In April of 2020, as COVID-19 proliferated across the globe, a 99-year-old former British army Captain began walking laps in his garden to raise money for the UK National Health Service (NHS). At the time, NHS was in a heated battle against the rapidly spreading virus, and Captain Tom’s heroics quickly pulled in more tha £30 million in donations. However, Captain Tom may have done much more than awaken a nation’s generosity; the website used to facilitate the donations encouraged donors to engage with a new form of payment, open banking, that few had used until then. But will adoption of open banking payments also encourage a pandemic of open banking fraud? Let’s take a look.
Open Banking Adoption Skyrockets
Captain Tom’s appeal for NHS donations triggered the UK’s largest-ever single-day volume increase in open banking transactions, as shown in Figure 1. Although daily UK open banking transaction volume slipped immediately following, the overall volumes have steadily climbed upward, with current average daily volumes far exceeding those seen before the event.
Concurrently, the COVID-19 pandemic accelerated the shift to mobile banking across the globe, and with it, open banking. In the UK, the number of open banking users more than doubled over a six-month period. One survey in the UK found that one in every five adults began using open banking apps during the lockdown. In particular, money management apps saw a boost in popularity as users look to better manage their finances. Open banking creates the potential for a third-party app to build a unified snapshot of an individual’s finances across multiple banks and financial providers.
Fraudsters Embrace Open Banking, Too
Still, It may be premature to claim the open banking revolution has arrived; as of August 2020, open banking transactions contributed only 0.1% of the monthly volume for one large UK bank. But fraudsters are taking notice, with sizeable fraud losses already occurring on retail banking channels.
For example, from June through August 2020, one UK bank observed 77.8 fraud loss basis points from the open banking channel compared with the overall fraud loss basis points of 2.5 during the same period. This 31-fold larger fraud incidence rate demonstrates an urgent need for open banking fraud detection, and even before banks have sufficient data to train supervised fraud detection models.
FICO Technologies Identify Emerging Open Banking Fraud
FICO has already developed sophisticated open banking fraud detection models, using key analytic technologies, including self-calibrating analytics and behavior sorted lists (BLists), that are uniquely positioned to detect open banking fraud in the absence of sufficient historical data.
For example, let’s look at a FICO third-party fraud retail banking model in the UK. This model had extremely limited examples of open banking fraud cases during the model training, yet exhibited outstanding fraud detection — a 33% increase in absolute lift — on open banking transactions in production.
Ingredients of FICO’s Secret Sauce
Open banking transactions are typically initiated from a mobile device or computer, providing two important fraud detection data fields: device ID and IP address. FICO's BList technology excels in detecting abnormal and risky behavior in cases of discrete high cardinality behavior patterns. Specifically, a new open banking customer is most likely to transact from a device or an IP address used for previous retail banking transactions. BLists can identify whether this is the case.
Based on data from June 2020 to the end of August 2020, if an open banking transaction did not originate from a customer’s favorite device or IP address, the transaction was 60 times more likely to be a fraudulent transaction. That is a strong signal to help cut through the noise. Figure 3 shows model performance when leveraging BList IP and Device features (green curve), and model performance without these Blist features (blue curve). BList IP and Device features provided an absolute lift of 33%.
However, fraudsters are big on continuous improvement, too. They are getting better at SIM card and IP spoofing, so device ID and IP address will be joined by many of FICO’s other key analytic technologies to combat open banking fraud.
Keep up with FICO’s latest innovations in fighting new, old and emerging fraud types — follow me on Twitter @ScottZoldi and on LinkedIn. And read my colleague Sarah Rutherford’s post on 5 Ways Criminals Could Take Advantage Of Open Banking.
