By Scott Zoldi

With the world well into its second year of the COVID-19 pandemic, the inner workings of banks’ fraud and financial crimes operations continue to be stress-tested. Change always creates opportunities for fraudsters and financial criminals, and the pandemic has provided a field day of possibilities, especially scams. How can banks fight back?

A perfect storm for scams
In 2020, customer behaviours around banking changed dramatically as lockdowns came and went; for example, a study released by Chase in December 2020 asked 1,500 consumers on their use and preferences with banking digitally.

• More than half (54 percent) of respondents agreed that they use digital banking tools more due to the pandemic today than they did last year.

• Thirty percent of respondents said they had signed up for person-to-person (P2P) payment platforms such as Venmo and Zelle in the past six months

• Nearly half (45 percent) of longer-term P2P users said they were using this form of payment more often than they did a year ago.

From this study we can reasonably assume:

• More people are making P2P payments

• A lot of these folks are unfamiliar with these newfangled payment methods

Transaction numbers bear this out; Venmo’s total payment volume (TPV) was $51 billion in Q1 2021, up from $31 billion in Q1 2020, an increase of 70 percent.

In a stressed-out, pandemic-stricken world with lots of new users pushing massive amounts of instant payments through unfamiliar channels, what could go wrong? As it turns out, a lot.

The rise of push payment scams
Authorized Push Payment (APP) fraud happens when criminals deceive and manipulate consumers or individuals at a business into sending money to a bank account controlled by the scammer. During the pandemic APP scams have grown at an alarming rate, particularly in the UK. From mobile apps preying on young adults to small business owners mistaking a scammer for a bank official, to elaborate Ponzi schemes scamming tens of millions of pounds, the sophistication of APP scams is evolving at a breakneck speed. According to UK Finance, 2019 saw a 45 percent increase in APP scams, as compared to 2018, with losses totaling £456 million in 2019 alone; scam losses continued to rise in 2020 to a total of £479 million.

APP scams are not just a major problem in the UK. According to the Canadian Anti-Fraud Centre, Canadians have lost an estimated $87.8 million from fraud this year as of as of May 31, 2021.

How can payments to scammers be detected?
To better understand how banks can detect authorized push payments made to scammers, let’s take a step back and compare them to the traditional fraudulent retail banking transfer.
• An Unauthorized Push Payment (UPP) fraud transaction is a third-party fraud transaction in which the fraudster executes the fraudulent transaction without the customer’s permission.
• With APP scams, the transaction is executed with the customer’s consent or by the customer directly; it’s a crime initiated by a first party (customer), typically through methods such as social engineering.

Analytically, whether a crime is committed by a first or third-party has big implications for the design of models to fight UPP fraud versus APP scams.

Using behaviour-sorted lists to detect scams
Humans are creatures of habit. The behaviour sorted list (B-list), a key analytic tool in the fight against payment fraud, leverages this fact to determine abnormality. By monitoring key attributes of an individual’s payment history, B-lists learn customers’ frequent, repeated behaviours (i.e., “favourites”). Hits and misses on these favourites allow the fraud detection model to decide between fraud, scam and normal behaviour.

When we consider first-party APP scams, some B-lists will point to favourite behaviours of the customer — unsurprising, given that the customer got ‘scammed’ into making the transaction. However, other B-lists will still show deviating activity with respect to the customer’s key favourites. The key to catching any financial crime activity, whether APP scams or UPP fraud transactions, is understanding which aspect of the transaction is anomalous.

Comparing lists
When a customer interacts on a non-favourite device, they have a 16x higher risk ratio of third-party fraud (UPP) as compared to first-party scam (APP). Conversely, when a customer uses their favourite device but transacts with a non-favourite credit account — for example, using their bank’s mobile app on their own mobile phone that they frequently use to transfer funds, but sending to a new credit account — the risk ratio is 10x times larger for scams as compared to third-party fraud.

Looking at combinations of favourites, and combining them with other features of abnormality associated with transaction amounts (frequencies, time of day, and many other characteristics), allows advanced fraud detection models to differentiate customers into classes of third-party fraud, APP scam and non-financial crime. In the case of scam transactions on favourite devices, a dedicated scam detection score can identify up to 24x the number of these transactions, compared to the standard fraud score at a typical non-fraud review rate.

Additional analytic features
Highly advanced fraud detection models can now show distinct shifts between legitimate transactions, third-party fraud and scam transactions. For example, in the model feature illustrated below, the probability distribution of the legitimate transactions (blue) falls well away from the fraudulent transactions (green). However, there is a distinct shift still even between the third-party fraud transactions and the scam transactions (orange). These differences across a set of signals are used by the machine learning model to assign likelihood of fraud versus scam transitions.

The distributions shown above are from an advanced analytic feature. The dashed lines locate the median of each distribution, showing that the distributions for the non-fraud, scam and fraud populations are significantly different. Scams and third-party frauds are more likely to occur for values found in the tail of the non-fraud distribution.

By taking advantage of the distinguishing characteristics revealed by these analytics, advanced retail banking fraud solutions can help institutions put a stop to scam payments in their tracks, a critical victory in the fight against financial crime.

Scott Zoldi is chief analytics officer at FICO responsible for the analytic development of FICO’s product and technology solutions. While at FICO, Scott has been responsible for authoring 105 analytic patents, with 53 granted and 52 pending. Scott is actively involved in the development of new analytic products and Big Data analytics applications, many of which leverage new streaming analytic innovations such as adaptive analytics, collaborative profiling and self-calibrating analytics. Scott is most recently focused on the applications of streaming self-learning analytics for real-time detection of cyber security attacks.

Previous post

CFO CV

Next post

Canada’s Prepaid Payments Industry Growing, Attracting Innovation Among Homegrown and Global FinTechs

Editor

Editor