First-Party Fraud a Growing Risk

Experian Research: Institutions Must Refine Definition, Detection

By , July 11, 2011.
First-Party Fraud a Growing Risk

<

See Also: Breaking Down Ease-of-Use Barriers to Log Data Analysis for Security

a href="/category.php?catID=286">First-party fraud ranks among the top three fraud events financial institutions face. But most institutions don't accurately quantify and qualify their risks, says Keir Breitenfeld, senior director of fraud for Experian Decision Analytics.

The primary challenge: defining first-party fraud. "Everybody agrees first-party fraud is big," Breitenfeld says. "The problem is that there are so many different definitions, we have a hard time getting our hands around it."

The textbook definition of first-party fraud refers only to fraud perpetrated through the opening of new accounts with no intention of repayment. But in a new report, "First-Party Fraud - Trends, Challenges and Outlook," Experian says financial institutions should broaden their perspective.

Experian estimates first-party fraud accounts for at least 25 percent of total consumer credit charge-offs in the United States. TowerGroup supports that estimate, claiming that between 5 percent and 35 percent of card issuers' total bad-debt write-offs result from first-party fraud and/or credit abuse.

The Federal Reserve estimates charge-off rates account for nearly 10 percent of all outstanding revolving consumer credit.

Based on those figures and internal findings, Experian claims first-party fraud results in annual losses that top tens of billions of dollars.

'Isolate and Segment' First-Party Fraud

Banks and credit unions rely too heavily on credit scores for the categorization of first-party fraud. "Financial institutions don't have a good handle on first-party fraud," Breitenfeld says. That's why the report's findings are based on various credit-reporting facts, rather than survey opinions offered by card-issuing institutions.

"We did not think conducting a survey would offer much insight," he says. "Instead, we based it on our own observations and opinion, as a credit-reporting bureau."

An overreliance on credit scores highlights why institutions need different analytics to review bad debt. "We're not trying to redefine the world," Breitenfeld says. "We're just trying to add some clarity."

Experian expands first-party fraud to include:

  • Synthetic identity: The creation of a fictitious identity that's used to access credit or other financial services. Synthetic identity also can comprise altering a true name or the use of a legitimate but stolen Social Security number.
  • Default payment schemes: Allowing credit loans to intentionally default to avoid payments.
  • Bust-out: After building good credit history, the perpetrator opens several new accounts and suddenly stops making payments on the various accounts.
  • Straight-roller: An account that becomes delinquent and never shows attempt to make a payment.
  • Never pay: A form of straight-roller that becomes delinquent within the first two months of opening the account.

That more inclusive view of first-party fraud is supported by analytics, Experian says.

"First-party fraud, whether originating from individual actors or more organized crime syndicates, is quite difficult to detect via traditional application screening and account management processes," the new report states. "The difficulty arises from the fact that the identities either are legitimate or appear legitimate."

To catch fraud early, institutions need to integrate binary rules and basic identity verification with predictive and targeted analytics. "You don't wait for it to be in the collections queue," Breitenfeld says. "By that time, the losses will be too great."

First-party fraud often involves a combination of events, but fraud managers don't see overall losses because first-party fraud is classified as a charge-off or credit loss.

"The [regulatory] compliance definition of first-party fraud requires that the fraud involve bad payments," Breitenfeld says. "But we think many accounts that are first-party fraud don't have bad payments. ... Operationally, it's important for institutions to not rely solely on the regulatory definition of first-party fraud, or they risk missing a lot."

While regulatory restrictions typically prohibit formal reclassification of first-party fraud from anything that falls outside credit loss, institutions should realign their internal classifications.

Scoring each part of an account's and an accountholder's lifecycle is key. "Scoring has to be tailored," Breitenfeld says. "We have to do that, too, because we are working with so many different entities. Everyone is trying to get this to a centralized process. We will get there, but for now it's challenging."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Hotel Company Reveals Second Breach

White Lodging Services Corp. has revealed a malware attack against point-of-sale systems at 10 of...

Latest Tweets and Mentions

ARTICLE Hotel Company Reveals Second Breach

White Lodging Services Corp. has revealed a malware attack against point-of-sale systems at 10 of...

The ISMG Network