Fraud 101: What Is Fraud?
Absolute basics for someone who has never looked at fraud: what is fraud, how is it different from other crimes, and why does it matter
By Benjamin, Fraud Attacks · Updated
Fraud is intentional deception to obtain money, goods, access, or information someone shouldn't have. Legally, it requires three elements: intent to deceive, a false statement or act, and resulting harm to a victim. This article covers what fraud is, who commits it, where attacks happen across the customer journey, and what working in fraud prevention actually looks like.
1. The Story
Elena was halfway through her afternoon queue when she stopped scrolling.
John Smith. $5 shoelaces. Account created eleven minutes ago.
She clicked into the session data. In those eleven minutes, he'd viewed 340 product pages. A page every two seconds. No human browses that fast.
She pulled up the device fingerprint. Same browser config she'd seen 23 times today. All new accounts. All small orders. All shipping to different residential addresses in Ohio.
The IP traced to a data center in Lithuania. Card passed AVS. Everything else screamed automation.
She ran the BINs from the day's flagged orders. Same issuer pattern across dozens of accounts. Restaurant breach, probably. They were testing which cards still worked. Five bucks ships, the card's good, they sell it for fifteen on a dark web marketplace.
The shoelaces were never about the shoelaces.
By 5 PM, Elena had blocked 847 orders. Over $4,000 in merchandise that would've walked out the door, plus the chargebacks that would've followed.
This story is fictional, but the patterns are real.
2. Why This Matters
This is where your journey into fraud begins.
If you're reading this, you're probably starting a career in fraud prevention, moving into a fraud-adjacent role, or just curious about how digital crime actually works. Whatever brought you here, understanding fraud isn't optional anymore. It touches every online business, every payment system, every customer interaction.
In 2024, U.S. consumers reported losing $12.5 billion to fraud across 2.6 million reports filed with the FTC, and 38% of those reports indicated an actual financial loss.[1] The FBI's Internet Crime Complaint Center logged 859,532 complaints that same year, totaling $16.6 billion in losses, a 33% jump over the prior year. Cyber-enabled fraud was responsible for roughly 83% of those losses.[2] Investment scams drove over $5 billion of the FTC total. Imposter scams accounted for nearly $3 billion more.[1]
Everything else in this learning center builds on these concepts.
3. What Is Fraud?
At its core, fraud is lying to get something valuable. That's it. A person (or bot, or criminal organization) deceives someone to obtain money, goods, access, or information they shouldn't have.
Three elements make something legally "fraud":
- Intent - The person meant to deceive (accidents don't count)
- Deception - They said or did something false
- Harm - Someone lost something because of it
Think of it like a counterfeit bill. The counterfeiter intends to trick you. The fake bill is the deception. You lose real money when you accept it. That's fraud.
What are the two big categories of fraud?
Third-party fraud is what most people picture: a criminal uses someone else's stolen identity or payment information. The victim is an innocent person whose data was compromised.
Elena's case is third-party fraud. Real cardholders had their numbers stolen. Criminals used those numbers. The cardholders are victims.
First-party fraud is trickier. Here, the "victim" is actually the perpetrator. A customer buys a TV, receives it, then calls their bank claiming "I never got it." They keep the TV and get their money back. The merchant loses both.
This is also called "friendly fraud" (though there's nothing friendly about it) or "chargeback fraud."
Hybrid fraud blurs the line. Maybe someone bought stolen account credentials, used them to make purchases, then filed a chargeback claiming they were hacked. Are they the victim or the criminal? Often both.
When the Merchant Is the Fraud
Most fraud training assumes the merchant is the victim. But sometimes the merchant is the problem.
Merchant fraud is when a business itself operates deceptively. They take payments and never ship products. They sell counterfeits as authentic goods. They charge cards without authorization. Customers usually get their money back through the chargeback system, so the real victims here are the acquiring banks and processors that ultimately absorb the chargebacks.
Bust-out fraud is more elaborate. A criminal sets up what looks like a legitimate merchant, processes transactions normally for a few months to build trust with payment processors, then suddenly maxes out their processing limits with stolen cards. By the time chargebacks roll in, the "merchant" has vanished with the money.
Payment processors and acquiring banks spend significant resources trying to spot these schemes before the bust-out happens.
4. Who Commits Fraud?
Fraudsters aren't a single type. They range from opportunistic individuals to sophisticated criminal enterprises.
The Opportunist
A regular customer sees a loophole. Maybe they realize they can claim packages never arrived, or abuse a generous return policy. They're not "criminals" in their own mind. They're just gaming the system.
Opportunists often escalate. What starts as one fake chargeback becomes a pattern. They share tricks with friends. Small losses become systemic problems.
The Professional
Professional fraudsters treat fraud as a job. They have tools, techniques, and specialized knowledge. They might focus on a specific attack type (carding, account takeover, refund abuse) and get very good at it.
Many work in loose networks, buying and selling stolen data, sharing methods, and collaborating on attacks.
The Organization
Organized fraud rings operate like businesses. They have roles: people who steal data, people who validate it, people who cash out, people who recruit money mules. They have supply chains, quality control, and customer service (for their criminal clients).
Some rings are local crews. Others span continents. The most sophisticated ones launder millions annually.
5. Where does fraud happen?
Fraud can hit almost any point in a customer journey. Here are the hot spots:
| Stage | What Happens | Example Attack |
|---|---|---|
| Signup | New account creation | Fake accounts for abuse or selling |
| Login | Accessing existing account | Credential stuffing, account takeover |
| Payment | Making a purchase | Stolen cards, card testing |
| Fulfillment | Receiving goods/services | Shipping to reshippers, claiming non-delivery |
| Refund | Returning or disputing | False claims, return fraud, chargebacks |
| Loyalty | Points and rewards | Points theft, promo abuse |
| Support | Customer service | Social engineering agents for refunds/access |
Criminals look for the weakest point. If your login is tight but your support team gives out password resets easily, they'll call support and lean on social engineering.
6. What does a fraud analyst actually do?
If you're fighting fraud professionally, your job has four parts:
Detect patterns that predict loss. You're looking for signals: velocity spikes, geographic impossibilities, device anomalies, behavioral mismatches. Elena spotted a browsing pattern that was mechanically impossible for a human. That was detection.
Decide what to do about it. Not every suspicious signal means fraud. You have to choose: approve, deny, or ask for more verification. Too aggressive, and you block good customers. Too lenient, and you eat losses.
Explain your reasoning. To colleagues, to managers, to auditors, sometimes to regulators or law enforcement. Your decisions need to be defensible. "It felt wrong" isn't enough. "The device fingerprint matched 23 other accounts created today from a Lithuanian data center" is.
Improve the system over time. Fraud evolves. Yesterday's rules become today's bypassed controls. You're constantly tuning, testing, and building new defenses.
7. Key Takeaways
- Fraud is deception for gain. Three elements: intent, deception, harm.
- Third-party fraud uses stolen identities. First-party fraud is the customer lying.
- Fraudsters range from opportunists to organized rings. Treat all of them seriously.
- Every customer touchpoint is an attack surface. Signup, login, payment, fulfillment, refunds, support.
- Your job: detect, decide, explain, improve. It's part pattern recognition, part judgment call, part continuous learning.
Next up: Common Fraud Types breaks down the specific attack methods you'll encounter.
8. Key Terms
| Term | Definition |
|---|---|
| Fraud | Intentional deception to obtain something of value |
| Third-party fraud | Criminal uses someone else's stolen identity or payment info |
| First-party fraud | Customer deceives the merchant (also: friendly fraud, chargeback fraud) |
| Merchant fraud | The merchant itself operates deceptively (fake products, unauthorized charges) |
| Bust-out fraud | Criminal sets up fake merchant, builds trust, then processes stolen cards and disappears |
| Card testing | Using small purchases to verify stolen card numbers work |
| Velocity | The rate of actions over time (high velocity often signals automation) |
| Device fingerprint | Unique characteristics of a browser/device used to identify repeat visitors |
| Chargeback | Customer disputes a charge with their bank, forcing merchant to refund |
| Money mule | Person who moves fraudulent funds, often unknowingly recruited |
9. References
1. FTC Consumer Sentinel Network Data Book 2024 (March 2025)↗ (pp. 4-5: $12.5B in 2024 fraud losses across 2.6M reports, 38% loss rate, over $5B in investment scams, nearly $3B in imposter scams)
2. FBI IC3 2024 Internet Crime Report↗ (pp. 4, 11: 859,532 complaints in 2024, $16.6B in losses, 33% increase over 2023, cyber-enabled fraud ~83% of losses)
Test Your Knowledge
Ready to test what you've learned? Take the quiz to reinforce your understanding.
Continue learning
- Fraud BasicsCommon Fraud Types Every Analyst Should KnowThe most frequent fraud types you will encounter as a fraud analyst: identity theft, payment fraud, account takeover, and business fraud
- Fraud BasicsSQL Crash Course for Fraud AnalystsEssential SQL skills for investigating fraud cases: learn to query transaction data, analyze patterns, and gather evidence
- Fraud BasicsIntro to Criminal InfrastructureUnderstanding the underground fraud economy: dark web markets, criminal tools, and how fraud operations are organized
- More from Money Movement & Transaction FraudPayment Systems 101: How Money Really MovesEssential foundation for understanding how ACH, wire transfers, card payments, and digital payments actually work - and why criminals target them
- More from Account TakeoverATO FundamentalsEssential foundation every fraud professional needs to know about account takeover attacks
- More from Social EngineeringSocial Engineering FundamentalsThe psychology of manipulation and how attackers exploit human trust