You can’t prevent identity fraud if you don’t know what it looks like.
Near the start of the movie This is the End, Seth Rogen’s character tells his friend that he’s on a cleanse, which means he’s cutting gluten from his diet. His friend tells him he doesn’t even know what gluten is. Rogen’s character replies that gluten is anything that’s bad for you. Calories are gluten, fat is gluten—it’s all gluten. It’s obvious he doesn’t know what gluten is.
A while back, I visited a financial institution to discuss its fraud rates, which included first-party, third-party, and synthetic fraud. This bank didn’t have separate fraud rates for different types of fraud, it just had an all-encompassing fraud rate that labeled everything “first-party fraud.” Somebody doesn’t pay up? First-party fraud. Somebody pretends to be somebody else to commit fraud? That, too, was first-party fraud. Somebody invents a fake identity to commit fraud? Yeah, that was first-party fraud as well. Huh?
It’s said that in order to solve a problem, you first need to recognize that you have a problem, then you need to identify the kind of problem you have.
First Party vs Third Party Fraud
First-party fraud is when an individual makes a promise of future repayment in exchange for goods or services, without intending to repay. Third-party fraud, also known as identity fraud, is when someone submits an account application with fake information or uses stolen information to manipulate an existing account.
Correctly Identifying Fraud Types is Your First Defense
If you actually do have a gluten allergy but don’t know where it’s hiding in your diet, you won’t know what to avoid. If you don’t know what kind of fraud is hitting you, you can’t defend against it. And chances are, if you’re a target of fraud, it’s likely you’re facing more than one kind. You don’t take cough medicine for a broken arm, and you don’t send a collection agency after a person whose identity has been stolen—or who doesn’t exist at all.
We regularly test customers’ and prospects’ data, to demonstrate the lift we get in fraud capture and auto-acceptance. Nobody does better than we do because our numbers are just that good. And we get those numbers because we build and test our models—across hundreds of banks, fintechs, and other organizations—with larger data sets than anybody else has. Yeah, it costs us money, but it’s worth it, and the results speak for themselves, as we keep the customers we get.
Consequences of Mislabeling Fraud
We also regularly see mistakenly labeled fraud, especially in new prospects, and a lot of the time those mistakes are third-party fraud labeled as first-party fraud. John Smith looks like a deadbeat, but in fact it’s Fred Jones, pretending to be John Smith, who’s the deadbeat. This makes it a little harder for us when we’re trying to demonstrate value. How we turn that to our advantage is when we can show our clients, when running against blind data, WHY we call something first-party or third-party fraud.
I’ve also read about banks labeling something as synthetic fraud, meaning the “person” is completely fabricated, because then they have a reason not to investigate the case. It’s a write-off. And while it’s true that in the lending industry reserves have to be set aside for credit losses, fraud losses are an expense. This is why the accounting impact of mislabeling fraud can be significant.
How Machine Intelligence Combats Multiple Types of Fraud
The machine-learning models operate differently against different kinds of fraud. Nobody does a great job at heading off first-party fraud, because if you’re going after an actual person using their actual name, and they’ve never been a deadbeat before, and their credit looks decent, you’d need a crystal ball to prevent it.
Heading off third-party fraud is often accomplished by simply matching up profile attributes. That’s where we’re way ahead of the pack. We employ multiple data sources, proprietary and otherwise, plus the machine learning from that large data set I mentioned, as well as the artificial intelligence we’ve built from that learning. We validate all the PII provided, and then we make sure it all belongs to the same person. Again, it’s an investment, but one we’ve been happy to make in the pursuit of accuracy in the high 90th percentiles.
And if you don’t properly profile types of fraud, you could end up changing how you profile future applicants. This means possibly rejecting legitimate customers for the wrong reasons, which increases not only reputational risk but lost opportunities for revenue as well.
It’s said that synthetic identity fraud is a victimless crime, in that no real consumer has been affected. But the banks or lenders are in fact victims—they’ve been ripped off—and the costs of synthetic fraud will have a negative impact somewhere in their organization. Plus when crooks get away with it, that only emboldens them to keep committing fraud-related crimes.
Financial institutions that are being victimized shouldn’t victimize themselves a second time by calling a third a first, and then miss the opportunity to do better by implementing the wrong identity fraud detection tools. So before you take a bite out of fraud, make sure you know what it tastes like.
Jeff Scheidel is a technologist with 38 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.
Socure is the leading platform for digital identity verification and trust.
Its predictive analytics platform applies artificial intelligence and machine learning technology with trusted online/offline data intelligence from email, phone address, IP, device, velocity, and the broader internet to verify identities in real time.
885 Tahoe Blvd., Suite 1, Incline Village, Nevada 89451, US
