What is first-party fraud?

First-party fraud (FPF) is a type of fraudulent activity where an entity deliberately engages in deceptive practices or provides false information to defraud a company or organization from within. A unifying factor behind various types of first-party fraud is that organizations are the ultimate victims, rather than a customer or another individual.

The costs associated with this fraud type are high, with one study by PYMNTS citing $89 billion lost per year to merchants alone. If, as some financial crime analysts are suggesting, it becomes more prominent, its costs will only increase. Despite this, many customers may commit FPF unknowingly. Many firms also remain unaware of first-party fraud rates within their system, mistaking it for bad credit. So how can firms understand and take control of this risk?

How first-party fraud works

FPF encompasses a wide range of fraudulent activities. At one end, individuals may misrepresent their income or employment status to obtain a better mortgage rate. At the other end, organized groups of criminals may apply for loans or lines of credit with no intention of repaying them.

First-party fraud compared to other fraud categories

According to the United States Federal Reserve, first-party fraud is one of four basic fraud categories.

1. First-party fraud: Fraud by an accountholder whose main victim is an organization. Instances of FPF include the abuse of dispute policies to obtain a refund on false or misleading claims, abusing promotion policies to acquire discounts or excess refunds, and fraud committed via an account opened under a synthetic identity.
2. Second-party fraud: The unauthorized use of an accountholder’s funds by a loved one or trusted acquaintance. A loved one who obtained access to a credit card on trust might, for example, abuse the access to make more purchases – or different types of purchases – than were agreed when they were given access.
3. Third-party fraud: Transactions made by an unknown third party who has illegally gained access to an account or payment instrument. Account takeovers or transactions on an account opened with a stolen identity are classic examples.
4. Fraud in the inducement: Some firms refer to this as a victim-assisted scam. This means that the accountholder themselves is tricked by a scammer into making a transaction that causes them to lose money or be harmed in some way. Examples include romance scams and scams using fear to manipulate vulnerable people (such as a person that is disabled, elderly, or in urgent need due to personal circumstances.)

Types of first-party fraud

FPF includes a wide range of behaviors, some virtually always malicious and others sometimes engaged in due to ignorance or misunderstanding. Typologies include:

• Chargeback fraud – Fraudulent chargebacks, sometimes known as friendly fraud, occur because a customer falsely claims a legitimate dispute reason. This might include claiming a legitimate charge was unauthorized, received goods never arrived, or a billing error occurred when it did not. Although this can be done with fraudulent intent, it’s also common for customers to engage in this behavior due to a misunderstanding of dispute categories. They may even believe that giving an inaccurate dispute reason is no more than a technicality, not understanding that this could constitute fraud.
• Promotion abuse – This ranges from digital coupon theft or forging a promotion to buying merchandise using a coupon with the intent to return it for a full-price refund. Again, some customers may think they are only taking advantage of a technical loophole, and be unaware they are defrauding a merchant or firm.
• New account fraud – This fraud is committed using new accounts opened with misleading or falsified identification. This can range from basic manipulation – such as changing real name spellings or alternating addresses to conceal multiple fraudulent accounts – to synthetic identity fraud, which randomly combines real or fake information to create a completely fictitious identity. Though new account fraud can also involve outright identity theft, the use of a stolen identity would qualify as third-party fraud, not first-party.
• Sleeper fraud – Accounts are opened with fraudulent intent, but the fraud does not begin right away. Instead, the accountholder allays suspicion by establishing a positive track record with their financial institution. Then they suddenly change patterns and begin fraudulent transactions. This typology is sometimes referred to as bust-out fraud.
• Check kiting – An accountholder deposits a check they wrote on an underfunded account into a second account at another institution. While the check is still clearing, they withdraw those funds, sometimes depositing them in the original underfunded account to keep the check from bouncing.

First-party fraud and synthetic identity fraud

Synthetic identity fraud occurs when an accountholder uses a manipulated or fabricated identity to defraud a firm. Though identity crimes were traditionally seen as third-party fraud, these fraud schemes are carried out by the accountholder against an organization and don’t qualify as classic identity theft. Because of this, sources define it differently: for example, the Credit Industry Fraud Avoidance System (CIFAS) separates first-party fraud from all forms of identity crime, but both the Federal Reserve and a report by PYMNTS and Total Systems Services (TSYS) identify synthetic identity fraud as a sub-category of first-party fraud.

Firms should ensure they are using  industry- and regulator-validated fraud definitions. Once determined, firms should remain consistent across the organization – especially in risk management functions – to avoid interfering with the effectiveness of their fraud prevention programs.

What is first-party fraud’s effect on firms?

A recent CIFAS report estimates FPF to “cost billions of pounds per year in direct losses and monitoring, detection, and prevention.” This only takes UK costs into account, but first-party fraud is a worldwide phenomenon. And because CIFAS doesn’t count synthetic identity fraud in its estimates, the costs are likely higher.

According to a 2022 Visa study, first-party fraud affected a third of firms worldwide, ranking as the number one concern for small to midsize businesses. In North America, it was the second-ranked form of fraud in 2022, behind only card testing in frequency. Because Visa only included chargeback fraud in their definition of FPF and ranked other forms of FPF separately, these figures are conservative.

How can firms detect and prevent first-party fraud?

FPF is a significant concern to firms, costing billions and affecting a significant proportion of organizations worldwide. So how can firms effectively curb its risks? Here are three key strategies to consider:

1. Educate consumers

The first point worth considering is that people who commit FPF don’t always understand their actions constitute fraud. Malicious intent is of course involved in many schemes, but certain typologies may appear innocent to otherwise honest customers. Firms must educate their accountholders on the realities of first-party fraud – moral, legal, and financial. Removing the subsection of offenders who would stop their behavior if they realized their activity was unethical could reduce the burden firms face in managing the risk.

2. Implement a risk-based approach

But even if customers understand the true nature of first-party fraud, firms will still face risks associated with it. To that end, a risk-based fraud management system is essential. Firms must establish clear, validated, and consistent fraud definitions, ensuring FPF is included in up-to-date enterprise-wide risk assessments. In particular, it’s important to firmly grasp common FPF typologies’ red flags. 

3. Harness technology

Finally, firms should take advantage of updated technology that can enable more effective customer due diligence (CDD) and transaction monitoring measures. Even the firmest grasp of FPF red flags can leave some patterns undetected, but machine learning and artificial intelligence can reveal hidden patterns by connecting subtle red flags that wouldn’t stand out to the human eye.