Most identity fraud detection focuses on answering a simple question: is this person who they say they are? Answering this simple question prevents thousands of attempts at identity theft and synthetic fraud.
But what happens when the answer to that question is yes, the core personally identifiable information is correct, but other application information is incorrect or misrepresents the true financial identity of the person behind the application? Now we're in the domain of first-party fraud, one of the trickiest fraud problems plaguing FIs and other American institutions.
What is first-party fraud?
First-party fraud (FPF) is the act of presenting a financial institution or other lender with accurate core personal information but inaccurate, misleading, or incomplete financial identity information.
For example, an application with elevated risk of first-party fraud might include the applicant's real name, DOB, and SSN, but incorrect income information. Or, the application might contain accurate income information, but leave out that the applicant's credit history has been distorted by claims that debts they incurred legitimately were the result of identity theft.
In other words, the fraudster is effectively creating a fake financial identity for the FI to lend to — one that shares the fraudster's real name and SSN, but not their true financial and credit history.
Common first-party fraud MOs
There are a wide variety of first-party fraud schemes and MOs, and companies across many industries may be targeted. But some of the most common MOs include:
- Credit washing — The fraudster maxes out credit lines and then falsely claims to be victim of identity theft, using this "victim" status to have the bad tradelines removed from their credit report.
- Piggybacking — The fraudster illegitimately boosts their credit score by purchasing aged tradelines.
- Check fraud — The fraudster deposits a fake or fraudulently modified check and moves the money to a different account before the bank discovers the check is illegitimate. (Banks are required to comply with funds availability rules and thus sometimes must make deposited funds available before they're able to fully assess a check's legitimacy).
- ACH fraud — The fraudster creates multiple checking accounts, initiates an ACH transfer from one, and reports it as lost from another account.
- Bust-out fraud — The fraudster maxes out lines of credit with no intent to pay them back, often after having first slowly built up and paid off credit to increase the amount they're able to borrow for the bust-out.
- Employment or income fraud — The fraudster falsifies documentation or otherwise misrepresents their employment situation or income to increase their chances of approval for credit products.
These are just examples; there are many types of first-party fraud, and fraudsters are constantly looking for new approaches.
Why first-party fraud is difficult to stop
First, first-party fraud is more difficult to identify, even after the fact. There is no victim to report the crime like there is in cases of identity theft. Fraudsters can manipulate real data about themselves in ways that are difficult for a lender to detect. And losses from first-party fraud are easy to misattribute as bad debt or as other types of fraud, which means that many institutions struggle to even determine the size of the problem.
Second, traditional anti-fraud solutions don't solve first-party fraud. Most anti-fraud solutions are aimed at determining whether an applicant matches the core personal information (name, DOB, SSN) in the application. Step-up treatments aim to verify the identity through techniques like document verification, liveness checks, or knowledge-based authentication (KBA). But those checks are not always effective at stopping first-party fraud because the core identity information is accurate.
Third, first-party fraudsters exploit regulations and rules designed for consumer protection. The US financial system has a variety of mechanisms designed to protect consumers, some of which can be exploited by first-party fraudsters. Credit washing, for example, relies on consumer protections that enable the victims of true identity theft to free themselves from debts fraudsters incurred in their name. These consumer protections are important, but they do provide avenues for abuse that can be difficult for FIs to detect and prove.
How do you detect first-party fraud?
The challenges associated with first-party fraud make it difficult to detect, but most approaches focus on looking at historical data associated with the application identity to identify risky patterns. Fraudsters don't typically commit fraud just once, and many don't limit themselves to a specific fraud MO, so there are a variety of signals in historical data that can point towards an application identity being high-risk for first-party fraud. The question then becomes: how can you get the most accurate picture of first-party fraud risk?
A better way to detect FPF
While the concept of "consortiums" have been explored in the marketplace recently, these approaches have natural and extensive blind spots that leave participants vulnerable. This is particularly true in the case of FPF because different institutions define FPF differently and there can be a huge variance in how effectively they flag it. Many FIs are also (understandably) hesitant to share their data with competitors.
SentiLink's new First Party Fraud Score, as well as our suite of First Party Fraud Flags and Facets, provide institutions with a way to analyze historical data and flag high-fraud risk applications without the downsides associated with consortiums. Partner data is never shared with other partners, and there are no politics and no consensus-building delays.
Instead, SentiLink provides an accurate, easy-to-understand score between 1 and 999 indicating an application's risk level for first-party fraud. This portfolio-agnostic score is based on historical identity attributes and application patterns.
It's also highly flexible; SentiLink partners can choose their own risk cutoffs to dial in the desired balance between preventing fraud and minimizing friction in the sign-up process. And partners can also leverage our First Party Fraud Flags and Facets to get more granular signals on specific FPF-related behaviors for integration into rules-based systems or custom models.
In data studies, SentiLink's First-Party Fraud solutions have been shown to prevent millions in annualized losses for partner FIs.
(Note: SentiLink's First Party Fraud Score can only be used for identity verification and fraud prevention purposes and cannot be used for any purpose under the Fair Credit Reporting Act.)
First-party fraud treatment strategies
When first-party fraud risk is flagged, what steps should FIs take to dig deeper? The specifics will vary, but some common treatment strategies include:
- Attestation, notarization, or physical ID verification: for suspected credit washers, these treatments can mitigate the risk of a future dispute.
- 4506-C/T: for suspected credit washers or tradeline purchasers, these strategies allow you to gather additional income data and introduce additional steps for identity verification.
- Manual investigation: All SentiLink partners can trigger an escalation with SentiLink's Fraud Intelligence Team to further examine risk signals, conduct non-documentary verifications, and/or consult other fraud investigation tools under the GLBA to verify identity on tricky applications.
Want to learn more? Reach out to learn how SentiLink can help you reduce first-party fraud losses and verify more accurate identities. And check out our latest Fraud Report to find out what happened with first-party fraud rates in 2025.
