With the Covid-19 pandemic prompting consumers to adopt online commerce and mobile-banking apps in droves, Fair Isaac Corp. (FICO) is betting the latest release of its FICO Falcon Fraud Manager for Retail Banking will give financial institutions a leg up on detecting push-payment fraud.
The fraud occurs when a consumer is tricked into making real-time payments to criminals. Experts say there are two types of push-payment scams: unauthorized (UPP) and authorized (APP). UPP scams occur when a third-party executes a fraudulent transaction without the customer’s permission. APP scams, which are more difficult to detect, manipulate customers into sending digital funds to an account controlled by scammers.
More than 350,000 Americans reported losing more than $245 million to fraudulent online transactions in 2020, including scams that started on social media, according to the U.S. Federal Trade Commission.
The latest version of FICO Falcon Fraud Manager includes a scam-detection score, which detects 50% more fraudulent transactions at a 0.5% transaction review rate, according to Fair Isaac. As a result, financial institutions are more likely to detect push-payment fraud, the company says.
The Scam Detection Score is based on multiple factors that track changes in a customer’s behavior—such using a favored device to interact with a non-favorite credit account—then scores the probability the behavioral change is an indication the consumer is being defrauded.
“Humans are creatures of habit, so when users access their account using a new device or for an unexpected reason, the Falcon platform recognizes it’s more likely third-party UPP fraud,” Scott Zoldi, chief analytics officer for FICO says by email. “In fact, [consumers] are at 16 times greater risk of falling victim to UPP fraud than first-party APP scams.”
Alternatively, should a consumer use her bank’s mobile app on her own phone, but sends funds to a new account, the likelihood is 10 times greater that she is falling victim to an APP scam, Zoldi adds. When it comes to consumer’s favorite devices, the Scam Detection Score identifies 24 times more scams than the standard fraud score, FICO says.
What makes APP scams more difficult to detect is that they use social-engineering techniques to trick consumers into sending money from a personal account to an account controlled by the criminal for what consumers believe is a legitimate reason. “This means that the model must look for subtle patterns that point to … what legitimate customers do when being misled by criminals,” Zoldi says. “The typical hallmarks of third-party fraud that look out-of-pattern don’t necessarily exist for APP scams.”
Criminals enacting a push-payment scam may reach out to victims through mobile games, online shopping sites, and social media. Online gaming users, for example, may believe they are paying for a rare item. Or online shoppers may believe they are buying a legitimate product. With social-media scams, criminals have been known to spend months grooming victims through online conversations, developing a relationship with the target before asking for money to deal with a fictional emergency.
“Whatever the platform, victims believe they are receiving a legitimate service, product, or benefit,” Zoldi says.