home

Second-party fraud

Second-party fraud

Second-party fraud definition

Second party fraud refers to a type of fraud where the perpetrator has a pre-existing relationship with the target or is an insider in an organization with legitimate access to the systems and accounts, but they misuse that access for malicious purposes such as enriching themselves.

See also: identity and access management, access management

Second party fraud examples

In essence, second-party fraud includes the service provider’s employees exploiting their access to benefit themselves. This could be a bank manager abusing their privileges to transfer funds to their own account or a customer support agent using the user’s credit card information for their personal purchases.

How to prevent second-party fraud

1. Vetting. The organization should conduct background checks for all new hires.
2. Role-based access. Access to data should be limited based on the specific role.
3. Regular access reviews. As employees and roles change, their access to resources should be reviewed regularly.
4. Multi-factor authentication. It can be crucial in making unauthorized access more difficult even if login credentials are compromised.
5. Monitoring. User and entity behavior analytics (UEBA) can help establish baselines of normal activity and then flag anomalies or deviations from this baseline.
6. Whistleblower policies. Establishing clear policies and providing anonymous reporting channels can help companies encourage employees to report suspicious activities without fear of retaliation.