In the late 90’s I was hired to manage the credit and debit fraud strategies for a major bank. The bank was getting hit with every counterfeiting fraud ring imaginable and fraud losses were hitting 7 times the industry average.
My boss at the time said to me, “Find a Way To Help Us Reduce Fraud By 75%”
Little did I know at the time, that within 30 days I would stumble upon an amazingly simple fraud rule that would help us crush fraud.
A Mountain Of Chaos – 40,000 Rules In A 30 Pound Box
When I took the job. My first task was to figure out what authorization rules were in the system. It was an old archaic mainframe solution and the only one with access to the rules was the IT Dept.
Apparently a whole host of fraud analyst had been adding rules to the system for 20 years!
So I called IT and asked for a printout of all the rules that were in the system declining card transactions.
I waited a couple of days and then the IT Admin came to my cubicle with a big heavy cardboard box and plopped on my desk.
“What is this?”, I asked.
“It’s the print out of the rules you asked for.” he said as he walked away.
I peaked inside and pulled out the huge mainframe report revealing an absolute mountain of chaos.
Or maybe it was a mountain of fraud cheese 🧀.
There were 40,000 rules in the system that were declining everything from Taxi transactions in Bulgaria to charges for Pizza in Italy that exceeded $250 dollars.
Should I Torch The Rules – What A Dilemma!
I muddled around with those rules for a few days. Some of them looked kind of important. But others looked ridiculous.
How can I go through all 40,000 rules and figure out what to keep and what to toss out?
I think every other fraud strategy manager before me must have had the same dilemma, each deciding to just add more rules to drive down fraud rather than risking taking out anything important.
It’s called the Roach Motel Fraud Strategy – Fraud rules get checked in, but they never check out.
We Decline 3% Of All Authorizations With The Roach Motel Strategy
I decided to let the data guide me in my decision of what to do.
So, I called my friend, the IT guy back and said, “Hey can you run me a report and tell me what percent of all charges we decline each month with all these rules?”
I waited a few days and he called me back and said, “Three percent. We decline three percent of all of our card transactions with those rules”
I was absolutely dumbfounded. Our roach motel strategy had us declining 6 times the number of authorizations than anyone else and our fraud losses were through the roof.
I Needed Something Simple – I Decided To Trust Our Fraud Score
Needless to say, I decided to completely blow up and toss out the 40,000 rules.
We needed to start with a clean slate. Something clean. Something manageable. Something I could explain to others in the bank when they wanted to know the fraud rules.
And we had just the thing I could count on. A fraud score called Falcon.
It did everything those 40,000 rules could not do. It was a neural network, that could instantly assess the risk of a transaction relative to each consumers unique spending pattern.
The Simple Fraud Strategy I Used Crushed Fraud At The Point Of Sale
I spent weeks researching how to build a great decline strategy with the score. I called my colleagues at other banks and credit card issuers and landed on this strategy here.
It leverages the concept of expected fraud loss so that you don’t have to choose a single score threshold, rather you use the score as a probability of fraud and combine it with the transaction amount.
When I applied this to a simple rule, it ended up looking something like this. It was a matrix of fraud score and transaction amount thresholds.
So when I was ready, I torched the 40,000 rules and put this one simple rule into the system.
I held my breath. I waited. And within 30 days our fraud losses started dropping.
And not only that our decline rate dropped too.
Not only were we stopping more fraud at the point of sale, we were declining significantly less.
The simple fraud score strategy worked. I was amazed.
We Added More Layers Over Time, But Always Kept It Simple
I think its important to mention, we didn’t always keep the rule that simple. Over time we layered on more segments but we never deviated to far from using the score as the central premise in each rule.
You can get more complex, just don’t over do it is my motto!
I Used The Same Construct At Many Banks Over The Years
Fast forward over the years, I ended up consulting with many banks. And many of them had the same issue that I had experienced – too many rules and too much complexity.
I ended up falling back on that same strategy concept many, many times and it always worked.
Simplicity really can be a good thing when it comes to rules.
Trust the score fraud fighters!