Comment: Anti-Fraud Solutions Must Fit a Bank's Parameters

No one doubts that bank card fraud is a serious problem. Visa reports that annual worldwide fraud losses are well over $700 million.

Although many card issuers are implementing numerous fraud prevention measures, the money lost is only part of the problem. Law enforcement officials have reported that card fraud is also being used by organized criminal groups to finance violent crimes.

Certainly, the ultimate goal of fraud detection and prevention is to reduce losses. But you also must make sure that whatever solution you choose will work within your operating parameters. Is the solution cost- effective, or are you spending $2 to prevent $1 of fraud? Is the response time-acceptable? Will this solution affect your staffing? Is the solution acceptable to your customers?

These questions and others should be considered when selecting a fraud detection solution. Using the following basic evaluation steps will give card issuers a head start.

First, assess what data and analysis are incorporated in the fraud solution. The solution ought to allow further data collection and analysis by the risk manager. You want an experienced analyst with expertise in fraud prediction who will parse the data before the model is developed, during the building of predictors, and as part of the final delivery.

A good fraud detection model should combine many factors, built from hundreds of characteristics generated from master file and transaction data. These models may be developed using the issuer's own data for optimum predictability or with pooled data. Predictive technology has shown impressive results in fraud detection.

The key consideration is not which technology is used to build the model-that is only one component of a total solution-but how to maximize the information value of the data with which you are working.

For example, SunTrust Bankcard uses a solution that allows it to maximize its data's information value at a lower cost than some other fraud systems based on different technologies. Joe Vautrin, SunTrust vice president of fraud detection, detailed his experience in placing emphasis on data analysis over technology.

The vendor "demonstrated the ability to comprehensively research the history of our accounts," Mr. Vautrin said, and "added velocity tools to the solution's fraud detection, which allowed analysis and targeting of data by merchant category codes."

Mr. Vautrin added: "We're a regional issuer, and we found that fraud occurrences by merchant type differ from fraud at a national level. Earlier detection reduces the cost of fraud, improves customer service and satisfaction, and lifts the staff's confidence and morale."

Since fraud is dynamic, card issuers should look for a solution that combines robust scoring models with flexible, easily maintained strategies to identify short-term pattern shifts and long-term fraud patterns.

Many issuers ask whether continuous strategy development is really necessary, since models can periodically be redeveloped.

The belief is that the right model will easily keep pace with changing patterns. That might be true except for one factor: time. No model can "learn" without historical information about new patterns.

The best way to address short-term fraud patterns (criminal rings and local scams) is by using new strategies. In some fraud solutions, strategy development and testing-referred to as champion-challenger testing-can be done quickly and easily. So as soon as you identify new fraud patterns, you can create fraud detection strategies that will focus on those patterns.

Some issuers want a predictive technology that can adapt on-line. This is an implementation issue more than a technology issue; it requires a facility that takes new data and updates the model on-site. On-line learning is advantageous when the patterns are ever-changing.

However, research has shown that fraud patterns remain fairly constant over time. Typically, models need to be updated because of the availability of new types of data rather than because of changing fraud patterns.

Card issuers should explore real-time models and strategies that can be implemented during the authorization process. People who commit fraud charge as much as possible, as quickly as possible. Hence, taking action on accounts as part of an overnight batch process is not nearly as effective as working within the authorization process to stop fraudulent transactions in progress.

Look for a true real-time system for fraud-one that can help stop a fraudulent transaction before it is made. For example, a system with post- authorization scoring allows you to trigger suspect accounts for authorization-time transaction scoring, which in turn can trigger queuing for review and blocked purchases, offering you significant savings.

Issuers should also seek a system with strong queuing and case management capabilities. A scoring model may tell you which transactions are most likely to be fraudulent, but it will not help you recover lost cash unless you can couple the model with a queuing and case management system.

The queuing system will prioritize accounts for your fraud analysts, allowing them to follow up efficiently on suspected fraud cases and take action against confirmed frauds. The case management system will permit an investigator to build the case history necessary to obtain recovery and restitution.

A good system will bring together all the information necessary to open, track, and close fraud cases, and may also include workflow management support, such as the ability to generate legal documents.

No one predictive technology is a cure-all. In fraud detection, the issue of technology has overshadowed other crucial considerations. By keeping these evaluation steps in mind when selecting a system, you'll meet your operational needs and get a solution that takes you from detection to restitution.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER