Fighting Payments Fraud the Hybrid Way

Fraud is endemic to the global payments system and the tools financial institutions have historically used to fight it are marginal at best. Instead, a hybrid approach using multiple analytic methods including link or network analysis to identify suspicious behavior at the transaction, account, customer and network levels provides the greatest return for an institution’s investment.

This hybrid approach builds on traditional methods to create a more holistic way of viewing a customer or account to reduce false positives and generate higher quality alerts. It is also better suited to the way fraud occurs, whether an isolated “one-off” event or an organized and sophisticated attack by criminal organizations.

Fraud’s costs are well known to the industry. In 2008, there were over 760,000 check fraud cases totaling over $1 billion in losses according to the American Bankers Association (ABA). In an Association for Financial Professionals (AFP) survey, 71% of businesses responding experienced actual or attempted frauds in 2008. And nearly three out of 10 store-brand credit cards are obtained or used fraudulently while the number of identity fraud victims in the U.S. rose to 11.1 million in 2009, according to Javelin Strategy and Research.

Monetary transaction speed and accessibility, although benefitting the customer, also pose opportunities for criminals to exploit this speed and anonymity. Financial institutions need help identifying fraudulent schemes and patterns at multiple points in the bank/customer relationship, starting before a new card, credit line or account is approved and opened through to the point of sale or when a credit limit is increased.

Telltale Clues

For almost every fraud type, such as counterfeit payment instruments, synthetic identities and bust-outs, there is some type of organization behind it leaving telltale clues throughout their account and card applications, charges or payment behaviors. Clues exist in the provided addresses, phone numbers and places of business. With advanced analytics, fraud specialists can identify fraud earlier, even before the fraud occurs, thus eliminating or minimizing losses. They can also better understand the fraud’s full nature, such as whether a fraudster is operating independently or is part of a larger organized fraud ring.

Rules and anomaly detection – the traditional and most common methods of identifying fraud – are certainly helpful. By analyzing and comparing transactions and activity to historical patterns of an account or customer, they identify high-risk and out-of-pattern activity. Anomaly detection is useful in flagging abnormal behavior when there is minimal past fraud information available to use in the monitoring process. It simply identifies the “outliers” of activity or transactions that may or may not be fraudulent. Both of these monitoring methods, however, tend to generate a high level of false positives, which can range up to 90% of transaction alerts.

Predictive models use past fraud patterns to identify current account activity that appears similar. They provide a predictive assessment prior to fraud execution. Unfortunately, since rules, anomaly detection and predictive models tend to focus on individual accounts and transactions, they can miss the broader connection between multiple accounts and customers using similar data points such as the same address, phone number and employer names.

That’s where network analysis plays a part by identifying indirect links between two or more entities. The linkages between multiple customers and accounts can potentially be a piece of a broader organized fraud ring bust-out scheme. The fraud ring may use the same address, email address or phone number to “manage” all the accounts involved in a bust-out.

For example, in one situation not made public, nine people over a 12-month period opened credit card accounts with a single bank. All accountholders provided the same employer phone number at application. Several accounts busted out before others were opened. As the bank assessed the credit worthiness of individual customers, they never realized the link between the various individuals.

After the bust-outs occurred, investigation revealed that the phone number belonged to a small construction materials supplier that had no Website, an odd location/address for this type of business and no corporate records on file – all signs of a possible simple front company. If this connection had been identified earlier, the bank may have performed better due diligence on card applications after the initial bust-outs so they could have monitored the remaining open accounts more closely.

Top Down or Bottom Up

A true hybrid approach identifies the linkages and associations between the various accounts and integrates that information with the more traditional rules and analytics to better score risk, prioritize alerts, reduce false positives, increase the efficiency of investigators and reduce fraud losses. One of the best aspects of using a hybrid approach is that banks don’t have to search for fraud in a single way. Instead, institutions can choose the best method or combination of methods to identify the specific fraud. Banks can execute network analysis in two approaches: “Top Down” or “Bottom Up.”

The “Top Down” approach analyzes all available data to generate network level alerts, including addresses, phone numbers, credit reports, employee IDs, social security numbers, demographic info, types of credit held, lending data, “hot files” and criminal records. Investigators can then investigate the networks to determine the existence of organized fraud activity and manage the risk accordingly.

With the “Bottom Up” approach, fraud investigators start with the alerts generated by their existing tools (rules and anomaly detection) and run network analytics on these alerts to refine the risk score based on account and customer associations. When a link with a known fraudster is found, the risk score goes up and alerts go out. The closure of one account by a financial institution typically tips off fraudsters, who will frantically bust out additional accounts before those are closed. With network information, the investigator can identify related accounts and close them at the same time.

Understanding the breadth of a fraud scheme is critical to effectively addressing fraud risk. A hybrid approach to fraud and network analysis enhances the other fraud detection options, providing a broader perspective and optimizing an investigator’s actions to protect the bank.

Mr. Barta is a certified fraud examiner and senior enterprise fraud specialist at Cary, N.C.-based SAS. He can be reached at [email protected].