BankThink

Banks and fintechs need to share data to combat first-party fraud

BankThink on combating first-party fraud
The banking industry needs regulators to rethink certain privacy-related rules that have the unintended effect of enabling first-party fraudsters, writes Eric Woodward.
Maksym - stock.adobe.com

Organized cyberattacks, phishing scams and identity theft are among the afflictions of modern digital life. Financial institutions and fintechs alike have many processes in place to deal with these threats from third parties. What's much more difficult to detect and address is instances when individuals use their own identity to commit a dishonest act for personal gain.

This fraud is the digital equivalent of shoplifting. It's when a person disputes an ATM transaction where the money was actually withdrawn. Or disputes a credit card transaction for goods they purchased, but changed their mind about and were too lazy to return. It's when you tell Uber or DoorDash you didn't receive the chicken wings you're greedily munching on while making the dispute.

This form of crime is called "first-party fraud" and it's growing rapidly in the United States. According to a recent survey that combined consumer polling with an analysis of hundreds of millions of online transactions, a full 40% of people surveyed said they knew someone who had committed this form of fraud. Remarkably, more than one in three admitted to having done it themselves.

Most people in this country would never shoplift a candy bar from their corner store. However, behind the security of a computer screen, millions of people seem to not think twice about borrowing money they don't intend to repay or telling Amazon they never received the parka they now wear every wintry day.

And in way too many cases, they get away with the fraud. That's because proving the fraud and seeking restitution would typically be more time-consuming and expensive for the business than just writing it off.

For those who think that this is a victimless crime, it's not. The victims include banks, credit card companies and online businesses, but also you and I and everyone else who pays higher interest rates and inflated prices as U.S. businesses recoup $100 billion a year in losses from first-party fraud.

Gen Zers have grown up interacting in a virtual world and because they aren't interacting face-to-face, their online behavior is often more transgressive and risky than anything most people would do in person.

Results from our survey showed that over half (52%) of Gen Zers said they would commit first-party fraud if they knew there would be no negative consequences. Nearly one in five (19%) don't even consider it unethical — three times higher than baby boomers (6%). What's more, nearly one in three of the Gen Zers in the survey admitted to making a purchase through a BNPL loan without intending to pay it back.

London-based global money-transfer firm TerraPay has hired Ruben Salazar Genovez, the longtime global head of Visa Direct, in a new role as the startup's president; U.K. challenger bank Revolut has added a tool that uses machine learning to flag payments for fraud; and more.

February 21
Monzo app

Another factor fueling the rise of first-party fraud is financial necessity. About 34% of these crimes, according to the survey, are in response to economic uncertainties and the spike in inflation in recent years. Gen Zers have had far less time to accrue wealth and deal with inflationary prices, making first-party fraud a more tempting option to make ends meet.

Whatever the reasons for this type of crime, the important question is how we can make first-party fraud much harder to commit.

Policymakers have a role to play. Fighting this form of crime means updating the regulations that govern online transactions which are inadvertently encouraging first-party fraud. Well-intended policies meant to protect privacy and shield consumers from scams have had the unintended result of buffering too many people from the consequences of their own ethical lapses.

To protect innocent victims, the Consumer Financial Protection Bureau has responded to fraud scams perpetrated against individuals by making financial institutions, not consumers, responsible for the losses. This was intended to protect consumers, like retirees — less tech-savvy people with assets who are common targets for scams. But these rules have also made it even less likely that perpetrators of first-party fraud will be held financially liable for their transgressions.

In the current system, first-party fraudsters have the leverage to repeatedly scam various banks in small transaction volumes, while banks don't have the resources to identify fraud with 100% accuracy. Simply put, financial institutions have their hands tied and need fraud-combatting technology to thread the nuance of potential legitimate and fraudulent disputes and sniff out high-risk activity.

Financial services and online commerce companies need to join forces by sharing critical data points that will help easily identify the worst offenders of first-party fraud and turn them away before they can bilk again.

For instance, applications with recently created emails raise major red flags. Similarly, an account closed within 90 days of being opened is three times more likely to be first-party fraud. In fraud prevention, large data networks are essential, and the industry must work together to solve this rapidly growing problem.

We've seen initial progress through the establishment of groups like Socure's first-party fraud consortium. This network represents many of the nation's biggest digital banks, including SoFi, GreenDot, Varo and dozens more. By pooling data and insights, the members of this group will be able to detect and prevent first-party fraud before it takes hold.

Many people find it all too easy — and personally acceptable — to commit digital crimes that they'd never dare to attempt in person. To combat this rising trend, there is a desperate need for a cross-industry-developed standard definition for first-party fraud. Changing the definition of first-party fraud from consumer "intent" toward "deceitful" and "fraudulent," consumer activity will greatly enhance our ability to stop it.

It's time for our industry to share broader knowledge and insights on financial transactions where losses occur. The more that we can understand the behavior of a consumer across the financial ecosystem, the more effective we will be in identifying and stopping first-party fraud.

For reprint and licensing requests for this article, click here.
Regulation and compliance Digital banking Fraud prevention
MORE FROM AMERICAN BANKER