Tipping point - when simplicity is not enough in a fraud system

For at least the last three decades, fraud monitoring of transactions and portfolios has been a cornerstone of protecting the brand, be it for scheme, bank or consumer reputation. There have been a number of heavy-duty products in the market place in that time that target specific monitoring needs. However financial institutions can meet regulatory requirements with an excel sheet – (the main card schemes mandate that their members should use a fraud system – but do not necessarily mandate what that system should have as functionality). So, what is the tipping point?

The main concept around card scheme monitoring is to be below a certain fraud threshold defined by the scheme; and if you are monitoring transactions in batch – whether you are using a excel report to detect transactions that are above thresholds or using a simple rule based system – a confirmed alert means that you can block the card and reissue, preventing future fraud in the compromised card.

Alternatively, a digital challenger bank for example may go down the road of developing their own tools and software. Being agile in nature as part of the general start up programme means that development changes can be implemented quickly to meet the needs – and these can sometimes be very advanced in the functionality they can perform. I have seen new start ups showcase technology that appears to be beyond the scope of the traditional market leaders in terms of look and feel – and general ease of use.

However, with growth comes volume. As portfolios grow and the number of transactions increase – there is more focus on how to balance the cost of a system or process against the losses attributed to fraudulent activity. So, what is the tipping point to move to a more advanced system?

For the manual process it can be attributed to a number of things;

• the number of staff required to manage the volume increases – and may not be cost effective
• Caseloads have to be interpreted in bulk – e.g. closing off a number of cases as false positive's that fit a certain profile (which may miss actual fraud)
• Fraud increases as organised crime identify weaknesses in the institution's fraud detection process
• Increased scrutiny (either internally or externally) on general fraud prevention performance

For an in-house developed solution the tipping point is different. By developing in-house the ability to react to new requirements is initially a benefit. However, there are still ways in which the need to consider other provisions becomes apparent:

• The financial institution incurs the cost of development, maintenance etc.
• The knowledge of the product has to be maintained and continued with the organisation. For a challenger organisation for example – that knowledge could reside in one person.
• Detection techniques and strategies may not be robust enough to cope with volume increases.
• As with manual solutions – fraud increases as organised crime identify weaknesses in the institution's fraud detection process
• And again, Increased scrutiny (either internally or externally) on general fraud prevention performance

So it is by no means a hard and fast rule, but there is ultimately a decision to be made as to whether the cost to move a 3rd party solution will provide a benefit that improves fraud rates, FTE costs/efficiencies, or reduce maintenance/development costs. As mentioned at the beginning of this blog there is a lot of successful usage of simple fraud monitoring and prevention techniques or insourced developed solutions. It's whether that strategy is sustainable in the long run.