SAN DIEGO—Fighting first-party fraud can be a catch-22. 

“We cannot be seen as doing anything that is going to hurt the consumer or their ability to have a legitimate claim of unauthorized return, which is the challenge. It’s very important that we give the consumers those rights,” said Jordan Bennett, Nacha Senior Director, Network Risk Management. “But our merchants are hurting, our banks are hurting when claims come in and they have no ability to fight back and say, ‘This is completely authorized. We did every check possible.’”

Bennett led the April 26 session “First-Party Fraud: A Victimless Crime?” at Smarter Faster Payments 2026, where panelists looked at the problem and potential solutions. 

One version of first-party fraud is account opening fraud. Steven Gray, Enterprise Payments Segment Risk Officer at Huntington National Bank, said a consumer will open an account online and provide account and routing numbers to fund it. 

“The debit goes out to the RDFI and the funds come in to the new account. Then, from a first-party fraud perspective, that person who opened the account quickly moves the money out of the bank,” said Gray. “Then what happens? The customer goes to the RDFI and submits an unauthorized debit.” But when the return hits the ODFI there are no funds, and that bank takes the loss.

Bennett added that “it’s not just a big bank problem,” explaining how a small credit union lost “tens of thousands of dollars” to fraudsters opening accounts. 

Chad Frank, Executive Vice President, Risk and Consulting, at PaymentsFirst, stressed the need for financial institutions of all sizes to exercise caution. 

“Time deposit accounts—I’ve seen limits that are huge numbers and you’ve got to look at that. Any time I see a new account open online and it’s a CD with limits of $250,000, I immediately start twitching,” said Frank. “It’s something that we have to look at. There is risk in it. You have the potential for that consumer disputing that transaction down the road.”

Frank also said FIs shouldn’t feel obliged to immediately turn on person-to-person and account-to-account features. “If that’s a new customer, you don’t have to turn it on right away. Or if you do, keep the limits relatively low. Have a 90-day period, or whatever is a reasonable period, to limit the money movement functions for those consumers,” said Frank. 

Gray said RDFIs are on the front line to fight first-party fraud because they “understand the customer, they see the transactions coming in to the account. They are uniquely positioned to understand the activity.” That includes knowing regular activities like Direct Deposits or utility payments, while also watching for potential red flags such as money coming in and quickly going out. 

Nacha organized a workgroup to look into first-party fraud and potential solutions. Efforts are ongoing, but it will take time. 

“If this was an easy problem to solve it would have been done 40 years ago,” said Bennett. “We don’t have any magic bullets.”

Nacha’s Risk Management Advisory Group (RMAG) has helpful articles. Visit the RMAG page on Nacha.org.

“First-Party Fraud: A Victimless Crime?” will also be part of Nacha’s Smarter Faster Payments Remote Connect, June 8-10. Learn more on the conference website.