Third-party fraud definition
Third-party fraud is when a fraudster steals someone’s personal data or account details to make unauthorized transactions. It is different from first-party fraud, where the account holder themselves commits fraud (e.g., faking the loss of a product to claim insurance).
How third-party fraud works
- The fraudster first needs data. They get this by:
- Hacking into databases or systems to steal information.
- Purchasing stolen data on the dark web.
- Using phishing emails or fake websites to trick people into giving their details.
- Physical theft, such as stealing mail, wallets, or skimming card details from ATMs.
- Before using the stolen data, fraudsters may test it to ensure its validity. They may do small transactions or use certain online tools to see if credit card details or account credentials work.
- Fraudsters will often try to remain undetected for as long as possible. They may change contact details, like email or phone number, so that the real account holder doesn’t get transaction alerts. They could also use the stolen data quickly and then discard it, moving on to new data to reduce the chance of being caught.
- Once they’ve verified the data, they can use it to make purchases, withdraw money, open new accounts, or take out loans.
History of third-party fraud
Third-party fraud isn’t a new phenomenon, but its methods and scale have evolved over time:
- Pre-digital era. Before the digital age, third-party fraudsters physically stole credit cards, checks, or documents. Mail theft was a common tactic to get hold of sensitive personal information.
- Internet boom. Online shopping and electronic transactions opened a new frontier for third-party fraudsters. They started using techniques like phishing and malicious software to harvest data.
- Globalization and third-party fraud. As global e-commerce platforms expanded, third-party fraud became a global issue. Fraudsters in one country could target victims in another, leading to jurisdictional challenges.
- Data breaches. In the 21st century, large-scale data breaches have become a significant concern. Massive datasets containing personal information were stolen from companies, making third-party fraud easier.
- Sophisticated methods. As technology advanced, so did the tactics of fraudsters. They started using stolen usernames and passwords to break into many accounts (credential stuffing). Carding (testing stolen card details on websites) and using bots for automated attacks also became popular.
- Modern responses. Seeing the rising risks, organizations began putting more resources into fraud-prevention tools. These include systems powered by machine learning, stronger authentication methods, and biometric checks.