By: Kennis Wong As I said in my last post, when consumers and the media talk about fraud and fraud risk, they are usually referring to third-party frauds. When financial institutions or other organizations talk about fraud and fraud best practices, they usually refer to both first- and third-party frauds. The lesser-known fraud cousin, first-party fraud, does not involve stolen identities. As a result, first-party fraud is sometimes called victimless fraud. However, being victimless can’t be further from the truth. The true victims of these frauds are the financial institutions that lose millions of dollars to people who intentionally defraud the system. First-party frauds happen when someone uses his/her own identity or a fictitious identity to apply for credit without the intention to fulfill their payment obligation. As you can imagine, fraud detection of this type is very difficult. Since fraudsters are mostly who they say they are, you can’t check the inconsistencies of identities in their applications. The third-party fraud models and authentication tools will have no effect on first-party frauds. Moreover, the line between first-party fraud and regular credit risk is very fuzzy. According to Wikipedia, credit risk is the risk of loss due to a debtor's non-payment of a loan or other line of credit. Doesn’t the definition sound similar to first-party fraud? In practice, the distinction is even blurrier. That’s why many financial institutions are putting first-party frauds in the risk bucket. But there is one subtle difference: that is the intent of the debtor.  Are the applicants planning not to pay when they apply or use the credit?  If not, that’s first-party fraud. To effectively detect frauds of this type, fraud models need to look into the intention of the applicants.

Vintage analysis, specifically vintage pools, present numerous useful opportunities to further understand the risks within specific portfolios.

By: Kennis Wong When consumers and the media talk about fraud and fraud risk, nine out of ten times they are referring to third-party frauds. When financial institutions or other organizations talk about fraud, fraud best practices, or their efforts to minimize fraud, they usually refer to both first- and third-party frauds. The difference between the two fraud types is huge. Third-party frauds happen when someone impersonates the genuine identity owner to apply for credit or use existing credit. When it’s discovered, the victim, or the genuine identity owner, may have some financial loss — and a whole lot of trouble fixing the mess. Third-party frauds get most of the spotlight in newspaper reporting primarily because of large-scale identity data losses. These data losses may not result in frauds per se, but the perception is that these consumers are now more susceptible to third-party frauds. Financial institutions are getting increasingly sophisticated in using fraud models to detect third-party frauds at acquisition. In a nutshell, these fraud models are detecting frauds by looking at the likelihood of applicants being who they say they are. Institutions bounce the applicants’ identity information off of internal and external data sources such as: credit; known fraud; application; IP; device; employment; business relationship; DDA; demographic; auto; property; and public record. The risk-based approach takes into account the intricate similarities and discrepancies of each piece of data element. In my next blog entry, I’ll discuss first-party fraud.