The Rule of Rules: Part 1: How Financial Institutions Customize Fraud Detection Rules

Fraud detection techniques vary significantly across industries, particularly between banks and credit unions vs. fintechs. In this two-part installment of our Fraud Files series, we explore the approaches in utilizing rule types for fraud detection for financial institutions and fintechs, which helps us understand the strategic priorities and operational realities that shape their fraud detection frameworks.

‍

This first part in the installment will focus on banks and credit unions (our next part will examine the preferences for fintechs). After reviewing the data, we found that banks and credit unions often use a conservative approach toward fraud detection, focusing on well-established and simpler rule types like Simple Filters. 

‍

But relying solely on Simple Filters can come at a cost…

‍

Fraud Files: Using the Right Data and Dynamic Rules Are Key to Fighting Fraud

This is our 10th installment in Fraud Files, our blog series that shares unique insights based on data from over 4.05B events on the Unit21 platform. We have been examining what data points are important, how they are connected to detect - and prevent - fraud, and why dynamic rules are so important. Some recent posts include:

• Part 7: Why combining the right matched data points can achieve exponential results, stopping more fraud while decreasing false positives.
• Part 8: How Kevin Bacon can be a good example for linking entities within a network to identify potential fraud rings.
• Part 9: Why Bob Dylan’s song “The Times They Are A-Changin’” is an excellent metaphor for the dynamic nature of fraud detection in a new era of account tenure.

‍

You can read our entire Fraud Files series.

‍

Top Rule “Types” for Banks and Credit Unions: A Snapshot

A quick snapshot of the data gives us the following observations:

‍

• Our Dynamic Model Builder (DMB) rule engine is a highly effective place for banks and credit unions to write rules, but while they adopt it, only 37% of their rules are written in it. 
• They gravitate toward using Simple Filters - such as flagging transactions for certain credit cards - with more than 52% of the rules running on that scenario.
• Graph-Based Rules (GBRs), which identify risky commonalities between users and generate alerts for risk teams to review, didn’t make it into their own category because their use is infrequent. 
• When breaking out simple filters, embedded filters are the most common rule type for banks and credit unions, at just over 30%, even if they are using Scenario Models. This lets us know they are looking to improve performance by filtering and focusing on specific transactions/entities. 

• In terms of outcomes, the best-performing scenario for banks and credit unions is Simple Object Count (Transactions). This scenario, shown as “simple_object_count_transactions_embedded_filters,” is one of our recommended general rules and has a 61.72% true positive (T/P) rate. 

‍

The High Usage of Simple Filters/Logic in Traditional Banking

‍We found that banks and credit unions rely heavily on Simple Filters, which make up 29.1% of their rules. Simple Filters are tools used to generate alerts based on specific, predefined criteria, designed for common use cases where a broad matching rule is applicable. They represent the traditional way transaction monitoring has been conducted for the past two decades, so it's not surprising that we see high adoption among more traditional FIs. Much of this is due to the ease of implementing them and the accompanying lower operational complexity since they are user-friendly and can be easily set up to create filter-based scenarios. This functionality facilitates the quick and efficient setup of monitoring rules without requiring complex configurations.

‍

The Trade-off of Simple Filters and Operational Cost

‍Unfortunately, there’s a trade-off to the efficiency with which simple filters can be deployed. With the high usage of Simple Filters comes the high operational cost of false positives (F/Ps), with almost 55,500 F/P alerts. On the other hand, Dynamic Models allow more flexibility in narrowing down the targeted population and filtering entity and transaction characteristics.

‍

F/P rates can massively impact an organization. They add a significant burden to risk management teams, who spend time and resources investigating them, instead of identifying and preventing actual fraudulent activity. This results in lost sales, revenue, reputational damage, and wasted resources. The operational benefits of ease of implementation is heavily counteracted by the operational costs of associated high F/P rates.

‍

The Best-Performing Scenarios - Simple Object Count Transactions

As we noted before, we see the best-performing scenario for this sector is the simple object count transactions embedded filters with a 61.72% T/P rate, illustrating the effectiveness in a traditional banking environment. This is a common scenario for transaction-level monitoring that triggers an alert when a particular detail (e.g., address, email, or phone number) is used in a certain number of transactions within a designated time frame. It can be useful when detecting a repetitive activity that might indicate a compromised card, for example.

‍

Why is this particular rule so successful within the banking and credit union sector? Our hypothesis is that it’s due to the predictable nature of typical banking transactions. Traditional bank and credit union offerings tend to attract customers who are generally more conservative and not new to banking, so they transact in a more traditional and predictive way.

‍

But there are challenges, too, with using these simple rule types. Banks and credit unions are constrained when it comes to not diversifying their rule scenarios, especially as new types of fraud continue to emerge. This conservative approach can hinder them from adapting to fraudsters who are working hard at learning static rules and then creating ways to get around them. If you are overusing Simple Filters, you can enhance your fraud detection capabilities by integrating more complex rule types in a measured, risk-aware manner, and leveraging dynamic rather than static rules.

‍

The Takeaway

‍While there is, of course, notable effectiveness in some of the more traditional approaches, the sector can start leveraging new innovations to keep up with the ever-evolving nature of financial fraud. After all, as Albert Einstein is attributed with saying, “Life is like riding a bicycle. To keep your balance, you must keep moving.”

‍

If you are looking for some practical tips on writing dynamic rules, join our Rule Building Master Class during our Fraud Fighters Virtual Summit. The summit takes place on July 17, and the Rules Building Masterclass is just one of more than 20 practical sessions that can take your fraud-fighting skills to the next level.