First-party fraud is an identity-centric risk that changes over time. And the fact that no one knows the true size of first-party fraud is not the problem. It’s a symptom.
First-party fraud involves a person making financial commitments or defaulting on existing commitments using their own identity, a manipulated version of their own identity or a synthetic identity they control. With the identity owner involved, a critical piece of the puzzle is lost. Because fraud “treatments” tend to be all-or-nothing and rely on a victim, the consequences of applying traditional fraud strategies when first-party fraud is suspected can be too harsh and significantly damage the customer relationship.
Without feedback from a victim, first-party fraud hides in plain sight — in credit losses. As a collective, we’ve created lots of subsets of losses that nibble around the edges of first-party fraud, and we focus on reducing those. But I can’t help thinking if we were really trying to solve first-party fraud, we would collectively be doing a better job of measuring it. As the saying goes, “If you can’t measure it, you can’t improve it.”
Because behaviors exhibited during first-party fraud are difficult to distinguish from those of legitimate consumers who’ve encountered catastrophic life events, such as illness and unemployment, individual account performance isn’t typically a good measurement. First-party fraud is a person-level event rather than an account-level event and needs to be viewed as such.
So why does first-party fraud slip through the cracks?
- Existing, third-party fraud prevention tools aren’t trained to detect it.
- Underwriting relies on a point-in-time assessment, leaving lenders blind to intentions that may change after booking.
- When first-party fraud occurs, the different organizations that suffer losses attach different names to it based on their account-level view.
- It’s hidden in credit losses, preventing you from identifying it for future analysis.
As an industry, we aren’t going to be able to solve the problem of first-party fraud as long as three different organizations can look at an individual and declare, “Never pay!” “No. Bust-out!” “No! Charge-off!” So, what do we need to stop doing?
- Stop thinking that it’s a different problem based on when you enter the picture. Whether you opened an account five years ago or 5 minutes ago doesn’t change the problem. It’s still first-party fraud if the person who owns the identity is the one misusing it.
- Stop thinking that the financial performance of an account you maintain is the only relevant data.
And what do we need to start doing?
- See and treat first-party fraud as a continuous
- Leverage machine learning techniques and robust data (including your own observations) to monitor for emerging risk over
- Apply multiple levels of treatments to respond and tighten controls/reduce exposure as risk
- Define first-party fraud using a broader set of elements beyond your individual observations.
