Published in Digital Transactions, September 2010
Wednesday, September 01, 2010
It is an unfortunate truth that, along with a steep rise in unemployment and debt default, first-party fraud increases in recessionary times. This recession is like no other experienced in most people’s lifetime, and it is expected that first-party fraud will follow suit and increase to levels not experienced before either.
Just as when the tide is out it is easy to see what is left on the beach, so this recession has forced financial institutions to re-focus and distinguish between what is actually bad debt and what is fraud--including the difficult task of distinguishing first-party fraud. To put some perspective on the potential challenge, it is a widely reported fact that 50% of financial institutions’ debt collection writeoffs can be attributed to first-party fraud. Moreover, in a recent report, research firm TowerGroup predicts that of the $55.5 billion of potential credit card losses, some $10 billion is not the result of honest inability to pay but rather a result of abuse and fraud.
So, while first-party fraud has not been a top priority for financial institutions, it is poised to rise pretty swiftly up the agenda. After all, a potential 20% of credit card losses alone could be attributable to this insidious and difficult-to-pin-down fraud.
Typically, banks and financial institutions have strong deterrents and alarms in place to monitor and shut out third-party fraud. First-party fraud, however, is a very different and complex beast to both identify and nullify. It brings with it unique aspects of fiscal and brand vulnerability, which financial institutions need to be aggressively getting ahead of.
A big challenge of first-party fraud is identifying, and then proving beyond reasonable doubt, that there was intent to perpetrate fraud at the time of opening an account or applying for a credit or financial facility. A key weapon in the financial institution’s armory lies in the emerging category of predictive analytics, which drill to the DNA of an account--from inception to early transactions and account management to ongoing behaviors. Predictive analytics are increasingly getting traction, particularly in the area of first-party fraud, because this escalating rules-based technology enables financial institutions to detect and shut out fraud early in the cycle.
A critical requirement in locking out first-party fraud is to do so as early in the cycle as possible. The longer it is left, the less likely any money will be recovered. It is possible to actually detect first-party fraud as early as the application stage. For example, there are consistent trends and patterns in the age and demographics of first-party fraudsters that provide flags and alerts that can put an alert financial institution on notice. For example, watch out for applications made by customers between 36 and 43 years old. This is the most common age band of the first-party fraudster.
However, once a first-party fraudster has opened an account, transaction monitoring and predictive analytics come into play to detect and shut down illicit behavior. They constantly monitor for known patterns specific to first-party fraud, such as mule accounts or “bust-out” accounts.
A bust-out account is opened with the specific intent of operating in line with normal practices to establish a pattern and credit record. Only later does the account holder drain the account of funds and create additional liability by taking advantage of the payment and transaction ecosystem. A typical bust-out account will operate normally for around 60 to 90 days. The account holder will then drain all the funds to maximum credit, pay off the credit with a fraudulent check, and simultaneously purchase high-value goods to the value of the line of credit. By the end of the fraud, the account is vulnerable to losses of three times the the line of credit.
Predictive analytics and modeling technology, however, would identify the transactions and account pattern behaviors as problematic. This form of stress testing would likely raise reasonable doubt about the transactions, resulting in a flag to connect with the customer or intervene in the payment transaction. This not only mitigates risk and loss to the bank or financial institution but also to the merchant by alerting it not to release goods.
While a combination of software-based predictive analytics and user-defined rules serve to identify and stop fraudulent activity in its tracks within a particular product area, the secret sauce for mitigating first-party fraud is through enterprise visibility and detection. Typically, first-party fraud involves moving money from one account to another, or running up massive debt across multiple accounts. Many fraud-detection systems track in silos, simply monitoring an account in isolation. However, first-party fraudsters take advantage of multiple channels at one time to maximize their haul. Deploying a holistic view of a financial institution’s relationship with a customer through an enterprise-wide system allows institutions to better detect and prevent fraud by monitoring transactions and events across the entire range of customer activity.
A combined strategy of predictive analytics and full end-to-end payment and transaction monitoring, versus single-point-of-access monitoring, best positions financial institutions to deter and shut down first-party fraud. This integrated strategy enables financial institutions to distinguish between abnormal and normal customer activity, to monitor and identify rapid spend, and to re-route suspicious off-line debit transactions to on-line for immediate pay/no pay decisions. And, it does this without a dependency on customer-centric master-file or non-monetary data.
Of equal importance is that this deployment approach typically delivers a return on investment in less than 6 months. In an environment that is unlikely to see a return to growth soon, first-party fraud is not going to decline. Therefore it is vital to invest in steps now to reduce and limit exposure.
By Andy Morris