At SentiLink's on:fraud fraud intelligence conference in March, leaders from major financial institutions compared notes on first-party fraud — what it is, why it's hard to stop, and what's working. A few themes came up repeatedly:
The definition problem
The line between first-party fraud and credit risk can be blurry. Panelists agreed that the crux of the matter is intent — does the applicant intend to pay back the loan, for example? — which is impossible to determine for certain. Moreover, intent doesn't always define action; some customers genuinely may intend to pay but wind up unable to. This makes first-party fraud particularly hard for fraud analysts to tackle.
Combined with the fact that individual organizations are targeting different first-party fraud behaviors and have varying levels of risk thresholds, “bad” outcomes exist on a spectrum.
These nuances mean that both broadly in the marketplace, and often even within the context of a single financial institution (FI), there isn't a clear-cut definition of precisely what FPF is. That, in turn, makes external and consortium data less useful, since different institutions may define FPF differently and thus may apply different labels.
Adding to the challenge, FPF can also be easy to confuse with other fraud MOs and approaches such as scams or assumed identity abuse (AIA). Risky behavior associated with an account could indicate the account owner is engaged in first-party fraud, but they could also be the victim of a scam or coercion, or the victim of a convincing identity thief.
Additional challenges to addressing FPF
Attendees at on:fraud also agreed that, aside from the challenges associated with defining and labeling FPF itself, there are also a number of institutional and systemic realities that contribute to making the first-party fraud problem difficult to solve.
First, there's the obvious one: unlike identity theft, there is no victim to report a crime in the case of first-party fraud. If the FI itself is unable to detect a case of FPF using its own insights, its losses will likely compound.
Institutionally, one common problem is data and data access. Internal data that can help flag FPF may be siloed and not easily accessible to fraud and risk teams. Acquiring external data is often required, but that can present financial and implementation challenges, and is still susceptible to problems stemming from the lack of a consensus definition of precisely what constitutes FPF.
External data often comes via some sort of consortium model that also requires data sharing with other FIs, which presents its own set of risks. For example, mistakenly labeling a customer a first-party fraudster could have long-ranging implications for their financial life if that label is shared and other FIs act on it.
Another problem is that fraudsters can move much faster than most financial institutions. Fraudsters can move as fast as they like, and there's a robust and mature marketplace of how-to materials available to teach would-be fraudsters the ropes, and they share intelligence through channels that would be very difficult for FIs to monitor — sometimes on major social media networks, but also in the chat lobbies of multiplayer video games, for example. Institutions can't monitor all of those channels and they can't react instantly to new trends and fraud patterns; they must adhere to internal policies and regulatory frameworks and they often move at the speed of bureaucracy.
That's an especially big problem in an era where first-party fraud moves at the speed of TikTok trends. And those TikTok trends are another problem, attendees noted; the perpetrators often aren't aware they're even committing fraud — these MOs are often presented as "glitches," "methods," or "hacks."
How FIs are addressing FPF
While FPF is far from a solved problem, attendees did feel that progress is being made. First-party synthetic fraud — in which a fraudster applies with their own identity but a fake SSN — is largely a solved problem thanks to tools like SentiLink's Synthetic Fraud Score and authoritative step-up treatments like eCBSV.
They also shared some broad strategies and techniques that they've found to be effective at combating other types of FPF at their institutions, including:
- Carefully monitoring account behavior in the first six months after account opening — risky signals during this period are often an early indicator of first-party fraud risk.
- Leveraging third-party tools such as SentiLink that provide risk scores based on attributes that present patterns associated with elevated risk for first party fraud.
- Stepping up suspected first-party fraudsters to additional processes such as the 4506-C form (although this annoys legitimate consumers).
At the end of the day, though, attendees agreed that manual review is often needed, particularly for the tricky middle-of-the-road cases.
There was also a feeling among attendees that some level of public education may be needed, perhaps on the part of FIs and perhaps on the part of the government, to combat the increasing prevalence of FPF from consumers following viral trends who may not understand they're committing fraud.
Flag FPF risk at the point of application — explore SentiLink's First-Party Fraud Score.
