Third-Party Fraud

First-party fraud is committed by a person or a company using their identity (for example, disputing a legitimate transaction to get a chargeback). In contrast, second-party fraud also involves using a person’s or another business’ data, but the difference is that the crime is committed by another individual who receives this information voluntarily (for example, paying for goods that are provided by a fake or non-existent merchant). These fraud types involve the account holder, whereas, in third-party fraud, the crime itself happens without the victim’s knowledge. 

Like most forms of fraud, it impacts a company financially, stressing the importance of having a proper risk assessment strategy. First-party fraud isn’t a one-and-done deal. It can happen at any time of the customer journey, not only during the user onboarding phase. That’s because standard, “good” customers can evolve into fraudsters. For example, a seemingly trustworthy applicant can manipulate their identity to hide bad credit.

There are different forms of first-party fraud. For example:

• Credit card fraud (skimmed cards, cloned cards, physically stolen cards etc.)
• Loan stacking (applying for multiple loans using a fake identity)
• Tax fraud (filing for false tax returns to claim benefits)
• Account takeover fraud (stealing another person’s account to retrieve funds or purchase new items).

Poor risk management can damage relationships with legitimate customers, minimizing the chances of business growth, which negatively impacts the company’s reputation. This also means that the company can expose itself to extra risks, such as money laundering or non-compliance fines. In industries like lending, there is a high potential for errors when interpreting customer behavior. 

A now notorious fraudster, Kenneth Gibson, created at least 8,000 PayPal accounts back in 2017. He used the names of his employees and moved small amounts of money as a precaution not to get caught immediately. Then, the fraudster withdrew the funds from ATMs. Gibson was later charged with multiple counts of fraud, including identity theft or third-party fraud. 

It’s not possible to completely combat third-party fraud, but there are vital measures that both users and online platforms can take. For example, you need to have good password hygiene and be aware of the most common fraudulent tactics, for example, how scammers phish for data using email campaigns that are generated via ChatGPT and other automation tools that allow them to scale their operations and access more data. 

For companies, there are various fraud prevention tools that use AI to analyze user behavior, detect suspicious patterns, and prevent third-party fraud, such as account takeovers. This is important, as users can develop fraudulent intentions later in their customer lifecycle. In general, most platforms use identity verification as the first line of defense against unwanted user registrations or fake and stolen identities.