By Martin Warwick, Principal Fraud Consultant, FICO
Most people associate fraud with stolen identities, counterfeit cards and account takeover. Now imagine a criminal so daring he or she walks into the bank to take out a loan under his or her real name — or a completely fictitious name.
Sound surprising? Welcome to the strange world of first-party fraud. What’s even stranger is that most experts say first-party fraud represents even bigger losses than traditional, third-party fraud. Industry analysts AITE estimate it cost the credit card industry alone $18.5 billion in 2012 and is on a trajectory to hit $28.6 billion by 2016.
Thwarted by better customer identification and verification checks, the criminal fraternity and casual opportunists are applying for credit in their own names, with their own credentials, but with malicious intent. Some of the underlying details may be misrepresented to achieve the provision of a bank account, a loan, social benefits, medical insurance coverage, etc., that the applicant would not otherwise have received.
And generally, the banks that are victimized don’t even know they’re dealing with fraud. This kind of fraud masquerades as bad debt, and frustrates collectors who are tasked with collecting from false or abandoned addresses, phone numbers and email accounts. When it comes to fraud, what’s identified today using traditional measures is just the tip of the iceberg.
Based on our work with clients across Europe, FICO estimates that 5-15% of bad debt write-offs in the UK are actually first-party fraud. The proportion is higher in Europe overall. In fact, FICO recently worked with NBKI, Russia’s biggest credit bureau, to launch a new scorecard that will detect fraudulent credit applications — and the damage done by first-party fraud is so great, that this scorecard is tuned specifically to first-party fraud.
Criminal rings perpetrate first-party fraud, and the problem is by no means confined to Europe. In February this year, the FBI cracked a massive international credit card fraud case that involved using thousands of phony identities to obtain tens of thousands of credit cards. Confirmed losses were $200 million, but estimates are rising.
But individuals with no criminal ties may also defraud banks, particularly when they feel disenfranchised by a punishing economy. Borrowers that are strapped for cash may view a personal loan as a last-ditch source of funds, even if they can’t or won’t repay it. They may even have heard stories about others getting away with such methods, encouraging them to try it themselves.
First-party fraud is notoriously hard to prove, as differentiating it from bad debt can often hinge on proving the customer’s intent to repay or default. And there is no one pattern. In fact, FICO has identified several different patterns:
- Hit & Run: Takes the money (say by maxing out a new credit card) in the shortest time possible and disappears
- Sleeper: Plays the game for a while first, using the bank’s own money to make small payments and simulate normal account activity, then maxes out overdraft and credit cards and disappears. This is often carried out by groups of criminals
- Bust Out: Behaves responsibly over a significant time period, then goes on a spending spree and changes address to avoid being traced
- Sell-On: ’Sells’ account details to fraudster, often for financial gain
After a customer is delinquent, it can be tricky to identify whether or not he or she intends to commit fraud, but there are some signs that lenders can look out for. Focus on detecting suspicious activity, potentially abusive patterns and hidden connections and relationships in the vast amount of transactional data that banks own across different accounts and customer relationships.
But there is a way to hit back. Applying sophisticated analytics to bolster traditional on-boarding identity and “know your customer” defences, and combining this risk-weighted output with advances in decision management, rules management and investigative workflows, allows organizations from any sector to get a more precise view on what is traditional identity theft and third-party fraud, but also for the first time to gain insight into those who are demonstrating elements of first-party fraud.
In fact, there are opportunities to detect first-party fraud all across the account lifecycle – from the application stage onward. With credit card accounts, alarm bells should be ringing if a new borrower defaults on their first repayment. Going over the credit limit – especially by more than 30%– can also be an indicator of fraudulent intent. For loan customers, banks should look out for those who pay back less than five per cent of the loan amount before defaulting.
Bankers in many parts of Europe are waking up to the threat of first-party fraud, and exploring solutions that will give them the same calibre of protection afforded by “traditional fraud” solutions. FICO recently launched an application fraud solution that searches for both third-party and first-party fraud. What was once the “hidden” problem of fraud is finally stepping into the light.
Martin Warwick advises FICO clients across Europe on fraud management. He recently developed the commentary for FICO’s card fraud map of Europe (www.fico.com/fraudeurope). For more discussions of first-party fraud, check out the FICO Banking Analytics Blog (http://bankinganalyticsblog.fico.com).
First-Party Fraud Detection – Potential Triggers