Fraud Detection 101
Download your free copy of the Fraud Fighters Manual.
You know your fraudsters—the thieves, the con artists, the opportunists. You know how these bad actors steal and fabricate identities to take over accounts and unleash chaos. The question is how you can protect your organization and your customers from falling victim to fraud.
The answer is building a robust fraud detection system to help you remain one step ahead of bad actors and protect your business from reputational and financial harm.
To discuss this topic, we interviewed Zach Pierce, the Risk Operations Lead at Lithic, where he focuses on mitigating financial loss and building out the Risk team. Lithic is a card-issuing platform that caters to Fintech companies. He was the first risk hire, has been there about a year and a half, and leads a risk team that is at least in part focused on fraud detection. Before this, he was at Stripe, a payment processing platform that caters to all types of companies across the world. He worked on the risk team and was responsible for fraud detection, among other things.
For this chapter, he shared his knowledge, experiences, and opinions on the different types of fraud detection solutions, transaction monitoring, risk management, and the future of fraud prevention.
Types of Fraud Detection and Prevention Solutions
Organizations automate fraud detection with the help of rules engines, machine learning (ML) models, data enrichment tools, and hybrid solutions. Here’s how these solutions work:
1. Rules Engine
As Zach explains, “A rules engine is an application that allows fraud detection agents to define rules related to a number of data points including user activity, metadata, and self-reported user information.”
A rules engine generally works in three steps:
- The engine is triggered due to a user action, like proceeding to checkout from their cart.
- The engine uses the pre-set conditions and rules to decide which action to perform.
- The engine performs the action based on the logic built into the rules.
There can be simple rules, such as ‘every transaction over $7,000 should be manually approved,’ or complex rules that take the user’s IP address, past behavior, device information, and other factors into consideration. With complex rules, you can describe various outcomes, such as sending the user an OTP or a verification link, reviewing the transaction manually, or rejecting it automatically.
The most prominent advantages of using a rules engine are:
- The rules are easy to deploy.
- They allow you to monitor high volumes of transactions.
- They help you respond to threats in a timely manner.
- They result in valuable data, such as false positives and false negatives, which you can then analyze to create a more efficient and complex rules engine. A ‘false positive’ is a legitimate transaction that is declined due to overly sensitive rules. A ‘false negative’ is a fraudulent transaction that gets approved due to overly lenient rules.
- When implemented correctly, they can provide the perfect jumping-off point for the use of machine learning.
However, there are also some challenges associated with rules engines. If you choose to build your own engine, you will need a team of developers dedicatedly working for months—and there’s no guarantee that you will build the kind of engine you want on your first attempt.
Building your own rules engine can prove to be a constant resource drain, rendering you incapable of scaling quickly. This challenge can be remediated by using a customizable solution that allows teams to set up and test rules without having to build the entire infrastructure from the ground up.
Rules engines can result in high rates of false positives and negatives.
You can overcome this challenge by using a rules engine that helps you pull detailed reports about all transactions and gives you a test environment to see the rules in action before deployment. Then, you can adjust the rules accordingly, bringing the false positive rate down.
2. Machine Learning
Machine learning (ML) models are trained with the help of data generated by the rules engine, or a similar example dataset, to detect fraudulent behavior and outsmart fraudsters. ML systems are designed to handle large volumes of data, evolve as they handle more of it, and can act instantly when they detect anomalies.
ML can be used to detect the same scams as rules engines. Some of the most common scams include phishing, forgery, identity theft, and credit card fraud. Some of these use cases need the algorithm to go through supervised learning, while others require unsupervised learning.
In supervised learning, the algorithm needs labeled data and uses classification techniques to determine outcomes (such as whether a link in an email is malicious or not). In classification, the algorithm ‘classifies’ data into different categories based on what it has learned from pre-categorized training datasets.
In unsupervised learning, the algorithm uses unlabeled data and clustering to find patterns and anomalies in data. Clustering means grouping similar data together without the use of any pre-categorized training datasets. These ML models are generally used to detect identity theft.
Zach notes, “Machine learning models can handle large volumes of data and identify new threats. But a drawback is that they are more time intensive and complex to set up and maintain than simple rules. It all comes down to how you have trained the algorithm and how you continue to optimize it.”
It’s important to note that ML models require large datasets to achieve higher accuracy, which not every organization has access to. The lack of human intervention also means less control and occasional false positives that could have been avoided with human input. For example, an ML model may flag a transaction coming from an unusual location without considering the fact that the cardholder may have traveled there.
There are two types of ML models when it comes to human intervention:
- Black box machine learning: These are ML models that take action without giving any explanations behind their decision-making process. These models will flag a transaction without explaining why, and you won’t be able to look into the logic behind the decision.
- White box machine learning: These ML models have a transparent decision-making process. You can easily see the variables that affect each decision. Having that knowledge can help you train the model to make better decisions.
Many Fintech companies that use ML models often base all of their fraud prevention tactics around ML-generated fraud scores. Fraud scores are generated by ML models trained on transactions that have been marked as fraud by your company and/or other companies. Fintech companies often treat fraud scores as a silver bullet to solve all their fraud detection problems. In doing so, they miss out on their own data and learning. One way to overcome that problem is to use ‘alert scoring.’
What are alert scores?
Alert scores are scores assigned to fraudulent transactions on a scale of 0-100. They are generated by ML models that passively study the behavior of your rules engine. Alert scores are generated as a result of white box machine learning—and your team can easily understand why a particular transaction was assigned a higher score. Using this method helps you address the lack of human intervention that comes with black box machine learning.
3. Data Enrichment Tools
Data enrichment tools help you build a complete profile based on a few data points provided by the user. These tools augment data points such as email addresses, IP addresses, bank identification numbers (BINs), and device data. So, with access to a user’s email address, data enrichment tools can find out if the email address is disposable or involved in past breaches.
In his professional experience, Zach has “had the experience of working within organizations where we had access to a lot of data as well as places where data was limited, and let’s just say it made my life a lot easier when we had lots of accurate data to work with.”
Data enrichment tools are usually integrated with the fraud detection system through point-to-point or third-party integration. User information is shared between the two systems to build a more detailed user profile through open source intelligence (OSINT), the practice of collecting publicly available information from the internet.
These tools give you richer, more complete user profiles that improve the accuracy of your rules engines and ML models—and, consequently, improve your fraud detection rates. Data enrichment tools also help you maintain a frictionless user experience because the more you rely on them, the less information you have to collect from your customers.
“Working with data enrichment tools can be really helpful as they can give you information about a user that you wouldn’t have access to otherwise. For example, if a user provides their phone number, you are not necessarily going to know who the carrier is, but that is something that you can get by using data enrichment from a 3rd party provider,” Zach explains.
But while rich data is a tempting concept, enrichment tools aren’t without risk. “Integrating with a new tool and building a process where information is shared between the two systems requires time, investment, and trust.”
Compliance is key when it comes to data enrichment tools.
You have to be careful in how you collect and store user information as more regulations are introduced around user data and transparency. Sharing information with data enrichment tools means getting consent from your users. Also, look into regulations based on your location and make sure that the service provider also complies with the regulations that apply.
4. Consortium Data
A fraud prevention consortium is an association of businesses working together for a common cause. FICO® Falcon® Intelligence Network, Financial Fraud Consortium, Fintech Fraud DAO, and similar data consortia maintain large repositories of fraudulent payment data. These repositories are created through data sharing between multiple organizations.
In FICO’s Falcon Intelligence Network, there are over 9,000 financial organizations that submit anonymized data about legal and fraudulent transactions, trends, and techniques. Joining the consortium and gaining access to consortium data can increase the efficiency of your rules engine as well as your ML model. You can simply take the consortium’s decline list and tell your rules engine to decline all transactions coming from specific email addresses or credit cards.
Although consortium data provides useful information to feed your rules engine and ML models, Zach is skeptical. “I feel like not everyone would want to share information about fraudulent activity in their organization, especially since your competitors are also part of the consortium,” he explains. This concern—that your competitors can access the data you share with the consortium—can be alleviated by aggregating, anonymizing, and encrypting all data shared by members of the consortium. Fintech Fraud DAO uses these techniques. It is a decentralized network of Fintechs, so no single entity owns all the data shared by the members.
Keep in mind that decline lists and lists of terminated merchants might contain outdated data—the bad actor could have already used a credit card and moved on to the next by the time you block the card that’s no longer in use. Consortium data also punishes people who are victims of identity theft, a compromised email address, or a stolen credit card since they might find themselves blocked by thousands of organizations with access to this information.
Decentralization is the way forward for all consortia.
If all members of the consortium collectively make decisions about the policies that govern consortium data and data storage is decentralized, more and more organizations can be encouraged to join consortia and share their data and experiences related to fraud detection.
Transaction Monitoring Best Practices
Bad actors commit fraud to steal money, goods, and services—and the act itself happens in the form of transactions. Transaction monitoring is one of your best bets to stop fraudsters cold in their tracks.
1. Use a Customizable Solution for Fraud Risk Management
There are many transaction-monitoring vendors and pre-built solutions out there. Use those that can be customized to meet your specific requirements. Otherwise, you run the risk of the vendor solutions being too rigid to adapt to your unique challenges.
“If you’re like Lithic, an infrastructure company that caters to Fintech companies, the assumptions that many vendors make around their data models and how their product works doesn’t always translate because Lithic's customers are more complex than the ones the vendors build their products to serve,” explains Zach. “So, in that case, it makes more sense to go with something more flexible.”
Customizable rules engines give you that flexibility. They come equipped with pre-built rules based on recommendations by financial fraud analysts. But you can change those rules, set your own rules, test them, transform the engine into a tool specific to your use case, and achieve high rates of accuracy.
Even if you achieve the highest rates of accuracy with your current rules, bad actors will continue their attempts to defraud you. So, keep optimizing your rules and keep an eye on false positives and negatives.
2. Be Proactive in Your Approach to Fraud Detection
Most companies are reactive in their approach to fraud detection. They get defrauded in one particular way and take measures to protect themselves from it, only to get defrauded in a different way later on. You don’t always have to learn things the hard way. Here’s what you can do to be proactive in fraud detection and prevention:
- Use the expertise of fraud detection professionals to understand the potential threats in your industry.
- Build a list of events that should be tracked by your system.
- Create rules and describe in detail the actions that should be taken when suspicious activities are detected.
- Implement the software that would track events and implement rules.
- Keep improving your list of events and rules to account for new threats.
3. Focus on Data Governance To Get Higher-quality Data
Data governance is a collection of rules, policies, and processes that ensure the availability, integrity, and security of data in an organization. With the help of data governance, you will integrate data silos, deal with missing, incomplete, and erroneous data, and turn unstructured data into structured data. That means you will have higher-quality data to analyze and feed to your ML model, reducing false positives and negatives and ultimately improving detection rates.
Data silos are a big challenge, especially in large organizations. You can overcome this problem by using a transaction monitoring system that tracks all data points related to user activity and stores them in a way that they are accessible and available to you for analysis as needed.
4. Think Like a Fraudster
In the first chapter, we learned all about first-party and third-party fraud. We also discussed multiple types of fraudster archetypes from opportunists to identity thieves and criminal organizations. While there are many types of fraudsters, they all have one thing in common—they are always trying to figure out your vulnerabilities.
Just as fraudsters are constantly trying to figure out how to get past your internal controls, you have to study their tactics to see how they may attack you. As there are communities and consortia dedicated to fraud detection, there are also similar organizations composed of bad actors dedicated to fraud. As we write detailed guides on fraud detection, they write guides on how to commit fraud and how to get around the systems you’ve put in place. If you can access that information, it will help you figure out how fraudsters think and stay one step ahead.
“One thing I like to do is figure out the most expensive part of their business model and make it more expensive,” says Zach. “For example, I’d get them to burn more credit cards than usual before they realize that their transactions are unsuccessful.”
The Dynamic Approach to Fraud Detection
When using a machine learning model, you can monitor each transaction using either a dynamic approach or a sequential approach. The dynamic approach monitors real-time data. In sequential modeling, the ML model analyzes a sequence of events and tries to detect anomalies.
In the dynamic approach to fraud detection, ML models monitor real-time data to identify fraudulent activity. The models are trained on historical data and use transaction data, user behavior data, and external data sources to detect new patterns and flag suspicious activity. It is a proactive approach to fraud detection, and it is responsive to new threats, providing businesses with the tools they need to stay ahead of fraudsters and protect their customers and bottom lines.
If a company chooses to use machine learning, it can combine both approaches. The sequential approach should be on auto-pilot, with each flagged sequence being sent to the team for review while they work with alerts being sent their way through the dynamic model. That’d help improve the overall fraud detection system by combining sequences, real-time detection, and human intervention.
Risk Assessment Best Practices
Risk assessment is a critical component of fraud detection, as it helps businesses identify and prioritize the highest-risk transactions and entities. The essential components of risk assessment in fraud detection are:
- Data collection: Collect data from customer profiles, transactions, and external sources.
- Risk scoring: Assign a risk score to each data point based on the likelihood of fraudulent activity.
- Defining risk thresholds: Determine the minimum acceptable risk score of a transaction. Any transaction exceeding the risk threshold should be flagged.
- Establishing investigative procedures: Once a transaction is flagged as suspicious, it has to go through investigative procedures. Define these procedures and document them.
To improve fraud detection, the team working on risk assessment should focus on developing a solid understanding of the business. If third-party auditors have been brought in for risk assessment, they should work with heads of departments to get to know the products and services offered, the customers served, and the potential fraud risks associated with each transaction.
Zach provides an example of what this process entails: “If you are a neobank, your points of risk are anywhere money is coming in … and where money is going out. So, learn about how the bank operates, how different types of transactions work, how loans or credit cards are approved, how applications are processed, and so on. That will help you understand how different areas can be abused by bad actors.”
Risk assessment reports for different organizations will differ greatly based on their industry, processes, size, geographical location, customers, and more variables. However, all risk assessment reports should have the following information:
- Risk profiles: Risk profiles are a detailed compilation of all risks faced by a company. These are built after an assessment of all company processes involving customers, employees, partners, and other stakeholders.
- Risk categories: Risk categories consist of different risks grouped together based on their type. For example, risks such as distributed denial-of-service (DDoS) attacks and malware attacks can be categorized as cybersecurity risks.
- Risk sources: As evident by the name, risk sources are all external and internal factors that may affect your overall risk. For example, each type of transaction that moves money in or out of your system is a risk source.
Overall, assessing risks to improve fraud detection requires a combination of technical expertise, data analysis skills, and an understanding of the business. “That combination of knowing your business, knowing where the money moves, and then the different sort of fraud archetypes helps you in risk assessment,” says Zach.
The Future of Fraud Detection and Prevention
Fraud detection, and how organizations tackle it, has evolved over the last few years.
“When I was at Stripe, and we were building machine learning models, we had a team full of people with PhDs,” recalls Zach. “Seven years ago, we had to build a fraud detection system from the ground up. Now there are out-of-the-box solutions out there that you can use.”
“Similarly, there are a lot of low-code solutions that help non-engineers,” he adds. “The way I see it, low-code tools will continue to empower fraud detection professionals in the future.”
Fraud detection is all about building a robust system that can quickly take you from being reactive to being proactive about fraudulent transactions. To do that, you can rely on:
- Rules engines: They help you define and implement rules related to user activity. Advantages of rules engines include ease of deployment, the ability to monitor high volumes of transactions, and the collection of valuable data.
- Machine learning: Trained on large datasets of fraudulent and legitimate user activity, ML models can evolve with new data and act without human interference, but they are not without challenges.
Transaction monitoring is a major component of any fraud detection system. To maximize its effectiveness, companies should:
- Use a customizable platform: So you can make rules specific to your requirements.
- Focus on data governance: So you can take control of your data and improve data quality and accuracy.
- Think like a fraudster: So you can find potential vulnerabilities in your system.
Now that you have a baseline for what tools to use and how to use them effectively, the next step is to learn how to assemble the right team and create a culture where everyone’s on the same page about the importance of fraud detection and prevention.
Chapter 6 will focus on risk operations, including how to justify the investment into fraud prevention programs, what success metrics to measure, and how to build a collaborative risk culture within your organization.
Want more? You can find a Q&A with this chapter’s author, Zach Pierce.
Download your free copy of the Fraud Fighters Manual.