The effectiveness of anti-fraud solutions cannot be measured by headline figures for fraud detection alone. Pascal Aerens sets out what banks need to know to assess how well anti-fraud systems are working for them.
Fraud is big business and it’s growing. While we will never know exactly how much money fraudsters steal from banks, estimates suggest it is increasing year-on-year. Last year, for example, they netted £1bn in the UK alone, according to industry group UK Finance, with online fraud rising by 19 percent and mobile fraud up 10 percent.
As fraud grows, banks need to catch proportionally more of it – not just a higher total – to protect customers. And while there are plenty of anti-fraud solutions to choose from, assessing just how good they are and the return on investment they deliver is far from straightforward.
Part of the problem is not knowing how much fraud is committed each year. This makes it hard to tell how effective an anti-fraud solution is. Just because a bank is stopping more fraud doesn’t mean that it is cutting its fraud losses; the total amount of fraud may have gone up and the bank is just spotting the same proportion. So comparing total fraud prevention year-on-year is not a meaningful exercise.
It is better to look at underlying fundamentals of a bank’s performance when it comes to fraud. When doing so there are three key metrics that give an indication of a solution’s efficacy.
You may also be interested in this article:
First is the precision of the solution. This is measured by the number of alerts raised against the number identified as real fraud cases. If a solution raises 1,000 alerts and 500 are genuine cases, the precision rate is 50 percent.
This precision rate is important because it relates directly to how much it costs the bank to investigate fraud. If it takes the investigation department five minutes on average to look into each alert, 500 alerts will need nearly 42 hours – or five people working one eight-hour day.
Clearly, the higher the precision rate, the more cost-effective the solution. But the precision rate will also affect the customer experience. The higher the precision rate, the less the customer is bothered by the bank checking on genuine transactions, and so the better the service they receive. Frictionless customer experience is the key. In this way, a good solution will detect fraud, keep investigation costs down and build (or at least not erode) customer loyalty.
Nevertheless, the precision rate on its own is no good if it fails to spot much of the criminality. This is where the second metric comes in - detection efficiency against the value at risk.
A bank must look at fraud in terms of its overall size. If the bank is mid-sized, but experiencing more fraud than its peers, its fraud-prevention solution is likely not to be as good. Similarly, if the bank is growing, attracting more customers, launching lots of new products and services, it should assume that fraud will rise in line with that growth – ie remain the same in proportion to the value at risk all other things remaining equal. To improve, detection needs to outpace a bank’s growth.
The third metric is critically important, but often overlooked: the size of the community the solution covers and the number of new controls added over time.
Fraud is a moving target. Fraudsters are constantly inventing new ways to attack banks both internally and externally. If a solution is to be effective, it must move with the fraudsters. This means learning quickly and adding new controls. To do this, it needs to leverage data coming back from users. The bigger the user community, the more fraud scenarios will be spotted, the more the developers/solution will learn and the more new controls will be added.
Without feedback on new frauds and no new controls, new fraud scenarios would remain undetected. The solution would be a bad investment over time.
So we have three clear metrics to measure the value of an anti-fraud solution. In addition, we should not forget the most important metric that we ultimately need to protect: a bank's reputation.
A bank’s bread and butter is trust. Without trust they go bust. Unusually high levels of fraud erode that trust – not just among customers, but within the banking community. Spotting and stopping fraud is essential to maintain the trust of correspondent banks, reassure their risk managers and keep insurance premiums low.
The fight against fraud is an ongoing battle. But by making sure a bank has the right metrics to assess fraud detection, it can measure whether it is doing a good job and set targets to do even better.
Precision, efficiency, and the rate of learning and adoption of new controls provide this insight. Any solution that fails to measure up against these three is probably not a good investment.