How many criminals do you know personally? Most of us would answer “none” – but there is a worrying trend for fraudulent activity to be performed either by the “first” or “second” party rather than some remote, unknown third party.
First-party fraud is essentially where the consumer uses either their own or a completely synthetic (fabricated) identity and sets out with the specific objective of leveraging that identity to access credit funds without any intent of payment. This intent differentiates a first-party fraudster from someone who becomes unable or unwilling to pay because of credit distress. Most first-party fraudsters will disappear and avoid all efforts at ensuing track and trace.
Second-party fraud is essentially where the consumer knows and trusts the perpetrator: a spouse, a friend, a family member, a work colleague, etc. This relationship is why those in the industry use the oxymoron “friendly fraud.” Sometimes the consumer has intentionally given this person access to authentication credentials or payment instruments in the past because of a level of trust between them, never thinking that this same person would go on to abuse that access and trust.
How many of us, for example, share passwords with our nearest and dearest, or even provide the likes of a payment card and PIN number to someone we know, so that they can make a withdrawal for us or fulfil a purchase? This is far more common than you might think, especially when it comes to a spouse, a teenage son or daughter, or a personal assistant at work.
On other occasions, someone may just be familiar enough to use an account, without having been previously authorized or intentionally given personal passwords. Consider the child that knows where Mum or Dad keep their purse or wallet. Or the friend that knows their buddy’s regular and favorite password is a combination of their dog’s name and their post code.
For financial services institutions, first- and second-party abuse are especially challenging. Spotting and proving criminal intent, or broaching the subject of the consumer having been potentially duped by someone they know, is a risky business. Consumers will often be in shock and denial even when faced with an indelible audit trail, and can react angrily to any suggestion that they, or people they know and trust, were involved.
Consumers can also be wary of revealing their own actions and naivety: Imagine being asked by your bank, after a case of fraud, “Have you ever allowed someone to have access to your card, or written down or revealed your PIN number?” Instinctively, everyone says, “No, of course not” for fear of criticism or reprisal — in fact, many people do exactly that.
People subject to “friendly fraud” may also be unwilling to report the abuse to the authorities or to allow a prosecution, even when they acknowledge the crime has taken place. Some, depending upon where they find themselves on the grief curve, will even attribute blame and responsibility for the monetary loss to the bank, refusing to pay back anything that their nearest and dearest may have accessed and used.
As ever, the best defense here is advanced consumer education. There is a very good reason why financial instruments and authentication credentials should be treated as secret and “like cash,” even when we are dealing with those that we know and trust. In my years at a bank, dealing with the aftermath of marital disputes, I lost count of the number of occasions where an aggrieved and estranged partner sought to leverage past authorized access to both joint and sole accounts to inflict some financial pain. Reprisal is only one potential motive for fraud, and we would all do well to remember that.
As Don Corleone in The Godfather taught us, “Keep your friends close and your enemies closer.” In other words, be very aware of those who might cause you harm. It’s good advice – especially when the line between friends and enemies blurs.