First- and third-party fraud are relatively self-explanatory, at least on a conceptual level. Third-party fraud is any fraud attack committed by a third party posing as the valid user, while first-party fraud refers to attacks committed by valid users themselves.
In contrast, second-party fraud is more vexing. This means, in many ways, it’s the most difficult to identify, track, and prevent.
To commit second-party fraud, an intermediary must be introduced. Second-party fraud includes any fraud scheme in which a person knowingly invites another party to use their identity or personal information to impersonate a valid user during an act of fraud. This additional party will then act on the fraudster’s behalf to carry out fraud.
In many cases, it could be considered a kind of “fraud for hire” scheme.
How Does Second-Party Fraud Work?
To successfully commit second-party fraud, scams need to include at least two perpetrators: the fraudster and an accomplice.
For instance, cases of money laundering could be second-party fraud, if the fraudster is paying a legitimate business owner to make it appear fraudulent funds come from legitimate sources. In this case, the merchant is made an accomplice, even if they’re not aware of it.
Other examples include:
Second-Party Chargeback Scams
These result from a cardholder giving their personal information to a second-party individual to make fraudulent purchases on their behalf. The fraudster will then call the bank to report the transactions as fraud and then demand a refund. The goal is for the fraudster to get the merchandise while the cardholder gets a refund.
The bank won’t know that the cardholder participated. So, they have no way to prove that these situations aren’t genuine criminal fraud.
Fake Merchant Scams
Second-party scams can also be initiated by a scammer impersonating a merchant to defraud a bank. This scam sees a legitimate cardholder using their card to purchase items that either don’t exist. The cardholder will file a chargeback for the missing funds and then split the take with the fake merchant.
In these situations, a fraudster convinces, tricks, or coerces a person into using their own personally identifiable information to open an account. The cardholder then becomes the fraud ring’s “mule,” whose account is used for transferring illegally acquired funds. This can occur with or without the cardholder’s knowledge.
Gift Card Laundering
There are multiple methods of committing gift card fraud, and each generally involves an intermediary, whether they realize it or not. Merchants, for example, can be an unwitting accomplice for fraudsters to deploy fake gift cards. Gift cards are difficult to trace and subject to fewer fraud detection efforts, making them an easy and obvious choice for laundering money.
What Banks Can Do
Banks can help protect merchants and consumers from second-party fraud by flagging any transactions that could indicate a case of money laundering or muling.
A flurry of activity in an account that is rarely used, for example, could be a sign of second-party fraud. The same goes for high-dollar deposits that are immediately transferred to foreign banks, or even accounts created and then immediately closed after one use.
Other tactics that banks can deploy to scan for suspicious behaviors include:
- Application Fluency: Is the user already familiar with the account application process?
- Data Familiarity: How familiar is the user with their own alleged personal data?
- Computer Expertise: Does the user deploy advanced shortcuts, special keys, or application toggling?
These red flags won’t necessarily be an indication of fraud on their own. They do suggest that the situation may warrant further investigation by financial institutions and providers, though.
Scammers are quite adept at using financial systems against institutions, and will generally have a tried and true method for avoiding detection. Taken together, these red flags can help banks analyse and detect suspicious behaviors they might have otherwise missed.