Double Trouble: The Rise of First-Party Fraud and Scams

Financial institutions face a plethora of challenges today. This includes the rise of both first-party fraud and scams. Why the surge in both? Do people today just have fewer standards of moral behavior? Or is it just easier to execute fraud with minimum repercussions? Perhaps it’s economics. As the economy tightens, people are tighter on money. They are overspending and overleveraging on credit with zero intent to repay it. No matter the reason, financial institutions face an increase in first-party fraud and scams, which are difficult to catch. 

‍

Catch 22: Balancing Customer Service with Fraud Prevention

‍

Financial institutions want to provide the best customer service, which could hurt them in the long run. FIs must worry about reputation risk and how they will be viewed in the public eye if they allow a fraudulent transaction to process or stop a legitimate transaction. There’s a constant fear of what customers might blast on social media. FIs have gone so far to appease customers, but with first-party fraud, the customers are participating in the transactions, often abusing the provisional credit offered by Regulation E.

‍

Customers will dispute a transaction, and if the financial institution can’t finalize its investigation within the specified timeframe, it must give provisional credit. If the investigation determines it was a fraud, the credit is long gone and becomes a write-off. Then, is the write-off classified correctly as a fraud loss? The institution must determine if someone was actively trying to defraud the institution and if that was the intent of the account opening. 

‍

In addition, FIs must worry about synthetic identities and identity theft when opening accounts. Some people intentionally read an FI’s terms and conditions to find ways to abuse them. It’s important to include protections, such as the ability to shut down accounts or discontinue services if first-party fraud is discovered.

‍

A Holistic View and a Shift in Liability

‍

There’s a lot of transactional monitoring happening today. However, it's important to take a broader view and look at the usage pattern. Is this something the customer would normally do? Does this pattern feel different? Is this customer suddenly requesting more lines of credit? Data sharing plays into this as well. If an institution can see that a customer has a line of credit at multiple institutions, that can be a red flag. Without shared data, it can be hard to detect on a single institution basis.

‍

The economics are misaligned, leaning heavily to protect the customer but leaving FIs holding the bag. It’s easy for someone to claim a charge or ACH debit, but it wasn’t them, and request a refund/return. What needs to happen is a shift to bring back some of that economic balance and see more user friction before an institution just accepts a dispute and throws it back over the wall.

‍

In April 2023, Visa introduced Compelling Evidence 3.0 into its dispute rules. This allows merchants to use purchase history to prove that a dispute transaction was, in fact, a legitimate one. Merchant acquirers and chargeback processors invest in API calls to aggregate represented packages. 

‍

More Pay by Bank providers are coming on the scene, allowing customers to pay directly from their account instead of using a card. These sponsor banks are motivated to invest in the operational processes to tame the financial pain they see from abuse. They are more aggressive with using WSUDs (Written Statement of Unauthorized Debit) when they suspect first-party fraud. They believe they have the data elements to prove it was an authorized ACH transaction and are requesting the money be returned.

‍

The Rise of Scams

‍

Scammers tend to keep the conversation outside of the financial system. The back-and-forth happens in chat rooms, via text message, or on social media. All the institution sees is the financial side. The problem faced by many financial institutions is that the systems, by design, are working to detect whether a customer initiated a transaction. When a customer is involved in the scam, how does the FI detect it? 

‍

Several factors drive the increase in scams. The first is the availability of data. The sheer number of data breaches and the scope of those data breaches continue to increase. The proliferation of data gives fraudsters the tools they need. Combining that with the advancement of AI, voice replacement, video replacement, and the ability to automate phishing messages makes it harder for people to detect what is a scam and what isn’t. For example, some real-time payment systems revolve around a payment request. It makes it challenging for FIs to create messaging that doesn’t look like a scam. How do you teach customers the difference between a legitimate request for payment from an institution and a scam?

‍

Another factor is the narrative that scams only take advantage of certain generations or demographics. Scams are universal and target all people. Unfortunately, it is easy to get taken advantage of by a scam. There used to be tall tale signs and familiarity with the latest scams, and it was easier to detect. Scams today are so sophisticated that anyone can fall victim.

‍

Institutions have lost the customer as a line of defense. Much of the detection and prevention processes were built around the ability to interact with the customer to ask, “Did you do this?” Now, the victim is part of the scam's execution. Even when an institution detects the customer is involved, breaking the spell and convincing them they are part of a scam is extremely difficult.

‍

Other countries are getting organized around fraud and not just authorized push payments (APPs). The attack rate in the United States will rise exponentially because other geographies are coming together to combat this. It will take all parties together, including financial services, fintech, social media, and the government. Collaboration is going to be key. It will take a multi-faceted approach, combining advanced technology, regulatory compliance, and proactive monitoring.

‍

You can hear the full discussion from the Fraud Fighter Virtual Summit in this session recording.