How to Detect and Prevent Regulation E Dispute Fraud

December 20, 2022

During our second session of Fraud Office Hours, an attendee asked, "How can you detect Reg E dispute fraud in the US?" Watch this video clip and read below to see how Unit21's Head of Fraud Risk, Alex Faivusovich, responded.

How to Detect and Prevent Regulation E Dispute Fraud

"The fraudsters know you will give them a provisional credit, and while the dispute is still under investigation, they will take the provisional credit and pretty much disappear.

How the Reg E Dispute Process Works (and How the Reg E Dispute Provisional Credit is Exploited)

It’s no shock that Regulation E dispute fraud is trending in the financial services industry. It is surprising that it’s heavily associated with ATMs.

We see a lot of new customers who will open brand new accounts, bring an initial deposit, fund the account, and then within a short amount of time will go to an ATM, withdraw the money out, and then call in to customer service claiming they didn’t get the actual cash.

According to Regulation E, financial institutions are required to provide the customer with a provisional credit. Fraudsters know you’re required to provide them the provisional credit, and while the transaction is still being investigated, they will take the provisional credit and disappear.

By the time the operator of the ATM gives you a false result for the dispute (proving the money was distributed from the actual machine) it’s already too late, and the fraudster has made off with the money.

How to Identify Regulation E Dispute Fraud in Action

This method of Regulation E dispute fraud is relatively common, but fortunately, there are ways that you can address it.

The best way is to try to differentiate those fraudsters and bad actors from the general population. To do this, you want to identify what is familiar to them. Are they primarily using new accounts? How fast do they act after the account is started? Are there any other risk signals of these customers that allow you to identify them?

Are they coming from the same geolocation? Are they using the same email domains? These are some good questions to ask. Use analytics to understand potential customers and prevent them from onboarding to the platform in the first place.

While it’s best to prevent these users from onboarding in the first place, this can be very challenging. The goal should be to try to understand if you have customers who are actual victims of fraud, subject to an error in fraud identification, or if they are intentionally trying to abuse the system.

Unit21 can help with this. We have a rule that allows financial institutions to track the customer (or entity) as both a receiver and sender of funds. With this rule, we can understand the user behavior, determining with greater accuracy when users are following a certain sequence of events that results in them finally draining the account. FIs can then monitor and create an alert for this specific behavior.

Unit21 users can leverage our layering rule to achieve this. With this rule, we can look for a user who has received at least a thousand dollars in provisional credit transactions and then has tried to withdraw at least 90% of the value of those transactions within an hour. This lets teams detect cases where someone receives a provisional credit, immediately turns around, tries to extract those funds, and then disappears.

Another way of rooting this out is by analyzing what’s going on in your ecosystem. Look for top transacting entities or users receiving the most provisional credits. Then conduct link analysis for these customers to see if these users are connected to each other. Unit21 makes this possible with our link analysis tool. Teams can build a rule that flags the top entities (however many you’d like to track) that are making the largest volume of a specific type of transaction (in this case, provisional credit transactions).

For example, you could use this to flag the top 20 entities in terms of the volume of provisional credits in the last seven days. You can then use the network analysis function to look for potential links between entities being flagged by this model and others. This allows you to root out possible fraud rings on your platform before a model catches them (or before you get taken to the cleaners!).

You can then develop internal policies - and specific rules - around these different types of behaviors you’re seeing. You can then determine which signals let you decide if you have an abusive customer or a customer that is a true victim of fraud. And then you can establish an action plan for handling these threats."

Looking for more insights? Check out our second session of Fraud Office Hours on-demand for a deeper dive into current fraud trends and which preventative measures to consider.

New call-to-action

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations