See if your information has been exposed in a data breach with our latest free tool Check Now
Finance glossary

What is third-party fraud?

Bristol James
3 Min

Third-party fraud, also known as identity theft, occurs when someone’s personal information is used without their permission to obtain credit or goods. This type of fraud encompasses both the unauthorized use of an individual’s existing identity and the creation of fabricated identities using stolen or false information.

How does third-party fraud work

Third-party fraud, commonly known as identity theft, occurs when an individual’s personal information is illegally used by a third party to gain access to resources, credit, or products.

Criminals perpetrate third-party fraud by various means, including hacking into accounts using stolen credentials acquired through phishing or purchased on the dark web. Alternatively, they may exploit someone’s personally identifiable information (PII) to open accounts or access goods and services.

The prevalence of online services has led to an abundance of PII available on the internet, some of which ends up compromised or on the dark web, fueling instances of third-party fraud. Often associated with fraud rings or organized crime, third-party fraud schemes are frequently part of larger, coordinated operations.

Common types of third-party fraud

These are the most common types of third-party fraud:

  • Synthetic identity creation (SIC): This scheme entails the fabrication of false identities by fraudsters, who collect real people’s information and manipulate it to craft entirely new identities not associated with any real individual.
  • Account takeover fraud (ATO): This third-party fraud scheme involves a criminal seizing control of a consumer’s account, typically gaining access to sensitive information like PIN numbers. This allows them to manipulate account settings, such as addresses or passwords, and may even lead to unauthorized withdrawals.
  • Credit card fraud: This scheme encompasses any fraudulent transaction using a credit card for payment. While often linked with identity theft, credit card fraud can also occur when legitimate consumers make purchases without intending to pay, known as chargeback fraud or friendly fraud.
  • False identity fraud: This type of fraud involves using fabricated identities by individuals to perpetrate criminal acts such as creating counterfeit credit cards, applying for loans, or opening bank accounts.
  • New application fraud: This type of third-party fraud occurs when a perpetrator applies for a credit card under a victim’s name and subsequently uses the card for illegal purchases of goods and services.

What’s the difference between first, second, and third-party fraud?

What sets apart first, second, and third-party fraud is how they are carried out. First-party fraud occurs when individuals manipulate their own personal details or create synthetic identities to deceive, often to obtain loans or credit lines.

Second-party fraud entails the unauthorized use of credentials or data obtained with the owner’s permission. Additionally, second-party fraud encompasses practices like money muling, where individuals allow their bank accounts to be used for financial transfers in exchange for nominal compensation.

Third-party fraud, in turn, involves illegally using someone else’s information obtained without their permission. In this type of scheme, fraudsters assume a completely different identity.

How to prevent third-party fraud

Both individuals and organizations can take measures to prevent third-party fraud.

Individuals can start by implementing basic security measures such as using strong, unique passwords, installing cybersecurity software, and exercising caution when connecting to public Wi-Fi networks. Becoming aware and staying vigilant of common fraud tactics, like phishing emails and fake websites, is also crucial in mitigating risks associated with identity theft.

On the business front, effective third-party fraud detection entails a combination of technological solutions and staff training. While advanced technologies like machine learning and Open Source Intelligence (OSINT) play a significant role, employee training and cybersecurity awareness are equally vital in combating evolving fraud tactics.

As fraudsters continually devise new strategies, both individuals and businesses must remain vigilant and proactive in adopting innovative fraud prevention measures to stay ahead of potential threats.


  • Third-party fraud, or identity theft, occurs when personal information is used without consent to obtain credit or goods. It involves the unauthorized use of existing identities or the creation of fabricated ones.
  • It is perpetrated through hacking, exploiting personally identifiable information, or fabricating false identities.
  • Common types of third-party fraud include synthetic identity creation, account takeover fraud, credit card fraud, false identity fraud, and new application fraud.
  • Third-party fraud is often associated with organized crime.
  • Prevention strategies for individuals include strong passwords, cybersecurity software, and awareness of common fraud tactics.
  • Businesses should focus on combining technological solutions and staff training to detect and combat evolving fraud tactics.


Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.