Compliance and fraud prevention: Doing it right means taking it seriously

August 19, 2012 by Guest Contributor

By: Ken Pruett

The great thing about being in front of customers is that you learn something from every meeting.  Over the years I have figured out that there is typically no “right” or “wrong” way to do something.  Even in the world of fraud and compliance I find that each client’s approach varies greatly.  It typically comes down to what the business need is in combination with meeting some sort of compliance obligation like the Red Flag Rules or the Patriot Act.  For example, the trend we see in the prepaid space is that basic verification of common identity elements is really the only need.   The one exception might be the use of a few key fraud indicators like a deceased SSN.  The thought process here is that the fraud risk is relatively low vs. someone opening up a credit card account.  So in this space, pass rates drive the business objective of getting customers through the application process as quickly and easily as possible….while meeting basic compliance obligations.

In the world of credit, fraud prevention is front and center and plays a key role in the application process.  Our most conservative customers often use the traditional bureau alerts to drive fraud prevention.  This typically creates high manual review rates but they feel that they want to be very customer focused. Therefore, they are willing to take on the costs of these reviews to maintain that focus.  The feedback we often get is that these alerts often lead to a high number of false positives. Examples of messages they may key off of are things like the SSN not being issued or the On-File Inquiry address not matching.  The trend is this space is typically focused on fraud scoring. Review rates are what drive score cut-offs leading to review rates that are typically 5% or less.  Compliance issues are often resolved by using some combination of the score and data matching.

For example, if there is a name and address mismatch that does not necessarily mean the application will kick out for review.  If the Name, SSN, and DOB match…and the score shows very little chance of fraud, the application can be passed through in an automated fashion.  This risk based approach is typically what we feel is a best practice.  This moves them away from looking at the binary results from individual messages like the SSN alerts mentioned above.

The bottom line is that everyone seems to do things differently, but the key is that each company takes compliance and fraud prevention seriously.  That is why meeting with our customers is such an enjoyable part of my job.