Open Menu Close Menu

Third-Party FraudCriminal Fraud Goes Far Beyond Identity Theft

David DeCorte
David DeCorte | April 22, 2025 | 11 min read

This featured video was created using artificial intelligence. The article, however, was written and edited by actual payment experts.

What is Third-Party Fraud?
  1. Articles
  2. eCommerce Fraud
  3. Third-Party Fraud

In a Nutshell

No consumer wants to become a victim of identity theft. When they do, however, merchants pay a high price, as well. Identity theft is just one form of third-party fraud, but there are many others to know about. In this post, we’ll show you ways to recognize third-party fraud and protect your business.

What Is Third-Party Fraud? How Does It Impact Merchants?

Your business is doing well. You’ve had a profitable month, with a couple of big sales to brand-new customers.

Everything looks rosy... until you get hit with a notification saying those two new customers weren’t real customers at all. They were scammers, and the real cardholders were victims of identity theft.

This is a textbook example of third-party fraud. In other words, stolen credentials were used by unauthorized third party for making a purchase.

How does this happen? Who’s liable for the damage? Let’s take a look at what constitutes third-party fraud and what differentiates it from other types of payment fraud. We’ll also look at some preventative measures merchants can take to protect their businesses.

Recommended reading

What is Third-Party Fraud?

Third-Party Fraud

[noun]/THərd • pär • dē • frôd/

Third-party fraud refers to any crime committed by using false identification to pose as another person or organization, without that party’s knowledge or authorization.

With third-party retail fraud, criminals hide behind a false identity. The fraudster can pose as a legit cardholder, or use data points from different users to create a completely synthetic profile.

Third-party tactics are often used to facilitate transaction fraud. Cyber-criminals use that stolen info to take over existing accounts, or open accounts without the victim’s knowledge. These are often credit card accounts that can then be used to make purchases.

That's not true in every case, though. Criminals have even been known to apply for major loans and mortgages under false identities, for example, which also constitutes third-party fraud.

First-Party, Second-Party, or Third-Party Fraud: What’s the Difference?

TL;DR

There’s a distinction between first-party, second-party, and third-party fraud. Third-party fraud involves a perpetrator using stolen or falsified information without the legitimate cardholder's involvement, or even creating fraudulent accounts.

Since third-party fraud exists, it stands to reason there would be first- and second-party fraud as well.

First-Party-Misuse

First-Party Fraud

First-party fraud is any kind of fraud committed by the actual cardholder or another authorized user. For instance, if a valid purchase is made, but the buyer disputes the transaction at a later date, that is a case of first-party fraud.

Learn more about
first-party fraud

Friendly-Fraud

Second-Party Fraud

Second-party fraud is similar, except that the claims are made through an accomplice. The second person is used to mask the identity of the fraudster. For example, a cardholder lends their information to a scammer, and then later reports the activity as unauthorized.

Learn more about
second-party fraud

Did You Know?

3% of all online orders in the past 12 months turned out to be fraudulent.

The primary difference with third-party fraud is that the legitimate owner of the information isn’t involved at all. In fact, there may not even be a legitimate cardholder;  the fraud may originate with a falsified account. All totaled, 38% of financial crimes committed in 2022 were attributed to third-party fraud.

50
50
50 Insider Tips for Preventing More Chargebacks

In this exclusive guide, we outline the 50 most effective tools and strategies to reduce the overall number of chargebacks you receive.

Get the FREE guide

Common Types of Third-Party Fraud

The term third-party fraud is often used interchangeably with “identity theft.” This is a bit of an oversimplification, though.

The truth is that there are dozens of different third-party fraud tactics out there. Here’s a rundown on some common third-party fraud schemes you might encounter:

Account Takeover Fraud

A fraudster gets unauthorized access to a victim's account. Once in control, the fraudster can make unauthorized transactions, steal personal information, or exploit the account for further fraudulent activities.

Learn more about account takeover fraud

Address Fraud

A fraudster changes the billing or shipping address associated with a victim's account to intercept goods or sensitive account information. This tactic is often used to reroute deliveries or gain access to mail that can then be exploited for further fraudulent activities.

Learn more about address fraud

Affiliate Fraud

Individuals exploit affiliate marketing programs through dishonest tactics to generate unwarranted commissions. This can include methods like cookie stuffing, fake leads, or click fraud to manipulate performance metrics.

Learn more about affiliate fraud

BIN Attack

A BIN (Bank Identification Number) attack involves cybercriminals using the first six digits of a credit or debit card, which identify the issuing bank and card type, to generate fake card numbers. These numbers are then tested to identify valid cards to exploit for fraudulent transactions.

Learn more about BIN attacks

Biometric Spoofing

Replicating a person’s biometric data, such as fingerprints, facial features, or iris patterns, to bypass security systems. Cybercriminals may think outside the box and use “creative” techniques like making fake fingerprints or masks to fool biometric authentication technologies.

Learn more about biometric spoofing

Business Email Compromise (BEC)

Attackers gain access to a legitimate business email account. Then, they deceive employees or partners into transferring funds or sharing sensitive information. These schemes can be parleyed into social engineering to impersonate trusted individuals, like executives or vendors, creating added pressure to comply.

Learn more about BEC

Bust-Out Fraud

The fraudster starts by slowly building up credit or trust with financial institutions. Then, they max out credit cards, overdrafts accounts, or takes out loans with no intention of repayment, and disappear (or “bust out”), leaving the bank holding the bill.

Learn more about bust-out fraud

Buy Now, Pay Later Fraud

Buy now, pay later (BNPL) fraud occurs when malicious actors exploit deferred payment platforms to make purchases while having no intention of repaying the loan. Fraudsters may use stolen identities or compromised accounts to bypass verification processes.

Learn more about BNPL fraud

Card Testing

Criminals test stolen or generated credit card numbers by making small purchases or transactions. Once they confirm the card is active, they proceed to make larger, unauthorized purchases or sell the valid card details on illicit markets.

Learn more about card testing

Clean Fraud

The use of legitimate, stolen credit card information to make a purchase that appears authentic. Fraudsters can usually make it so the transaction passes standard security checks by using accurate card details and billing information.

Learn more about clean fraud

Fraud as a Service (FaaS)

Fraud as a Service (FaaS) refers to an illicit business model where cybercriminals offer tools, services, or expertise to enable others to commit fraud. we’re talking about phishing kits, stolen credit card information, or even complete guides on executing fraud schemes.

Learn more about FaaS

Gift Card Fraud

Scammers buy gift cards with stolen credit card information, or using social engineering tactics to trick victims into buying gift cards and sharing the codes. Gift cards have become a common target, since gift card transactions are hard to trace and often irreversible.

Learn more about gift card fraud

Man-in-the-Middle (MitM) Attack

Someone secretly intercepts, and even alters communications between two parties who believe they are only communicating with each other. The goal is to eavesdrop and compromise sensitive information like login credentials or financial data.

Learn more about MitM fraud

New Account Fraud

A fraudster uses stolen or fabricated personal information to open a new bank account or take out a loan. The fraudster often makes a quick volley of purchases or takes out funds, then disappears, leaving the victim on the hook for the losses.

Learn more about new account fraud

Overpayment Fraud

A scammer intentionally sends a payment that exceeds the required amount for a product or service. They then request that the overpaid amount be refunded, typically through a different payment method. The original payment is then reversed once discovered by the actual cardholder.

Learn more about new overpayment fraud

Package Redirection Scam

A fraudster intercepts a delivery by changing the shipping address after placing an order (often using stolen payment information). They trick the merchant or shipping company into rerouting the package to an address they control. Similar to triangulation fraud, but it happens post-transaction.

Learn more about package redirection

Phishing

Scammers impersonate legitimate entities (using fake emails, text messages, or websites designed to appear authentic) to trick individuals into revealing sensitive information. Once the victim provides their information, the attacker can use it for fraudulent activities like identity theft or unauthorized transactions.

Learn more about phishing

Promo Abuse

Individuals exploit promotional offers or discounts intended for genuine customers. We’re talking everything from creating multiple accounts to claim multiple single-use discounts, to using invalid information to access restricted deals.

Learn more about promo abuse

Push Payment Fraud

Here, a scammer tricks a victim into transferring money to them, often by masquerading as a legitimate entity. Scammers use persuasive tactics — think urgent requests or false claims of unpaid bills — to pressure victims into making payments without thinking through the situation.

Learn more about push payment fraud

Social Engineering

The goal here is to exploit human psychology and gain access to sensitive information or systems. This often involves tricking individuals into bypassing security protocols by creating a sense of urgency, trust, or fear.

Learn more about social engineering

Synthetic Fraud

Synthetic fraud involves creating a fake identity by combining real and fabricated information. A fraudster might use a legitimate Social Security Number (SSN) paired with a fake name and address to build a false identity and open accounts, access credit, or commit financial crimes undetected.

Learn more about synthetic fraud

Triangulation Fraud

The scammer sets up a fake online storefront to lure unsuspecting customers. The fraudster then uses stolen credit card information to buy items from legitimate retailers and ship them to customers. I guess you can think of it like “dark dropshipping,” in a sense.

Learn more about triangulation fraud

Having trouble differentiating different types of fraud?

More and more merchants are finding that the right outside provider can tie up fewer resources and deliver a higher ROI.

Request a Demo
The Original End-to-End Chargeback Management Platform

Third-Party Fraud Red Flags

TL;DR

Fraud red flags include unusual behaviors such as mismatched billing and shipping addresses, multiple declined payment attempts, or requests for overnight shipping on costly items. While these indicators are not definitive proof of fraud, they warrant further scrutiny when several occur together.

With that big list of tactics we just outline above, you might’ve already guessed that there’s another list a mile long of “red flags” suggesting a transaction might be fraudulent.

You’re not wrong there; each tactic has it’s own telltale signs that may help expose an attack. That said, there are some common red flags that will help you identify most fraud attacks:

  • Transactions with abnormally high dollar values
  • Repeated transactions for small amounts in rapid succession
  • Mismatches of shipping and billing address
  • Multiple declined payment attempts
  • Unfamiliar IP addresses or unusual locations
  • Emails from obscure or disposable domains
  • Vague or incomplete contact details
  • Requests for overnight shipping on expensive items
  • Multiple accounts linked to the same device or IP address

None of these should be considered absolute proof of fraud. But, when you see multiple red flags flying... it’s probably wise to subject that order to additional screening.

How to Identify Third-Party Fraud

TL;DR

Fraud detection tools like fraud filters and fraud scoring can help identify potentially fraudulent transactions by analyzing customer profiles and behaviors. These tools are essential for protecting businesses from scams and reducing chargeback rates.

Each category of fraud requires its own approach to prevention. First-party fraud, for example, happens post-transaction. Combatting it requires contesting invalid customer claims, or using an alerts program to catch disputes before they escalate to formal chargebacks.

In contrast, third-party fraud needs to be countered at the verification stage, before the transaction is completed. Conducting due diligence to investigate and pinpoint the red flags outlined above can be difficult and time-consuming, though. The good news is that you can largely automate that process.

Advanced fraud filters employ artificial intelligence and machine learning to verify that a cardholder’s documents are genuine. Detailed customer profiles can be used to help identify any actions that seem to be out of character or don’t match the buyer’s purchase history.

Learn more about fraud filters

You can then take those customer profiles and subject them to fraud scoring. This will look at all the key indicators, weigh the potential risk, and give you a simple numeric score between 0 and 100 to say how likely it is that a transaction is a scam. You can then choose to reject those orders automatically, or set them aside for manual screening.

Learn more about fraud scoring
Chargebacks
Everything You Need To Know A Beginner’s Guide to Chargebacks

Chargebacks can wreak havoc on your cash flow and profitability. This FREE paperback book is your guide for preventing chargebacks and, when they happen, fighting them more effectively.

Send Me My Free Paperback Book!

Preventing Third-Party Fraud

TL;DR

Stopping third-party fraud is most effective during the verification stage, before transactions are completed. Effective fraud prevention requires the strategic use of tools and methodologies tailored to the specific challenges faced.

Simply put, the best way to prevent third-party fraud is by validating buyers. As a merchant, you can’t stop identity theft from happening. What you can do is put a system in place to recognize it prior to a transaction. 

There are a number of tools available to help identify risky transactions. Deploying the right fraud prevention solution is as vital as adopting the right internal processes. Here are some suggestions:

3-D Secure

Implementing 3-D Secure 2.0 technology provides an added level of security by validating the buyer’s identity using a second authentication factor.

Address Verification Service

Address Verification Service (AVS) automatically checks the billing address listed in the transaction against the address registered with the issuing bank.

Device Fingerprinting

Device fingerprinting identifies devices based on unique qualities. Some of these indicators include device configurations, hardware specs, and installed software.

Card security codes

Card security codes (CVV2) help ensure the shopper has physical possession of the card. These codes cannot legally be stored by either merchants or processors.

Velocity Limits

Velocity limits, or velocity checks, scan for potential fraud based on the rate at which a buyer submits multiple transactions.

Learn more about fraud detection

In addition to the above tools, make a habit of assessing and analyzing the methods by which people present their identity. This may help detect suspicious buying activity, inconsistencies, or patterns similar to past instances of known fraud.

Important!

The point at which you can stop a third-party fraud attack is the verification stage, before the transaction is finalized.

Fraud prevention is about combining the right tools and the right approach to combat the specific issues you’re dealing with.

But, you’ve got to be clear eyed about the situation here. Criminals get more sophisticated all the time, and staying up-to-date on the latest risks can be a full-time job on its own. So, even with the best strategy in the world, your business will still be susceptible to fraud.

The experts at Chargebacks911® are constantly uncovering new fraud threats and developing innovative strategies and technologies to combat them. This includes not only third-party fraud, but fraud from all other sources.

Need a hand preventing third-party fraud and the resulting chargebacks? No worries: we can help. Contact us today for a free demo.

FAQs

What is third-person fraud?

Third-party fraud refers to crimes committed by using false identification to pose as another person or organization, without that party’s knowledge or authorization.

The fraudster typically poses as an actual cardholder, but sometimes uses a completely synthetic profile. Cyber-criminals take the personal information of one cardholder (or even several different cardholders) and either take over existing accounts or open accounts without the victim’s knowledge.

What are examples of third-party fraud?

Common types of 3rd-party fraud include identity theft, account takeover, synthetic fraud, loan stacking, and new account fraud or application fraud. These are the general strategies used, but specific tactics can vary significantly.

What's the difference between first- and third-party fraud?

With third-party fraud, the perpetrator pretends to be someone else, using stolen personal data for unauthorized purchases. The owner of the identity is a victim, unconnected to the crime. With first-party fraud, the fraudster is using their actual identity, but misrepresents the facts of their claim to get something (such as a refund) they don’t deserve.

What is considered a third-party transaction?

A third-party transaction occurs when a separate entity facilitates or handles a transaction between two primary parties. This often involves a payment processor, financial institution, or another intermediary that ensures the exchange is completed securely. For example, when a consumer uses a payment service provider to make a purchase, the provider acts as the third party in the transaction.

How can third-party fraud be prevented?

Third-party fraud can be prevented by implementing robust security measures such as multi-factor authentication and encryption to protect sensitive data. Businesses should also monitor transactions for suspicious activity using advanced fraud detection tools powered by artificial intelligence and machine learning. Additionally, educating consumers and employees about recognizing phishing attempts and other scams can significantly reduce vulnerability to fraud.

Ready to get started?
We Take the Guesswork Out of Chargeback Management
You might also like...
Fake Google Review
April 23, 2025 | 9 min read

Fake Google Review

Fake Google Reviews: How to Identify, Remove & Prevent

eCommerce Fraud
New Account Fraud
April 17, 2025 | 11 min read

New Account Fraud

How New Account Fraud Works: Red Flags & How to Prevent it

eCommerce Fraud
Review Fraud
April 11, 2025 | 9 min read

Review Fraud

Review Fraud: How it Works & How to Get Rid of Fake Reviews

eCommerce Fraud
Join the conversation
Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
Ready to get started?
We Take the Guesswork Out of Chargeback Management

Information

Information

Resources

Company

Contact Us

United States

18167 US Highway 19 N
Clearwater, FL 33764

877.634.9808
[email protected]

Europe

Vantage House
6-7 Claydons Lane
Rayleigh, Essex, SS6 7UP

+44 (0) 2037 505550

877.634.9808

PCI Compliant

Copyright © 2025 Chargebacks911®

Privacy Policy | Terms & Conditions

We’ll run the numbers; You’ll see the savings. Stop losing money to chargebacks. Let us show you how much you could save.
Have a question? Give us a call to speak with an expert. 877.634.9808
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
OSZAR »