As fraud losses continue to rise institutions respond by layering more fraud strategy rules and controls.  Soon they end up with hundreds of fraud rules that are difficult to manage and produce inefficient results. Too many rules results in too many customer disruptions (i.e. false declines or false-positives) and makes it difficult to identify coverage gaps leading to increased fraud risk and losses. By actively managing and regularly optimizing your fraud strategy you will reduce your fraud losses, customer disruptions, and total cost of fraud.

For this article fraud rules are defined as evaluation statements with one or more conditions that produce an output (and the output can be used to trigger an action).

Fraud Rule Examples

Ex.1  Is the fraud risk score greater than 800?

Ex. 2  Was the account opened in the past 90 days and the transaction amount is greater than $250 and the fraud risk score is greater than 850?

There are three primary reasons fraud strategy programs end up with too many rules and perform poorly:

First, new rules are evaluated independently. Fraud strategy teams should be continuously looking for new data, risk indicators and predictive scores both internally and from vendors. As they look to test these new data sources and design new rules they often evaluate performance independent of all the existing rules that are currently active. For example, analysis of a new rule using a new vendor fraud score may show it accurately detects 100 fraudulent transactions and only incorrectly identifies 20 good transactions as fraud. These results suggest this new rule will have good performance, however it does not show the existing rules already detect 95 of those fraudulent transactions. Analyzing performance independent of all the existing rules provides an incomplete picture and can lead to implementing new rules that provide no incremental value and are not useful.

Second, evaluation of new rules do not have consistent performance objectives. There are several performance indicators you need to consider when designing and updating your fraud strategy, but two of the most important are Detection Rate and False-Positive Rate. Detection Rate tells you how much fraud will be detected (and potentially prevented) and False-Positive Rate tells you how many good customers will be negatively impacted. Most of the time there is a trade-off between these two factors, increasing the Detection Rate will negatively impact the False-Positive Rate, or improving the False-Positive Rate will lower the Detection Rate. Designing some rules based only on Detection Rate and other rules based only on False-Positive Rate creates a confusing and inefficient fraud strategy.

Third, existing rules are not re-evaluated on a regular schedule. Fraudsters and fraud schemes are always changing. Fraud rules that perform great today may not be useful in the future and better rules using new data sources (indicators, scores, etc.) may be more efficient than older ones. When the entire fraud strategy with all existing rules is not evaluated there is no way to identify poorly performing rules and turn them off or replace them with better ones. Instead more and more new rules get added and you end up with lots of overlapping rules, rules that perform poorly, and some rules that no longer detect any fraudulent attempts.

If you want to improve your fraud strategy, reduce your fraud losses and improve good customer experience, you need to do 3 things:

#1 – Define your fraud risk and customer experience objectives. Identify key performance metrics that align with your objectives, establish performance targets and measure your results against those targets. Consecutive missed performance targets should trigger a strategy change or a re-evaluation of the performance targets. Require all strategy changes, including new rules and rule modifications, to meet the established performance requirements for both fraud risk and customer experience. 

#2 – Design a fraud strategy optimization program to evaluate rules independently and incrementally. When evaluating new rules you want to add to your strategy, or evaluating your existing rules, analyze performance of each rule independently (how would the rule perform if it was the only rule) and analyze the incremental performance (what incremental value does the rule provide when combined with all the other rules). Evaluating based on incremental performance will help you optimize your fraud strategy based on your defined objectives by highlighting which rules need to be modified or turned off because most of their value (i.e. frauds detected) is already covered by better performing rules.

#3 – Implement a program to optimize your fraud strategy on a regular schedule. Monitoring strategy and rule performance should be done on a monthly basis (daily in some cases). Additionally, you should schedule an optimization exercise every 3-6 months to complete a deep dive analysis on performance trends and emerging fraud patterns.  A good optimization program also includes simulation capabilities so you can evaluate different scenarios before you finalize any changes, including parameter changes to individual rules, removing and adding rules, and re-ordering rules (if your rules execute in a waterfall).  By regularly performing an optimization analysis you will ensure you are achieving optimal performance as defined by your fraud risk and customer experience objectives.

By defining your fraud loss and customer experience objectives and implementing a structured, ongoing fraud strategy optimization program you will reduce fraud losses, minimize exposure to losses from future attacks, and improve customer experience.