Table of content

  • What is first, second and third party fraud?
  • What is second party fraud?
  • How to prevent second party fraud
  • What is third party fraud?
  • How to prevent third party fraud?

What is first, second and third party fraud?

“46% of surveyed organizations reported experiencing fraud, corruption or other economic crimes in the last 24 months”. PwC’s Global Economic Crime and Fraud Survey 2022

Fraud categorization has become harder to define in recent years with increasing levels of fraud involving people being socially engineered or scammed. A person’s engagement or complicity falls into three broad categories:

  • First-party fraud is an act committed by an individual or group against a Financial Institution or business for personal gain. For example, supplying false information on a loan application, or not intending to ever make repayments on the loan. Also covers ‘friendly fraud’, chargeback fraud, and sleeper fraud. Our guide to first-party fraud explains more.
  • Second-party fraud refers to an individual or group authorizing someone else to use their details, resulting in illegal activity. The person handing over their details is usually aware that they are supporting or enabling a fraud or scam. A person giving control of their account to a fraudster to receive funds as a money mule is a common example of this fraud type.
  • Third-party fraud broadly fits into two types of fraud: identity theft and account takeover. Identity theft of the victim is where an individual’s information is harvested without their consent or knowledge and used for the scammer’s gain. For example, applying for a credit card under someone else’s identity. Account takeover is where a victim has an account and a third party gains access to it and takes their money.

What is second-party fraud?

Unlike first-party fraud, this involves two parties, so it is harder for businesses and regulators to detect. Often, this is because the ID of the person used to carry out the fraud is aware of what’s taking place, so they are complicit in the operation.

Second-party fraud also happens when someone has a preexisting relationship with the fraudster, for example, business embezzlement. It also covers ‘friendly fraud’ – for example, when a family member or friend makes unauthorized credit card purchases when entrusted with looking after someone they’re close to.

Second-party fraud can be further divided into two areas:

One party willingly enters into the scam with another: money laundering is the most obvious example. Criminals that need to disguise the profits of illegal activity typically pass their gains to money mules, who set about making the money ‘disappear’. Here, both parties are complicit in the crime.

22.0% of money laundering offences in the US in 2020 involved loss amounts greater than $1.5 million

One party hands over their personal details in good faith: second-party fraud doesn’t always have to resemble the plot of a gangland movie. For example, the seemingly innocent ad to ‘Earn Extra Money For Christmas’ is often a ruse to lure targets into becoming money mules. Other examples can be even more subtle and imply victims are owed money, such as:

  • Victim gets a text saying ‘Due to the recent Energy Bill Support Scheme you are owed £400’ – please apply here. Victim clicks on the link and provides bank details.
  • Scammer transfers £4,000 – scammer calls saying it was a mistake and asks you to move £3,600 to a different account.
  • Victim accepts (and moves) the cash and is now complicit in money laundering.

How to prevent second-party fraud

In order to combat second-party fraud at a business level, professionals must employ techniques that work at the same speed and scale as the financial criminals. Machine learning has emerged as the technology of choice for anti-money laundering (AML) teams to combat financial crimes at scale.

Machine learning can:

  • Help organizations to recognize suspicious behaviors.
  • Prioritize responses based on level of perceived risk.
  • Reduce manual intervention and false positives.
  • Help investigators remain compliant and assist law enforcement teams.

Learn more: Machine learning in anti-money laundering (AML)

What is third-party fraud?

The most common type of fraud: third-party fraud takes place when an individual’s Personal Identifiable Information (PII) is harvested without their consent or knowledge, and used for the scammer’s gain by accessing existing accounts or opening new ones. For example, taking out a phone contract under someone else’s identity. Factors such as the pandemic and the rise of social media services such as house-shares, have given fraudsters more opportunities than ever to target people on platforms that they rely on every day.

40% of those encountering fraud experienced platform fraud.

Scammers use a variety of techniques to get hold of PII for third-party fraud, whilst also duping victims to be part of second-party fraud, for example:

Too good to be true schemes: the fraudster uses social engineering to target people with amazing deals or to make them think that they are entitled to some money – only to dupe them into handing over their personal information and money that is then used, along with their accounts, to support the scammer’s activities. According to the FCA, £2m was saved in 2022 by investors spotting warning signs.

How to spot Third- and Second-party scams

  • Fake job listings scam: phish information from victims who are looking for a job. Check that the links and email domains match up to the official website. Assess the communications and questions that are asked and how they align to the job. It is a scam if they are offering the “perfect job” without meeting you, and now require your bank details and a setup fee.
  • Phony reimbursement scam: can take different forms – some offer refunds for previous mis-selling, but the refund can only be attained with an upfront fee. Personal information is taken and the fee and refund will never be returned. This type of scam can be avoided by only working with legitimate consumer groups and solicitors that you contact.
  • Mystery shopper and lottery scams: start with collecting personal data to offer the role or release the funds, but then require cheques to be cashed and/or payments and goods to be sent. Contact will be out of the blue and amounts will also be too good to be true, such as being paid $100 to do simple banking transactions.
  • Cryptocurrency investment scam: consists of sending money to accounts or wallets related to cryptocurrency with an expectation of value increasing and being able to withdraw a profit. They can be spotted in similar ways to other scams such as being contacted out of the blue and promises of profits that far exceed standard savings and investments.

Common types of third-party fraud

Impersonation fraud: This is the most common type of identity theft and account takeover. The scammer gains control over someone else’s account by pretending to be them, often using online phishing techniques to acquire a PIN or passwords, for example:

  • User sees an ad on social media for remote working jobs – ‘ideal for parents’, with a tempting offer ‘Make £1000 through proofreading’.
  • User clicks the link in the ad – a ‘phish’.
  • User enters personal details including bank details via a fake website that may also install malware.
  • Fraudster is able to take over the account, extend credit, remove funds and sell the data.
  • Fraudsters can gain access to many accounts either at the same bank or secured with the same details.

Unlike second-party fraud, the scammer is not known to the victim and the victim is unaware of the activity in their name. Depending on the type of ‘account takeover,’ scammers can change addresses, passwords, and make payments and withdrawals. Phishing techniques aim to trick people into giving up personal information via:

  • Links in unsolicited emails.
  • Links in SMS messages.
  • Forms within misleading/malicious websites.
  • Calls that pry for sensitive information over the phone.

Synthetic ID fraud: less detectable than using a stolen credit card: scammers collect information about real life people, e.g. Social Security Numbers (SSNs) and combine this with fake names and addresses to create fake accounts and make fraudulent purchases.

Scammers typically play a waiting game, building up a ‘good’ credit record using these synthetic IDs – for example, paying credit loans on time – and then “bust out” when the limits are reached. According to McKinsey, the scam is so successful for a simple reason: there is no efficient way for governments to confirm whether a Social Security number, date of birth, or name, is real.

How to prevent third-party fraud

A robust anti-fraud policy is essential for businesses to guard their reputation and ensure trust. This in turn can protect customers from many of the threats that they experience.

  • Holistic approach: breaks data out of silos, combining data from a variety of sources including device ID, customer behavior and cross-channel transactions to detect unauthorized purchases and/or payments.
  • Better customer experience: analytic fraud models with automatic self-learning technology adapt and improve as they go, reducing false-positives and working towards a frictionless experience for genuine customers.
  • Deep behavioral networks: learn optimal features directly from the data, providing years’ worth of feature extraction in just a few weeks.

Learn how Featurespace fights second- and third-party fraud

Featurespace’s ARIC™ for Payment Fraud Management & Prevention can help stop fraud in its tracks. Talk to us to learn how a unified risk hub for fraud, financial crime, and scam detection can enhance customer experience, increase operational efficiency, and streamline processes.