A meaningful share of the loans your risk team writes off as bad credit were never credit problems at all. They were first-party fraud. The borrower fabricated their income, doctored a bank statement or invented an employer at onboarding, took the money and never intended to pay a cent back. Twelve months later it lands in your portfolio as a charge-off, your credit model quietly absorbs it as risk, and the person who actually caused it walks away clean.
This is the quiet, expensive truth about first-party fraud credit losses: they hide inside your credit-loss line. Experian put it well earlier this year, calling first-party fraud “a silent drain on profitability” for many banks, because on paper it looks like classic credit risk. An account books, goes delinquent and charges off (Experian Insights, February 2026). Same shape, completely different cause.
We work with European lenders every week, and this misclassification is one of the most under-discussed problems we see in risk management. It starts at the document layer, which is exactly where nobody is looking.
What first-party fraud actually is (and why it disappears into credit risk)
First-party fraud is when someone uses their own real identity but lies about their financial situation to get credit they would never otherwise qualify for. Not a stolen identity. Not a synthetic one. The applicant is exactly who they say they are. What is fake is the picture they paint of themselves.
We covered the full taxonomy in our explainer on the 3 types of fraud, including first-party fraud. The short version: they inflate income, fake employment or fabricate a financial situation to land a loan. The open-banking provider Tink describes it the same way, treating inflated income and faked employment as the textbook examples in lending.
So why does it vanish into your credit numbers? A third-party fraudster who steals an identity gets flagged the moment the real person disputes the account. There is a victim, a complaint, a clean fraud tag. First-party fraud has nobody raising their hand. The borrower is real, the account is theirs and when they stop paying, the only thing your system sees is non-payment. Your collections team chases it, your model logs it, the loss gets stamped “credit” and the fraud that caused it never gets counted. Nobody set out to mislabel it. The plumbing just routes it there by default.
The numbers are bigger than most risk teams assume
This is not a rounding error. LexisNexis Risk Solutions, in its annual Cybercrime Report covering 104 billion global transactions, found that first-party fraud became the single leading fraud type worldwide in 2024, representing 36% of all reported fraud, up from just 15% the year before (LexisNexis Risk Solutions, May 2025). That is more than a doubling in one year. It is now bigger than account takeover and bigger than scams.
On the loss side, Equifax estimates first-party credit abuse drives more than $6 billion in annual losses across major US lending sectors, and says plainly that it is “often miscategorized as standard credit loss, making it difficult to detect in a lender’s portfolio” (Equifax whitepaper, February 2026).
The tell is the early default. The ProSight Financial Association analyzed irregular bankcard charge-offs and found early default losses made up 73% of all irregular losses in Q2 2024, with losses from prime-and-above borrowers up 62% between 2019 and 2023 (ProSight Financial Association). Read that again. The fastest-growing slice of suspect losses came from borrowers with good credit scores. People who looked perfectly creditworthy on the application, because they had documents that said so.
Why “credit loss” is a comfortable place to hide a fraud problem
There is an institutional reason this misclassification sticks around, and it is not laziness. Credit loss is a known, modeled, budgeted-for category. Every lender expects a certain default rate. It is priced into the interest rate. A charge-off that lands in the credit bucket gets absorbed without anyone asking awkward questions.
A fraud loss is a different conversation entirely. It implies a control failed. It implies someone got fake documents past onboarding. It triggers reviews, maybe a regulator’s attention and definitely an uncomfortable meeting. So the path of least resistance is to leave it in credit loss, where it reads like a cost of doing business rather than a hole in your defenses.
I have watched this play out from both sides. Before VerifyPDF I spent years in finance, and I can tell you the instinct to “let the model handle it” is strong. Here is the problem: the model is the exact thing that gets poisoned.
What the misclassification hides from your risk models
This is the part that should worry any head of credit risk, because the damage compounds.
When fraud is booked as credit loss, your credit model learns from a contaminated outcome. It sees a borrower with a given profile defaulting and concludes that profile is risky. The next applicant who looks similar, but who is completely honest, gets a worse score, a higher rate or a flat rejection. Oscilar described this feedback loop precisely: a misclassified fraud loss “contaminates models,” weakening each decision, so every cycle runs on slightly worse information than the one before it.
The costs stack up fast:
- Your fraud exposure is understated. You cannot manage what you cannot see. If 20% of your charge-offs are really fraud and you have them filed as credit, you will keep tuning credit policy and never once touch the actual leak.
- Your credit model degrades. It is training on mislabeled data. Garbage in, conservative credit policy out.
- You over-tighten on the wrong people. The natural response to rising charge-offs is to raise the credit bar. That rejects good honest borrowers while the fraudsters, who show up with clean fabricated documents, sail straight through.
- You never fix the entry point. The fraud got in through a fake document at onboarding. If you never label it as fraud, you never go back and shut that door.
That last one is the whole game. Every single one of these losses walked in as a piece of paper, a payslip, a bank statement or a tax assessment that nobody actually checked.
How to tell fraud-loss from genuine credit-loss
You cannot wipe out first-party fraud entirely, but you can stop misfiling it. The signals are right there if you bother to look. Here is how we coach lenders to separate the two:
- Look at the timing. A genuine credit loss usually follows a story: the borrower paid for a while, hit a life event, fell behind, then defaulted. First-party fraud tends to charge off fast with little or no payment activity. The ProSight data flagged exactly this, rapid balance-building in the first months paired with barely any payment. An early default with a strong credit score on file is a fraud signal, not a credit one.
- Re-examine the onboarding documents. This is the step most teams skip. Pull the original bank statement or payslip from the application and run it through document forensics. A file created in an image editor instead of banking software, carrying mismatched metadata or altered text layers, tells you the income was never real. We wrote about why manual checks miss these subtle forgeries while automated analysis catches them at the byte level.
- Cross-reference the application against itself. Did the declared salary on the payslip match the deposits on the bank statement? Did the employer even exist? First-party fraud almost always leaves internal contradictions, because the fraudster is stitching a fiction together from separate forged parts.
- Tag it properly when you find it. When a charge-off shows fraud markers, label it fraud in your data, not credit. It is the unglamorous step, and it is the one that quietly fixes the model over time.
The Boston ring we wrote about is a textbook case of what slips through. That scheme ran for seven years on fake payslips, rented tradelines and forged bank statements, and every one of those defaults would have read as ordinary credit loss to an automated portfolio review.
Fixing it at the document layer is revenue protection, not compliance theatre
Most conversations about document verification get filed under compliance: AML, KYC, the regulatory checklist. That framing undersells it badly. Catching first-party fraud at onboarding is not a compliance cost. It is direct protection of your loss line.
Think about the economics for a second. A first-party fraud loss is a 100% loss of principal, booked fast, with no recovery, because the borrower was never going to pay and the income you would garnish often never existed. Now compare that to the cost of verifying the document that let them in: a few cents and a few seconds. The ROI is not close. It is not even in the same postcode.
This is also why fixing it at the document layer beats fixing it at the model layer. Open-banking income verification helps, and the data backs it up: Tink reports first and third-party fraud dropping by up to 70% for customers who verify income through bank-account data rather than uploaded payslips.
But plenty of European lenders still take PDF documents, and they will for years, because not every applicant consents to an account connection and not every product supports one. As long as a PDF comes through the door, that PDF needs verifying. The alternative is paying for the fraud twice: once in the loss itself and again in the polluted model that misprices everyone who applies after.
At VerifyPDF we pull apart the internal structure of every document, the metadata, the content layers, the fonts and the cross-document consistency, and hand back a risk rating in under five seconds. The point is not to bolt on another gate. It is to make sure that when you do book a loss, you actually know what kind of loss it was.
Stop paying for fraud you have labeled as credit
Here is the reframe I would leave you with. Every basis point you shave off your fraud-as-credit losses goes straight to the bottom line, and it gets there twice: once by stopping the loss, once by un-poisoning the model that prices your whole book. That is not a compliance win. That is margin.
So the question worth raising in your next risk meeting is not “how do we lower our default rate”. It is “how much of our default rate is actually first-party fraud we never caught at the front door”. If you have never run your charged-off applications back through document forensics, you genuinely do not know the answer. And in my experience the honest guess is higher than anyone in the room wants it to be.
Want to find out what your onboarding documents really look like? Try a free document check or talk to us about running verification across your application flow. Your credit model will thank you.