First-party fraud–accessing credit services with no intention of repayment–is a significant concern for credit unions and other financial institutions. And its prevention calls for a new strategy, according to Costa Mesa, Calif.-based credit reporting agency Experian.
A new white paper released by the company, “First-Party Fraud–Trends, Challenges and Outlook,” argues that institutions should expand their definition of first-party fraud and employ in-depth analytics of customer behavior at key process points to detect incidents, prevent losses, and in turn, reduce operational costs.
“The majority of our clients cite first-party fraud as one of the top two to three concerns from a fraud-loss perspective,” said Keir Breitenfeld, senior director of product management and marketing, fraud and identity solutions for Experian’s decision analytics business unit. “It’s a big problem and accounts for as much as 25% of credit losses.”
The challenges of preventing first-party fraud are rooted in the fact that its definition varies from institution to institution and much of it is classified as credit loss, not fraud, Experian said. According to the credit reporting agency, the definition of first-party fraud should be broadened to include “synthetic identity” fraud, the use of a fake identity to access credit or other financial services; “default payment schemes,” the intentional defaulting on loans to avoid payments; “bust-out” fraud, the opening of multiple accounts and failing to make payments on them after building a good credit history; and “straight-roller” fraud, the opening of a single account and failing to make payments on it.
Breitenfeld mentioned the economy as a possible factor in some synthetic identity fraud instances.
“In the economic downturn, the pool of viable consumers is smaller,” he said. “There are fewer people with credit scores of 800, and it’s harder for them to secure lines of credit. So some will try to get access to financial services by creating a fake identity.”
Experian also emphasizes that not all first-party fraud cases involve bad payments, contrary to the regulatory compliance definition of first-party fraud. “Operationally, it’s important for institutions to not rely solely on the regulatory definition of first-party fraud, or they risk missing a lot,” Experian said.
Aite Group Senior Analyst Julie Conroy McNelley said she agrees that the foggy definition of first-party fraud poses problems for the institutions working to combat it.
“There’s a significant definition challenge because so much of it ends up in the collections queue,” she said. “It’s also a regulatory issue because regulators will classify some losses as credit losses when they really are fraud losses, and that clouds the issue.”
To catch first-party fraud perpetrators before their crimes turn into losses, Experian recommends institutions integrate binary rules and basic identity verification with predictive and targeted analytics.
“First-party fraud, whether originating from individual actors or more organized crime syndicates, is quite difficult to detect via traditional application screening and account management processes,” the white paper states. “The difficulty arises from the fact that the identities are either legitimate or appear legitimate through the creation of synthetic identities.”
Experian also pointed out that in bust-out fraud cases, criminals target multiple institutions at once. This makes enlisting the help of a fraud management vendor that can take on a “multi-institution level view” critical to preventing this type of first-party fraud, the company said.
“If you’re an institution in a bust-out fraud case, your view is that someone opened an account, and for six months, their balance goes up,” Breitenfeld said. “That seems good, but we may see the same person doing that across 10 institutions, and that’s a concern. We alert institutions that may be in play in a bust-out scheme.”
Andrew Jaquith, chief technology officer for Connecticut-based information security vendor Perimeter E-Security, said he agrees first-party fraud is a significant concern and cited that it accounts for between one-third and one-half of financial fraud. He also advised a holistic prevention approach.
“If you’re a financial company, you need to monitor what your customers are doing across all channels,” Jaquith said. “In the last few years, some of the guidance put forth by the FFIEC placed a burden on institutions and customers by putting a lot of emphasis on multi-factor authentication. The missing link was more monitoring and analytics of the actual transactions.”
Conroy McNelley said analysis that can help institutions identify criminals and prevent them from accessing credit should be the focus of first-party fraud management.
“Institutions should dive into their existing data, and that starts in the collections queue,” she said. “They need to ask themselves what comprises the percentage of losses in there–who is really committing fraud and who is just having trouble making payments? That will help them understand the scope of what’s going on. Then going forward, at consumer acquisitions, they need to make sure they don’t board those no-pay individuals. They can do that with different analytics and data sources that allow them to look at consumer data and behaviors.”
By broadening the definition of first-party fraud, using targeted analytics and taking a comprehensive approach while searching for the origins of first-party fraud cases, Experian said financial institutions can enjoy long-term operational cost savings and a reduction in fraud losses.
“What’s being done now isn’t working,” Breitenfeld said. “We’re suggesting that the problem is large scale and making the case that analytics is important.”