Digital Transactions Authoritative, insightful and timely information for payments professionals
First-party fraud, also known as “friendly fraud,” accounted for 36% of all fraud globally in 2024, up from 15% the previous year, says LexisNexis Risk Solutions’ Cybercrime report.
First-party fraud occurs when a consumer disputes a legitimate credit card transaction, claims he never received the order, or misrepresents personal information on loan or card applications.
LexisNexis Risk Solutions analyzed more than 104 billion global transactions in the LexisNexis Digital Identity Network platform during 2024, the most ever analyzed for the annual report. The LexisNexis platform identifies attempted fraud online in near real-time, such as new account creations, logins, payments, and password resets and transfers, according to the company.
Among the businesses reporting increases in first-party fraud were buy now, pay later providers, e-commerce merchants, and financial institutions. On a regional basis, North America and the Europe, Middle East and Africa region saw first-party fraud grow the most among all types of fraud reported, the report says.
One reason for the increase in first-party fraud is that inflation and the rising cost of living are motivators for consumers to attempt first-party fraud as a way to help stretch their finances, the report says.
“First-party fraud is also known as opportunistic fraud, and for good reason, it’s often relatively low value compared to other [types of fraud] and often considered by the perpetrators as ‘soft’ fraud in so much as there’s no real victim, since it’s the commercial organizations that pay the price,” Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions says by email. “It’s not that surprising we’re seeing this surge in opportunistic fraud now, given we’ve had several years of a cost-of-living crisis, high inflation, and economic uncertainty.”
Another reason for the increase in first-party fraud is that, after years of “concerted effort to improve defenses against scams and account-takeover fraud, we’re starting to see real progress in reducing the impact of those types,” of fraud, Topliss adds.
First-party fraud can be harder to detect than third-party fraud, since schemes such as chargeback abuse involve real accountholder data and are often “subtle manipulations” of the payments system, the report says. In addition, definitions of first-party fraud still vary among organizations and industries.
First-party fraud detection “definitely requires a different approach and can be challenging,” Topliss says. “With account takeover fraud, for example, it’s a third party trying to break into an account using stolen credentials or similar, which you can mitigate with strong authentication steps and proxy detection—technology is now very good at keeping bad actors out. But when it’s a genuine customer that poses the threat, it’s a different challenge…to determine whether the customer’s intentions are genuine or nefarious.”
To more accurately assess risk and distinguish trusted consumers from bad actors, businesses need to employ more-robust digital-identity intelligence from a wide range of organizations, the report says. For example, rich data sets can help determine whether the information being presented by a consumer is truthful and accurate. Shared global risk-intelligence models can help spot potential fraud through mobile devices and e-mail. Biometric analysis of consumer behavior patterns can determine whether a customer is acting as expected. In addition, location intelligence and proxy detection can help determine whether the information presented by the consumer matches up with what the data suggests.
“Fraud-detection systems also need to be able to deploy fraud models that target different fraud types, such as first-party, scams, or account takeover,” Topliss adds. “Machine-learning optimization can make all the difference in being able to detect these different fraud types without too many false positives.”
While first-party jumped substantially in 2024, overall fraud attacks, which include phishing scams, malware, and social engineering, showed signs of stabilizing in 2024. Fraud attacks initiated by humans last year increased 1% from the previous year, while attacks initiated by bots decreased 15%.
Despite the apparent stabilization in overall fraud, LexisNexis cautions businesses not to become complacent.
“While many organizations have improved their defenses over the past few years, we also know that cybercriminals are embracing … innovative, AI-enhanced capabilities, and we will likely see these extensively tested and executed over the coming months,” the report says. “Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves, and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks.”
