Featured Article

Learning to speak the same fraud language

The FraudClassifier model, developed by a U.S. Federal Reserve-led industry work group, provides the payments industry with an intuitive classification approach to help fraud fighters get on the same page to understand the nature and magnitude of fraud.



Picture this familiar scene: You’re discussing a fraud event with a colleague — trying to get to the root of the issue. However, you realize that although you’re using similar terminology, you’re talking about two separate issues.

Or perhaps you and your colleague think you’re discussing separate issues, but then both of you realize you’re talking about the same thing but calling it something different.

Professional conversations among fraud fighters can be challenging because they often use different fraud taxonomies. Even those within organizations might use multiple terminologies to classify and describe fraud. These variations can create barriers to fraud dialogue, measurement, analysis, management, prevention and deterrence.

The Federal Reserve System, as the central bank of the U.S., is committed to maintaining a strong, safe and efficient payment system. In 2018, as the Federal Reserve reviewed industry fraud trends, one of its key findings was that data inconsistencies across payment methods and stakeholder groups make it more difficult to assess — and address — payments fraud. It realized that those in the payment industry needed to first speak the same fraud language. So, in early 2019, the Federal Reserve launched and led the cross-industry Fraud Definitions Work Group to build a solution. The work group released the FraudClassifier model to the payments industry in June 2020. (See the model below.)

Figure 1: The FraudClassifier model, courtesy of the Federal Reserve

As anti-fraud professionals, we can now use the model to generate better fraud data that lead to improved defenses, which we ultimately can use to refine mitigation of fraud involving payments.

Fundamental challenge in fighting fraud

Over the past several years, the Federal Reserve has partnered with the payments industry to help reduce fraud risk. Many of us realized that to effectively fight fraud, or even know where to begin, we must understand where in the system fraudsters are committing their crimes and the tactics they’re using.

The problem is that, as an industry, we aren’t positioned to quickly and effectively paint a broad picture of fraud because the available fraud data is represented in multiple ways with inconsistent classifications and definitions.

When we try to aggregate fraud information from multiple sources to examine more holistic trends, we find the data is either incompatible or we must spend extensive time to translate across various taxonomies. By the time the synthesized information is available, the data might be outdated and less relevant in fighting current and emerging fraud.

While these challenges apply to multiple payment types, in general, less fraud information is available for ACH (Automated Clearing House), wire and check payments. As a result, the Federal Reserve focused primarily on these three payment types with the understanding that any approach must be extensible to other payment types for a consistent, holistic picture of fraud.

Creating a common fraud language

The participants of the cross-industry Federal Reserve Fraud Definitions Work Group included professionals from financial institutions, payments processors, operators, technology solution providers and organizations representing end users. These members, who were unlikely to collaborate in typical commercial settings, openly brought their unique perspectives in some thought-provoking and in-depth conversations to achieve a common goal. The variety of perspectives helped produce the FraudClassifier model — a solution that all payment stakeholders can voluntarily use, regardless of industry segment.

An overview of the FraudClassifier model

The FraudClassifier model focuses on fraud execution tactics. The model user reviews three decision-tree questions and chooses answers that delineate specifics during the payment process and determine the event’s classification. (The work group considered beginning the model process with a question focused on the payment but realized it could create additional subjectivity in application of the model.)

To make the process objective and simple, the classification begins with a question, “Who initiated the payment?” that assumes the payment account already exists. This question asks if an authorized party or unauthorized party initiated the payment — in other words, whether the individual or entity had the right to initiate the payment. Based on the answer to this question, the answers to subsequent questions help the user arrive at the applicable fraud tactic or approach.

The model is limited to three questions to unify disparate fraud events into broader themes for trending purposes. The work group agreed additional levels or details could be too complex or daunting. Therefore, it built the model to be flexible so organizations have options to adopt the model in multiple ways. One option is to map their detailed fraud information to the model’s higher-level classification structure, so they can aggregate information to better identify trends across payment and fraud types.

Conversely, organizations can also add questions to the model if they want to capture more details. Therefore, many organizations can speak the same language about their fraud trends even if they aren’t choosing to view the same levels of detail in their fraud classifications.

(See the ACFE’s Fraud Tree for a classification of occupational fraud and abuse categories and schemes. – ed.)

“It is absolutely essential that when our fraud analysts report fraud, they have a consistent way to label it in a case management system. A use case could be anything, and without a definition, the analyst would probably either not report it at all or misplace it in an incorrect classification.”

– Eric Tran Le, vice president, head of NICE Actimize Premier

Overarching benefit No. 1:  model fosters comprehensive fraud view

The FraudClassifier model can help the industry understand the nature and magnitude of fraud by capturing a holistic picture, which improves the ability to monitor the constant shifts of trends across fraud tactics.

Includes authorized party fraud

The industry has focused primarily on payments initiated by unauthorized parties, such as those who take over an account. As fraudsters change their schemes, they increasingly target people — the weakest link in the payment system. Work group members highlighted that both consumers and organizations can be victimized in this way — often with catastrophic results. The group also discussed, and agreed on, the importance of understanding the authorized party fraud trends to facilitate both consumer education and protection.

The work group ultimately recognized it was important to include both authorized and unauthorized party fraud to observe the full range of fraud activity and monitor shifting trends.

Classifies across multiple payment types

The model was intentionally designed to classify fraud across multiple payment types and focus more on how the fraud occurred rather than the payment itself (e.g., type or channel). While the model’s initial focus was on ACH, wire and check payments, the work group also built it to be extensible to all other payment types. These combining factors allow for complete views across payment types and enable organizations to get bigger fraud pictures.

Supports inclusion of payment details

The model was built to support the addition of payment attributes (e.g., the dollar amount, payment date or channel) to complement the fraud classifications. The work group envisioned these as supplemental data tags to help marry the payment information to the fraud classification and provide further trend insights.

Ensures unique, consistent classifications

The work group created the model’s classifications to be mutually exclusive to ensure an instance of fraud is counted just once with only one logical classification choice. The user also can assign any fraud event involving ACH, wire or check payments to one of the available choices.

Overarching benefit No. 2: model’s simplicity facilitates consistency and ease of use

The work group members shared lessons learned from fraud classification methods they’ve used in the past, including the need for an intuitive model to promote consistency that doesn’t require complex training for users.

If an approach is too intricate, resulting classifications might contain severe inconsistencies, or fraud events might not be classified at all. The FraudClassifier model was intentionally built to facilitate instinctive fraud classification across multiple individuals and organizations.

Defines key terms and classifications

Again, one of the model’s primary objectives is to help the payments industry speak the same fraud language. The model is straightforward, but intuition can take a process only so far. Therefore, the model includes supporting definitions for key terms and each classification to help limit subjectivity. The definitions intentionally use clear and concise language to help promote consistent understanding and industry application of the model.

“Our team immediately told us how easy the model is to use. In addition, everyone is answering the questions in the same way, so we get consistent fraud classifications for similar events across all our branches. This consistency helps pinpoint fraud trends affecting us and our customers.”

– Roy Olsen, executive vice president, American National Bank & Trust

User-friendly

Fraud fighters and others can use the model across multiple teams. The intuitive aspect enables various individuals to answer the questions similarly, which results in consistent fraud classifications.

The industry has recognized the simplicity of the model, which encourages employees to use the model in daily fraud reporting and classification activities. Adopting organizations have shared that various teams — from front-line customer support to fraud specialists — have been able to quickly learn and apply the model. These organizations noted the cross-functional model has been an effective way to start the conversation on fraud at any level.

Figure 2: Adoption timeline of the The FraudClassifier model, courtesy of the Federal Reserve

Encouraging adoption of FraudClassifier model

The Federal Reserve began to promote awareness and encourage voluntary adoption while the model was still under development — beginning with industry validation. It shared the model with a group of industry volunteers in the fall of 2019.

The Federal Reserve asked payments stakeholders to classify multiple real-world fraud scenarios using the model and supporting definitions. The results demonstrated that, with little direction, payment stakeholders were able to apply the model and definitions consistently.

For example, the industry consistently classified a romance scam as: (1) an authorized party made the payment (2) the authorized party was manipulated (3) the tactic the fraudster used was relationship-and-trust fraud, in which the fraudster acted as a trusted party.

Some work group members also took the initiative to test the model within their organizations. One financial institution began using the model to classify fraud. A few processors and technology solution providers integrated the model into their test environments to explore how the model might assimilate with their current product solutions.

Industry adoption road map

The model is accompanied by an industry adoption road map (see above) that outlines a strategy to foster voluntary use of the model across the industry and includes two paths for advancing industry implementation.

The first path is focused on encouraging adoption within payments organizations of all types and sizes. As previously described, the FraudClassifier model provides several organizational benefits to overall fraud management. The second path describes the Federal Reserve’s plans to partner with industry fraud study organizations to help them integrate the model into their studies. Consistent use of the model across studies would enable data to be more easily compared. The long-term vision for these complementary paths is widespread adoption of the FraudClassifier model that will enable realization of synergies between paths.

The Federal Reserve plans to continue evolving the model to reflect changes in the fraud landscape and input from model users.

“The FraudClassifier model will help you understand fraud trends that you did not know you had in your institution. Having this information will let you know where strategically to spend your money.”

– Rene Perez, financial crimes consultant, Jack Henry

Helping the industry improve fraud management

The industry response to the FraudClassifer model has been positive. The Federal Reserve anticipated that financial institutions would lead voluntary adoption, but other payments stakeholders — such as processors and fraud technology solution providers — have plans to integrate the model into their products or services this year. Other organizations have begun to explore the feasibility of incorporating the model into their fraud studies.

Model adopters are touting its benefits, including a better understanding of fraud, which helps them manage and fight it. Adopting organizations have used the model to stop some fraud attempts simply because employees are more aware of fraud trends, which has led to better internal diligence and communication with customers.

One small financial institution explained that a heightened awareness of fraud trends led employees to ask better questions and educate customers on recent and evolving scams to help them avoid becoming victims. When something sounds suspicious, they often can identify a fraud attempt before it becomes a loss to the bank or its customers.

The FraudClassifier model helps get everyone in the payments industry on the same page. This common ground fosters more meaningful conversations and a better understanding of fraud activity. Faster, more comprehensive knowledge of where and how fraud occurs, and how trends shift across tactics help build foundations for arming organizations in their fraud defenses.

The Federal Reserve invites you to learn more about the model by visiting “FraudClassifier Model: Better Fraud Data. Better Defense” at fedpaymentsimprovement.org to see how this classification approach can benefit your organization as we all work together to better identify and fight fraud, and foster a safer payment system for all.

Mike Timoney, CFE, the vice president of secure payments at the Federal Reserve Bank of Boston, leads the team responsible for designing, developing and implementing the Federal Reserve System’s strategy for payment security. Contact him at Michael.Timoney@bos.frb.org.

Beth Reynolds, the senior consultant on the Federal Reserve’s secure payments team, helped lead the Fraud Definitions Work Group, including the development of the FraudClassifer model and the industry adoption roadmap. Contact her at Beth.Reynolds@kc.frb.org.




Related Articles

Breaking records

Fraud examiners shattered Global Fraud Conference attendance records in Seattle, Washington, cementing ACFE’s hybrid virtual and in-person annual conference as a can’t-miss event. And keynote speakers shared their stories of investigating fraud and corruption and revealing the truth.

M. Brian Reid, CFE

M. Brian Reid, CFE, says that in a parallel universe he might’ve been a nuclear physicist. But the CEO of Brison LLC applies the same passion he has for exploring the mysteries of the universe to examining the complexities of fraudsters and their schemes against his business clients.