First-party fraud, where a customer buys something, then later asks for a refund because they don't want to pay for it, is a growing problem. Datos Insights expects first-party fraud to reach $3.9 billion in 2025, and anecdotally, several bankers have told American Banker in recent weeks that this is their No. 1 fraud concern.
But detecting this activity and discerning malicious intent versus, say, the person who forgot she ordered something online or doesn't recognize the merchant name on a credit card statement, is a challenge.
"First-party fraud has always been around and in the last couple of years, I'm hearing bankers talk a lot more about frustration over the fact that their own customers are committing fraud, which makes it a lot more difficult to find and to mitigate," Jim Mortensen, strategic advisor, fraud and AML, at Datos Insights, told American Banker. (In prior jobs, he worked at American Express and Early Warning.) "You always concern yourself with third-party fraudsters who were attacking both you and your customer, and now you've got your customer attacking you."
What is first-party fraud?
Datos analysts break first-party fraud into two types. In account-level first-party fraud, a person applies for a credit account with no intention of ever paying off the balance, or they open a deposit account in order to become a money mule or cash fraudulent checks.
Transaction-level first-party fraud is the cardholder who says a given charge is not theirs when they know for sure that it is.
"What's become more problematic of late that I've been hearing is the transactional first-party fraud," Mortensen said.
A cohort of vendors offers machine learning models trained to analyze customer and account activity for signs of first-party fraud. These include Anonybit, Callsign, Credolab, Experian, LexisNexis, Nice Actimize, Provenir, Quantexa and XTN Cognitive Security, according to Mortensen.
"The emergence of these solutions is pretty new," he said. "All these solutions are relatively recent capabilities that providers have put out there."
On Thursday, Socure is releasing its entry in this market, which it calls Dispute Abuse Score. (First-party fraud is sometimes called "dispute abuse" or "Reg E abuse"; Regulation E protects consumers who use electronic payment systems like debit cards, ATMs and direct deposits from unauthorized use of their accounts.)
Some of these products are more focused on validating the identity of the individual making a transaction. Some try to determine through modeling and machine learning what the intent of the cardholder is at the time of opening an account before the account is issued. Some, like Socure, do both, Mortensen said.
What Socure is doing
Socure's software risk-scores transactions based on the likelihood they involve first-party fraud, based on activity around the identity, the account and the transaction history. The software draws data about these three elements from a network of 25 banks, credit unions and fintechs that participate in its first-party fraud consortium. These banks share information on 140 million unique identities that represent about 65% of the U.S. adult population, according to Ori Snir, general manager and head of product at Socure, and the company's goal is to reach 100% coverage or close to it by the end of the year.
"One of the key benefits of becoming a member of Socure's first-party fraud consortium is the ability to see data across multiple financial institutions," said Mandy Goettelman, head of transformation at Green Dot Bank. "So for us, being one of the founding members gave us a key to the front door to allow us to get this information and use it to make risk-based decisions as we onboard our customers. There's a lot of power in financial institutions coming together and uniting to solve these problems. Sharing of this information is only going to allow us to get smarter, combat fraud and work together to eliminate this in our ecosystem."
Socure's model creates and maintains risk profiles of customers. A good user might have accounts at three banks, and over the course of a year may have returned two ACH transactions.
American Banker's Frictionless Fraud report finds not all institutions are well assured their customer verification tools can keep up with new schemes.
"There could be 100 different reasons why these ACH transactions were returned," Snir told American Banker. The customer may not have realized she didn't have enough money in her account. She might have paid someone she wasn't supposed to because of a typo in the account name or number.
A person who has opened accounts at 21 different banks, has returned 15 ACH transactions in the past year, has disputed debit card transactions, has had four accounts at four different institutions marked as closed due to suspected misuse and a 23-day average time between account open and account close on average would get a high risk score.
"This is not a coincidence," Snir said. "Something is suspicious about this person."
Socure won't tell banks to not let this person open an account, but to keep the person on a short leash, he said.
Accounts and transactions that appear to be first-party fraud are sometimes the work of bad actors who pose as legitimate consumers.
To try to make this distinction, Socure also scores identities for signs of identity theft and synthetic identities. The company would only label first-party fraud on an identity that was real, not fabricated or stolen, Snir said. Also, banks in the consortium report back on victims of identity theft, scams and synthetic IDs. Socure also performs "label enrichment," where if, say, a customer has already had his identity stolen, it would change a first-party fraud label to a "fraud-other" or "fraud-unknown" label.
"It's never a black or white list," Snir said. "It's a complicated model to leverage all these data points."
Socure does not encourage banks to decline or close accounts based on high risk scores, Snir said. But it does advise banks to gather extra information, such as selfies and identity documents, from high-risk identities.
These first-party fraud models will surely need to be fine-tuned over time.
The vendors offering them are "all trying to approach the problem in varying ways," Mortensen said. "Who's going to be the most successful remains to be seen."
