High-end electronics are a target of choice for card-not-present fraudsters—until they are stopped in their tracks by a fraud detection model that alerts the merchant or issuer to these “low-frequency, high-value” transactions. No problem. The fraudsters simply switch to “high-frequency, low-value” transactions: hundreds of, say, text books or Harry Potter books that they can sell off the back of a truck.
“Fraudsters don’t really care what they steal as they are more interested in converting stolen goods into cash,” points out Scott Zoldi, analytic science senior director, Emerging Fraud Analytics at Fair Isaac. “They are still going to hit the merchant for a few thousand dollars per fraud case. But now the model that stopped the fraudster, built for low-frequency, high-value transactions, is not as sensitive to the new fraud pattern of high-frequency, low-value transactions.”
As lenders are discovering, the carrot of business opportunities that is offered by an increasingly dynamic payments environment comes with an equally dynamic stick—constantly shifting fraud behavior.
To help lenders aggressively defend against this challenge, Fair Isaac is introducing some of the industry’s most advanced technologies to Fair Isaac’s Falcon® Fraud Manager solution. These three technology innovations add cutting-edge capabilities to what is already the industry’s most successful solution for fraud detection, protecting more than a billion active credit and debit cards.
“Leading companies know that with Falcon® Fraud Manager, they receive regular technology advances that allow them to stay a step ahead of new and emerging fraud types,” says Doug Clare, vice president for fraud solutions at Fair Isaac. “We are currently working to deliver several innovations that will help issuers more rapidly adapt to emerging fraud patterns.”
Adaptive models: automatically adjusting models for new fraud behavior
To take advantage of a payments environment that is both increasingly diverse (e.g., online shopping and mobile banking) and rapid (e.g., U.K.’s Faster Payments, which enables near real-time transfer of funds between accounts), banks and card issuers need to make real-time, accurate, scaleable decisions. A ballooning false positive rate can dramatically slow growth in new payments environments and annoy customers.
Indeed, separating the good customers from fraudsters is a critical component of any fraud detection plan. But to add to the complexity, legitimate cardholders also exhibit changing behavior patterns. Is the $5000 diamond charged on Valentine’s day a fraudulent transaction made with a stolen card or an engagement ring purchased by a good customer?
When new fraud behavior appears, banks typically respond by adding or modifying rules to their historical systems. If fraudulent transactions keep showing up associated with a certain ATM or IP address for example, a new rule would flag and monitor certain types of repeated transactions at those sites.
Adaptive models go one step further. They can nip a new scheme in the bud—before visibility and losses have risen to the point where a new rule is written. They do this by automatically absorbing the outcomes of fraud case dispositions (i.e., whether or not a suspicious transaction turned out to be fraudulent) and then applying them to the ongoing scoring of transactions. The sensitivity of the base model is thus continually improved based on in-production analysis and fraud feedback.
“The adaptive model says, 'Based on the activity I’ve seen recently, I’m going to use that learning to adjust the base model fraud score up or down,'” says Zoldi. “The issuer can not only more quickly detect new fraud patterns, but also significantly reduce the rate of false positives.”
The adaptive model automatically integrates fraud case determinations (i.e., whether the suspicious transaction turned out to be fraudulent or not), allowing the fraud score to be adjusted up or down. Thus the fraud cases in the Marginal Fraud Rate area (below the score threshold for analysts to work cases) would, for example, be pushed to the higher risk operational range, to be acted on. Or conversely, non-fraud transactions with a fraud score large enough to place the transaction in the operational range may be deemed lower risk and pushed below the operational range to avoid having analysts work likely false positives.
Self-calibrating models: spotting aberrant behavior in real time
Self-calibrating models fill an important gap: those markets where little or no historical data is available.
Banks offering new services such as Faster Payments often don’t have the luxury of collecting many months worth of transactional data for building standard fraud detection models. Self-calibrating models enable these banks to begin detecting fraud virtually from launch.
While adaptive models update the base model by reacting to dispositions of cases as fraud or non-fraud, self-calibrating models raise flags even earlier in the process by assigning a fraud risk value to the transaction based on whether predictive fraud variables show considerable abnormalities compared to that customer’s peers.
“We want to understand, on a real-time basis, what’s considered abnormal and normal —or an outlier and non-outlier,” notes Zoldi. “This is one of the ways in which we can detect fraud in an environment in which we have little or no historical data with which to train a model.”
When fraud patterns change, often the same characteristics (or variables) stay predictive; what changes are the values that are indicative of fraud. For example, the average amount/frequency of legitimate card-not-present transactions may be higher this year than last year, which may be completely normal based on peer analysis and adoption of card-not-present transaction methods.
Like historical models, self-calibrating models are built with domain expertise by creating highly predictive variables. Unlike historical models, which are then “trained” with up to 18 months of historical data, self-calibrating models are put directly into production. Normal versus abnormal activity in the transaction patterns is determined through statistical techniques such as dynamic scaling based on online distribution estimation.
Scaling can indicate atypical patterns of usage that may be indicative of fraud, based on how far the value of the transaction variables varies from the means of the variable distributions. So, if the variable is account spend and Customer X’s account spend is 4 standard deviations from the mean—that may be enough to identify it as an “outlier” and therefore suspicious. The more outliers there are in the variables associated with the transaction, the more likely it is to be fraudulent—and the higher the fraud score.
Self-calibrating models can also be layered onto base historical models. Eastern Europe, for example, has an extremely dynamic credit environment, where values that are outliers today may be normal tomorrow. The self-calibrating techniques would utilize the learnings to rapidly adjust its variable scaling to the behavior in the new markets where the model is deployed.
Global profiles: a larger perspective on fraud
There are some criminal activities that can be found only with a fresh perspective—looking at fraud not only in the traditional way, from the customer level, but also from the entity level. (An entity is any discrete location or device that can be associated with specific transactions—merchants, IP addresses, bank branches, ATMs, wire carriers, even countries.)
The escalation of unpredictable movements of fraud across a spectrum of channels and countries is an example of the type of fraud that demands wider surveillance. A fraudster, for example, may have 300 stolen or fraudulent cards he wants to use to withdraw money, but he won’t go to 300 different ATMs. Instead he’ll probably get it from several. By tracking the aggregate activity at ATMs, global profiles can determine that an abnormal number of cards has been used at this ATM in the past hour—none of which has been used there before.
Global profiles also can alert fraud managers to potentially fraudulent interactions between entities. In the case of Faster Payments, for example, a member bank might see that there is an abnormal pattern of first time fund transfers for accounts from a Birmingham bank to a single new account in Dover.
The powerful global profile technology builds on dynamic profiling, the proprietary Fair Isaac technology that enables the Falcon® Fraud Manager neural network models to detect abnormal cardholder behavior in a fraction of a second. Global profile technology incorporates real-time adjustments to risk variables based on multiple views and recurring aggregate behaviors that are not detectable when profiling at the account level.
“It’s absolutely critical for banks to stay on top of these sophisticated, global-reach fraud challenges that can erode customer confidence—and a company’s bottom line,” says Clare. “Banks can win big by providing faster, more convenient payment methods over new delivery channels to new markets. They can also lose big unless they raise fraud detection capabilities to meet challenges of this new environment.”
To learn more, order the white paper “Innovative Services Need Innovative Fraud Detection”