What is first party fraud? First party fraud occurs when customers apply for credit cards, loans, overdrafts or other un-secured banking credit lines — with no intention of paying them back. This type of fraud is usually executed by criminals who are part of a well organised fraud network that and are often collaborating with bank employees. Research suggests that between 10% and 20% of unsecured bad debt at leading US, and European banks is misclassified and is actually first party fraud.
Once a customer, first party fraudsters will work to build up their credit score to increase their credit lines and maximise their eventual earnings. Often these fraudsters spend close to 2 years developing a good credit profile by making regular payments to the account and purchasing high-profile products such as, health or property insurance. They will typically use a technique known as ‘cash cycling’, where an amount of money is circulated amongst many fraudulent accounts creating the illusion of legitimate activity.
These apparent payments never leave the network and the fraudster, on the back of a good credit rating, will have accumulated several cards with significant levels of credit available, check books, cash cards and invitations to take out loans. In some cases the fraudster can even present the personal information of a credit worthy individual right off the bat, and immediately secure a significant line of credit, allowing them to skip the time spent building up the credit rating.
Once our fraudster has secured sufficient lines of credit they will “bust out”, within a matter of days taking out large loans, purchasing high-priced goods and withdrawing cash. In addition, the fraudster will frequently be running and operating tens or even hundreds of accounts with other fraudsters to maximise the ‘bust-outs’. Up to this point the fraudster looked like a regular customer and there would have been no reason for the bank to suspect that the credit will not be repaid. As a result, this type of fraud is often misfiled as bad debt, and is moved along to the bank’s recoveries or collection departments. By the time the account comes under suspicion and is investigated the customer will have ‘disappeared’, and will be repeating the whole process with another set of accounts.
Key challenges in addressing first party fraud
So how does a bank identify and combat first party fraud within its organisation? The traditional approach is to set up a cross functional and cross line of business team to examine accounts from various parts of the business that have previously been written-off. However, this is manually intensive and only looks at a small sample. Furthermore it is typically one to two years out of date, since it does not measure the active ‘sleeper’ behaviour in the current book that is likely to ‘bust-out’ in the future.
First party fraudsters often ‘fly below the radar’ of the customary analytics, both because traditional analytics are not well equipped to identify this particular type of fraud, and because fraudsters are adept at using various techniques to determine the bank’s rules and thresholds, often assisted by bank employees, thus avoiding triggering any red flags. Conventional fraud analytics only look at the individual account holder which typically does not trigger any alarms as fraudsters are highly skilled at generating ‘normal’ behaviour within those accounts. Most existing systems, largely based on relatively rigid behavioural profiling rules can’t identify fragmented schemes where each entity or activity alone is too small to appear ‘on the radar.’
First party fraud identification is even more challenging as cases often cross various banking lines of business. For example, fraudsters may obtain retail or commercial loans, which they subsequently use as a means of making regular payments for credit cards thus simulating healthy account behaviour. Most banks are unable to detect these early signs as their analytics are specific to particular lines of business and focused on particular functions such as new business assessment or credit line management.
Using social networking analysis to fight first party fraud
Social network analysis enables investigators to identify, understand and evaluate networks of collaborating individuals across disparate and often unconnected sources of data. Fraudsters will always try to cover their tracks by having no obvious connection to other members of their network. However, by pooling data from multiple sources — phone numbers, addresses, known relationships, transactions, historic data and third party data —fragments of these records can be used to link groups of people with suspicious transactions.
Social networks are fast becoming a bank’s secret weapon in this fight. In a banking context, social networks are made up of groups of accounts, customers or employees who are somehow related to each other. Connections can frequently be seen between customers or employees who share specific pieces of personal information (like addresses, or phone numbers), as well as customers or employees who have transacted with each other in the past. For example, payment transfers between accounts or an employee approving a customer credit application.
In almost every case there is some type of link or ‘footprint’ between fraudulent accounts, mainly because criminals regularly re-use pieces of information for their own convenience. Not only are false identities costly to acquire or time consuming to manufacture, but there is also a limit to many cell phones a person can carry with them, or number of addresses that they can have physical access to collect mail and use as a return address. Finally, and perhaps most importantly, these fraudsters are only human and have memory limitations. Banks often contact their customers by phone, and the fraudster needs to remember the fictional personal information they originally supplied for each account
An example detection scenario
Imagine an extended family group who is transient and often use aliases to establish identities. This group specialises in applying for unsecured loans, and will either steal or craft a fake identity in order to pass Customer Due Diligence (CDD) or Know Your Customer (KYC) checks. Due to experience, they already know the minimum standards of proof required to open accounts, and will have plausible reasons or substitutes to allay suspicions associated with the standard checks.
A typical social networking exercise would establish something like the following:
- A phone number used by Jennifer Sanders for a new loan application matches one previously used by Jenni Sams for a past (failed) application;
- An email address used by Jenni Sams matches (fuzzy with one character different) a new application from Brian Sams, who also shares a current account with Jenni Sams;
- Brian Sams lived two years ago in an address which matches (or is nearby within 1/3 mile) the physical address of another new loan application, from Peggy Sue
Each of these individuals may be linked to another through common accounts like co-signed loan applications. Thus, a picture of a social network may be established and these new loan applications may be rapidly flagged as suspicious, requiring additional steps for verification.
Using in-depth and expert social network analysis will uncover this network and, at a much earlier point in the cycle than traditional analytics would. This identification exercise prevents further applications from succeeding and allows the bank’s investigators to review the current levels of available credit to those accounts linked to the fraudulent network. If the bank is comfortable with the level of evidence, these accounts would usually be closed. For very large organised networks, queries might be sent to the police to match against known criminals, or collaboration may occur with private investigators and credit bureau.
Key benefits of addressing first party fraud
First party fraud not only takes money from a bank but it also wastes bank resources by both processing the initial new customer account and using collection resources to try and recover the unpaid debt. As these frauds are often misclassified as bad debt, they can affect the bank’s key risk predictions. Addressing first party fraud using social network analysis can enable banks to reduce operational expenses, enhance brand reputation, improve their bottom line and prevent future, more costly fraud. Looking ahead, while we need to employ innovative ‘data-driven’ approaches, we also need to re-discover the role that expert human knowledge can play and adopt a hybrid approach that maximizes the capabilities of both machine and human. This also includes exploiting the unique potential of human imagination: our ability to think about what could happen, what’s happening elsewhere and what’s happened before.