First-Party Fraud: The Applicant Is Real. The Application Isn’t.
The fastest-growing fraud category in banking is committed by people using their own names.
LexisNexis Risk Solutions measured first-party fraud at 36% of all reported fraud in 2024, up from 15% a year earlier. It has overtaken scams as the leading form of fraud attack globally. And it is close to invisible to the systems most banks call a fraud program, because those systems are built to answer one question: is this person who they say they are?
For first-party fraud, the answer is yes. That's the problem.
The lie isn't the identity. It's everything else.
First-party fraud is a real person misrepresenting facts or intent for financial gain. The name, the SSN, the date of birth: all genuine. What's false is the income figure, the undisclosed debt, the chargeback claim, or the intention to ever repay.
The taxonomy is broader than most bankers expect. Application fraud: inflating income or hiding obligations to qualify. Friendly fraud: disputing purchases that arrived just fine. Never-pay: borrowing with no intention of repayment. Bust-out: months of model behavior, then every line drawn at once. Different schemes, one common trait: a legitimate identity at the center.
Economic pressure feeds it. Inflation and cost-of-living stress turn otherwise ordinary customers into rationalizers. Inflating income by 20% to qualify for the house doesn't feel like fraud to the person doing it. On your books, it performs exactly like fraud, two years later, as a default you priced as prime.
Why your fraud program can't see it
Walk through what happens when a first-party fraudster applies. KYC verifies the identity: pass, it's real. Watchlist screening: clean, they're not a criminal, they're a schoolteacher who added $30,000 to their income. Document review: the paystub looks right, because paystub templates are a commodity. The verbal VOE: the number rings to a cooperative friend, or the real employer confirms employment without confirming wages.
First-party fraud walks through KYC untouched. The identity is real; the lie is in the facts around it.
Then the loan defaults, and here's the quiet part: the loss books as a credit loss, not a fraud loss. No identity theft victim ever calls to dispute anything. The file goes to collections, the charge-off goes in the credit bucket, and the fraud team never studies the case. LexisNexis puts the true cost at more than $5 for every $1 lost, and at community banks the miscategorization means nobody is even counting the $1.
Fannie Mae's numbers show the concentration point: income misrepresentation is 46% of confirmed mortgage fraud findings, year after year. Most of that is first-party. It's also the share of the 1-in-116 problem that no identity product will ever fix.
What actually catches it
The control that works follows a simple principle: verify the claims, not just the claimant.
Income verified at the payroll source can't be inflated, no matter how good the paystub template is. Employment confirmed through the payroll system of record bypasses the cooperative phone number entirely. Bank transaction data, pulled with consent, surfaces the undisclosed mortgage payment and the three BNPL obligations that never made it onto the application. None of this asks whether the person is real. It asks whether their story is.
Verify the claims, not just the claimant. A first-party fraudster can pass every identity check you own. They can't make a payroll system report income that doesn't exist.
Community banks have a structural exposure here worth naming honestly: relationship lending. The assumption that we know our customers is real strength in a market and real weakness in an application file, because familiarity substitutes for verification exactly where first-party fraud lives. The teller has known the applicant for years. The applicant has never lied to the bank before. The income figure goes unchecked.
Source verification doesn't require abandoning the relationship model. It requires backing it with data: the same one-link verification that speeds files up happens to be the only control category that touches first-party fraud at all. Banks usually buy verification automation for the hours it saves. Against the fastest-growing fraud category in the industry, it's also the only defense on the field.