Times They Are A-Changin’: Adapting Fraud Detection for a New Era in Account Tenure

They say the one constant in life is change, and as Bob Dylan knows: “the times they are a-changing.” 

‍

Dylan’s classic song about change serves as an excellent metaphor for the dynamic nature of fraud detection and how important it is for risk teams to understand and stay ahead of technological and tactical shifts in fraud. Just as law enforcement must evolve to stay ahead of criminals, financial institutions must continuously identify potential threats and then adapt their fraud detection mechanisms. 

‍

In this installment of our Fraud Files series, we take a look at the adaptive strategies of fraudsters as they work hard to identify and circumvent the static rules that are set by many financial institutions, particularly in a new era in account tenure.

‍

Fraud Files: Understanding and Connecting the Right Data Points

This is our ninth installment in Fraud Files, our blog series that shares unique insights based on data from over 4.05B events on the Unit21 platform. We have been examining what data points are important to understand and connect in order to detect - and prevent - fraud. Some recent posts include:

• Part 6: How action-based events can provide real-time indicators of potentially fraudulent or unauthorized activity.
• Part 7: Why combining the right matched data points can achieve exponential results, stopping more fraud while decreasing false positives.
• Part 8: How Kevin Bacon can be a good example for linking entities within a network to identify potential fraud rings.

‍

You can read our entire Fraud Files series.

‍

Volume of Alerts Generated for Account Tenure Can Indicate Fraud‍

Account tenure is a critical metric in risk management, utilized by institutions to pinpoint potential fraudulent activities. As we have explored before, financial institutions often use this as a way to identify potential fraudulent activity. The chart below illustrates the fluctuation in alert volumes and the corresponding true positive rates based on account age. Notably, there are spikes in alert volumes around default thresholds, particularly on days like 10 and 30, where many institutions typically set their standard monitoring rules. These spikes suggest that fraudsters are not only aware of these common detection thresholds but are actively adapting their strategies to evade them.

‍

Fraudsters aim to exploit busy operational periods on default days like 7, 10, or 30 when alert volumes peak and teams are overwhelmed. By timing their fraudulent activities to either just before or after these days, they attempt to fly under the radar. To counteract this, you can use shadow rules, which allow financial institutions to simulate adjustments in their fraud detection strategies without immediate full-scale implementation. By setting a shadow rule for, say, 29 days and 3 days of lookback, institutions can proactively fine-tune their systems to stay ahead of fraudsters, thereby enhancing their capacity to detect and prevent fraud more effectively.

‍

‍

Interestingly we see an increase of alerts around day 14, accompanied by a decline in true positive rates. This discrepancy might indicate an issue of operational efficiency rather than a rise in fraudulent activity. Spikes in alerts that result from rigid, static strategies often lead to decreases in true positive rates, prompting us to question whether these spikes are due to actual fraud or perhaps overly broad or poorly defined rules. Financial institutions should critically evaluate whether their alert thresholds are tuned effectively to real risks or if they are merely capturing high volumes of normal activity.

‍

Dynamic Rules are Key in an Ever-Changing Landscape

Fraud prevention continues to be crucial throughout the entire tenure of an account and beyond the first 30 days. Fraudsters are aware of the tie between account tenure and fraud detection, so they often deploy multiple fraudulent strategies. Increases in synthetic identity theft are contributing to new account fraud. Once in your ecosystem, fraudsters can choose a quick attack scheme for a newly opened account or a “long-game” tactic that allows them to use more tenured accounts to commit bust-out fraud.

‍

Financial institutions, therefore, can benefit dramatically from leveraging dynamic rather than static rules that monitor the entire customer lifecycle.. While we have good insights into account tenure and the implications for fraud, we also know this could change as fraudsters learn and adapt. The ability to create rules to respond to the changing nature of fraud helps organizations remain vigilant and identify opportunities to discover and combat fraud on an iterative scale.

‍

‍

For example, with Unit21’s Dynamic Models, users can create formulas (i.e., alert-generating logic) using variables and trigger conditions. One of the myriad use cases would be to create variables that sum up transactions over the last 30 days and 90 days and use them in tandem with a trigger condition that generates an alert if the sum of transactions over the last 30 days is greater than 90 days. These dynamic models allow risk teams to build the right variables and trigger conditions that are appropriate for their business objectives and what might present a risk for them specifically.

‍

The Takeaway

‍Just like everything else in life, the financial landscape is ever-changing, and so, too, then is the fraud one. That’s why it is so important that financial institutions continue to implement adaptable fraud strategies that take into account all of this change that is happening and will happen.

‍

After all, “the loser now will be later to win, for the times they are a-changin.’”

‍

Learn more by reading our newly refreshed Transaction Monitoring Guide. 

‍