Learn why fraud nomenclature should matter to banks

Listen to Why Fraud Nomenclature Should Matter to Banks (9 mins)

You would think “fraud” would be an easy enough term for the financial services sector to agree upon. Unfortunately, it’s not so simple. Because FIs handle risk operations differently, the term carries unique meanings from organization to organization. What’s more, the digitization of banking makes it easier than ever for consumers to quickly transfer money to a new account - and for fraudsters to scale their operations. The latest Feedzai Financial Crime Report found in Australia banking fraud attacks increased by a whopping 259% from Q2 2020 to Q2 2021. Given these disparities, it’s never been more important for banks and FIs to agree on proper fraud nomenclature. 

Agreeing on labeling practices is essential for banks to fight fraud more effectively and get ahead of any regulatory changes. Think of these steps as the difference between building an arc before the flood – as opposed to waiting for the first drops of rain.

Fraud by Any Other Name

Ask any two risk analysts to define identity-based fraud, and chances are, you’ll get three different definitions. 

Did the fraudster steal their victim’s online credentials to commit an account takeover (ATO) attack? Did the fraudster create a new account using another person’s identity? Did they create an entirely new synthetic identity by combining both real and fake information? Or did the authorized account holder knowingly commit a crime? These different criteria can leave many risk operators struggling to understand exactly what type of fraud occurred and how to classify it. 

What’s more frustrating is that FIs might not get the chance to understand the incidents better. Risk operators write reports and share them with law enforcement agencies, but responses take too long or never come at all. Banks are left with a broken feedback loop. 

Can a Fraud Classifier Promote Fraud Nomenclature Unity?

These breakdowns over fraud nomenclature can make it harder for banks to understand fraud and create barriers to prevent future attacks successfully. To address this issue, the Boston Federal Reserve unveiled the FraudClassifier model last year.

The model starts with a simple question, “Who initiated the payment?” It looks like this:

Learn why fraud nomenclature should matter to banks

The FraudClassifier tool offers a simple blueprint for banks to build their own risk management sequence of operations to address fraud. By clearly defining the sequence of events, FIs can more carefully craft their risk compliance policy and better understand whether a fraud event was first or third-party fraud. The steps outlined in the FraudClassifier model offer users a roadmap to build more accurate fraud labels. 

Using this labeling, risk operators can work backward to understand how fraud occurred. From there, new features and products can be developed to prevent similar fraud attacks from transpiring. These efforts to understand, label, and ultimately stop fraud are increasingly important in the age of instant payments, where money is transferred in seconds with little hope for recovery.

Why It’s Important to Agree On Fraud Nomenclature

The BostonFed’s FraudClassifier model is a solid starting point for the industry to unite around common fraud nomenclature. Especially as regulators start to consider whether banks should reimburse or compensate victims for certain types of fraud. 

We’re already seeing regulators in the U.K. move in this direction. Widespread authorized push payment (APP) fraud prompted the launch of the Contingent Reimbursement Model (CRM) Code in 2019 for the U.K. financial services market. FIs that voluntarily join the CRM agree to reimburse victims for funds lost to APP if they meet specific conditions.

Some U.S. regulators are considering similar measures. Earlier this year, the House passed the Elder Abuse Protection Act of 2021. The proposal aims to expand protections for elderly citizens and tasks the Elder Justice Initiative (EJI) that operates within the Justice Department with addressing elder abuse and neglect. The bill also covers senior citizen fraud scams

Some states have also enacted laws designed to protect elderly victims from financial fraud and other types of abuse. Under the California Identity Theft Act, for example, victims of identity theft are eligible to recover up to $30,000 in civil penalties from claimants – as well as compensation of their actual damages and attorney fees – if their case is successful.

Tips for Banks to Address Fraud Nomenclature

It’s not clear which regulations will ultimately take effect or be expanded more broadly industry-wide. While the regulatory changes are uncertain, banks can take steps to prepare for possible victim reimbursement regulations. 

1. Get Ahead of Regulations

FIs must study the different regulatory initiatives and proposals that can impact their operations. Having this insight enables banks to get ahead of regulations instead of reacting once they become law.

2. Make Sure Your Data Supports the Regulation

Having clear fraud labels in place is key to adapting to new regulatory realities. For example, if regulations eventually require FIs to compensate victims of APP fraud, banks will need to know which fraud incidents fit those specific criteria. Developing this clear understanding of how to tag fraud will pay off in the long run. FIs also need to ensure they can demonstrate the effectiveness of their labeling to their board members.

3. Ensure Your Staff is Well-Trained

Practicing strong fraud nomenclature hygiene should be a top priority for your entire organization, from the board members to the bank tellers on the front lines. Ensure your staff is trained on how to properly report and label different types of fraud to reduce the likelihood of mislabeling or incorrect categorization.

4. Take Risks and Controls Into Consideration

FIs must assess the risks and controls that any real-time payment system requires. As FIs implement new payment methods (like mobile wallets or cryptocurrency), they must prepare for new types of traffic and increased volume. Consider working with experienced partners to help implement the appropriate controls.

5. Focus on Your Operations Team

Having the right fraud labels in place is essential for a bank’s operations team. The more accurate the fraud labels are, the easier it is to build more accurate machine learning models. This can also lead to less customer friction and less time spent on manual fraud alert reviews. 

Banks with a clear fraud nomenclature system in place will be well-positioned to lead the market, protect their reputations, and give confidence to their customers that their interests and finances are protected.

Download our infographic, The 3 Stages of Fraud Lifecycle to understand each stage and learn how to prevent fraud more effectively.