Fraud – it’s a word that comes up in conversations across every industry. While there’s a general awareness that fraud is on the rise and is constantly evolving, for many the full impact of fraud is misunderstood and underestimated. At the heart of this challenge is the tendency to lump different types of fraud together into one big problem, and then look for a single solution that addresses it. It’s as if we’re trying to figure out how to un-bake a terrible cake instead of thinking about the ingredients and the process needed to put them together in the first place.
This is the first of a series of articles in which we’ll look at some of the key ingredients that create different types of fraud, including first party, third party, synthetic identity, and account takeover. We’ll talk about why they’re unique and why we need to approach each one differently.
At the end of the series, we’ll get a result that’s easier to digest. I had second thoughts about the cake metaphor, but in truth it really works. Creating a good fraud management process is a lot like baking. We need to know the ingredients and some tried-and-true methods to get the best result. With that foundation in place, we can look for ways to improve the outcome every time. Let’s start with a look at the best known type of fraud, third party.
What is third-party fraud?
Third-party fraud – generally known as identity theft – occurs when a malicious actor uses another person’s identifying information to open new accounts without the knowledge of the individual whose information is being used. This type of fraud is unique from first party or synthetic identity fraud because it involves an identifiable victim that’s willing to collaborate in the investigation and resolution, for the simple reason that they don’t want to be responsible for the obligation made under their name.
Third-party fraud is often the only type of activity that’s classified as fraud by financial institutions. The presence of an identifiable victim creates a high level of certainty that fraud has indeed occurred. That certainty enables financial institutions to properly categorize the losses.
Since there is a victim associated with it, third party fraud tends to have a shorter lifespan than other types. When victims become aware of what’s happening, they generally take steps to protect themselves and intervene where they know their identity has been potentially misused. As a result, the timeline for third-party fraud is shorter, with fraudsters acting quickly to maximize the funds they’re able to amass before busting out.
How does third-party fraud impact me?
As the digital transformation continues, more and more personally identifiable information (PII) is available on the dark web due to data breaches and phishing scams. Given that half of consumers anticipate increasing their online spending in the coming year, we anticipate that the amount of PII readily available to criminals will only continue to grow. All of this will lead to identity theft and increase the risk of third-party fraud.
Third-party fraud has been on businesses’ radar throughout 2020, with account takeover and account opening fraud representing high opportunities for risk.
While we don’t yet know the full financial impact of COVID-19, it’s clear that it has created both opportunity—increased online presence and interaction—and need—in the form of financial distress for businesses and consumers—when it comes to third-party fraud.
Solving the third-party fraud problem
We’ve examined one part of the fraud problem, and it is a complex one. With Experian as your partner, solving for it isn’t. Continuing my cake metaphor, by following the right steps and including the right ingredients, businesses can detect and prevent fraud.
Preventing third-party fraud involves two distinct steps.
- Analytics: Driven by extensive data that captures the ways in which people present their identity—plus artificial intelligence and machine learning—good analytics can detect inconsistencies, and patterns of usage that are out of character for the person, or similar to past instances of known fraud.
- Verification: The advantage of dealing with third-party fraud is the availability of a victim that will confirm when fraud is happening. The verification step refers to the process of making contact with the identity owner to obtain that confirmation. It does require some thought and discipline to make sure that the contact information used leads to the identity owner—and not to the fraudster.
Over the coming weeks, I’ll be exploring first-party fraud, synthetic identity fraud, and account takeover fraud and how a layered fraud management strategy can help keep your business and customers safe from all types. Let us know if you’d like to learn more about how Experian is using our identity expertise, data, and analytics to detect and prevent fraud.