I’m very pleased to announce the release of the FICO® Falcon® Fraud Manager Retail Banking Consumer v3.0 model, which adds a Scam Detection Score to Falcon’s existing third-party fraud detection score for retail banking transfers. The two scores will allow banks to better differentiate strategies to deal with these distinct financial crime realities.
The Rise of Scams
The proliferation of mobile payment apps, new open banking standards and consumer stress caused by the global pandemic have caused Authorized Push Payment (APP) scams to grow at an alarming rate, particularly in the UK. This financial crime occurs when a customer is manipulated into sending money to an account controlled by the scammer. From mobile apps preying on young adults to small business owners mistaking a scammer for a bank official, to elaborate Ponzi schemes scamming tens of millions of pounds, the sophistication of APP scams is evolving at a breakneck speed.
According to UK Finance, 2019 saw a 45% increase in APP scams, as compared to 2018, with losses totaling £456M in 2019 alone; scam losses continued to rise in 2020 to a total of £479M. Many UK banks have voluntarily offered to reimburse victims of scams under certain circumstances, and new standards for voluntary reimbursement have been established. But this may not be enough, as pressure is mounting for reimbursement to be mandatory for all banks. The upshot is that scams are hitting banks’ bottom line, with reimbursable losses increasing 78% from 2019 to 2020.
APP scams are not just a major problem in the UK. Based on reports to the U.S. Federal Trade Commission (FTC), in the first six months of 2020, people reported losing a record high of almost $117 million to scams that started on social media. FICO has been following this trend closely, and we are excited to expand our retail banking analytics to include a Scam Detection Score.
How Scams Differ from Third-Party Fraudulent Transfers
To better understand how the Scam Detection Score and the third-party fraud detection score for retail banking transfers will behave, let’s consider how the two crimes are perpetrated.
- An Unauthorized Push Payment (UPP) fraud transaction is a third-party fraud transaction in which the fraudster executes the fraudulent transaction without the customer’s permission.
- With Authorized Push Payment (APP) scams, the transaction is executed with the customer’s consent or by the customer directly; it’s a crime initiated by a first party (customer), typically through methods such as social engineering.
Analytically, whether a crime is committed by a first or third-party has big implications for the design of models to fight UPP frauds versus APP scams.
Using Behavior-Sorted Lists to Detect Scams
Humans are creatures of habit. One of Falcon’s key analytic weapons in the fight against payment fraud, the behavior sorted list (B-list), leverages this fact to determine abnormality. By monitoring key attributes of an individual’s payment history, B-lists learn customers’ frequent, repeated behaviors (i.e., “favorites”). Hits and misses on these favorites allow the Falcon model to decide between fraud, scam, and normal behavior.
When we consider first-party APP scams, some B-lists will point to favorite behaviors of the customer—unsurprising, given that the customer got ‘scammed’ into making the transaction. However, other B-lists will still show deviating activity with respect to the customer’s key favorites. The key to catching any financial crime activity, whether APP scams or UPP fraud transactions, is understanding which aspect of the transaction is anomalous.
Let’s compare some lists.
When a customer interacts on a non-favorite device, they have a 16x higher risk ratio of third-party fraud (UPP) as compared to first-party scam (APP). Conversely, when a customer uses their favorite device but transacts with a non-favorite credit account — for example, using their bank’s mobile app on their own mobile phone that they frequently use to transfer funds, but sending to a new credit account — the risk ratio is 10x times larger for scams as compared to third-party fraud.
Looking at combinations of favorites, and combining them with other features of abnormality associated with transaction amounts (frequencies, time of day, and many other characteristics), allows FICO’s models to differentiate customers into classes of third-party fraud, APP scam and non-financial crime. In the case of scam transactions on favorite devices, the new Scam Detection Score identifies 24x the number of these transactions, compared to the standard fraud score at a typical non-fraud review rate!
Additional Analytic Features
Many of our unique Falcon features also show distinct shifts between legitimate transactions, third-party fraud and scam transactions. For example, in the feature below, the probability distribution of the legitimate transactions (blue) falls well away from the fraudulent transactions (green). However, there is a distinct shift still even between the third-party fraud transactions and the scam transactions (orange). These differences across a set of signals are used by the machine learning model to assign likelihood of fraud versus scam transitions.
By taking advantage of the distinguishing characteristics revealed by our analytics, the FICO Falcon Fraud Manager Retail Banking Consumer v3.0 model now delivers advanced detection of both scams and third-party fraud. While the original v2.0 fraud score today is used by clients to detect both fraud and scams, the new v3.0 model, with the new Scam Detection Score, further leverages targeted profiling of customer behavior to spot scams, detecting 50% more scam transactions at a 0.5% transaction review rate.
I am proud to see the hard work and innovation of FICO’s data science and product teams realized in this exciting new model! Keep up with FICO’s latest analytic breakthroughs by following me on Twitter @ScottZoldi and on LinkedIn.