By: Kennis Wong
On the surface, it’s not difficult to define existing account fraud. Obviously, it is fraud perpetrated against an existing account. But the way I see it, existing account fraud can be broken down into four types.
The first type is account takeover fraud, which is what most organizations think as the de facto existing account fraud. This is when a real consumer using his or her own identity to open a legitimate account, but the account later on get taken over by an identity fraudster. The idea is that when the account was first established, it was created by the rightful person. But somewhere along the way, the account and identity information were compromised. The fraudster uses the compromised information to engineer their way into the account.
The second type is impersonation. Impersonation is somewhat similar to account takeover in the sense that it is also misusing the victim’s account. But the difference is that impersonation is more of a one or few times misuses of the account. Examples are a fraudulent use of a credit card or wire transfer.
These are the obvious categories. But I think we should also think about these other categories.
My definition of existing account fraud also includes this third type – identity fraud that was undetected during application. In other words, an account is established based on stolen identity. Many organizations call this “new account fraud”, which I don’t have a problem with. But I think it’s really also existing account fraud, because – is this existing account? The answer is yes. Is this fraud? Absolutely. It’s not that difficult, is it?
Similarly, I am including first-party fraud in existing account fraud as well. A consumer can use his or her own identity to open an account, with an intention to default after the account is established. Example is bust out fraud.
You see that this is an expanded definition of existing account fraud, because my focus is on detection. No matter at what point and how identity fraud comes in, it becomes an account in your organization, and that is where we need to discover the fraud.
But at the end of the day, it’s not too important how to categorize or name the fraud – whether it’s application fraud, existing account fraud, first party fraud or third party fraud, as long as organizations understand them enough and have a good way to detect them.
Read more blog posts on existing account fraud.
