Tag: bust out fraud

Dormant fraud, sleeper fraud, trojan horse fraud . . . whatever you call it, it’s an especially insidious form of account takeover fraud (ATO) that fraud teams often can’t detect until it’s too late. Fraudsters create accounts with stolen credentials or gain access to existing ones, onboard under the fake identity, then lie low, waiting for an opportunity to attack.   It takes a strategic approach to defeat the enemy from within, and fraudsters assume you won’t have the tools in place to even know where to start.   Dormant fraud uncovered: A case study  NeuroID, a part of Experian, has seen the dangers of dormant fraud play out in real time.  As a new customer to NeuroID, this payment processor wanted to backtest their user base for potential signs of fraud. Upon analyzing their customer base’s onboarding behavioral data, we discovered more than 100K accounts were likely to be dormant fraud. The payment processor hadn’t considered these accounts suspicious and didn’t see any risk in letting them remain active, despite the fact that none of them had completed a transaction since onboarding.  Why did we flag these as risky?  Low familiarity: Our testing revealed behavioral red flags, such as copying and pasting into fields or constant tab switching. These are high indicators that the applicant is applying with personally identifiable information (PII) that isn’t their own.  Fraud clusters: Many of these accounts used the same web browser, device, and IP address during sign-up, suggesting that one fraudster was signing up for multiple accounts. We found hundreds of clusters like these, many with 50 or more accounts belonging to the same device and IP address within our customer’s user base.  It was clear that this payment processor’s fraud stack had gaps that left them vulnerable. These dormant accounts could have caused significant damage once mobilized: receiving or transferring stolen funds, misrepresenting their financial position, or building toward a bust-out.   Dormant fraud thrives in the shadows beyond onboarding. These fraudsters keep accounts “dormant” until they’re long past onboarding detection measures. And once they’re in, they can often easily transition to a higher-risk account — after all, they’ve already confirmed they’re trustworthy. This type of attack can involve fraudulent accounts remaining inactive for months, allowing them to bypass standard fraud detection methods that focus on immediate indicators.   Dormant fraud gets even more dangerous when a hijacked account has built trust just by existing. For example, some banks provide a higher credit line just for current customers, no matter their activities to date. The more accounts an identity has in good standing, the greater the chance that they’ll be mistaken for a good customer and given even more opportunities to commit higher-level fraud.  This is why we often talk to our customers about the idea of progressive onboarding as a way to overcome both dormant fraud risks and the onboarding friction caused by asking for too much information, too soon.   Progressive onboarding, dormant fraud, and the friction balance  Progressive onboarding shifts from the one-size-fits-all model by gathering only truly essential information initially and asking for more as customers engage more. This is a direct counterbalance to the approach that sometimes turns customers off by asking for too much too soon, and adding too much friction at initial onboarding. It also helps ensure ongoing checks that fight dormant fraud. We’ve seen this approach (already growing popular in payment processing) be especially useful in every type of financial business. Here’s how it works:  A prospect visits your site to explore options. They may just want to understand fees and get a feel for your offerings. At this stage, you might ask for minimal information — just a name and email — without requiring a full fraud check or credit score. It’s a low commitment ask that keeps things simple for casual prospects who are just browsing, while also keeping your costs low so you don’t spend a full fraud check on an uncommitted visitor.   As the prospect becomes a true customer and begins making small transactions, say a $50 transfer, you request additional details like their date of birth, physical address, or phone number. This minor step-up in information allows for a basic behavioral analytics fraud check while maintaining a low barrier of time and PII-requested for a low-risk activity.  With each new level of engagement and transaction value, the information requested increases accordingly. If the customer wants to transfer larger amounts, like $5,000, they’ll understand the need to provide more details — it aligns with the idea of a privacy trade-off, where the customer’s willingness to share information grows as their trust and need for services increase. Meanwhile, your business allocates resources to those who are fully engaged, rather than to one-time visitors or casual sign-ups, and keeps an eye on dormant fraudsters who might have expected no barrier to additional transactions.  Progressive onboarding is not just an effective approach for dormant fraud and onboarding friction, but also in fighting fraudsters who sneak in through unseen gaps. In another case, we worked with a consumer finance platform to help identify gaps in their fraud stack. In one attack, fraudsters probed until they found the product with the easiest barrier of entry: once inside they went on to immediately commit a full-force bot attack on higher value returns. The attack wasn’t based on dormancy, but on complacency. The fraudsters assumed this consumer finance platform wouldn’t realize that a low controls onboarding for one solution could lead to ease of access to much more. And they were right.  After closing that vulnerability, we helped this customer work to create progressive onboarding that includes behavior-based fraud controls for every single user, including those already with accounts, who had built that assumed trust, and for low-risk entry-points. This weeded out any dormant fraudsters already onboarded who were trying to take advantage of that trust, as they had to go through behavioral analytics and other new controls based on the risk-level of the product.   Behavioral analytics gives you confidence that every customer is trustworthy, from the moment they enter the front door to even after they’ve kicked off their shoes to stay a while.  Behavioral analytics shines a light on shadowy corners  Behavioral analytics are proven beyond just onboarding — within any part of a user interaction, our signals detect low familiarity, high-risk behavior and likely fraud clusters. In our experience, building a progressive onboarding approach with just these two signal points alone would provide significant results — and would help stop sophisticated fraudsters from perpetrating dormant fraud, including large-scale bust outs.  Want to find out how progressive onboarding might work for you? Contact us for a free demo and deep dive into how behavioral analytics can help throughout your user journey.  Contact us for a free demo

In a series of articles, we talk about different types of fraud and how to best solve for them. This article will explore first-party fraud and how it's similar to biting into a cookie you think is chocolate chip, only to find that it’s filled with raisins. The raisins in the cookie were hiding in plain sight, indistinguishable from chocolate chips without a closer look, much like first-party fraudsters. What is first-party fraud? First-party fraud refers to instances when an individual purposely misrepresents their identity in exchange for goods or services. In the financial services industry, it's often miscategorized as credit loss and written off as bad debt, which causes problems when organizations later try to determine how much they’ve lost to fraud versus credit risk. Common types of first-party fraud include: Chargeback fraud: Also known as "friendly fraud," chargeback fraud occurs when an individual knowingly makes a purchase with their credit card and then requests a chargeback from the issuer, claiming they didn't authorize the purchase. Application fraud: This takes place when an individual uses stolen or manipulated information to apply for a loan, credit card or job. In 2023, the employment sector accounted for 45% of all false document submissions — 70% of those who falsified their resumes still got hired. Fronting: Done to get cheaper rates, this form of insurance fraud happens when a young or inexperienced individual is deliberately listed as a named driver, when they're actually the main driver of the vehicle. Goods lost in transit fraud (GLIT): This occurs when an individual claims the goods they purchased online did not arrive. To put it simply, the individual is getting a refund for something they actually already received. A first-party fraudster can also recruit “money mules” — individuals who are persuaded to use their own information to obtain credit or merchandise on behalf of a larger fraud ring. This type of fraud has become especially prevalent as more consumers are active online. Money mules constitute up to 0.3% of accounts at U.S. financial institutions, or an estimated $3 billion in fraudulent transfers. How does it impact my organization? Firstly, there are often substantial losses associated with first-party fraud. An imperfect first-party fraud solution can also strain relationships with good customers and hinder growth. When lenders have to interpret actions and behavior to assess customers, there’s a lot of room for error and losses. Those same losses hinder growth when, as mentioned before, businesses anticipate credit losses that aren’t actually credit losses. This type of fraud isn’t a single-time event, and it doesn’t occur at just one point in the customer lifecycle. It occurs when good customers develop fraudulent intent, when new applicants who have positive history with other lenders have recently changed circumstances or when seemingly good applicants have manipulated their identities to mask previous defaults. Finally, first-party fraud impacts how your organization categorizes and manages risk – and that’s something that touches every department. Solving the first-party fraud problem First-party fraud detection requires a change in how we think about the fraud problem. It starts with the ability to separate first- and third-party fraud to treat them differently. Because first-party fraud doesn’t have a victim, you can’t work with the person whose information was stolen to confirm the fraud. Instead, you’ll have to implement a consistent monitoring system and make a determination internally when fraud is suspected. As we’ve already discussed, the fraud problem is complex. However with a partner like Experian, you can leverage the fraud risk management strategies required to perform a closer examination and the ability to differentiate between the types of fraud so you can determine the best course of action moving forward. Additionally, our robust fraud management solutions can be used for synthetic identity fraud and account takeover fraud prevention, which can help you minimize customer friction to improve and deepen your relationships while preventing fraud. Contact us if you’d like to learn more about how Experian is using our identity expertise, data and analytics to improve identity resolution and detect and prevent all types of fraud. Contact us

Preventing fraud losses requires an understanding of each individual fraud type—including third-party, first-party, synthetic identity, and account takeover fraud—and how they differ from one another. It’s only with a multi-layered fraud strategy that businesses can adequately detect and treat each type of fraud while maintaining the customer experience. When’s the last time you reviewed your existing fraud strategy? Download infographic Review your fraud strategy

Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity.   Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility.   Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out.   More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don't appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue.   How does synthetic identity fraud impact me?   As mentioned, when synthetic identities bust out, businesses are stuck footing the bill.   Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1   Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies.   Solving the synthetic identity fraud problem   Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle.   During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities.   Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience.   With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses.   To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud.   Contact us Download whitepaper   1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020

Synthetic identity fraud, otherwise known as SID fraud, is reportedly the fastest-growing type of financial crime. One reason for its rapid growth is the fact that it’s so hard to detect, and thus prevent. This allows the SIDs to embed within business portfolios, building up lines of credit to run up charges or take large loans before “busting out” or disappearing with the funds. In Experian’s recent perspective paper, Preventing synthetic identity fraud, we explore how SID differs from other types of fraud, and the unique steps required to prevent it. The paper also examines the financial risks of SID, including: $15,000 is the average charge-off balance per SID attack Up to 15% of credit card losses are due to SID 18% - the increase in global card losses every year since 2013 SID is unlike any other type of fraud and standard fraud protection isn’t sufficient. Download the paper to learn more about Experian’s new toolset in the fight against SID. Download the paper

If you’ve been on the dating scene in the last few years, you’re probably familiar with ghosting. For those of you who aren’t, I’ll save you the trip to Urban Dictionary. “Ghosting” is when the person you’re dating disappears. No calls. No texts. No DMs. They just vanish, never to be heard from again. As troublesome as this can be, there’s a much more nefarious type of ghosting to be wary of – credit ghosting. Wait, what’s credit ghosting? Credit ghosting refers to the theft of a deceased person’s identity. According to the IRS, 2.5 million deceased identities are stolen each year. The theft often occurs shortly after someone dies, before the death is widely reported to the necessary agencies and businesses. This is because it can take months after a person dies before the Social Security Administration (SSA) and IRS receive, share, or register death records. Additionally, credit ghosting thefts can go unnoticed for months or even years if the family of the deceased does not check their credit report for activity after death. Opportunistic fraudsters check obituaries and other publicly available death records for information on the deceased. Obituaries often include a person’s birthday, address or hometown, parents’ names, occupation, and other information regularly used in identity verification. With this information fraudsters can use the deceased person’s identity and take advantage of their credit rating rather than taking the time to build it up as they would have to with other types of fraud. Criminals will apply for credit cards, loans, lines of credit, or even sign up for a cell phone plan and rack up charges before disappearing. Where did this type of identity theft come from? Credit ghosting is the result of a few issues. One traces back to a discrepancy noted by the Social Security’s inspector general. In an audit, they found that 6.5 million Social Security numbers for people born before June 16, 1901, did not have a date of death on record in the administration’s Numident (numerical identification) system – an electronic database containing Social Security number records assigned to each citizen since 1936. Without a date of death properly noted in the database, government agencies and other entities inquiring won’t necessarily know an individual is deceased, making it possible for criminals to implement credit ghosting schemes. Additionally, unreported deaths leave further holes in the system, leading to opportunity for fraudsters. When financial institutions run checks on the identity information supplied by a fraudster, it can seem legitimate. If the deceased’s credit is in good standing, the fraudster now appears to be a good customer—much like a synthetic identity—but now with the added twist that all of the information is from the same person instead of stitched together from multiple sources. It can take months before the financial institution discovers that the account has been compromised, giving fraudsters ample time to bust out and make off with the funds they’ve stolen. How can you defend against credit ghosting? Luckily, unlike your dating pipeline, there are ways to guard against ghosting in your business’ pipeline. Frontline Defense: Start by educating your customers. It’s never pleasant to consider your own passing or that of a loved one, but it’s imperative to have a plan in place for both the short and long term. Remind your customers that they should contact lenders and other financial institutions in the event of a death and continue monitoring those accounts into the future. Relatives of the deceased don’t tend to check credit reports after an estate has been settled. If the proper steps aren’t taken by the family to notify the appropriate creditors of the death, the deceased flag may not be added to their credit report before the estate is closed, leaving the deceased’s information vulnerable to fraud. By offering your customers assistance and steps to take, you can help ensure that they’re not dealing with the fallout of credit ghosting—like dealing with calls from creditors following up after the fraudster’s bust-out—on top of grieving. Backend Defense: Ensure you have the correct tools in place to spot credit ghosts when they try to enter your pipeline. Experian’s Fraud Shield includes high risk indicators and provides a deceased indicator flag so you can easily weed them out. Additionally, you can track other risk indicators like previous uses of a particular Social Security number and identify potential credit-boosting schemes. Speak to an Experian associate today about how you can increase your defenses against credit ghosting. Let's talk

Sometimes, the best offense is a good defense. That’s certainly true when it comes to detecting synthetic identities, which by their very nature become harder to find the longer they’ve been around. To launch an offense against synthetic identity fraud, you need to defend yourself from it at the top of your new customer funnel. Once fraudsters embed their fake identity into your portfolio, they become nearly impossible to detect. The Challenge Synthetic identity fraud is the fastest-growing type of financial crime in the United States. The cost to businesses is hard to determine because it’s not always caught or reported, but the amounts are staggering. According to the Aite Group, it was estimated to total at least $820 million in 2017 and grow to $1.2 billion by 2020. This type of theft begins when individual thieves and large-scale crime rings use a combination of compromised personal information—like unused social security numbers—and fabricated data to stitch together increasingly sophisticated personas. These well-crafted synthetic identities are hard to differentiate from the real deal. They often pass Know Your Customer, Customer Identification Program and other onboarding checks both in person and online. This puts the burden on you to develop new defense strategies or pay the price. Additionally, increasing pressure to grow deposits and expand loan portfolios may coincide with the relaxation of new customer criteria, allowing even more fraudsters to slip through the cracks. Because fraudsters nurture their fake identities by making payments on time and don’t exhibit other risk factors as their credit limits increase, detecting synthetic identities becomes nearly impossible, as does defending against them. How This Impacts Your Bottom Line Synthetic identity theft is sometimes viewed as a victimless crime, since no single individual has their entire identity compromised. But it’s not victimless. When undetected fraudsters finally max out their credit lines before vanishing, the financial institution is usually stuck footing the bill. These same fraudsters know that many financial institutions will automatically settle fraud claims below a specific threshold. They capitalize on this by disputing transactions just below it, keeping the goods or services they purchased without paying. Fraudsters can double-dip on a single identity bust-out by claiming identity theft to have charges removed or by using fake checks to pay off balances before maxing out the credit again and defaulting. The cost of not detecting synthetic identities doesn’t stop at the initial loss. It flows outward like ripples, including: Damage to your reputation as a trusted organization Fines for noncompliance with Know Your Customer Account opening and maintenance costs that are not recouped as they would be with a legitimate customer Mistakenly classifying fraudsters as bad debt write offs Monetary loss from fraudsters’ unpaid balances Rising collections costs as you try to track down people who don’t exist Less advantageous rates for customers in the future as your margins grow thinner These losses add up, continuing to impact your bottom line over and over again. Defensive Strategies So what can you do? Tools like eCBSV that will assist with detecting synthetic identities are coming but they’re not here yet. And once they’re in place, they won’t be an instant fix. Implementing an overly cautious fraud detection strategy on your own will cause a high number of false positives, meaning you miss out on revenue from genuine customers. Your best defense requires finding a partner to help you implement a multi-layered fraud detection strategy throughout the customer lifecycle. Detecting synthetic identities entails looking at more than a single factor (like length of credit history). You need to aggregate multiple data sets and connect multiple customer characteristics to effectively defend against synthetic identity fraud. Experian’s synthetic identity prevention tools include Synthetic Identity High Risk Score to incorporate the history and past relationships between individuals to detect anomalies. Additionally, our digital device intelligence tools perform link analyses to connect identities that seem otherwise separate. We help our partners pinpoint false identities not associated with an actual person and decrease charge offs, protecting your bottom line and helping you let good customers in while keeping false personas out. Find out how to get your synthetic identity defense in place today.

Experian is recognized as a leading security solution provider for fraud and identity solutions in order to protect customers and financial institutions

By: Kennis Wong On the surface, it’s not difficult to define existing account fraud. Obviously, it is fraud perpetrated against an existing account. But the way I see it, existing account fraud can be broken down into four types. The first type is account takeover fraud, which is what most organizations think as the de facto existing account fraud. This is when a real consumer using his or her own identity to open a legitimate account, but the account later on get taken over by an identity fraudster. The idea is that when the account was first established, it was created by the rightful person. But somewhere along the way, the account and identity information were compromised.  The fraudster uses the compromised information to engineer their way into the account. The second type is impersonation. Impersonation is somewhat similar to account takeover in the sense that it is also misusing the victim’s account. But the difference is that impersonation is more of a one or few times misuses of the account. Examples are a fraudulent use of a credit card or wire transfer. These are the obvious categories. But I think we should also think about these other categories. My definition of existing account fraud also includes this third type – identity fraud that was undetected during application. In other words, an account is established based on stolen identity.  Many organizations call this “new account fraud”, which I don’t have a problem with. But I think it’s really also existing account fraud, because –  is this existing account? The answer is yes. Is this fraud? Absolutely. It’s not that difficult, is it? Similarly, I am including first-party fraud in existing account fraud as well. A consumer can use his or her own identity to open an account, with an intention to default after the account is established. Example is bust out fraud. You see that this is an expanded definition of existing account fraud, because my focus is on detection. No matter at what point and how identity fraud comes in, it becomes an account in your organization, and that is where we need to discover the fraud. But at the end of the day, it’s not too important how to categorize or name the fraud - whether it's application fraud, existing account fraud, first party fraud or third party fraud, as long as organizations understand them enough and have a good way to detect them. Read more blog posts on existing account fraud.

At Experian’s recent client conference, Vision 2011, there was a refreshing amount of positive discussion and outlook on origination rates and acquisition strategies for growth. This was coming not only from industry analysts participating in the conference but from clients as well. As a consumer, I’d sensed the ‘cautious optimism’ that we keep hearing about because my mailbox(the ‘original’ one, not email) has slowly been getting more and more credit card offer letters over the last 6 months.   Does this mean a return to prospecting and ultimately growth for financial institutions and lenders? It’s a glimmer of hope, for sure, although most agree that we’re a long way from being out of the woods, particularly with unemployment rates still high and the housing market in dire shape. Soooo…..you may be wondering where I’m going with this…. Since my job is to support banks, lenders, utilities and numerous other businesses’ in their fraud prevention and compliance efforts, where my mind goes is: how does a return to growth – even slight – impact fraud trends and our clients’ risk management policies? While many factors remain to be seen, here are a few early observations: ·         Account takeover, bust out fraud, and other types of existing account fraud had been on the rise while application fraud had declined or stayed the same (relative to the decrease in new originations); with prospecting and acquisition activity starting to increase, we will likely see a resurgence in new account fraud attempts and methods. ·         Financial institutions and consumers are under increasing risk of malware attacks; with more sophisticated malware technology popping up every day, this will likely be a prime means for fraudsters to commit identity theft and exploit potentially easier new account opening policies. ·         With fraud loss numbers flat or down, the contracted fraud budgets and delayed technology investments by companies over the last few years are a point of vulnerability, especially if the acquisition growth rate jumps substantially.  

By: Kennis Wong  Data is the very core of fraud detection. We are constantly seeking new and mining existing data sources that give us more insights into consumers’ fraud and identity theft risk. Here is a way to categorize the various data sources. Account level - When organizations detect fraud, naturally they leverage the data in-house. This type of data is usually from the individual account activities such as transactions, payments, locations or types of purchases, etc. For example, if there’s a purchase $5000 at a dry cleaner, the transaction itself is suspicious enough to raise a red flag. Customer level - Most of the times we want to see a bigger picture than only at the account level. If the customer also has other accounts with the organization, we want to see the status of those accounts as well. It’s not only important from a fraud detection perspective, but it’s also important from a customer relationship management perspective. Consumer level - As Experian Decision Analytics’ clients can attest, sometimes it’s not sufficient to look only at the data within an organization but also to look at all the financial relationships of the consumer. For example, in the situation of bust out fraud or first-party fraud, if you only look at the individual account, it wouldn’t be clear whether a consumer has truly committed the fraud. But when you look at the behavior of all the financial relationships, then the picture becomes clear. Identity level - Fraud detection can go into the identity level. What I mean is that we can tie a consumer’s individual identity elements with those of other consumers to discover hidden inconsistencies and relationships. For example, we can observe the use of the same SSN across different applications and see if the phones or addresses are the same. In the account management environment, when detecting existing account fraud or account takeover, this level of linkage is very useful as more data becomes available after the account is open. Loading...

Experian recently contributed to a TSYS whitepaper focused on the various threats associated with first party fraud. I think the paper does a good job at summarizing the problem, and points out some very important strategies that can be employed to help both prevent first party fraud losses and detect those already in an institution’s active and collections account populations. I’d urge you to have a look at this paper as you begin asking the right questions within your own organization. Watch here The bad news is that first party fraud may currently account for up to 20 percent of credit charge-offs. The good news is that scoring models (using a combination of credit attributes and identity element analysis) targeted at various first party fraud schemes such as Bust Out, Never Pay, and even Synthetic Identity are quite effective in all phases of the customer lifecycle. Appropriate implementation of these models, usually involving coordinated decisioning strategies across both fraud and credit policies, can stem many losses either at account acquisition, or at least early enough in an account management stage, to substantially reduce average fraud balances. The key is to prevent these accounts from ending up in collections queues where they’ll never have any chance of actually being collected upon. A traditional customer information program and identity theft prevention program (associated, for example with the Red Flags Rule) will often fail to identify first party fraud, as these are founded in identity element verification and validation, checks that often ‘pass’ when applied to first party fraudsters.

By: Ken Pruett I find it interesting that the media still focuses all of their attention on identity theft when it comes to credit-related fraud.  Don’t get me wrong.  This is still a serious problem and is certainly not going away any time soon.  But, there are other types of financial fraud that are costing all of us money, indirectly, in the long run.  I thought it would be worth mentioning some of these today. Although third party fraud, (which involves someone victimizing a consumer), gets most of the attention, first party fraud (perpetrated by the actual consumer) can be even more costly.  “Never pay” and “bust out” are two fraud scenarios that seem to be on the rise and warrant attention when developing a fraud prevention program. Never Pay A growing fraud problem that occurs during the acquisition stage of the customer life cycle is “never pay”.  This is also classified as first payment default fraud.  Another term we often hear to describe this type of perpetrator is “straight roller”. This type of fraudster is best described as someone who signs up for a product or service -- and never makes a payment. This fraud problem occurs when a consumer makes an application for a loan or credit card. The consumer provides true identification information but changes one or two elements (such as the address or social security number).  He does this so that he can claim later that he did not apply for the credit.  When he’s granted credit, he often makes purchases close to the limit provided on the account.  (Why get the 32 inch flat screen TV when the 60 inch is on the next store shelf -- when you know you are not going to pay for it anyway?) These fraudsters never make any payments at all on these accounts. The accounts usually end up in collections. Because standard credit risk scores look at long term credit, they often are not effective in predicting this type of fraud.  The best approach is to use a fraud model specifically targeted for this issue. Bust Out Fraud Of all the fraud scenarios, bust out fraud is one of the most talked about topics when we meet with credit card companies.  This type of fraud occurs during the account management phase of the customer lifecycle.  It is characterized by a person obtaining credit, typically a loan or credit card, and maintaining a good credit history with the account holder for a reasonable period of time.  Just prior to the bust out point, the fraudster will pay off the majority of the balance, often by using a bad check.  She will then run the card up close to the limit again -- and then disappear. Losses for this type of fraud are higher than average credit card losses.  Losses between 150 to 200 percent of the credit limit are typical.  We’ve seen this pattern at numerous credit card institutions across many of their accounts. This is a very difficult type of fraud to prevent. At the time of application, the customer typically looks good from a credit and fraud standpoint.  Many companies have some account management tools in place to help prevent this type of fraud, but their systems only have a view into the one account tied to the customer.  A best practice for preventing this type of fraud is to use tools that look at all the accounts tied to the consumer -- along with other metrics such as recent inquiries.  When taking all of these factors into consideration, one can better predict this growing fraud type.