Why We Need to Set Real-time Standards for Fraud

by Madhup Mishra 0

fraud prevention

Entering 2018, many of us are still on high fraud alert because of last year’s record-breaking breach at Equifax. And for good reason – fraud is everywhere and has no rhyme or reason to its victims. Research in 2017 indicates that $16 billion was stolen from 15.4 million U.S. consumers in 2016, compared with $15.3 billion and 13.1 million victims the year prior, and identity thieves have stolen more than $107 billion in the last six years.

During the last five years, financial institutions have made progress with fraud detection. For instance, have you ever received an email or call from your bank asking to verify a purchase that you never made? You may even have been notified within five or ten minutes of the fraudulent transaction taking place. While this level of speed may have seemed revolutionary a few years ago, the reality is fraud detection is antiquated and unnecessary given today’s technology climate. Fraud detection – meaning detecting fraudulent behavior after it occurs – is costing financial institutions millions of dollars and destroying the customer experience. It’s time for financial institutions to get in front of the problem and focus on fraud prevention.

Post-transaction fraud detection is a hassle

According to a recent study looking at the psychology of waiting, 74 percent of respondents believe banks should catch fraud as soon as it occurs, and 61 percent say they would leave their bank if a financial institution fails to report a fraudulent charge before they do. Many consumers are impressed when their bank calls within minutes of a fraudulent purchase. However, the reality is that the damage is already done at this point, and it’s not just the consumers who suffer. Financial institutions have to budget millions of dollars every year to “cover” fraudulent charges. In addition to replacing stolen funds, it costs organizations significant time, money and resources to investigate and resolve fraud issues. In fact, banks typically establish a dollar threshold for when they are even willing to deal with fraud. For instance, anything less than $1,000 might not be worth the resources it would take to investigate.

Post-transaction fraud detection, used by numerous banks and institutions, is not prevention but rather a fix after-the-fact, and manual post-transaction detection is slow, expensive and leads to many false-positives. As we look at fraud detection from a technology perspective, there has been a progression from using a suite of fraud-specific data analysis tests on an ad hoc basis (such as classification, stratification, duplicate testing, aging, as well as various forms of statistical analysis) to that of a more continuous monitoring approach. However, even continuous monitoring occurs hourly at best – daily or even weekly in some cases. Fraud is changing all the time and needs something much more dynamic in nature that can be implemented in-transaction and not after the fact. Despite these facts, financial institutions continue to rely on the same legacy systems that are unable to keep up with fraud in real-time rather than invest in new technology infrastructure that focuses on in-transaction fraud prevention.

Technology can solve this problem 

Most financial institutions – at least in the United States – continue to approach fraud with a post-transaction strategy, but the technology exists today to go beyond that and enable financial institutions to identify fraudulent activity in real time and prevent a transaction from occurring. For example, when a consumer swipes a credit card at a point of sale terminal, before the bank generates a transaction code and acknowledges the transaction back to the seller, the system makes a critical decision in real time based on that transaction. Some obvious transaction characteristics to consider are transaction location/timing, past purchase history with this vendor, and so on. It’s important to note that these details are being used to identify fraud today — the difference is analyzing them in-transaction rather than after the fact.

It sounds simple enough, but the decision to classify a transaction as fraud is based on complex logic of more than 100 queries in the database, all working together to identify potential fraud patterns. From the moment the card is swiped, the database is running hundreds of input variables through this complex logic to determine whether or not to decline the transaction, all within milliseconds. It’s important to note that this is not a static exercise — the algorithms must be constantly updated to keep up with the speed at which fraudsters are updating their tactics. The logic therefore is constantly evolving to ensure fraud never slips through the cracks.

Some examples of fraudulent patterns include:

  • Transactions that do not fit the buyer’s individual history of purchases
  • High volume of expensive purchases (e.g., furniture, home appliances, etc.) followed by a plane ticket or truck rental
  • Multiple transactions taking place within short periods of time across a wide geographic region

Changing the standards for fraud 

Almost all financial institutions in the market today are using post-process fraud detection technology, forcing companies to set aside money and resources for the inevitable losses they will incur. If we can transition from this “good enough” post-process approach to create a new standard for fraud whereby we stop the activity before it can cause irreparable damage, we can revolutionize the financial services industry by minimizing the role that fraud plays daily, saving companies and consumers significant time and money. It’s time to raise the stakes and set new standards for fraud prevention.