Account Dormancy and Fraud Detection: The Silence Before the Storm
Silence can be a good thing. In our busy lives, having a quiet moment of inaction can be a much-needed boost to well-being. But fraud thrives in silence when it comes to fraud, and sometimes, that silence can be a strong indication of the calm before the storm. Just as certain actions in accounts can be red flags for fraudulent activity, so can the opposite - account dormancy.
Account Tenure & Fraud Detection. A Pattern for Banks & Fintech
In our blog series, Fraud Files, which uses data from over 4.05B events on the Unit21 platform, we’ve covered how timing matters when it comes to account tenure and fraudulent activities. Check out our previous posts that look at the rate of true positives for accounts in their 90 days and the differences for banks and credit unions on fraud detected in the first 14 days of account opening.
Account monitoring throughout the entire custom lifecycle - no matter what type of financial institution - is incredibly important. However, while account tenure is an important factor when it comes to identifying fraudulent activity, so is account dormancy - sometimes inaction is just as important as action.
Account Dormancy and Fraudulent Activity
The specific criteria for account dormancy can vary from one financial institution to the next. Still, generally speaking, an organization will define an account as dormant if there is no customer-initiated activity within a set timeframe.
What is the timeframe that sets the marker for a dormant account? As we mentioned, it can vary by the financial institution, but our data shows that the common strategy for flagging accounts as dormant is typically between 30 and 180 days. However, the average flagged account for potential dormancy shows almost a year of inactivity—317 days, to be precise.
So what does this mean, and how can financial institutions leverage dormancy as an effective way to identify - and fight - fraud?
- The dormancy detection window shows the need for a long-term strategy
This typical flagging window - and the average days of inactivity on a flagged account - indicates that financial institutions need a long-term strategy for monitoring and assessing the risk of dormant accounts since these may fly under the radar for extended periods.
- Average reactivation transactions are significantly higher than the rules criteria:
The average transaction amount that reactivates a dormant account is 17 times higher than the average transaction threshold set in the rule criteria. If you zoom in on the data, you can see that, for example, wire accounts have an average reactivation transaction amount of over $30,000 with an average dormancy period of 316 days. Internal transfers show an average reactivation transaction amount of over $24,000 with an average of 333 days of dormancy. This could signify that when dormant accounts are reactivated, they are often done with substantial transactions. Of course, these transactions might be legitimate, high-value customer transactions - but they could also be potential indicators of fraudulent activity.
- Transactional Patterns and Risks:
As always, different types of transactions can carry different meanings, especially when it comes to risk and compliance. Specific transaction types such as ACH, Wire, Card Purchase, and Crypto Buy have been highlighted with average flagged transaction amounts, suggesting that different types of transactions have varied risk profiles when associated with dormant accounts. Our analysis indicates that customer-set thresholds for dormant account reactivations are potentially too low, as evidenced by the average actual reactivation amount being significantly higher than the alert trigger point. While customers' rules anticipate a reactivation transaction of $1,081 after 181 days of inactivity, the real-world data shows an average of $12,531 after 339 days. This mismatch suggests that many of the alerts generated under current settings may be false positives. Adjusting the threshold settings closer to the observed averages could reduce these false alerts, allowing for a more accurate and efficient identification of actual risks. This information is critical for tailoring fraud detection systems to be sensitive to the nuances of each transaction type.
The Takeaway
We’ve examined account tenure as an important indicator of potentially fraudulent activities and why it’s so important to consistently and actively monitor accounts. Financial institutions have a better chance of recognizing bad actors and preventing fraud by understanding the potential risks associated with account dormancy, especially as the data reflects that reactivation transactions are significant.
We recommend defining dormancy at your organization and avoiding using general monitoring defaults such as 30, 60, or 180 days.
At Unit21, we understand the need for flexibility. Our configurable infrastructure allows you to define your own timeframes for monitoring dormancy to match your organization’s specific risk profile. Proper tagging, feedback on reactivation transactions, and a clear understanding of what might be fraudulent and genuine reactivation are key ingredients to fighting fraud.
Book a demo to see how you can better detect, investigate, and report bad actors throughout the customer lifecycle.
Alex Faivusovich is a fraud prevention leader fighting financial fraud for the past 16 years. His career started in Israel at Leumi Card (MAX), culminating in him leading a team of 15 fraud analysts. In the U.S., Alex joined Matrix-IFS as a senior fraud consultant, providing expertise for Tier -1 banks and Fintech programs.
Alex later served as the Head of Fraud Risk at Lili Bank, leading the implementation of fraud prevention technology within the company and owning the risk policy for first—and third-party fraud. Today, Alex is Head of Fraud Risk at Unit21, guiding and advising clients along their fraud prevention journey.
