What Is Third-Party Fraud? How Does It Impact Merchants?
Your online business is doing well. You had a profitable month, with a couple of large sales to brand-new customers. Everything looks rosy until you’re notified that those two new customers weren’t really customers at all: they were fraudsters, and the real cardholders were victims of identity theft.
This is a case of third-party fraud. In other words, stolen credentials were used for making an unauthorized purchase.
How does this happen? Who is liable for the damage? Let’s take a look at what constitutes third-party fraud and what differentiates it from other types of payment fraud. We’ll also look at some preventative measures merchants can take to protect their businesses.
Recommended reading
- Address Fraud: How Criminals Swap Addresses to Abuse Victims
- The Top 5 Prepaid Card Scams to Watch Out For in 2024
- How do Banks Conduct Credit Card Fraud Investigations?
- Key Credit Card Fraud Statistics to Know for 2024
- Scammers See Opportunity as March Madness Begins
- Man-in-the-Middle Attacks: 10 Tips to Prevent These Scams
What is Third-Party Fraud?
- Third-Party Fraud
Third-party fraud refers to any crime committed by using false identification to pose as another person or organization, without that party’s knowledge or authorization.
[noun]/THərd • ˈpärdē • frôd/In third-party retail fraud, criminals hide behind a false identity. The fraudster typically poses as an actual cardholder, but sometimes uses a completely synthetic profile.
Cyber-criminals take the personal information of one cardholder (or even several different cardholders) and either take over existing accounts or open accounts without the victim’s knowledge. These are often credit card accounts that can then be used to make purchases.
Third-party tactics are often used to facilitate transaction fraud. That's not true in every case, though. Criminals have even been known to apply for major loans and mortgages under false identities, for example, which also constitutes third-party fraud.
Third-party fraud has always been an issue. That said, the rise of the internet and eCommerce has made the situation exponentially worse. With in-person transactions, merchants have the ability to see the buyer, see the payment card, and even ask for further ID validation. Online sellers, however, don’t have that advantage.
While some buyer verification is possible, the eCommerce merchant ultimately has to make a decision based on whatever limited information they have. Selling over the internet increases third-party fraud risk, so the responsibility for refunding the customer often falls to the merchant. In other words, the fraudster goes free, and the merchant is left holding the bag.
First- or Second-Party Fraud vs. Third-Party Fraud: What's the Difference?
Since third-party fraud exists, it stands to reason there would be first- and second-party fraud as well.
First-party fraud — also called first-party misuse or “friendly” fraud — is fraud committed by the actual cardholder or another authorized user. For instance, if a valid purchase is made, but the buyer disputes the transaction at a later date, that is a case of first-party fraud.
Learn more about first-party fraudSecond-party fraud is similar, except that the claims are made through an accomplice. The second person is used to mask the identity of the fraudster. Note that both of these fraud types originate with the actual cardholder.
The primary difference with third-party fraud is that the legitimate owner of the information isn’t involved at all. In fact, there may not even be a legitimate cardholder; the fraud may originate with a falsified account. All totaled, 38% of financial crimes committed in 2022 were attributed to third-party fraud.
It’s extremely hard to identify third-party fraudsters because there is nothing to truly link them to the account. Third-party fraud typically happens quickly. The crook tries to make as many purchases as possible before disappearing from view.
Common Types of Third-Party Fraud
The term third-party fraud is often used synonymously with “identity theft,” meaning a fraudster commandeers the victim’s digital “identity.” This is fairly accurate, but it’s a rather vague description.
If we dig a bit deeper, we see that third-party fraud can be broken into a few sub-categories:
It’s not that difficult for fraudsters to obtain personal data. They may trick consumers into handing over their information via “phishing” schemes, for instance. They may also conduct a hack to steal data in bulk. The data thieves can then use that stolen information themselves, or sell it via the dark web, where entire profiles (including social security numbers) can be bought and sold for pennies.
Different fraudsters may use different techniques. Still, it’s important to recognize all of the above as examples of third-party fraud. That’s because each category of fraud requires its own approach to prevention.
First-party fraud, for example, happens post-transaction. Combatting it requires contesting invalid customer claims, or using an alerts program to catch disputes before they escalate to formal chargebacks.
In contrast, third-party fraud must be countered at the verification stage, before the transaction is completed. Advanced fraud filters employ artificial intelligence and machine learning to verify that a cardholder’s documents are genuine. Detailed customer profiles can be used to help identify any actions that seem to be out of character or don’t match the buyer’s purchase history.
Learn more about fraud filtersPreventing Third-Party Fraud
Simply put, the best way to prevent third-party fraud is by validating buyers. As a merchant, you can’t stop identity theft from happening. What you can do is put a system in place to recognize it prior to a transaction.
There are a number of tools available to help identify risky transactions. Deploying the right fraud prevention solution is as vital as adopting the right internal processes. Here are some suggestions:
In addition to the above tools, make a habit of assessing and analyzing the methods by which people present their identity. This may help detect suspicious buying activity, inconsistencies, or patterns similar to past instances of known fraud.
The point at which you can stop a third-party fraud attack is the verification stage, before the transaction is finalized.
All fraud prevention is about combining the right tools and the right approach to combat the particular issues you’re dealing with. Even with the best strategy in the world, however, your business will still be susceptible to fraud.
Criminals get more sophisticated all the time, and staying up-to-date on the latest risks can be a full-time job on its own. The experts at Chargebacks911® are constantly uncovering new fraud threats and developing innovative strategies and technologies to combat them. This includes not only third-party fraud, but fraud from all other sources.
Need a hand preventing third-party fraud and the resulting chargebacks? No worries: we can help. Contact us today for a free demo.
FAQs
What is third-party fraud?
Third-party fraud refers to crimes committed by using false identification to pose as another person or organization, without that party’s knowledge or authorization.
The fraudster typically poses as an actual cardholder, but sometimes uses a completely synthetic profile. Cyber-criminals take the personal information of one cardholder (or even several different cardholders) and either take over existing accounts or open accounts without the victim’s knowledge.
What are examples of third-party fraud?
Common types of 3rd-party fraud include identity theft, account takeover, synthetic fraud, loan stacking, and new account fraud or application fraud. These are the general strategies used, but specific tactics can vary significantly.
What's the difference between first- and third-party fraud?
With third-party fraud, the perpetrator pretends to be someone else, using stolen personal data for unauthorized purchases. The owner of the identity is a victim, unconnected to the crime. With first-party fraud, the fraudster is using their actual identity, but misrepresents the facts of their claim to get something (such as a refund) they don’t deserve.
How many types of “party” fraud are there?
Three. In first-party fraud, an individual commits fraud under their own identity; second-party fraud involves an individual who knowingly gives their personal information to another party to commit fraud on their behalf; third-party fraud is when the fraudster uses a stolen identity to make unauthorized transactions.
What are the consequences of third-party fraud?
The laws regarding third-party retail fraudsters can vary based on location, card networks, financial institutions, and so on. That’s almost a moot point, however, as less than 1% are ever resolved by law enforcement. The consequences for banks and merchants, however, can be substantial. Estimates show that on average, fraud costs merchants between 5-7% of their annual revenue.
