Bust Out Fraud

--by Kennis Wong

In Part 1 of Generic fraud score, we emphasized the importance of a risk-based approach when it comes to fraud detection. Here are some further questions you may want to consider.

What is the performance window?

When a model is built, it has a defined performance window. That means the score is predicting a certain outcome within that time period. For example, a traditional risk score may be predicting accounts that are decreasing in twenty-four months. That score may not perform well if your population typically worsens in two months. This question is particularly important when it relates to scoring your population. For example, if a bust-out score has a performance window of three months, and you score your accounts at the time of acquisition, it would only catch accounts that are busting-out within the next three months. As a result, you should score your accounts during periodic account reviews in addition to the time of acquisition to ensure you catch all bust-outs.  Therefore, bust out fraud is an important indicator. 

Which accounts should I score?

While it’s typical for creditors to use a fraud score on every applicant at the time of acquisition, they may not score all their accounts during review. For example, they may exclude inactive accounts or older accounts assuming those with a long history means less likelihood of fraud. This mistake may be expensive. For instance, the typical bust-out behavior is for fraudsters to apply for cards way before they intend to bust out. This may be forty-eight months or more. So when you think they are good and profitable customers, they can strike and leave you with seriously injury. Make sure that your fraud database is updated and accurate.  As a result, the recommended approach is to score your entire portfolio during account review. 

How often do I validate the score?

The answer is very often -- this may be monthly or quarterly. You want to understand whether the score is working for you – do your actual results match the volume and risk projections? Shifts of your score distribution will almost certainly occur over time. To meet your objectives over the long run, continue to monitor and adjust cutoffs.  Keep your fraud database updated at all times.

--- by Kennis Wong

In this blog entry, we have repeatedly emphasized the importance of a risk-based approach when it comes to fraud detection. Scoring and analytics are essentially the heart of this approach.

However, unlike the rule-based approach, where users can easily understand the results, (i.e. was the S.S.N. reported deceased? Yes/No; Is the application address the same as the best address on the credit bureau? Yes/No), scores are generated in a black box where the reason for the eventual score is not always apparent even in a fraud database.

Hence more homework needs to be done when selecting and using a generic fraud score to make sure they satisfy your needs. Here are some basic questions you may want to ask yourself:

What do I want the score to predict?
This may seem like a very basic question, but it does warrant your consideration. Are you trying to detect these areas in your fraud database? First-party fraud, third-party fraud, bust out fraud, first payment default, never pay, or a combination of these? These questions are particularly important when you are validating a fraud model. For example, if you only have third-party fraud tagged in your test file, a bust out fraud model would not perform well. It would just be a waste of your time.

What data was used for model development?
Other important questions you may want to ask yourself include:  Was the score based on sub-prime credit card data, auto loan data, retail card data or another fraud database? It’s not a definite deal breaker if it was built with credit card data, but, if you have a retail card portfolio, it may still perform well for you. If the scores are too far off, though, you may not have good result. Moreover, you also want to understand the number of different portfolios used for model development. For example, if only one creditor’s data is used, then it may not have the general applicability to other portfolios.

-- By Ken Pruett

Earlier this week I blogged about some of the other types of frauds that impact our customers such as “never pay” and “bust out” fraud. Today I want to touch a bit on some of the third party fraud scenarios that are often top of mind with our customers: identity theft; synthetic identities; and account takeover.  

Identity Theft
Identity theft usually occurs during the acquisition stage of the customer life cycle. Simply put, identity theft is the use of stolen identity information to fraudulently open up a new account.  These accounts do not have to be just credit card related. For example, there are instances of people using others identities to open up wireless phone and utilities accounts 

Recent fraud trends show this type of fraud is on the rise again after a decrease over the past several years.  A recent Experian study found that people who have better credit scores are more likely to have their identity stolen than those with very poor credit scores. It does seem logical that fraudsters would likely opt to steal an identity from someone with higher credit limits and available purchasing power.  This type of fraud gets the majority of media attention because it is the consumer who is often the victim (as opposed to a major corporation). 

Fraud changes over time and recent findings show that looking at data from a historical perspective is a good way to help prevent identity theft.  For example, if you see a phone number being used by multiple parties, this could be an indicator of a fraud ring in action.  Using these types of data elements can make your fraud models much more predictive and reduce your fraud referral rates. 

Synthetic Identities
Synthetic Identities are another acquisition fraud problem.  It is similar to identity theft, but the information used is fictitious in nature.  The fraud perpetrator may be taking pieces of information from a variety of parties to create a new identity.  Trade lines may be purchased from companies who act as middle men between good consumers with good credit and perpetrators who creating new identities.   This strategy allows the fraud perpetrator to quickly create a fictitious identity that looks like a real person with an active and good credit history. 

Most of the trade lines will be for authorized users only.  The perpetrator opens up a variety of accounts in a short period of time using the trade lines. When creditors try to collect, they can’t find the account owners because they never existed.  As Heather Grover mentioned in her blog, this fraud has leveled off in some areas and even decreased in others, but is probably still worth keeping an eye on.  One concern on which to focus especially is that these identities are sometimes used for bust out fraud. 

The best approach to predicting this type of fraud is using strong fraud models that incorporate a variety of non-credit and credit variables in the model development process.  These models look beyond the basic validation and verification of identity elements (such as name, address, and social security number), by leveraging additional attributes associated with a holistic identity -- such as inconsistent use of those identity elements.

Account Takeover
Another type of fraud that occurs during the account management period of the customer life cycle is account takeover fraud.  This type of fraud occurs when an individual uses a variety of methods to take over an account of another individual. This may be accomplished by changing online passwords, changing an address or even adding themselves as an authorized user to a credit card.  

Some customers have tools in place to try to prevent this, but social networking sites are making it easier to obtain personal information for many consumers.  For example, a person may have been asked to provide the answer to a challenge question such as the name of their high school as a means to properly identify them before gaining access to a banking account.  Today, this piece of information is often readily available on social networking sites making it easier for the fraud perpetrators to defeat these types of tools. 

It may be more useful to use out of wallet, or knowledge-based authentication and challenge tools that dynamically generate questions based on credit or public record data to avoid this type of fraud. 

-- By Ken Pruett

I find it interesting that the media still focuses all of their attention on identity theft when it comes to credit-related fraud.  Don’t get me wrong.  This is still a serious problem and is certainly not going away any time soon.  But, there are other types of financial fraud that are costing all of us money, indirectly, in the long run.  I thought it would be worth mentioning some of these today. 

Although third party fraud, (which involves someone victimizing a consumer), gets most of the attention, first party fraud (perpetrated by the actual consumer) can be even more costly.  “Never pay” and “bust out” are two fraud scenarios that seem to be on the rise and warrant attention when developing a fraud prevention program. 

Never Pay   
A growing fraud problem that occurs during the acquisition stage of the customer life cycle is “never pay”.  This is also classified as first payment default fraud.  Another term we often hear to describe this type of perpetrator is “straight roller”. 

This type of fraudster is best described as someone who signs up for a product or service -- and never makes a payment.

This fraud problem occurs when a consumer makes an application for a loan or credit card. The consumer provides true identification information but changes one or two elements (such as the address or social security number).  He does this so that he can claim later that he did not apply for the credit.  When he’s granted credit, he often makes purchases close to the limit provided on the account.  (Why get the 32 inch flat screen TV when the 60 inch is on the next store shelf -- when you know you are not going to pay for it anyway?) 

These fraudsters never make any payments at all on these accounts. The accounts usually end up in collections. 

Because standard credit risk scores look at long term credit, they often are not effective in predicting this type of fraud.  The best approach is to use a fraud model specifically targeted for this issue. 

Bust Out Fraud
Of all the fraud scenarios, bust out fraud is one of the most talked about topics when we meet with credit card companies.  This type of fraud occurs during the account management phase of the customer lifecycle.  It is characterized by a person obtaining credit, typically a loan or credit card, and maintaining a good credit history with the account holder for a reasonable period of time.  Just prior to the bust out point, the fraudster will pay off the majority of the balance, often by using a bad check.  She will then run the card up close to the limit again -- and then disappear. 

Losses for this type of fraud are higher than average credit card losses.  Losses between 150 to 200 percent of the credit limit are typical.  We’ve seen this pattern at numerous credit card institutions across many of their accounts. 

This is a very difficult type of fraud to prevent. At the time of application, the customer typically looks good from a credit and fraud standpoint.  Many companies have some account management tools in place to help prevent this type of fraud, but their systems only have a view into the one account tied to the customer.  A best practice for preventing this type of fraud is to use tools that look at all the accounts tied to the consumer -- along with other metrics such as recent inquiries.  When taking all of these factors into consideration, one can better predict this growing fraud type.