Decision Analytics | Fraud Database

-- by Matt Ehrlich

My last entry covered the benefits of consortium databases and industry collaboration in general as a proven and technologically feasible method for combating fraud across industries.  They help minimize fraud losses.  So – with some notable exceptions – why are so few industries and companies using fraud consortiums and known fraud databases?

In my experience, the reasons typically boil down to two things: reluctance to share data and perception of ROI.  I say "perception of ROI" because I firmly believe the ROI is there – in fact it grows with the number of consortium participants. 

First, reluctance to share data seems to stem from a few areas. One is concern for how that data will be used by other consortium members.  This is usually addressed through compelling reciprocation of data contribution by all members (the give to get model) as well as strict guidelines for acceptable use. 

In today’s climate of hypersensitivity, another concern – rightly so – is the stewardship of Personally Identifiable Information (PII).  Given the potentially damaging effects of data breaches to consumers and businesses, smart companies are extremely cautious and careful when making decisions about safeguarding consumer information.  So how does a data consortium deal with this?  Firewalls, access control lists, encryption, and other modern security technologies provide the defenses necessary to facilitate protection of information contributed to the consortium. 

So, let’s assume we’ve overcome the obstacles to sharing one’s data.  The other big hurdle to participation that I come across regularly is the old “what’s in it for me” question.  Contributors want to be sure that they get out of it what they put into it.  Nobody wants to be the only one, or the largest one, contributing records. 

In fact, this issue extends to intracompany consortiums as well.  No line of business wants to be the sole sponsor just to have other business units come late to the party and reap all the benefits on their dime.  Whether within companies or across an industry, it’s obvious that mutual funding, support, equitable operating rules, and clear communication of benefits – to those contributors both big and small – is necessary for fraud consortiums to succeed. 

To get there, it’s going to take a lot more interest and participation from industry leaders.  What would this look like? I think we’d see a large shift in companies’ fraud columns: from “Discovered” to “Attempted”.  This shift would save time and money that could be passed back to the legitimate customers.  More participation would also enable consortiums to stay on top of changing technology and evolving consumer communication styles, such as email, text, mobile banking, and voice biometrics to name a few.

-- by Matt Ehrlich

There was a recent discussion among members of the Anti Fraud experts group on LinkedIn regarding collaboration among financial institutions to combat fraud.  Most posters agreed on the benefits of such collaboration but were cynical when it came to anything of substance, such as a shared data network, getting off the ground.  I happen to agree with some of the opinions on the primary challenges faced in getting cross industry (or even single industry!) cooperation to prevent both consumer and commercial fraud.  Those being: 1) sharing data and 2) return on investment.

Despite the challenges, there are some fraud prevention and “negative” file consortium databases available in the market as fraud prevention tools.  They’re often used in conjunction with authentication products in an overall risk based authentication / fraud deterrence strategy. Some are focused on the Demand Deposit Account (DDA) market, such as Fidelity’s DebitBureau, while others, like Experian’s own National Fraud Database, address a variety of markets.  Early Warning Services has a database of both “account abuse” – aka DDA financial mismanagement – and fraud records.  Still others like Ethoca and the UK’s 192.com seem focused on merchant data and online retailers.  

Regardless of the consortium, they share some common traits.  Most:

- fall under Fair Credit Reporting Act regulation
- are used in the acquisition phase as part of the new account decision
- require contribution of data to access the shared data network

Given the seemingly general reluctance to participate in fraud consortiums, as evidenced by the group described above, how do we assess value in these consortium databases?  Well, for one, most U.S. banks and credit unions participate in and contribute customer behavior data to a consortium.  Safe to say, then, that the banking industry has recognized the value of collaboration and sharing data with each other – if not exclusively to minimize fraud losses but at least to manage potential risk at acquisition.  I’m speaking here of the DDA financial mismanagement data used under the guiding principle of “past performance predicts future results”. 

Consortium data that includes confirmed fraud records make the value of collaboration even more clear: a match to one of these records compels further investigation and a more cautious review of the transaction or decision.  With this much to gain, why aren’t more companies and industries rushing to join or form a consortium?

In my next post, I’ll explore the common objections to joining consortiums and what the future may look like.

 

--by Keir Breitenfeld

The definition of account management authentication is:  Keep your customers happy, but don’t lose sight of fraud risks and effective tools to combat those risks.

In my previous posting, I discussed some unique fraud risks facing institutions during the account management phase of their customer lifecycles.  As a follow up, I want to review a couple of effective tools that allow you to efficiently minimize fraud losses during post-application:

Knowledge Based Authentication (KBA) — this process involves the use of challenge/response questions beyond "secret" or "traditional" internally derived questions (such as mother's maiden name or last transaction amount). This tool allows for measurably effective use of questions based on more broad-reaching data (credit and noncredit) and consistent delivery of those questions without subjective question creation and grading by call center agents. KBA questions sourced from information not easily accessible by call center agents or fraudsters provide an additional layer of security that is more impenetrable by social engineering. From a process efficiency standpoint, the use of automated KBA also can reduce online sessions for consumers, and call times as agents spend less time self-selecting questions, self-grading responses and subjectively determining next steps. Delivery of KBA questions via consumer-facing online platforms or via interactive voice response (IVR) systems can further reduce operational costs since the entire KBA process can be accommodated without call center agent involvement.

Negative file and fraud database – performing checks against known fraudulent and abuse records affords institutions an opportunity to, in batch or real time, check elements such as address, phone, and SSN for prior fraudulent use or victimization.  These checks are a critical element in supplementing traditional consumer authentication processes, particularly in an account management procedure in which consumer and/or account information may have been compromised.  Transaction requests such as address or phone changes to an account are particularly low-hanging fruit as far as running negative file checks are concerned.

--by Kennis Wong

It's true that intent is difficult to prove. It's also true that financial situations change. That's why financial institutions have not, yet, successfully fought off first-party fraud. However, there are some tell-tale signs of intent when you look at the consumer's behavior as a whole, particularly across all his/her financial relationships.

For example, in a classic bust out case, you would see that the consumer, with pristine credit history, applies for more and more credit cards while maintaining a relatively low balance and utilization across all issuers. If you graph the number of credit cards and number of credit applications over time, you would see two hockey-stick lines. When the accounts go bad, they do so at almost the same time. This pattern is not always apparent at the time of origination, that's why it's important to monitor frequently for account review and fraud database alerts.

On the other hand, consumers with financial difficulties have different patterns. They might have more credit lines over time, but you would see that some credit lines may go delinquent while others don't. You might also see that consumers cure some lines after delinquencies…you can see their struggle of trying to pay.

Of course the intent "pattern" is not always clear. When dealing with fraudsters in fraud account management, even with the help of the fraud database, fraud trends and fraud alert, change their behaviors and use new techniques.

--by Kennis Wong

In Part 1 of Generic fraud score, we emphasized the importance of a risk-based approach when it comes to fraud detection. Here are some further questions you may want to consider.

What is the performance window?

When a model is built, it has a defined performance window. That means the score is predicting a certain outcome within that time period. For example, a traditional risk score may be predicting accounts that are decreasing in twenty-four months. That score may not perform well if your population typically worsens in two months. This question is particularly important when it relates to scoring your population. For example, if a bust-out score has a performance window of three months, and you score your accounts at the time of acquisition, it would only catch accounts that are busting-out within the next three months. As a result, you should score your accounts during periodic account reviews in addition to the time of acquisition to ensure you catch all bust-outs.  Therefore, bust out fraud is an important indicator. 

Which accounts should I score?

While it’s typical for creditors to use a fraud score on every applicant at the time of acquisition, they may not score all their accounts during review. For example, they may exclude inactive accounts or older accounts assuming those with a long history means less likelihood of fraud. This mistake may be expensive. For instance, the typical bust-out behavior is for fraudsters to apply for cards way before they intend to bust out. This may be forty-eight months or more. So when you think they are good and profitable customers, they can strike and leave you with seriously injury. Make sure that your fraud database is updated and accurate.  As a result, the recommended approach is to score your entire portfolio during account review. 

How often do I validate the score?

The answer is very often -- this may be monthly or quarterly. You want to understand whether the score is working for you – do your actual results match the volume and risk projections? Shifts of your score distribution will almost certainly occur over time. To meet your objectives over the long run, continue to monitor and adjust cutoffs.  Keep your fraud database updated at all times.

--- by Kennis Wong

In this blog entry, we have repeatedly emphasized the importance of a risk-based approach when it comes to fraud detection. Scoring and analytics are essentially the heart of this approach.

However, unlike the rule-based approach, where users can easily understand the results, (i.e. was the S.S.N. reported deceased? Yes/No; Is the application address the same as the best address on the credit bureau? Yes/No), scores are generated in a black box where the reason for the eventual score is not always apparent even in a fraud database.

Hence more homework needs to be done when selecting and using a generic fraud score to make sure they satisfy your needs. Here are some basic questions you may want to ask yourself:

What do I want the score to predict?
This may seem like a very basic question, but it does warrant your consideration. Are you trying to detect these areas in your fraud database? First-party fraud, third-party fraud, bust out fraud, first payment default, never pay, or a combination of these? These questions are particularly important when you are validating a fraud model. For example, if you only have third-party fraud tagged in your test file, a bust out fraud model would not perform well. It would just be a waste of your time.

What data was used for model development?
Other important questions you may want to ask yourself include:  Was the score based on sub-prime credit card data, auto loan data, retail card data or another fraud database? It’s not a definite deal breaker if it was built with credit card data, but, if you have a retail card portfolio, it may still perform well for you. If the scores are too far off, though, you may not have good result. Moreover, you also want to understand the number of different portfolios used for model development. For example, if only one creditor’s data is used, then it may not have the general applicability to other portfolios.