A consumer buys a dress for a wedding, wears it once, and returns it the next day for a full refund. Another claims a package never arrived, despite tracking data showing it was delivered. Individually, these incidents may seem minor—or even easy to dismiss. In reality, they are examples of two rapidly growing forms of first-party fraud: de-shopping and lost-in-transit fraud.
And they are far from isolated cases.
As e-commerce has expanded, so has the scale and sophistication of first-party fraud. What was once viewed as opportunistic behavior has evolved into a widespread and costly threat for merchants and financial institutions.
The many forms of first-party fraud can make it difficult to distinguish from scams and other fraud typologies, but they share a common theme. They are perpetrated by an organization’s own customers. Even more alarming, more of these customers feel justified in committing fraud, either because they are under economic strain or because they believe it to be a victimless crime.
However, as Jennifer Pitt, Senior Fraud Management Analyst at Javelin Strategy & Research explored in the A Line in the Sand for First-Party Fraud: From Identity to Intent report, first-party fraud has widescale ramifications for both organizations and consumers. What was once considered a manageable nuisance has evolved into a systemic threat with consequences for revenue, operations, and customer relationships.
A Growing Blind Spot for Merchants
A different approach is critical because first-party fraud has become one of the most common forms of fraud worldwide. Distressingly, many merchants still lag behind in addressing it, and bad actors are well aware of these gaps in fraud prevention.
“Sometimes it is too expensive to investigate; there are fees that they might have to pay,” Pitt said. “For merchants, the cost of investigating, as far as manpower, it’s sometimes just too expensive. So, oftentimes they don’t investigate at all. Part of the problem is, like with any other fraud typology, fraudsters understand now better than ever how we detect fraud and what tools we’re using.”
Cybercriminals also have increasingly sophisticated tools at their disposal, including artificial intelligence, which has made them even more efficient at identifying vulnerabilities in e-commerce systems. Additionally, AI has made it easier than ever for bad actors to scale their operations and execute widespread campaigns.
As a result, what may appear to be a one-time de-shopping incident could actually be part of a coordinated, industry-wide fraud operation.
“If one organization sees a lot of chargebacks with one customer, they might quickly say, ‘That’s first-party fraud that’s going on,’” Pitt said. “But now, fraudsters are essentially spreading that across organizations to skirt detection. Like any other fraud typology, what is needed is that network level detection and network intelligence where organizations can talk to each other.”
“If somebody has been flagged for first-party fraud at another organization, wouldn’t it be helpful if your organization knew that before you even onboarded that person as a customer?” she said.
The Challenge of Identifying Intent
Shared intelligence has become a critical component of fraud prevention, but it is only one piece of the puzzle. The challenges associated with identifying first-party fraud require organizations to adopt a layered approach to detection.
This approach may include behavioral analytics, biometric data, prior interactions within the institutions, and verifiable government identifiers. Combined with cross-organizational intelligence, these signals can help determine whether a fraud attempt is part of an organized campaign, an isolated instance, or even user error.
A layered strategy can also help organizations distinguish first-party fraud from scams, in which consumers are tricked or coerced into committing fraud. Categorizing these incidents correctly becomes even more difficult when organizations lack a clear understanding of the threats they face.
“Make sure you have clear definitions of first-party fraud,” Pitt said. “There are several different definitions across organizations and—like with many other fraud typologies—we don’t have standard definitions across the industry. There are so many individual nuances, like de-shopping and lost-in-transit fraud and item not as ordered fraud. It’s easy to get confused about what is what.”
The Normalization of Consumer Fraud
Amid these variations, one of the most troubling commonalities is that first-party fraud is often committed by ordinary consumers. These individuals frequently feel justified in committing fraud because of their financial circumstances, and they too often find validation on social media.
For example, during the “infinite money glitch” that occurred two years ago, users discovered they could deposit fraudulent checks at JPMorgan Chase ATMs and withdraw funds before the check bounced. Posts promoting the exploit went viral on TikTok, but the so-called “glitch” was simply check fraud that resulted in widespread financial losses, frozen accounts, and legal action.
Unfortunately, many of these fraudulent acts go unpunished—and when consumers successfully commit first-party fraud once, they are often more likely to do so again.
“It’s unfortunate because we’re at a point where people are justifying it almost like a twisted sort of Robin Hood theory, that these big companies and big banks make billions and trillions of dollars, so what does it matter if I take all this money?” Pitt said.
“What it hurts is the general customer as well as the business,” she said. “Organizations aren’t going to just keep taking losses, they build those losses in by raising prices or making it more difficult for other customers by adding things like step-up authentication.”
Building a Proactive Strategy
While reactive responses may be appropriate in certain scenarios, businesses are often better served by taking a proactive approach to first-party fraud prevention.
“When I talk to a lot of organizations—whether it’s banks, vendors, or credit card companies—one of the questions I ask is, ‘When do you educate your customers about fraud?’ Like what fraud is, if this transaction looks like fraud, education about how to not be a victim, and how you protect your information,” Pitt said.
“Probably over half the time the answer is, ‘We tell them after the fraud has occurred,’” she said. “By that time, it’s too late.”
A forward-looking approach should include educating customers during onboarding and throughout the relationship about the various forms of first-party fraud and their consequences. This messaging becomes especially important when a customer begins to exhibit warning signs.
“If you’re starting to see a lot of purchases within a short period of time and frequent refunds that maybe that customer hasn’t done before—it’s not within their behavioral context or their normal behavior—start to educate them on what’s going on,” Pitt said. “Is this OK? Is this first party fraud? Educate them about what those things are and be up front with them.”
“We need to educate consumers better when they sign up for accounts that if you do this, it is considered fraud. You will be blocked from the account and not able to use our services anymore,” she said.
