Second-Party FraudHow Scammers Use Diversion Tactics to Throw Fraud Fighters Off Their Scent

January 17, 2023 | 10 min read

This image was created by artificial intelligence using the following prompts:

Concept of a person as a money mule in a bank lobby, wide angled shot, colored red and teal, all other colors muted, professional photography, Hyper-realistic, masterpiece, cinematic lighting, insanely detailed, unreal engine lighting, 64K

Second-Party Fraud

In a Nutshell

A fraudster has to mask their identity and true intentions to successfully scam someone. With second-party fraud, the bogus consumer hides behind an accomplice, making the scams hard to detect, and even harder to prevent. This post explores why that is the case.

Defining & Detecting Second-Party Fraud: How to Stop Second-Party Scammers

First- and third-party fraud are both pretty straightforward concepts. In the former case, the valid user lies about a transaction to commit fraud. In the latter case, a scammer poses as a legitimate user to commit fraud.

Second-party fraud is a little more complicated. In short, second-party fraud happens when a fraudster instigates a crime, but operates through a surrogate that does the dirty work on the criminal’s behalf. 

In this post, we’ll look at what second-party fraud is and explore how it works. We’ll also see why it’s so hard to combat, and offer some pointers to help stop these attacks.

What is Second-Party Fraud?

Second-Party Fraud

[noun]/sek • ənd • pär • dē • frôd/

Second-party fraud refers to any fraud scheme in which a person knowingly allows another party to use their identity or personal information to impersonate a valid user and commit fraud.

In regards to financial scams, second-party fraud is right where you’d expect it to be: somewhere between first-party fraud and third-party fraud. In a lot of ways, it’s like a hybrid of both scams. To fully understand what we mean, it helps to look at all three fraud types together.

Second-Party Fraud

First-Party Fraud

The fraudster is an authorized account or cardholder, working on their own to defraud a merchant.

Second-Party Fraud

Second-Party Fraud

The account holder either commits fraud through a second party, or a secondary entity uses the account holder’s information for fraudulent activity.

Second-Party Fraud

Third-Party Fraud

Fraud is committed by an outside party unaffiliated with the victim, using stolen personal information without the target’s knowledge.

Of the three, second-party fraud is the most complicated to effectively prevent. The account holder is often the fraudster, but having another party involved makes it much more difficult to decisively trace the crime back to its origins.

Did You Know? Second-party fraud and friendly fraud are NOT the same.

Some sources use the terms “second-party fraud” and “friendly fraud” interchangeably, but this is not really accurate. Friendly fraud is a vaguely defined term, but it falls under the umbrella of first-party fraud, as it is principally conducted by the cardholder (i.e. “the first party”).

How Does Second-Party Fraud Work?

By its nature, all second-party fraud scams involve two perpetrators: the fraudster, and an accomplice. But, just like with first- and third-party fraud, there are several different variations on the theme.

In many cases, second-party fraud is used as a method of laundering money acquired from other criminal sources. Essentially, the fraudster is paying the cardholder to make it appear that certain monies come from a legitimate source.

Here are some examples of common second-party fraud tactics that you might encounter:

Second-Party Chargeback Scams

This occurs when a cardholder gives their personal information to a second-party individual. This second party will then make fraudulent purchases using a computer or mobile device not linked to the cardholder in any way. The cardholder then calls the bank, reports the transactions as fraud, and demands a refund.

The bank has no way to prove that the situation is not genuine criminal fraud, or that the cardholder participated. As a result, the alleged “fraudster” has the merchandise, while the cardholder gets a refund. The two parties can then split their bounty as they see fit.

Fake Merchant Scams

Second-party fraud can also work the other way around, with the scam being initiated by a scammer impersonating a merchant to defraud a bank.

First, the cardholder uses their card to “buy” non-existent merchandise from the fraudster. The cardholder files a chargeback to obtain a refund, claiming that the (non-existent) merchandise did not arrive. The cardholder and the fake merchant then split their take.

Money Muling

In these situations, a fraudster convinces, tricks, or coerces a person into using their own personally identifiable information to open an account. The person then becomes the fraud ring’s “mule,” whose account is used for transferring illegally acquired funds. 

While some mules are willing accomplices, many others have no idea their accounts are being used for criminal purposes. They may have responded to an ad for a “work from home” job, or got tricked into providing their personal information through a phishing scheme. This is still considered second-party fraud, even though one of the participants may be unaware of the criminal activity.

Gift Card Laundering

Second-party fraud can impact any type of retailer, but grocery stores may actually see a higher frequency of this activity. Grocery stores sell a high volume of gift cards, and fraudsters use this to their advantage.

There are multiple methods of committing gift card fraud. But, one particular tactic works as a more sophisticated form of money laundering.

Just as with money-mule scams, fraudsters lure people with the promise of easy money or lucrative work-from-home jobs. Once “hired,” the employee agrees to accept funds into their bank account, then transfer these funds to gift cards, which are delivered to the fraudster. Gift cards are difficult to trace and subject to fewer fraud detection efforts, making them an easy and obvious choice for laundering money.

Leading the Witness

One type of second-party fraud can arise out of legitimate circumstances. Financial institutions sometimes initiate disputes on behalf of their customers; a transaction flagged as possible fraud may trigger a future chargeback. 

For example, a consumer receives a post-purchase text from their bank, requesting that they confirm a recent charge. The buyer could easily come to the conclusion that the transaction was invalid, and flag the transaction as suspect. The bank then initiates a chargeback on the cardholder’s behalf, even though the purchase was legitimate.

Experts compare this form of digital automation to "leading the witness," where a chargeback case stems from prompted behavior. Even if the charge has already been settled by the time the customer provides feedback, the bank will still need to open a case to review the claim.

Regardless of how many parties are involved, the end result of fraud is the same: You lose money. Fortunately, we have proven ways to help keep that from happening.REQUEST A DEMO

Second-Party Fraud & Chargebacks

The common thread that runs through all the examples outlined above is the chargeback process. This is crucial to many second-party scam tactics

The chargeback system was designed as a last-resort failsafe to protect consumers from fraud. The shift to online shopping, however, has uncovered loopholes in the process that fraudsters can manipulate for profit. As we saw above, there are some scenarios in which fraudulent chargebacks are used deliberately and maliciously by second-party scammers. In most cases, the chargeback process is how the accomplice recovers the funds stolen by the perpetrator.

The cost of this refund will typically fall back on the merchant. As if the immediate monetary outlay weren’t bad enough, research shows that merchants actually lose $3.75 for every dollar lost to fraud.

Adding insult to injury, every unanswered customer dispute (valid or invalid) makes the merchant seem guilty of negligence. It becomes easier to blame the merchant, even if the fraud isn’t actually their fault.

This is especially true with chargebacks resulting from second-party fraud, where it’s next to impossible to trace the crime back to anyone who could be held liable. In the absence of that, banks — and ultimately merchants — are stuck with the burden of refunding the customer.

Can Second-Party Fraud Be Prevented?

Do-it-yourself fraud prevention is a time-consuming challenge for any threat source. Preventing second-party fraud may be the worst of the lot, though.

It’s almost impossible to detect second-party fraud, let alone find ways to stop it from happening. The situation is not exactly hopeless, though. There are a few ways for merchants and banks to strike back. It demands cooperation, though.

What Consumers Can Do

Consumers can help prevent themselves from getting roped into a second-party fraud scam by adopting the following best practices:

Perform due diligence regarding job offers or other promotions. If a deal sounds too good to be true… it probably is.

Never agree to any request asking you to transfer money through / into / out of your own bank account.

Do not agree to any offer that asks you to create a new company or LLC in your name as a condition of hiring or receiving a prize.

Never agree to let another individual use your bank account for receiving and forwarding money, no matter what they claim or promise.

What Banks Can Do

Banks should watch for specific red flags that could indicate mule accounts or other money-laundering activities. This might include a buzz of activity on accounts that had been dormant. Accounts showing multiple high-dollar deposits that are immediately followed by transfers to foreign banks are also suspect.

Banks can also deploy digital behavioral data to scan for signs of new accounts created specifically for mule activity:

Application Fluency

Is the user already familiar with the account application process? A criminal that is repeatedly using compromised or synthetic identities will already know the account creation process in much greater depth than a genuine new user.

Data Familiarity

How familiar is the user with their own alleged personal data? Behaviors like excessive deleting, reliance on cut-and-paste techniques, or use of automated tools to enter account information, should all be considered suspicious.

Computer Expertise

Does the user deploy advanced shortcuts, special keys, or application toggling? This suggests a much higher level of knowledge regarding computers than the average consumer would have.

What Merchants Can Do

For your part as a merchant, the best solution is to develop and build out a long-term approach.

You may not be able to detect second-party fraud, or even prove cases where you suspect something is amiss. However, you can blacklist suspicious users or accounts, thereby preventing repeat attacks. You should also watch for accounts with:

  • High-ticket value purchases
  • A high volume of transactions in a short period of time
  • An unusually high number of returns
  • Purchases that do not match previous buying patterns

Finally, you should prioritize building out a multilayer solution for fraud detection. Only by deploying multiple tools as part of a broader strategy can you hope to intercept and eliminate fraud.

Fighting Fraud of All Types

Staying one step ahead of second-party consumer fraud can be challenging, especially in today’s rapidly changing financial landscape. Because the true identity of the fraudster is typically hidden, combatting second-party fraud can be especially difficult. 

That said, most merchants find it taxing to successfully fight any type of fraud on their own. For most retailers, it’s easier — and more profitable — to partner with a full-service fraud and chargeback provider. To learn more, contact Chargebacks911® today.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form