What is True Fraud? Explained For Beginners
As a former e-commerce store owner, I took many preventative measures to deter true fraud. And they worked. I want to help your business avoid encountering fraudulent (and costly) transactions.
I’ll use this guide to tell you what third-party fraud is, the different types of true fraud, how it differs from other types of fraud, ways to prevent it, and how this type of fraud affects businesses.
Help prevent your business from suffering financial losses by reading more.
Key Takeaways
- True fraud is also called third-party fraud or identity theft.
- True fraud is the only type of fraud recognized by financial institutions.
- Merchants have a 9.27% chance of winning chargebacks initiated by true fraud.
- Preventing third-party fraud involves using software like CVV verification.
- A high number of chargebacks could result in a business not being able to process payments.
So, What is True Fraud?
True fraud happens when a bad actor uses a stolen card to make a purchase that the customer didn’t authorize. It’s the only type of activity that financial institutions recognize as fraud.
It also has these names:
- Third-party fraud
- Identity theft
According to the Bureau of Justice, more than 23.9 US citizens fell victim to identity theft. 4% of these people found that the thieves had misused their credit cards [1]. And 3% experienced issues with their bank accounts.
And on average, victims lost $880.
How do bad actors get your customer’s financial information?
They’ll steal a physical card, duplicate card information through skimming or phishing scams, or use a card they found on the ground. Once the fraudster has the card data, they use it to make unauthorized purchases, often online or at stores where chip readers are unavailable.
These transactions often result in fraudulent transactions, which will come with chargebacks. Thus, affecting businesses.
Summary: True fraud occurs when someone uses stolen card information.
Types of 3rd-Party Fraud You May Encounter
Here’s a summary of each fraud type:
- Account Takeover: Unauthorized access to an existing account.
- False Identity Fraud: Using a stolen or fabricated identity.
- Synthetic Identity Creation: Combining real and fake data to form a new identity.
- New Application Fraud: Opening new accounts using stolen or synthetic information.
- Credit Card Fraud: Unauthorized use of stolen credit card details.
The following sections will explain what each type of third-party fraud is, provide examples, and cover preventative methods.
1. Account Takeover
Preventative measures:
- Encourage 2FA logins
- Educate your customers on account security
- Limit the number of login attempts from an IP address
- Monitor login attempts, account changes, and purchase history for any unusual activity
- Implement a secure account recovery process that requires multiple forms of verification
Account takeover (ATO) fraud is when a bad actor gains unauthorized access to a customer's online account through various methods, such as:
- Phishing scams
- Malware
- Purchasing stolen credentials from the dark web.
Once the fraudster has control of the account, they can change the login information, locking out the legitimate customer. Then, they use the account to make fraudulent purchases or steal sensitive data.
Here’s an example:
A hacker gains access to a customer's online account. They change the password and shipping address, then order expensive items to be delivered to their location. The legitimate customer is unaware until they receive a notification or see unauthorized charges on their statement.
Summary: Account takeover fraud occurs when a bad actor gains unauthorized access to a customer's account to make fraudulent purchases or steal data.
2. False Identity Fraud
Prevention methods include:
- Implementing robust identity verification processes for new customers, including document verification and knowledge-based authentication.
- Utilizing fraud detection software that analyzes customer behavior and transaction patterns to identify suspicious activity.
False identity third-party fraud is a type of identity theft where a fraudster creates a fake identity to make unauthorized purchases.
They may use stolen personal information like names, addresses, and social security numbers. Or they may fabricate entirely new identities. The fraudster then uses this false identity to open accounts, apply for credit, or purchase online or in-store.
For example…
A fraudster might create a fake online profile using a stolen name and address and then use that profile to apply for a credit card or make purchases on e-commerce websites.
Summary: False identity third-party fraud involves creating fake identities to make unauthorized purchases.
3. Synthetic Identity Creation
To combat this, businesses can:
- Implement robust identity verification procedures, including knowledge-based authentication and document verification.
- Utilize fraud detection models designed to identify synthetic identities.
- Monitor transaction patterns for anomalies that may indicate synthetic fraud.
Synthetic Identity Creation (SIC) is a type of third-party fraud where fraudsters combine real and fake information to create a new identity.
Unlike false identity fraud, which relies entirely on stolen or fabricated information, synthetic identities blend real data points. For instance, a Social Security number with fake details, like a name and address.
This makes them harder to detect and more dangerous. As they can be used to open accounts, apply for credit, and make fraudulent purchases.
For example, a fraudster might use a child's Social Security number with a made-up name and date of birth to create a new credit profile.
Summary: Synthetic identity creation is a form of third-party fraud where a blend of real and fake information is used to create a new identity for fraudulent purposes.
4. New Application Fraud
Prevention measures businesses can take include:
- Implement strict verification processes during account opening.
- Use software that analyzes customer data and transactions to flag potential fraud.
- Monitor for unusual patterns like multiple applications from the same device or IP address, inconsistent personal information, or rapid spending after account opening.
New Account Fraud is when a fraudster uses stolen or synthetic information to open new accounts in the victim's name. Information includes bank accounts, credit card accounts, loans, or utility accounts.
The fraudster then uses these accounts to make purchases or access funds without the victim's knowledge or consent.
An example of new account fraud using a synthetic identity could involve a fraudster combining a real social security number with a fake name and address to apply for a credit card. Once approved, the fraudster uses the card to make purchases. Leaving the victim with debt and a damaged credit score.
Since the victim's name was used to sign up for a credit card, they will want their money back. This will result in a chargeback, which will affect the business. I’ll explain how later.
Summary: New account fraud involves using stolen or synthetic identities to open new accounts for fraudulent purposes, preventable through robust verification, fraud detection, monitoring, and collaboration.
5. Credit Card Fraud
Preventive measures include:
- Implementing 3D Secure for online transactions.
- Utilizing address verification service (AVS) and card verification value (CVV).
- Monitoring for suspicious transaction patterns.
- Educating customers on how to protect their card information.
Credit card third-party fraud occurs when an unauthorized individual uses stolen card information to make purchases.
The fraudster obtains card details through various methods, such as phishing scams, data breaches, or physical theft. They then use this information to make online or in-person transactions without the cardholder's knowledge.
When referring to “true fraud” or “third-party fraud,” most people typically think of credit card fraud.
For example, a thief steals a wallet containing credit cards and uses them to buy electronics online before the cardholder reports the cards as stolen.
Summary: Credit card third-party fraud involves unauthorized use of stolen card information.
How True Fraud Differs From First- & Second-Party Fraud
First-party fraud is often dubbed "friendly fraud" because the cardholder commits fraud. Unlike third-party fraud, in which the merchant is the victim, first-party fraud can leave the merchant bearing the loss.
It isn’t doom-and-gloom on the seller’s side, though. Merchants have the highest chance of winning friendly fraud chargebacks at 43.82% [2]. That’s higher than businesses' 30% average win rate across all industries.
Second-party fraud involves collaboration between the cardholder and another person. The cardholder might not benefit directly from the fraud. However, their involvement makes it distinct from third-party fraud.
In third-party fraud, the criminal is an outsider who steals card information without the cardholder's consent or knowledge. Most people think of this type of fraud when they hear the term "fraud".
Businesses have a much lower chance of winning chargebacks resulting from true fraud (9.27%).
Summary: The main difference between first-party, second-party, and third-party fraud lies in who initiates and benefits from the fraudulent activity.
Preventing True Fraud & Protecting Your Business
Combine the following preventative measures to reduce your chances of experiencing chargebacks related to true fraud:
1. Utilize Address Verification Service (AVS): Verify the billing address entered during checkout matches the cardholder's address on file. This helps ensure the person making the purchase is the actual cardholder and not someone using stolen information.
2. Implement Card Verification Value (CVV) Checks: Require the customer to input the 3-digit code on the back of their card for online transactions. Card chips or magnetic strips don’t store this code. Thus, it’s harder for a fraudster to obtain and clone.
Usage of CVV has reduced the rate of fraudulent transactions for some businesses by 35% [3].
3. Strong Customer Authentication (SCA): Implement 3D Secure 2.0 or similar protocols to add an extra layer of security for online transactions. This typically involves sending a one-time code to the cardholder's phone or email to verify their identity.
However…
Data suggests that more than 90% of customers encountered friction in their transactions, which led to a 22% loss in payments [4].
I recommend considering other preventative measures before considering software like 3D Secure, but it’s an option you can choose.
4. Transaction Monitoring: Monitor transactions for unusual patterns, such as:
- Large purchase amounts
- Multiple orders in a short period
- Orders from high-risk countries
This can help identify potentially fraudulent activity before it causes losses. Pre-transaction chargeback tools that utilize fraud scoring and screenings can help catch these transactions. When finding transactions with unusual patterns, your team can investigate and determine whether it’s fraud.
5. Customer Education: Educate customers about phishing scams, identify secure websites (look for "https" and a padlock icon), and protect their card information. This can help reduce the chance of customers falling victim to scams that lead to fraud.
For example, I wrote blog posts and emails for my previous e-commerce site to educate customers about popular scams and ways they can protect themselves. And I’d provide tips like, “enable TOTP 2-factor authentication for better account security.”
According to the Financial Industry Regulatory Authority (FINRA) educating people about scams made them up to 44% less likely to fall for them [5].
6. Don’t Fall Behind Regarding Information: Keep up-to-date on the latest fraud trends and security measures to adapt your prevention strategies accordingly. Fraudsters constantly evolve their tactics, so it's important to stay one step ahead.
If you don’t have the resources to keep up with current trends, consider hiring a freelance or in-house chargeback analyst. They should know everything about:
- What’s going on payment processors
- Frauds
- Chargeback-related laws
- Etcetera
7. Employee Training: Train employees to recognize signs of fraud, such as suspicious customer behavior or inconsistencies in transaction details. This training can help catch fraud attempts in person or over the phone.
8. Data Encryption: Encrypt sensitive customer data to protect it from theft. Doing so could reduce the likelihood of a hacker stealing your customers’ information during a system breach.
9. Security Audits: Regularly audit your security systems and procedures to identify and address vulnerabilities. This can help prevent data breaches that expose customer information to fraudsters.
10. Use Chargeback Prevention Software: Despite implementing many of these preventative measures, you will likely encounter fraudulent transactions. And, in extension, chargebacks.
We, for instance, combine Visa Rapid Resolution and Ethoca alerts to tell businesses when there’s a chargeback.
From there, the business can decide whether to automatically or manually refund the transaction. Dealing with fraudulent transactions quickly could reduce your financial losses. Because $1 in fraud results in $3.13 per chargeback.
Ways in Which Third-Party Fraud Will Affect Businesses
Third-party fraud affects businesses in multiple ways, primarily through chargebacks.
Each chargeback costs the merchant the original transaction amount plus additional fees ranging from $20 to $100 per chargeback. These fees can accumulate rapidly, straining the merchant's finances.
Excessive chargebacks can trigger payment processor monitoring programs. These programs often have additional fees and require stricter scrutiny of merchant transactions.
Let’s use the Visa Dispute Monitoring Program (VDMP) as an example:
Credit: Stripe
Having a dispute rate of 0.9% (or 100 chargebacks) a month for more than 5 months will cost a business an extra $50 per dispute. After 11 through 12 months of maintaining this chargeback rate, a seller would need to pay an additional $25,000 review fee.
Continuing chargeback rates around that percentage will disqualify you from processing Visa payments. This can disrupt your operations and limit your ability to accept card payments.
Summary: Third-party fraud costs businesses through chargebacks, fees, monitoring programs, and the potential loss of payment processing capabilities.
Wrapping Up
True fraud is when bad actors use stolen card information to make unauthorized purchases. There are various types of third-party fraud, and businesses can take steps to prevent it to avoid financial losses.
Not all of those preventative measures work. Chargebacks will likely happen. Our chargeback alert tool can help prevent them. Learn more about how it works.