment default portfolios for lenders and found that up to 70% of those applicants that stopped paying within the first six months also had some form of document fraud, such as an altered bank statement or pay stub,” says Daragh. “In these cases, there was something in the original loan file that could have been a clue that they were at high risk of non-payment.

‍

3: Automate processes to increase efficiency and improve accuracy

When it comes to document fraud, an onslaught of editing tools and online template shops makes it fast and easy for fraudsters to doctor their existing statements or create fake ones to suit their needs. Unfortunately, these tools and templates have become so sophisticated that it is almost impossible to detect alterations or templates with traditional processes and manual reviews.

“A lot of first-party fraud is really well hidden from the human eye,” says Frank. “You need technology to be able to expose it.” 

For example, Inscribe’s X-Ray feature scans a document and identifies any areas where the file has been manipulated. It then enables a side-by-side comparison of the submitted version with the original so that teams can quickly assess where and how a file was changed.

By leveraging tools like Inscribe, financial services organizations can automate some aspects of the onboarding and underwriting processes, as well as manage account monitoring. This is the key to ensuring that companies can quickly and efficiently identify cases of fraud and, in turn, reduce risk and losses. 

“I love this X-Ray feature,” says Anurag. “Before we used this tool, it would take our team half an hour to do a bank document review – now it’s an extremely fast, automated process.” 

Another benefit of using intelligent automation and digital technologies is that the tools become more accurate and precise over time as they ingest more data. For example, machine learning (ML) models can remember millions of data points and recognize patterns or repeating sets of transactions across different customer statements. These are warning signs that a manual reviewer — even a long-time expert in the field — cannot remember and identify with any regularity. 

“It's so important to have the data and the tools to back processes up,” says Daragh. “Having a technology provider in the space is hugely valuable. We process millions of documents each month and train our models on hundreds of millions of data points to ensure our tools keep evolving and improving.

‍

4: Mount a coordinated defense to fend off sophisticated attacks

 There is no single solution to protect against all forms of fraud – and it’s highly unlikely that one will ever exist. For that reason, many of our customers take a coordinated approach to their risk management, layering defenses to provide multiple lines of protection and safeguards at key parts of the onboarding and underwriting journey. 

This is especially important given the growing trend of “fraud as a service” where organized fraud rings launch sophisticated, coordinated attacks.

“Given how the risk landscape is evolving, it’s important to mount a coordinated defense,” says Daragh. “We recommend our customers use layered defenses, which we sometimes refer to as a ‘Swiss Cheese’ strategy that brings together numerous solutions and partners to prevent gaps in coverage that fraudsters can slip through.”

Using the Swiss Cheese approach, even if a cyber-criminal gets past one fraud check, they are likely to be caught by another. 

‍

5: Set a budget specific to first-party fraud 

Mitigating the risk of first-party fraud will sometimes require a bit of a culture change within the organization.

 “Nobody wants to believe that your customers can be committing fraud against you,” says Frank. “It's very difficult to get an organization to accept that it happens, and then to invest in tools and technology to stop it.” 

“99% of companies don't have any understanding of how big first-party fraud is,” he continues. “They tend not to invest in the problem because they don’t differentiate those losses. However, we know that if companies define the problem, identify the scope, and then use a targeted anti-fraud technique to combat those cases, those credit losses can be averted. And the reward for doing so is large.”

Frank recommends companies conduct an assessment to calculate the specific cost of first-party fraud. The company could then assign that dollar amount to risk mitigation tools and technologies. Over time, this investment will be offset by the avoided losses, as well as efficiency gains through automation.

‍

 6. Select tools that address emerging and evolving threats 

The fraud landscape is always changing – and now, with the growing reach of generative AI tools like ChatGPT, it is becoming easier than ever to create fake documents or identify loopholes in existing fraud prevention measures.

“These tools are obviously going to present a very large opportunity for fraud to create and automate even more damaging attacks on banks, fintechs and organizations of all kinds,” says Daragh. “Fending off this type of attack is going to be one of the next big problems that our industry will face.”

Again, this is where advanced technology becomes so critical. As documents become more and more convincing and the number of templates being used to create such files increases, it will become impossible for human reviewers to identify signs of fraud. 

“Some of these templates are very sophisticated and it’s almost impossible to spot alterations with the human eye,” adds Daragh. “These bad actors aren’t using Microsoft Paint to change a document; they are using templates with perfectly matched fonts and correct formatting that are difficult to detect. The stakes are high.”

When companies define their toolset, they should ask specific questions about how the service provider updates and upgrades their tools to catch the latest fraud techniques and methods.

‍

7: Widen the signals to catch more signs of fraud

Document fraud may be one common factor in a lot of cases of first-party fraud, but it is far from the only fraud signal companies should focus on. Anurag recommends widening the net to ensure the company is leveraging a variety of data points to identify potential cases of fraud.

“You need to understand your typical customer and what a ‘normal’ range of activity would be for them,” says Anurag. 

An example for his company, which offers fleet card services, might be to ask the applicant how much the company spends on fuel per month. A legitimate customer would likely provide a response that falls within a given range. However, a fraudulent customer may not know the answer, or give a response that would indicate they plan to overcharge the account and not repay the line of credit.

“When the customer answers a question outside the normal range, that is our signal to put them in a different queue,” he says. “Of course, you have to be careful because legitimate customers may just spend more than the average customer based on their location or some other factor.  But if you really understand your customer, you could probably build a profile that would catch a lot of these cases.”

Anurag also points to some unconventional signals to detect fraud. For example, in his experience, fraudsters generally do not use accounting software programs, such as QuickBooks, or leverage professional accounting services. They will simply set up different accounts and move money around to give the appearance of a real business. So even something as basic as having a software subscription could be an important signal that a customer is legitimate. Taken in context with other review methods, this point can be used to help the company make a decision about the customer.

“You can’t identify these signals manually because it would be too time intensive,” he admits. “But you can leverage vendor insights to manage these tasks and provide a quick view. For example, we use Inscribe for this and it has been really valuable because it helps us reduce our review time to just one or two minutes per customer.”

‍

 8. Establish a COE to centralize fraud and risk effort 

With first-party fraud playing such a major part in an organization’s risk profile, it may be wise to dedicate a team to its oversight. Frank recommends establishing a Center of Excellence (COE) that will bring together fraud experts, technologists and operations professionals to coordinate all activity and responses.

Enabling higher levels of collaboration among these people may also unlock some new ideas for how to manage fraud prevention and detection. For example, Frank suggests that performing manual income verification calls to high-risk or suspicious accounts could be one way to mitigate first-party fraud. 

“It may sound old school, but verification calls can be a simple but effective way to selectively review applications and root out cases of first-party fraud,” says Frank. “A lot of times, when customers are confronted with direct questions and asked to validate information, they will disclose details that were not in the application or otherwise correct the record. 

While these manual reviews may not be practical to complete for every new customer, they can be used for select cases that require more insight. In such cases, a manual verification might be considered another layer of defense to the ‘Swiss Cheese’ strategy.

‍

9. Use coordinated friction to protect the customer experience

While companies want to be able to stop cases of potential fraud, they also need to ensure that they don’t make the onboarding process difficult for legitimate, low-risk customers.

“When it comes to first-party fraud, the potential fraudsters are your customers,” says Frank. “You don't want to treat them poorly in the event you have false positives.”

Our panelists recommend implementing the concept known as coordinated friction to help balance the need for security and speed during the onboarding process. For example, companies could leverage step-up verification, where teams validate the identity of the user by asking for additional documentation only in situations where the existing process cannot confirm the risk level of the applicant. In this way, the company doesn’t have to hold up the process for legitimate, high-value customers, but still has the opportunity to put strategic measures in place to detect fraud. 

“It’s important to understand who's really hurting your organization and exploiting the system – third-party fraudsters or your own customers [because that influences what you do to combat it],” says Frank.

Winning the fight against first-party fraud

Detecting and preventing first-party fraud may be a notoriously difficult task for banks and financial institutions, but it need not be impossible. With the right strategy, tools and partners, your organization can be on its way to reducing risk in a significant way.

Want to learn more about how to implement these tips in your business to combat first-party fraud? Listen to the recast of our webinar, The rise of first-party fraud and other 2023 trends to watch, on demand today or reach out to one of our experts to learn how Inscribe can help your business combat document fraud for first- and third-party fraud.