It should come as no surprisethat fraudsters are cashing in on the pandemic,but when you look at who the perpetrators are, you might be intrigued. Beyond your traditional criminals and identity thieves, there are “good” customers who have fallen on hard times and are struggling to pay bills and purchase necessities. Stuck between a rock and a hard place, they begin exploring illegal options they previously would have not considered – and this is where friendly (or first party) fraud originates.
Quite frankly, the “why” isn’t that tough of a nut to crack; it’s the “how” that is much more interesting. Let’s look at the problems posed by friendly fraud during the pandemic and more importantly, how financial institutionscan protect themselves:
Cards and Commerce
One of the most commonly associated spaces with friendly fraud, this happens when someone purchases an item and then disputes it, claiming they were a victim of fraudulentactivity in an attempt to get their money back. A popular method is ordering an item online for at-home delivery and then claiming the package never arrived or was incorrect. Other instances can be unintentional, such as when the consumer does not recognize the purchase on their bank statement.
For the latter, information sharing between a financial institution and a merchant allows the issue to be resolved by presenting the cardholder with the merchant name, products ordered and other key details. The former is much more challenging to prevent, however today’s fraud detection systems can leverage pre- and post-transaction data to profile customer behavior and assess the likelihood of a dispute being friendly fraud. In addition, this data and insight can be fed back into the analytics to improve the proactive detection of friendly fraud.
As the name implies, this occurs when a person applies for an account, generally some line of credit, with the intention of never repaying the amount borrowed. They default on the amount and are never heard from again. This may seem self-defeating, since the default will really hurt the borrower’s credit score, but in some cases they simply don’t care; theyneed (or want) to purchase items and will do whatever it takes to accessfunds. And when their creditsuffers, they find creative ways to remedy the situation.
In the U.S., unscrupulous credit repair agencies are providing Credit Repair Numbers (CPNs) to replace Social Security Numbers to give them a “fresh start” with their credit. They tout CPNsas legitimate ways to rebuild your credit, when in fact they are illegal. These “genuine” borrowers are applying for and receiving credit from financial institutions across the country, only to default later. This is an extremely slippery slope that eventually leads down a path of creating an entirely fictious identity, known as a synthetic identity. Synthetic identityfraud is not completely synonymous with first party fraud, however there is similar appeal – especially during challenging economic times – and although there are plenty of fraudsters intentionally committing synthetic identity fraud, there are also plenty of people with bad credit or who are desperate for a line of credit that choose this path.
Detecting this type of fraud is challenging because the personal identifiable information will verify the customer and their behavior will not raise any flags in traditional systems. To combat this, financial institutions should target specific data sources and monitor behavior throughout the entire customer journey. This means leveraging consortium’s with specific insight into first party fraud, which will become increasingly important as first party transforms into synthetic identity fraud. Post-book, financial institutions should still analyze monetary and non-monetary behavior to detect subtle differences in how first party fraudsters behave. Adaptive behavioral analytics is well suited for this analysis and can alert to potential bust-outs and protect from monetary loss, even if the application was initially approved.
On the payments side, such as bank-to-bank transfers and non-plastic payment types, there are multiple types of friendly fraud. For example, a genuine account holder pays money to another account and then claims that the payment was fraudulent. While not always successful, the end goal is to get the financial institution to cover thelosses. Another type of friendly fraud in payments is money muling, which occurs when when unsuspecting individualsare recruited to simplytransfer money fromone account to another, with the promise of compensation each time they complete the transfer. This has become a growing challenge during the pandemic, as many people are working from home and spending more time on social media and on their phones, providing criminals with more targets to attack.
Money muling can fall under application fraud, payment fraud or money laundering, but no matter what you call it, it’s important to understand the data and behaviors to stop it. It’s most effective to begin profiling at the point of application, where you can pick up on signals like a home address being changed post-book (a sign that the fraudster is routing a card to their actual residence to cash out). Data at the point of log-in also provides great insights, such as device ID, session data and geolocation data. There’s also basic monetary and non-monetary information that can help; has the customer set up multiple payees but not made a single payment to them (prepping the account)? Are there small payments going in and out of the account (test payments)? With payments fraud, the sending bank assumes liability is subsequently often most concerned with the risk each transaction carries. However, it’s helpful to also profile inbound payments, because much of the muling activity is predicated by fraud, hopping from account to account to avoid detection. That’s one of the primary drivers of the recent convergence of fraud and AML teams, who are now aligning more tightly.
Financial institutions devote a great deal of resources to building strong fraud teams, harnessing analytics and streamlining operations to stave off complex fraud attacks, and keeping a keen eye out for good customers who may resort to illegal activity only adds to the challenge. Friendly fraud isn’t a simple problem and it will never be fully eradicated (especially in the current environment), but proven technology and processes do exist to limit the severity of impact.
PJ Rohall has a strong understanding of mitigating fraud across the full spectrum of use case, and has extensive experience leveraging data, analytics, technology and processes – obsessively improving how to blend these elements to stay ahead of dynamic fraud attacks. This results in strategies that provide the appropriate balance of fraud capture and customer experience.He works well across business and technical stakeholders, and loves digesting complex problems, balancing a creative mindset with sound tactics. His absolute favorite quality in a human being is empathy.