Memento provides next-generation technology and solutions that enable financial institutions to rethink and improve the way they combat fraud and manage compliance. Memento customers realize unmatched business value and rapid ROI.

Home > Forums > Bank Fraud Forum > Insights and Opinions > Knowing When to Stop

RECENT NEWS

View All

bank fraud forum
< Back to listing

Knowing When to Stop

June 30, 2010 by Mike Braatz
2 comment(s)

I recently had an interesting conversation with a fraud manager at a mid-sized ($2B assets) bank. We were discussing the accuracy of fraud detection systems, and everyone's favorite (or, better said, least favorite) topic – false positives. The particular frustration was how to deal with hundreds or even thousands of daily alerts, most of them false positives. There is a particularly acute problem at smaller institutions, with limited resources to review fraud alerts. The heart of our discussion boiled down to this question: when dealt a queue of fraud alerts for review, how do you know when to stop?

As with anything complex, there is no one right answer to this question. But my discussions with fraud managers tell me that many institutions use one of the following methods to determine "when to stop":

  • When they get through the entire list. This is essentially throwing manpower at the problem by building a team that's large enough to get through all of the alerts generated by the system. They are at the mercy of the accuracy (or inaccuracy) of the detection system.
  • When they run out of time. This involves allocating a set amount of time (e.g., 8am – Noon every day), and then getting through as many alerts as possible in that time window. They are at the mercy of the clock, and some ability to prioritize alerts.
  • When it feels right. Basically this involves setting an arbitrary number of alerts to review based on experience, intuition or some combination. They are at the mercy of their gut feel.

I think there's another way to do this: stop when the cost of avoiding loss is greater that than the loss itself. Seems obvious, but let's think about it operationally.

Finding this breakeven point requires being able to accurately risk rank fraud alerts. Today, many fraud systems score and rank alerts – typically based on the dollar value of the item in question. However, very few of them generate scores that are actually correlated to fraud and potential loss.

Surprising, perhaps, but true.

This reality forces fraud teams to review all of the alerts produced by the system in order to find all of the possible fraud. This, by definition, creates a huge false positive problem. But, if you had a fraud detection system that produces risk scores that are tightly correlated to fraud and potential losses, you now have a much better sense of when to stop. And if you know when to stop, you know exactly what staff and resources you need to profitably handle the "optimal" volume of alerts dictated by the stopping point. You can also then put a value on the trade-off of reviewing more or fewer alerts than the optimal number, depending on other factors that are harder to quantify.

I like this method because it frames fraud prevention as a business issue (cost vs. benefit), not just as a cost of doing business, or a budget to be managed. Furthermore, it relies on economics to determine a rational stopping point and staffing model, versus being forced to stop by arbitrary manpower limits, time or gut feel. The crucial piece, of course, is making sure you have a fraud detection system that correlates risk score to actual fraud let me know if you'd like to learn more.

How do you determine when to stop reviewing fraud alerts? Does it work? How do you know?

Tags: checkfalse positivesfraud detection

Make a Comment

* = Required
*
*
*
*
 

Recent Comments:

jim
July 19, 2010 - 3:38 PM
"Mike, As always, I enjoyed your blog entry. We are all in agreement that false-positives are time consuming, sometimes wasteful, and eat much needed resources. However, I respectfully disagree, in part, with your recommendation to "stop when the cost of avoiding loss is greater that than the loss itself." When cost becomes a contributing factor to how much monitoring is completed, we may run amuck. The cost vs. benefit argument fits best when determining whether to offer a new product or service, move into a different market, go after a new segment of customers, or even accept an odd looking check from a new customer:) Recent, high profile cases have evidenced that there is an expectation for financial institutions to drive anti-financial crime efforts (cost), based upon sound risk assessment practices, rather than letting the cost drive the parameters in place to monitor financial crime. More often than not, this issue is raised within the context of anti-money laundering programs, but clearly correlate to the fraud world as well. You hit a home run with "if you had a fraud detection system that produces risk scores that are tightly correlated to fraud and potential losses, you now have a much better sense of when to stop.” Operational Risk is the current name of the game. Not the type of risk where you weigh cost against benefit, but where you conduct thorough assessments of the financial crimes inherent to the products and services you offer, the communities you serve, and the types of customers that like your institution. From there, you have to dive deep to see if those inherent risks are realized within your institution (in part through statistical sampling, parameter testing, and case macro-analysis). Then you can work with a vendor, such as Memento, to implement tools tailored to the financial crimes risks within your institution, and let those results drive your cost. It then becomes cyclical, and an opportunity presents itself to review the true profitability of certain products, services, practices, etc. You can then seat the loss prevention/fraud/financial crime fighter on the bench with income generating team. How do we know when to stop reviewing fraud alerts? When our risk assessment process tells us that it's time to modify parameters or introduce new scenarios - and then we work with Memento. Your grand slam of course - "The crucial piece, of course, is making sure you have a fraud detection system that correlates risk score to actual fraud” "
Mike Braatz
July 23, 2010 - 1:14 PM
"Jim - Sorry for my late reply, but thanks for your excellent contribution here - it could be its own blog post. I agree that my blanket statement "stop when the cost of avoiding the loss is greater than the loss itself" language is a bit clumsy, especially for a topic as complex as this. We're in agreement that institutions should start with assessing risk and their tolerance for it. We also agree that resources and costs should be driven by that level risk / risk tolerance, not the other way around. Those resources and costs then determine "when to stop". Best, Mike "
Solutions Overview
Technology
Approach
Forums
About Memento
WE CAN ALSO BE FOUND:
  • facebook
  • linkedin
  • twitter

©2012 Memento, Inc. All rights reserved.
55 Network Drive Burlington, MA 01803
1-877-371-0673 |

Privacy/ Usage Agreement | Contact Us | Sitemap