The new face of fraud: why first-party risk is rising

Five years ago, most financial institutions worried about outsiders: stolen cards, hacked accounts, compromised credentials. Today, the risk is closer to home. First-party fraud – where your own customers are either manipulated or complicit – is becoming the defining challenge.

This shift changes everything: how we detect fraud, how we organise teams, and where we invest in technology.

‍

Card scams vs account-to-account scams

Not all scams are equal. How they show up depends on the payment method.

Cards → Fast, transactional, lower-value. Customers believe they’ve found a deal too good to miss – a laptop for £500, a bargain that never arrives.

Account-to-account (A2A) → Slow, relationship-driven, higher-value. Victims are groomed for months through romance or investment scams. When they finally move money, it’s often in five figures.

Card scams are a data problem: you can analyse patterns and block suspicious merchants.

A2A scams are a human problem: the real challenge is breaking the psychological spell victims are under.

‍

Why first-party fraud needs new playbooks

Traditional fraud management was built for clear-cut third-party cases. Spot the anomaly, block the card, move on.

First-party fraud isn’t so simple:

- Victims may also be mules.

- Fraudsters may look like genuine customers.

- Cases straddle fraud, AML, and compliance.

That complexity demands multi-skilled teams and joined-up processes. The old model of separate fraud and AML units no longer works.

‍

Scaling smarter: automation over headcount

This shift to first-party fraud means teams face not just higher volumes, but a wider variety of scams – each with its own patterns and behaviours. Scaling by headcount won’t keep up. The smarter path is automation.

The best teams scale with new scam types, not volume. Each demands upfront investigation, rules, and playbooks – but once understood, automation takes over, and over time models refine what humans can’t see.

Think of it as a conveyor belt of automation: new scams are contained quickly, lessons are hardwired into permanent controls, and efficiency compounds with every cycle.

‍

Fraud isn't going away - but your response can change

Fraud is evolving. From outsiders attacking your customers, to customers themselves being the risk. From transactional card scams to long, manipulative A2A scams.

The institutions that will thrive are those that act on this shift:

- Recognise first-party fraud as a structural change, not a passing trend.

- Organise teams around the complexity of scams, not just transaction volumes.

- Turn every lesson into automation so defences improve continuously.

‍

At Fortify, this is exactly what we're building towards - systems of action that help fraud teams adapt faster, act smarter, and protect customers when the old playbooks no longer work.

‍