How to Reduce False Positives in Fraud Prevention

December 1, 2022

Fraud prevention tools - in an attempt to catch all instances of fraud - end up flagging legitimate transactions as well, resulting in false positives. As risk professionals can attest to, false positives rates can have a significant impact on fraud prevention efforts; because of this, it’s a top priority for fraud teams in the near future.

While false positives are a natural byproduct of fraud detection efforts, organizations want to reduce false positives as much as possible to improve efficiency and mitigate fraud losses.

False positives are a good indication of how well your fraud prevention efforts are working. The lower the false positive rates, the more effectively your fraud prevention rules are targeting the threats the company faces.

In this article, we’ll explain how to reduce false positives related to fraud by covering the following.

To start, we’ll explain what false positives are in relation to fraud, and then dive into the best way to minimize their impact within an organization.

Download ACH Fraud eBook

What are False Positives in the Context of Fraud?

A false positive is an incorrect classification of a customer's legitimate activity, which appears to be suspicious. While this can be done manually, most companies use automated fraud detection systems that generate alerts for suspicious transactions. In the most basic sense, a false positive indicates an incident of fraud, when in fact, no fraud has occurred.

Many financial services activities can appear to be suspicious in nature, showing characteristics that match illegal behavior. However, that doesn’t mean each of these instances is actually fraud.

However, since each fraud alert needs to be taken seriously, each alert needs to be processed, investigated, and either escalated or ruled out. Because each potential threat needs to be treated as a legitimate threat, false positives can lead to significant work for risk and compliance teams. 

While it’s important to do this to ensure true threats don’t get missed, false positives take up analysts’ time, without actually preventing fraud. In essence, this is time wasted for staff (and the organization as a whole).

The Impact of False Positives: Why They Need to be Addressed

Unfortunately, there is no simple answer to reducing false positive rates. In fact, an organization without any false positives is likely allowing an abundance of fraud to pass through their system undetected. Most financial institutions have relatively high false positive rates in an effort to ensure fraud doesn’t pass through the cracks.

Let’s look at an example to illustrate why false positive rates related to fraud are commonly high at organizations.

To clamp down on credit card fraud, the risk team implements a rule that produces an alert whenever a customer makes a series of credit card purchases in a short amount of time - let’s say 10 transactions in a span of 24 hours - which would be above the normal average for this institution’s average customer.

Each time this occurs, an alert is generated for the fraud team to review. If customer A (a legitimate customer) goes on a shopping spree, making several purchases in one day, they could be flagged under this rule. Since the customer legitimately made those purchases, this is a false positive. Customer B (a fraudster) makes 7 - 9 purchases in a week, which does not result in fraud alerts being generated.

As you can see here, false positives are being flagged, while true positives are squeaking through. Ultimately, the rules should be adjusted to account for the true positives getting through, and tightened to ensure instances of fraud are being detected. While this may lead to higher false positive rates, it ensures true instances of fraud aren’t trickling through.

The fact is, these customized rules can never be flawless, detecting only instances of fraud. In order to ensure no true instances of fraud pass through the organization, rules often need to be slightly broader and more encompassing than the actual fraud cases. This means that every financial organization will experience some instances of false positives; it’s the company's responsibility to reduce these rates as much as possible, improving their fraud prevention efforts in the process.

Financial institutions’ use of transaction monitoring enables fraud detection, as these solutions flag suspicious activity for review. This system is only as good as the rules that it’s based on, which means a weak fraud detection system can produce a lot of false positives - costing your team unnecessary effort reviewing false positives.

How to Reduce False Positives in Fraud Prevention

Mitigating the impact of false positives is a constant battle. Organizations constantly struggle to reduce the rate of false positives without allowing true positives to get through the cracks. It takes consistent monitoring, reevaluation, and updating to ensure fraud prevention efforts are working as intended, and are optimized for best performance.

While organizations can perform this task manually, it’s extremely labor-intensive. Most institutions employ savvy rule-based engines that produce alerts when suspicious activity or behavior is detected. Risk and compliance teams develop rules that detect suspicious behavior and generate alerts for analysts to investigate. The fraud team then investigates each case based on the potential threat, and determines if it’s an instance of fraud.

Below, we cover the best strategy for reducing false positives when it comes to fraud prevention.

1. Establish an Operational Baseline

The first step to reducing false positives is having an operational baseline. Organizations need to understand the team's bandwidth and capabilities to actively limit the false positives rates.

Without understanding how much fraud can be processed, it’s difficult to marshal resources effectively. For example, if an organization has a risk and compliance team that consists of 10 individuals, how many alerts can that team actually process? Technically, an organization can create thousands of rules, resulting in just as many alerts. However, if the fraud team doesn’t have the capacity to actually manage and investigate these alerts, it’s not necessarily the best practice. Without the proper manpower to conduct the investigations, this tactic will not effectively prevent fraud.

Without the capacity to manage the fraud on your platform, alerts will pile up, leading to operational burnout for your team (and organization). Without finely tuned rules, the team will have many alerts to process, which may not be easily manageable. To compound this, the longer it takes for teams to review bad alerts (false positives), the less time is spent reviewing true positives. All of this costs the organization time and money and reduces the efficiency of fraud prevention efforts.

2. Break Risk into Different Categories

Once you have a clear understanding of what your team can operationally handle, you can then develop strategies for managing resources to best protect against fraud.

One of the best ways to do this is to break risk into multiple categories based on the risk the fraud poses. While teams should certainly develop a system that suits their particular services, it really comes down to distinguishing the level of risk. A simple scale of low, medium, and high is sufficient, but certain organizations may benefit from having additional categories such as extremely high or extremely low.

With that in mind, let’s look at a simple example of what that could look like.

High Risk

These constitute the biggest fraud threats that an organization faces, amounting to the largest fraud losses at the company.

When creating policies for high-risk policies, you want to be very specific. These high-risk threats should generate a small number of alerts and have a high true positive rate. False positives on high-risk transactions can amount to significant fraud losses to an organization, and should be the main priority of focus for fraud prevention teams.

Ideally, teams spend 30% or less of their time on these cases. They pose a serious threat and can amount to significant financial losses, so they need to be taken seriously and be prioritized.

The best way to combat these high-risk threats is to create very specific rules that have very high true positives rates (preferably 90% or higher). This ensures that these threats are effectively rooted out and that the false positives don’t lead to significant fraud losses for the company.


Rules need to be accurate, effectively stopping the incidents of fraud, while still allowing all legitimate transactions to go through.

Medium Risk

These typically constitute the largest amount of fraudulent threats facing an organization, despite them not being the highest value transactions. Within this segment, there is a wide range of types of fraud, making it difficult to stop all the potential threats effectively.

Adequate protections require a wide range of rules to account for the different types of fraud being conducted. There is slightly more room for false positives in this range, as they don’t amount to the same fraud losses as high-risk cases. Given the range of threats, it's complicated to create rules that address 100% of the threats facing your organization.

Ideally, risk and professional teams spend 50% of their time managing these cases. Rules in this environment should also be leveraged to improve the quality of rules operating in the high risk environment.

Low Risk

These constitute the lowest threat to your organization, as each incident doesn’t amount to a lot of fraud losses. That being said, as the easiest types of fraud for criminals to conduct, volumes can be high. Failing to take a concerted effort to prevent this fraud can still lead to significant fraud losses for your organization.

Unlike your high-risk category that requires very strict, specific rules, you can be much more experimental with your fraud prevention strategies at this level. Try new things, test new rules, and use a trial-and-error process to perfect rule-building. This is incredibly useful for testing rules that you can then deploy on your high and medium-risk threats.

Ideally, your team spends less than 10% of its time on these low-level threats. More than anything, this space allows you to see overall trends and monitor how your rules are performing. You can then leverage these experiments to build more precise rules for higher-level threats.

Don’t get the wrong idea - all fraud is bad and should be stopped. You don’t want to allow it to fester on your platform, as it can grow into larger cases of fraud. You also don’t want to allow fraud to occur or fraud losses to persist and grow.

3. Reevaluate and Update Rules

Organizations should regularly optimize their fraud prevention efforts, implementing new rules, updating old rules, and eliminating rules that are no longer performing properly. As fraud is consistently evolving, so too should your prevention efforts.

Make sure to implement rules used in the ‘low risk’ category with a high success rate, leveraging these rules to prevent fraud at the higher risk levels. Fine-tune rules ever so slightly to more effectively pick up true positives, while mitigating the number of false positives being detected.

This process is a consistent balancing act, but it’s worth regularly reviewing to ensure fraud prevention efforts are operating at peak performance.

Download Transaction Monitoring Product Guide

Keep False Positive Rates Low with Unit21

Even though they’ll never hit zero, organizations should do everything possible to reduce the rate of false positives - mitigating their negative impact on the bottom line.

There is no perfect answer to this, and it will take some trial and error to find what works best for your organization. Ultimately, the aim is to get false positives as low as possible, without allowing true instances of fraud to pass through undetected.

To do this, remember to consistently review rates, make changes to adapt, and use fraud detection technology like Unit21 that offers features like alert scoring to help prioritize alerts, and a shadow mode so you can test out your rules to see how they behave before deploying them.

Interested in seeing how Unit21 can help with fraud detection? Schedule a demo with our team today.

Subscribe to our Blog!

Please fill out the form below:

Related Articles

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations
GET a demo