Fraud Strategy for Dormant Activity

What Approach Should You Take When a Dormant Account Becomes Active?

‍

"Whenever I start thinking about cross strategy for dormant activity, I, first of all, try to ask myself, how do you define dormant?
‍

‍

Define What Dormant Means

Historically speaking, financial institutions will say that any user who didn't take any actions, didn't look in the account, or didn't make any money movements, at least for two cycles, is considered dormant.

‍

But today, with the way we have new offerings around Fintech and crypto, (and different platforms with different users of those platforms), dormant can be very different from one platform to another. We have certain offerings that are only relevant for the holiday season.

‍

So, for example, you would expect users to become active during the holidays suddenly. And then they will be dormant for another year until the next holiday season.

‍

Or maybe you will have some platforms that offer services around a specific type of view. So maybe your customer will only use your platform when they need to travel somewhere. So when they're not traveling, they will be dormant.

‍

A good question to ask yourself when you try to create a fraud strategy for dormant activities is, 'what is dormant to me, and how I define that?' Once you define that, I think the next step is understanding what signals are important to receive alerts for.

‍

‍

Understand Which Activities to Alert On

If you have a user who's been dormant for x-amount of time, what type of signals do you really want to start alerting on? Is it a login? Is it a transaction? Is it anything else? What is a red flag to me? What is interesting for me to see after a long period of the user being un-active?

‍

And once you define that, this is where you can start writing out the strategy. But also, it's crucial to look at the non-active user almost as a new user.

‍

If we haven't seen any activity in the past two or three months, we can almost treat them like a new customer. So, what do we expect a new customer to do? What type of transaction? What type of activity do we expect? Once you're able to answer all of those questions, you're ready to start writing your strategy."

‍

‍

How Unit21 Helps Teams Identify Fraud Related to Dormant Accounts

Once you determine what a dormant user is to you, you can easily add variables to your rules that take this into account—particularly around whether or not alerts are triggered. With Unit21, you can easily set up variables that allow you to look for instances where a user has not made a transaction within a certain period, and then makes one seemingly out of the blue. For example, you could look at cases where users have not conducted a transaction within 180 days and then makes a transaction within the last 10 minutes.

‍

These time thresholds can be altered to better suit the actual behavior of your customers or how you actually define a dormant user. For some companies, a dormant customer could be a user that has no activity within the past 3 months, while for others it could be a user that has had no activity in the past 3 years.

‍

This logic can be built on a variety of other rules to look at new activity after a period of dormancy, which allows you to better define when you want to examine this behavior. Rather than using this rule on its own, flagging all instances where a dormant user makes a transaction, but instead pair this with other rules to detect only suspicious activity related to dormant accounts—and activity that is likely to be a true positive.

‍

For example, we could pair this rule with a rule that looks for an account change to protect against ATO fraud. Or we could also add a variable that ensures we only look at cases where the new transaction is above a certain threshold, allowing us to identify only high-value transactions (and are more likely to be suspicious in nature).

‍

‍

Looking for more insights? Check out our fourth session of Fraud Office Hours on-demand for a deeper dive into how to use Unit21 as part of your fraud strategy for dormant activities.‍