Tag: fraud

By: Kennis Wong In this blog entry, we have repeatedly emphasized the importance of a risk-based approach when it comes to fraud detection. Scoring and analytics are essentially the heart of this approach. However, unlike the rule-based approach, where users can easily understand the results, (i.e. was the S.S.N. reported deceased? Yes/No; Is the application address the same as the best address on the credit bureau? Yes/No), scores are generated in a black box where the reason for the eventual score is not always apparent even in a fraud database. Hence more homework needs to be done when selecting and using a generic fraud score to make sure they satisfy your needs. Here are some basic questions you may want to ask yourself: What do I want the score to predict? This may seem like a very basic question, but it does warrant your consideration. Are you trying to detect these areas in your fraud database? First-party fraud, third-party fraud, bust out fraud, first payment default, never pay, or a combination of these? These questions are particularly important when you are validating a fraud model. For example, if you only have third-party fraud tagged in your test file, a bust out fraud model would not perform well. It would just be a waste of your time. What data was used for model development? Other important questions you may want to ask yourself include:  Was the score based on sub-prime credit card data, auto loan data, retail card data or another fraud database? It’s not a definite deal breaker if it was built with credit card data, but, if you have a retail card portfolio, it may still perform well for you. If the scores are too far off, though, you may not have good result. Moreover, you also want to understand the number of different portfolios used for model development. For example, if only one creditor’s data is used, then it may not have the general applicability to other portfolios.

By: Kristan Keelan What do you think of when you hear the word “fraud”?  Someone stealing your personal identity?  Perhaps the recent news story of the five individuals indicted for gaining more than $4 million from 95,000 stolen credit card numbers?  It’s unlikely that small business fraud was at the top of your mind.   Yet, just like consumers, businesses face a broad- range of first- and third-party fraud behaviors, varying significantly in frequency, severity and complexity. Business-related fraud trends call for new fraud best practices to minimize fraud. First let’s look at first-party fraud.  A first-party, or victimless, fraud profile is characterized by having some form of material misrepresentation (for example, misstating revenue figures on the application) by the business owner without  that owner’s intent or immediate capacity to pay the loan item.  Historically, during periods of economic downturn or misfortune, this type of fraud is more common.  This intuitively makes sense — individuals under extreme financial pressure are more likely to resort to desperate measures, such as misstating financial information on an application to obtain credit. Third-party commercial fraud occurs when a third party steals the identification details of a known business or business owner in order to open credit in the business victim’s name.  With creditors becoming more stringent with credit-granting policies on new accounts, we’re seeing seasoned fraudsters shift their focus on taking over existing business or business owner identities. Overall, fraudsters seem to be migrating from consumer to commercial fraud.   I think one of the most common reasons for this is that commercial fraud doesn’t receive the same amount of attention as consumer fraud.  Thus, it’s become easier for fraudsters to slip under the radar by perpetrating their crimes through the commercial channel.   Also, keep in mind that businesses are often not seen as victims in the same way that consumers are.  For example, victimized businesses aren’t afforded the protections that consumers receive under identity theft laws, such as access to credit information.   These factors, coupled with the fact that business-to-business fraud is approximately three-to-ten times more “profitable” per occurrence than consumer fraud, play a role in leading fraudsters increasingly toward commercial fraud.

By: Kennis Wong As I said in my last post, when consumers and the media talk about fraud and fraud risk, they are usually referring to third-party frauds. When financial institutions or other organizations talk about fraud and fraud best practices, they usually refer to both first- and third-party frauds. The lesser-known fraud cousin, first-party fraud, does not involve stolen identities. As a result, first-party fraud is sometimes called victimless fraud. However, being victimless can’t be further from the truth. The true victims of these frauds are the financial institutions that lose millions of dollars to people who intentionally defraud the system. First-party frauds happen when someone uses his/her own identity or a fictitious identity to apply for credit without the intention to fulfill their payment obligation. As you can imagine, fraud detection of this type is very difficult. Since fraudsters are mostly who they say they are, you can’t check the inconsistencies of identities in their applications. The third-party fraud models and authentication tools will have no effect on first-party frauds. Moreover, the line between first-party fraud and regular credit risk is very fuzzy. According to Wikipedia, credit risk is the risk of loss due to a debtor's non-payment of a loan or other line of credit. Doesn’t the definition sound similar to first-party fraud? In practice, the distinction is even blurrier. That’s why many financial institutions are putting first-party frauds in the risk bucket. But there is one subtle difference: that is the intent of the debtor.  Are the applicants planning not to pay when they apply or use the credit?  If not, that’s first-party fraud. To effectively detect frauds of this type, fraud models need to look into the intention of the applicants.

By: Kennis Wong When consumers and the media talk about fraud and fraud risk, nine out of ten times they are referring to third-party frauds. When financial institutions or other organizations talk about fraud, fraud best practices, or their efforts to minimize fraud, they usually refer to both first- and third-party frauds. The difference between the two fraud types is huge. Third-party frauds happen when someone impersonates the genuine identity owner to apply for credit or use existing credit. When it’s discovered, the victim, or the genuine identity owner, may have some financial loss -- and a whole lot of trouble fixing the mess. Third-party frauds get most of the spotlight in newspaper reporting primarily because of large-scale identity data losses. These data losses may not result in frauds per se, but the perception is that these consumers are now more susceptible to third-party frauds. Financial institutions are getting increasingly sophisticated in using fraud models to detect third-party frauds at acquisition. In a nutshell, these fraud models are detecting frauds by looking at the likelihood of applicants being who they say they are. Institutions bounce the applicants’ identity information off of internal and external data sources such as: credit; known fraud; application; IP; device; employment; business relationship; DDA; demographic; auto; property; and public record. The risk-based approach takes into account the intricate similarities and discrepancies of each piece of data element. In my next blog entry, I’ll discuss first-party fraud.

By: Ken Pruett I find it interesting that the media still focuses all of their attention on identity theft when it comes to credit-related fraud.  Don’t get me wrong.  This is still a serious problem and is certainly not going away any time soon.  But, there are other types of financial fraud that are costing all of us money, indirectly, in the long run.  I thought it would be worth mentioning some of these today. Although third party fraud, (which involves someone victimizing a consumer), gets most of the attention, first party fraud (perpetrated by the actual consumer) can be even more costly.  “Never pay” and “bust out” are two fraud scenarios that seem to be on the rise and warrant attention when developing a fraud prevention program. Never Pay A growing fraud problem that occurs during the acquisition stage of the customer life cycle is “never pay”.  This is also classified as first payment default fraud.  Another term we often hear to describe this type of perpetrator is “straight roller”. This type of fraudster is best described as someone who signs up for a product or service -- and never makes a payment. This fraud problem occurs when a consumer makes an application for a loan or credit card. The consumer provides true identification information but changes one or two elements (such as the address or social security number).  He does this so that he can claim later that he did not apply for the credit.  When he’s granted credit, he often makes purchases close to the limit provided on the account.  (Why get the 32 inch flat screen TV when the 60 inch is on the next store shelf -- when you know you are not going to pay for it anyway?) These fraudsters never make any payments at all on these accounts. The accounts usually end up in collections. Because standard credit risk scores look at long term credit, they often are not effective in predicting this type of fraud.  The best approach is to use a fraud model specifically targeted for this issue. Bust Out Fraud Of all the fraud scenarios, bust out fraud is one of the most talked about topics when we meet with credit card companies.  This type of fraud occurs during the account management phase of the customer lifecycle.  It is characterized by a person obtaining credit, typically a loan or credit card, and maintaining a good credit history with the account holder for a reasonable period of time.  Just prior to the bust out point, the fraudster will pay off the majority of the balance, often by using a bad check.  She will then run the card up close to the limit again -- and then disappear. Losses for this type of fraud are higher than average credit card losses.  Losses between 150 to 200 percent of the credit limit are typical.  We’ve seen this pattern at numerous credit card institutions across many of their accounts. This is a very difficult type of fraud to prevent. At the time of application, the customer typically looks good from a credit and fraud standpoint.  Many companies have some account management tools in place to help prevent this type of fraud, but their systems only have a view into the one account tied to the customer.  A best practice for preventing this type of fraud is to use tools that look at all the accounts tied to the consumer -- along with other metrics such as recent inquiries.  When taking all of these factors into consideration, one can better predict this growing fraud type.  

By: Heather Grover In my previous blog, I covered top of mind issues that our clients are challenged with related to their risk based authentication efforts and fraud account management. My goal in this blog is to share many of the specific fraud trends we have seen in recent months, as well as those that you – our clients and the industry as a whole – are experiencing.  Management of risk and strategies to minimize fraud is on your mind. 1. Migration of fraud from Internet to call centers - and back again. Channel specific fraud is nothing new. Criminals prefer non-face-to-face channels because they can preserve anonymity, while increasing their number of attempts. The Internet has been long considered a risky channel, because many organizations have built defenses around transaction velocity checks, IP address matching and other tools. Once fraudsters were unable to pass through this channel, the call center became the new target, and path of least resistance. Not surprisingly, once the industry began to address the call center, fraud began to migrate, yet again. Increasingly we hear that the interception and compromise of online credentials due to keystroke loggers and other malware is on the rise. 2. Small business fraud on the rise. As the industry has built defenses in their consumer business, fraudsters have again migrated -- this time to commercial products. Historically, small business has not been a target for fraud, which is changing. We see and hear that, while similar to consumer fraud in many ways, small business fraud is often more difficult to detect many times due to “shell businesses” that are established. 3. Synthetic ID becoming less of an issue.  As lenders tighten their criteria, not only are they turning down those less likely to pay, but their higher standards are likely affecting Synthetic ID fraud, which many times creates identities with similar characteristics that mirror “thin file” consumers. 4. Family fraud continues. We have seen consumers using the identities of members of their family in an attempt to gain and draw down credit. These occurrences are nothing new, but   sadly this continues in the current economic environment. Desperate parents use their children’s identities to apply for new credit, or other family may use an elderly person’s dormant accounts with a goal of finding a short term lifeline in a bad credit situation. 5. Fraud increasing from specific geographic regions. Some areas are notorious for perpetrating fraud – not too long ago it was Nigeria and Russia. We have seen and are hearing that the new hot spots are Vietnam and other Eastern Europe countries that neighbor Russia. 6. Falsely claiming fraud. There has been an increase of consumers who claim fraud to avoid an account going into delinquency. Given the poor state of many consumers credit status, this pattern is not unexpected. The challenge many clients face is the limited ability to detect this occurrence. As a result, many clients are seeing an increase in fraud rates. This misclassification is masking what should be bad debt.  

-- by Heather Grover I’m often asked in various industry forums to give talks about, or opinions on, the latest fraud trends and fraud best practices. Let’s face it –  fraudsters are students of their craft and continue to study the latest defenses and adapt to controls that may be in place. You may be surprised, then, to learn that our clients’ top-of-mind issues are not only how to fight the latest fraud trends, but how they can do so while maximizing use of automation, managing operational costs, and preserving customer experience -- all while meeting compliance requirements. Many times, clients view these goals as being unique goals that do not affect one another. Not only can these be accomplished simultaneously, but, in my opinion, they can be considered causal. Let me explain. By looking at fraud detection as its own goal, automation is not considered as a potential way to improve this metric. By applying analytics, or basic fraud risk scores, clients can easily incorporate many different potential risk factors into a single calculation without combing through various data elements and reports. This calculation or score can predict multiple fraud types and risks with less effort, than could a human manually, and subjectively reviewing specific results. Through an analytic score, good customers can be positively verified in an automated fashion; while only those with the most risky attributes can be routed for manual review. This allows expensive human resources and expertise to be used for only the most risky consumers. Compliance requirements can also mandate specific procedures, resulting in arduous manual review processes. Many requirements (Patriot Act, Red Flag, eSignature) mandate verification of identity through match results. Automated decisioning based on these results (or analytic score) can automate this process – in turn, reducing operational expense. While the above may seem to be an oversimplification or simple approach, I encourage you to consider how well you are addressing financial risk management.  How are you managing automation, operational costs, and compliance – while addressing fraud?