While banks have gone to great lengths to protect their customers from third party fraud as part of traditional fraud control practices, they must now also take action to protect themselves from the risk of financial loss as a result of first party fraud, or friendly fraud – when a customer fraudulently claims that goods or services they purchased online were never received or were faulty. Sadly, this is a growing challenge to financial institutions that is likely to continue to increase rather than subside. In 2009, online travel company, Expedia, reported that friendly fraud had increased by 50% since the start of the global financial crisis.
First party fraud has proven to be quite lucrative. Fraud managers estimate that it accounts for approximately ten times more in value than all third party fraud losses, which include identity theft, counterfeit fraud, lost and stolen fraud and online fraud. This should not be surprising, as a similar proportional comparison can be drawn between internal (employee) fraud versus third party fraud against institutions.
Although most financial institutions would admit to this growing problem, the solution is not simple. So, how did we get to where we are today?
Welcome to the Digital Age
First party fraud is a largely online phenomenon. In face-to-face transactions, where a physical payment instrument is used along with a range of embedded security measures (pin, signature), there is an ability to investigate and prove intent. However, online merchants are generally unable to dispute a claim because they don’t have physical proof, such as a signature, for the purchase. Therefore, first party fraudsters largely go unchallenged by issuing banks and online merchants wear the loss.
In order to encourage the systematic use of alternative types of payments in a competitive landscape, financial institutions widely advertise zero liability protection for the customer for any unauthorised transactions. These concessions conflict with the traditional policies on zero tolerance for fraud.
Institutions are walking a fine line between having to balance convenience with security while trying to achieve institutional growth. Sadly, these concessions are being used against institutions by a growing portion of customers.
The Customer is Always Right
Historically, financial institutions required customers to provide accompanying police reports when filing a dispute as an indirect way for a customer to assert their innocence. The thought of making a false declaration, and therefore committing an offense, was enough of a deterrence to alter behaviour. Operationally, this rarely occurs today since the police are unable to investigate these low priority cases and this has led to industry self-managing what is widely seen as a self-created problem.
Assuming an institution could recognise the symptoms of first party fraud versus genuine bad debt or third party fraud, the ‘customer is always right’ dogma that both institutions and customers have come to expect is also contributing to this growing trend; and many customers simply go unchallenged. While it is critical that institutions employ very careful tact and diplomacy when identifying and managing suspected first party fraud, we need to start asking the tough questions, tactfully, and shift some of the onus to show proof and intent back to the customer.
Traditional systems and methodology to tackle third party fraud cannot be expected to also encompass first party fraud. With the growth of e-commerce leading to a proportional rise in online (card not present) fraud, it’s now more important than ever to distinguish between third party and first party fraud in order to tackle this problem. But industry has been slow to correctly identify and quantify the root of the problem, and has therefore been slow to dedicate the right investments to the right kinds of solutions.
There is currently a lack of consistency in the way institutions define, operationalise and report first party fraud cases. The challenges of preventing first party fraud are rooted in the fact that its definition varies from institution to institution and much of it is classified as credit loss. A multi-institution level view is integral to preventing this type of first-party fraud.
Getting Creative: Merchants Hit Back Through Social Media
Rather than waiting for the financial industry to act, some merchants have taken matters into their own hands. One company that sold events tickets recently used social media to expose a customer’s fraud attempts by using Facebook to find photos of the perpetrator at the event. When the merchant referred the customer to her own Facebook page, she withdrew the dispute and chargeback request she lodged with her issuing bank.
Similarly, in an attempt to prevent fraudsters from returning incorrect merchandise, online store, Ice.com, photographs every online order before shipping it.
Stopping Fraud Before it Happens
Cultural and systematic challenges aside, there are some solutions available today that can help. Predictive analytics, payment and transaction monitoring allows financial institutions to both deter and combat first-party fraud. If a customer is identified as suspicious, the activity can then be checked before the fraud is perpetrated thus reducing the risk to the issuing institution.
New technologies such as advanced, third-generation device identification software can be used to identify the device (PC, mobile, smart mobile, tablet, iPad, smart TV, etc.) on which a purchase is being made. This software uses multiple methods, including cookie-less device identification, to expose an individual’s intent, hidden in the attributes of the user’s device. The solution looks beyond browser attributes and IP addresses to detect hidden proxies, VPNs, true OS, and origin (geo-location), as well as satellite, dial-up and mobile wireless connections.
This type of software can then be used in real-time to help drive risk management decisions during the authorisation stage of a transaction. Once these characteristics and trends are identified, institutions can filter, screen and observe trends to distinguish between routine and inconsistent customer activity.
So, Where to Now?
In order to truly understand first party fraud’s scope and address this growing problem – and therefore realise costs savings – there needs to be industry-wide consensus; institutional mechanisms for differentiating first party fraud; and a smart application of new technologies.
Anecdotal evidence suggests that first party fraud is a growing trend but until we can measure it, there will not be adequate focus from institutions, nor will we be able to put in place proper actions in order to combat it.