Blog Posts Process Analysis

How To Fight Identity Fraud: Q&A with Andy Procter

Blog: Enterprise Decision Management Blog

Andy Procter

It’s a harsh truth that while data and technology in the fraud business abound, true domain expertise is a scarce resource. Meet Andy Procter, one of FICO’s fraud specialists. Having spent much of his career on the front lines fighting fraud at Citibank, Andy is now one of FICO’s Fair Isaac Fraud Advisors, where he specializes in fighting identity-based fraud including application fraud.

Today we are excited to pick Andy’s brain on the hot topic of how to fight identity fraud, specifically for application fraud.

What is the craziest, or most effective application fraud scheme you’ve seen?

Andy: I’ve seen many things that have shocked me, some for the sheer audacity of the perpetrator and others at the incredulity of the organization not having means in place to prevent them.

  1. Instant access to online banking and therefore easy access to committing fraud due to the safe status of being an ‘existing’ customer.
  2. Instant access deposit account complete with overdraft facility and next day (post-book) application fraud checks.
  3. Online retailers only passing the registered address, not the delivery address through fraud checks.

In your opinion, what should come first: an underwriting decision or a fraud decision – and why?

Andy: Credit risk is the bigger player in account originations. The overall question the organization is asking is ‘Should we extend credit to this(these) individual(s)?’

To answer that, there are more underlying questions: Does the application meet with credit policy – do we think they can afford to repay? Will they be profitable? What terms should we offer? Are they telling us the truth?

Only that last question is of concern to the fraud team.  In fact, even if they are telling the truth, are they a fraudster?  To answer those questions there are equally many checks to do.  The order of those varies across organizations according to their business preferences and other factors such as regulations.  However, where possible I recommend a cost- and time-efficient process.  This often involves early credit policy knockouts, followed by early fraud knockouts.  Only after that should you go out and pay for additional information.

Once all information is in and knock-outs have happened, apply the credit risk policy to determine those you want to accept.  The applicants left at that point pose a potential risk of fraud loss, so carry out the fraud checks then.  Some clients save their pricing and limit setting until after the fraud check.  I like this process: Any flags for potential first-party fraud that aren’t sufficiently strong to deny the application can still have an impact on the potential loss by impacting credit lines, limit increase periods, cross-selling periods etc.

How have you seen financial institutions automate fraud processes related to application and identity fraud – both successfully and unsuccessfully?

Andy: Across the world, I’ve seen varying levels of automation with varying levels of success. If done right, automation is great – it gives a fast, consistent and smooth experience for applicants.  After all, the fraud team as much as anyone wants genuine applications pushed straight through and low false positives.  Some organizations think automated decisions are bad or even non-compliant.  That need not be the case.  Automated declines on limited information is a recipe for a headache, but data-rich applications with an automated decision to request additional information or trigger OTP, for example, can be positive even for false-positives.

To fight fraud, how do you recommend financial institutions organize their teams? What are the requisite skill sets required to successfully execute an application fraud program?

Andy: Connected decisions – we use it a lot but it is valid. We certainly do see siloed set-ups.  Sometimes we see the credit card team linked with the unsecured personal loans, but the auto finance, mortgage and SME/corporate loans have completely separate policies, processes and systems.

As long as I’ve been in fraud the key strength is sharing data – that’s what the fraudsters do.  I’ve seen clients share with competitor organizations but not with other parts of their own business.

As well as connected decisions, a successful application fraud program requires three main practices:

How should FIs appropriately balance false positives, and what and other metrics are important to maximize revenue growth while protecting the bottom line?

Andy: Analytics. Feedback loops and defect analysis help drive false positives down. Also, I’ve seen some controversial fraud rules in my time, but some can be justified by their low false positives. Obviously, it is easy to lower false positives but not so easy to do it while maintaining or increasing the fraud detection rate (number of frauds found proactively by the detection tool as a proportion of all frauds detected).

The third metric in this trilogy is the referral rate. Most closely linked to the false-positive rate, this is the one that incurs the operational costs…and the one where human error comes into play. Some fraud teams have their strategies limited by the size of their operations team, some others have strict limits on referral rate placed on them by the business (without regard to the fraud rate of the organisation).

Regardless of the driver, the referral rate should be optimized in conjunction with the false-positive and detection rate.

For more on application fraud, check out the other posts in our series:

About Fair Isaac Fraud Advisors: FICO has a global team comprised of former fraud managers and domain experts who have a combined experience of 150+ years in fraud management. The practice helps organizations optimize operational processes, carry out complex analytical engagements, and build out a robust fraud program.  They have undertaken engagements in 45 countries across 6 continents where they have coached and steered organizations towards best practices, data-driven approaches, and strategic change management.

The post How To Fight Identity Fraud: Q&A with Andy Procter appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples