Digital Fraud Tracker: Explaining Third- and First-Party Fraud

These days, banks, businesses, government entities and individuals are at constant risk of digital fraud. Its volume and costs continue to expand, even as more oversight agencies are formed and security and risk management teams enact rules designed to prevent it.

The rate of suspected digital fraud attempts jumped 17% worldwide year-over-year in the second quarter of 2021, led by a 393% increase in the gaming industry and a 156% spike in the travel and leisure sector.

In third-party fraud, so-called bad actors mask their identities to stage cyberattacks, while first-party fraud involves disingenuous actors using their own identities in malicious ways.

PYMNTS explores both third- and first-party fraud in the February 2022 edition of the Digital Fraud Tracker®, a PYMNTS and DataVisor collaboration.

New account fraud represents one of the most troublesome versions of third-party fraud, with those bad actors using fake identities to open new accounts at banks or businesses that they then use as staging grounds for fraudulent activity. The best-known version of this approach is identity theft, but some more sophisticated fraudsters are now developing synthetic identities instead.

Banks considered new account fraud a low priority at the turn of the century, but today 85% of financial institutions (FIs) report fraud in the account-opening process. Banks were expected to lose $3.5 billion to new account fraud in 2021, according to our research.

Another approach involves criminals taking control of existing accounts through what’s known as account takeover (ATO) fraud. Almost one out of every four U.S. households (22%) has been victimized, according to a 2021 report, at an average cost of $12,000 for the victims of these attacks.

As for how they happen, 60% of ATO victims say they use the same password on multiple accounts, putting themselves at a high risk of identify theft if a hacker compromises their passwords. The hackers can access potential victims’ personal information through phishing emails, malware or by buying logins in bulk from dark web marketplaces.

As for first-party fraud, which is sometimes called friendly fraud, it typically revolves around exploiting or abusing existing company policies, such as returns, chargebacks or promotions. The most common form of friendly fraud occurs when customers request undue chargebacks from their banks, falsely claiming that their transactions were fraudulent or that their orders never arrived.

In those incidents, the banks overturn the sales, refund the customers and then recoup the payment from the merchants. Chargebacks accounted for 29% of eTailers’ fraud losses in 2021.

Other first-party fraudsters directly interact with victims rather than using a go-between such as a bank or credit card provider. Promotion abuse, for example, consists of fraudsters reusing discount codes, making multiple new accounts or signing up for multiple free trial periods to take advantage of limited-time or one-per-customer promotions.

Some also leverage return fraud, exploiting return policies to claim that the items were defective when in fact they were not. These fraudsters demand refunds but keep the items they purchase, essentially scoring them at no charge. Some do this solely for the sake of obtaining items for themselves, while others make a career of selling the stolen goods for below-retail prices.

“In short, bad actors utilize a staggering variety of fraud methods, and businesses of all types are struggling to defend against them,” the PYMNTS report said. “It is unlikely that a one-size-fits-all solution exists, so businesses must take a multilayered approach to data security.”

The sad reality is there are hackers working on other nefarious ways to commit fraud on unsuspecting victims, and it’s up to individuals and institutions to do what they can to stay ahead of those bad actors.

Fraud