Stay Ahead of First-Party Fraud and Mule Activity
December 29th, 2020
This blog series acts as a companion to the sessions at ENGAGE LIVE. Catch up on the other entries here:
- Looking Back at ENGAGE 2020
- Immediate Action Required: Detecting Authorised Fraud
- Catch Me if You Can: Fraud Digital Identity Challenges
- Future-Proofing Fraud with Advanced Technologies
- Fraud: AI in Action
- The Journey to Autonomous Fraud Management
The changing face of fraud
At ENGAGE, we heard about how fraud is changing and how much of this fraud is actually hidden. We also covered how to move away from a narrow definition of third-party fraud loss on the profit and loss account (P&L), to a wider definition as per the U.S. Federal Reserve’s Fraud Classifier.
While Authorised Fraud makes up a big chunk of this hidden fraud, which I’ve covered here, there are increasing losses to first-party fraud and mules.
Defining first-party fraud and mule activity
Compared to third-party fraud, first-party fraud (FPF) is when for example, the person who applied for an account starts the fraud or abuse, rather than a fraudster making a payment away from a genuine customer’s account. FPF can occur at the application stage or at any point in the customer lifecycle.
Typical forms of FPF include:
- Abuse of checking account (current account)
- Bust out, where facilities are obtained, a credit card or loan is over drafted and then the fraudster disappears without paying
- Check kiting, where checks of increasing values are cross deposited at different institutions
- False claims of fraud
There is some overlapping of fraud types in this space where the outcomes are similar, but have different underpinnings. At the new account stage, this includes identity theft, synthetic identity and various forms of misrepresentation. Identity fraud, caused by indemnity theft, is actually a third-party fraud type, but will appear similar to FPF until the genuine customer disputes it.
Identity fraud works when a fraudster applies in someone else’s name and address. Synthetic identity is creating a new identity from some genuine data and some new or fictitious data.
Fraudulent misrepresentation is a form of first-party fraud, where it is the genuine person applying but they lie about details, such as address history to hide bad debts, or income and expenditure to get accounts or facilities they would not otherwise be granted. Sometimes they intend to use the account or facility genuinely, but the bad rate on these will be higher. In any of these categories, the fraudster may be looking to undertake, bust out or commit mule activity or abuse.
Recently we’ve seen a rise in false claims on cards, whether disputes or fraud. This has increased with the rise of professional ‘refunders’ who are paid a fee by a customer to obtain, for example, a new computer for free. The fraudsters knows all the tricks to ensure that it is ‘refunded’ by the retailer, such as claiming non-delivery. They know all the merchant’s rules and work with their customer to make sure there is a refund. Assuming 3-D Secure wasn’t used, the liability will sit with the merchant rather than the issuer.
Mules are also a type of FPF that can be hard to detect. The account may have been opened genuinely and then sold on, or was involved as a mule subsequently, either willingly or unwillingly. In the latter case, they may have fallen for an employment scam such as a ‘money transfer agent.’ Social media has made this easier than before and COVID-19 has only exacerbated this trend.
In past recessions we’ve seen a correlation with increased fraud, and it’s likely this downturn will be no different. As people come under pressure due to hard times, they may do things they would not ordinarily do, often finding it easier to rationalise their actions.
Why is first-party fraud a problem?
Hidden fraud tends to hit banks’ bad debt line and generally increases costs, rather than appear on the fraud refund line. But it is the size of these losses and their impact on overall profitability that is key, as well as where these illicit funds are then going from a regulatory perspective.
In my career, I’ve seen firms say they don’t have an FPF problem, but wonder why their bad debt is so high and continues to rise. In a portfolio with no FPF definition, fraud can be in excess of 25 percent of the bad debt and even higher as controls are not updated to reflect the real causes.
This year, we’ve also seen extensive abuse of stimulus loan schemes in many countries, notably the U.S. and UK, with red flags and estimated losses of over $78 billion and £26 billion respectively. These are likely to continue into 2021 as the need for stimulus packages continues.
In all of these cases, a central issue comes from adding additional verification checks at account opening. Historically, this adds friction and can lead to lost sales as well as the cost of the verification service itself, making it an easy target for fraudsters.
How can firms combat first-party fraud and mules?
The U.S. Federal Reserve’s Fraud Classifier breaks out first-party fraud, which is very useful. As is often the case, if you don’t measure something you won’t get better at managing it, or find something you are not looking for – unfortunately this is the case with FPF.
In fact, this is the best approach when looking at fraud. Use the data you have to create a model to categorise elements of your bad debt as fraud. Though you can only confirm something as fraud and load it to databases if you have investigated it, this is a good tactic for internal monitoring purposes.
Examples of the elements that should be included:
- Early defaults, such as three payments down in the first six months
- High excesses, such as 50 percent over limit
- Loan churning prior to default
- Default indicative of bust out
- Internal and external data matches that indicate a high risk of fraud
When reviewing cases to confirm fraud, look for:
- Fraudulent documents
- Clear misrepresentation, including hidden address with adverse credit data
- Inability to contact
- Claim of ID theft by a genuine party
Once armed with a model, use this to build both new account and ongoing behavioural analytics models and rule sets.
At account opening, bring in improved identity and verification data, as well as multiple models for risk scoring. This looks for not just credit worthiness, but the likelihood that the account holder is a fraudster or mule. This should include velocity of applications from the same IP addresses, devices, postal and email addresses and phone numbers.
With mules, you may still need to open accounts due to insufficient reason to decline. In this case, it’s a good idea to place some restrictions – either visible or invisible – on these accounts and keep this updated throughout the customer lifecycle.
It’s also necessary to build out specific strategies and processes to help detect and reduce FPF. Create challenge processes in your cards teams based on models to look for potential fraudulent behaviour. This can help your team change a customer’s mind when it’s made clear they could be committing fraud.
Consider having separate collections strategies for fraud, which can then also feed into the FPF models. You don’t want to waste resources on collections where you stand no chance of getting the money back.
In addition, make sure that KYC and CDD data is shared between areas so it can be used in fraud management systems. This can be used at account opening, but also on an ongoing basis to look for changes in behaviour such as sudden increases in turnover compared to the application or more recent history. This is a good way to hunt out mules by using existing outbound payment systems to help stop money leaving the bank, all while ensuring that the team is using case management tools to have separate processes for FPF.
As with measuring fraud, it’s important to understand the full costs. This includes:
- Cost of opening accounts and all the costs of the checks involved
- Cost of running accounts and the net present value (NPV)
- Bad debt rates for the account types
To take this multi-layered approach, it’s best to have a roadmap to move to an enterprise fraud management system so you can properly share data and enable efficient case management by removing silos. In addition, look to reuse technology investments from digital account opening throughout the customers lifecycle for proper risk management. By taking this approach, FPF is no longer hidden and investments can be directed where they can make banking safe and profitable in a digital world.
Want to learn more about real-time inbound profiling? Read our white paper here.