Second-Party Fraud
TL;DR
- Second-party fraud = Fraud involving an authorized user or collusion between parties
- Common patterns: AU abuse (primary + AU working together), merchant collusion, "friendly" family fraud
- Detect via: AU spending different from primary, same AU on multiple accounts, disputes only on AU transactions
- Different from first-party fraud (single fraudster) and friendly fraud (chargeback abuse)
Fraud involving authorized users or collusion between parties.
Definition
Second-party fraud occurs when fraud is committed with the knowledge or participation of someone authorized to access an account, but who is not the primary account holder.
Common Patterns
Authorized User Abuse
An authorized user on an account commits fraud:
- Makes purchases knowing the primary won't pay
- Account was opened specifically to add fraudulent AU
- AU maxes out account, primary claims no responsibility
Example: Parent opens card, adds child as AU. Child makes purchases, parent disputes as "unauthorized."
Collusion Schemes
Two or more parties work together:
- Accomplice accounts – Primary and AU work together
- Merchant collusion – Customer and merchant split proceeds
- Employee collusion – Insider enables external fraud
"Friendly" Collusion
Family members or friends enabling fraud:
- Knowingly sharing credentials
- Allowing purchases with intent to dispute
- "Lending" identity for fraudulent applications
Detection Indicators
| Pattern | Indicator |
|---|---|
| AU velocity | Multiple AU additions in short period |
| AU pattern | Same AU appearing on multiple accounts |
| Spending pattern | AU spending dramatically different from primary |
| Dispute pattern | Primary disputes only AU transactions |
| Address mismatch | AU address differs from primary |
Investigation Approach
Questions to Answer
- Did the primary authorize the AU addition?
- Does the primary know the AU personally?
- Is the spending pattern consistent with the account history?
- Are there other accounts with similar patterns?
Evidence to Gather
- AU addition authorization records
- Communication between parties (if available)
- Spending pattern analysis
- Device/IP overlap between primary and AU
Prevention Strategies
- Verify AU relationships – Confirm relationship to primary
- Notify primary of AU activity – Real-time alerts
- Limit AU privileges – Spending limits for new AUs
- Velocity monitoring – Alert on AU abuse patterns
- Cross-account analysis – Identify same AU on multiple accounts
Related Topics
- First-Party Fraud - Single fraudster patterns
- Friendly Fraud - Chargeback abuse
- Account Takeover - Credential-based fraud
- Third-Party Fraud - Stolen card fraud
- Fraud Rings - Organized fraud attacks
- Velocity Rules - Pattern-based detection
- Device Fingerprinting - Cross-account linking
- Behavioral Analytics - Behavior pattern analysis
- Evidence Framework - Tier 1/Tier 2 indicators