Business

 Case  Development  
for  Credit  and  Debit  Card    
Fraud  Re-­‐Scoring  Models    

Kurt  Gutzmann  
Managing  Director  &  Chief  ScienAst  
GCX  Advanced  Analy.cs  LLC  
www.gcxanalyAcs.com  
October  20,  2011   www.gcxanalyAcs.com   1  
IntroducAon  &  Topic  List  

♦  We  will  discuss  how  to  develop  a  business  case  for  payment  card  fraud  
detecAon  analyAcs,  illustrated  by  a  case  studies  with  re-­‐scoring  models  
♦  Topics  
Part  I  –  Performance  Measures  &  Business  Case  Principles  
1.  Fraud  detecAon  as  a  binary  classifier  problem  
2.  Performance  measures  of  classifiers  
3.  The  Receiver  OperaAng  CharacterisAc  Curve  (ROC)  and  Area  Under  the  Curve  
4.  Cost  /  Benefit  FuncAon  and  the  Payoff  Matrix  of  a  Fraud  Detector  
Part  II  –  Two  Case  Studies  of  Re-­‐Scoring  Model  Performance  
1.  Re-­‐Scoring  Models  for  Credit  and  Debit  Card  transacAons  
2.  Case  Study  1:  Endogenous  Debit  Card  Re-­‐Scoring  Model  Performance  and  Benefits  
3.  Case  Study  2:  Exogenous  /  MulA-­‐Channel  Credit  Card  Re-­‐Scoring  Model  
Performance  and  Benefits  
4.  OperaAonal  Deployment  of  Re-­‐Scoring  Models  in  Card  Fraud  Scoring  System  
Architectures  
5.  QuesAons  &  Answers  

October  20,  2011   www.gcxanalyAcs.com   2  

Fraud detection as a binary classifier problem

♦  There  are  two  major  types  of  fraud  

♦  VicAm  Fraud,  a  3rd  party  takes  money  or  assets  from  a  bank  customer  or  the  
bank  
♦  Stolen  credit  card  usage  
♦  Internet  banking  account  takeovers  
♦  First  Party  or  Swindler  Fraud,  a  criminal  directly  interacts  with  the  bank  to  
extract  assets  or  money  
♦  Fraudulent  loan  applicaAons  
♦  Worthless  items  deposited  at  ATMs  (empty  envelopes)  
♦  In  this  presentaAon,  we  are  detecAng  vicAm  fraud  in  consumer  credit  card  
and  debit  card  transacAons  
♦  A  transacAon  must  be  classified  into  one  of  two  categories,  “Fraud”  or  
“Not  Fraud”    
♦  This  is  a  binary  classifier  problem  

October  20,  2011   www.gcxanalyAcs.com   3  

ConAngency  Tables  of  Classifiers  

♦  The  operaAon  of  the  binary  classifier  produces  four  possible  outcomes  
♦  A  transacAon  classified  as  ‘fraud’  generates  a  ‘fraud  alert’  (possibly  declining  the  
transacAon)  
♦  A  transacAon  classified  as  ‘good’  is  accepted  as  business  as  usual  
♦  A  conAngency  table  represents  the  outcomes  
♦  ConAngency  table  notaAon:  
♦  TP  :  True  PosiAve,  a  fraudulent  transacAon  correctly  classified  as  a  fraud  
♦  FP  :  False  PosiAve,  a  good  transacAon  incorrectly  classified  as  a  fraud  
♦  FN  :  False  NegaAve,  a  fraudulent  transacAon  incorrectly  classified  as  a  good  one  
♦  TN  :  True  NegaAve,  a  good  transacAon  correctly  classified  as  a  good  one  
♦  Various  Sums,  TPFP  =  TP  +  FP    =  P    etc.  

Frauds Not Totals

Frauds
Alerts TP FP TP+FP = P
Not Alerted FN TN FN+TN = N
Totals TP+FN FP+TN TP+FP+TN+FN

October  20,  2011   www.gcxanalyAcs.com   4  

Performance  Measures  of  Classifiers  

♦  True  posiAve  rate  (TPR)  is  also  called  the  

detec.on  rate  
♦  If  measured  in  dollars,  it  is  the  dollar  
detec.on  rate  
♦  Other  performance  measures  are  
available,  e.g.  accuracy,  misclassificaAon  
rate,  posiAve  predicAve  value,  negaAve  
predicAve  value,  and  specificity,  but  are  
not  generally  meaningful  in  the  fraud  
detecAon  domain  

October  20,  2011   www.gcxanalyAcs.com   5  

Receiver  OperaAng  CharacterisAc  (ROC)  Curves  

♦  The  ROC  is  a  plot  in  unit  space  [0,1],

[0,1]  of  the  true  posiAve  rate  (detecAon  
rate)  on  the  y-­‐axis  versus  the  false  
posiAve  rate  on  the  x-­‐axis  
♦  Scoring  classifiers  generate  ROCs  
♦  Rule-­‐based  classifiers  do  not  have  a  ROC  
per  se,  but  only  a  single  operaAng  point  
♦  The  ROC  generates  a  curve  that  for  any  
reasonable  classifier  will  capture  an  
area  of  at  least  0.5  
♦  This  is  the  area  under  curve  (AUC)  
metric  of  a  ROC  curve  
♦  A  classifier  is  considered  ‘predicAve’  if  
AUC  >  0.75      
♦  All  else  equal,  a  classifier  with  a  greater  
AUC  is  generally  preferred  to  another  
♦  For  fraud  detectors,  the  AUC  below  an  
FPR  of  0.05  is  most  important  

October  20,  2011   www.gcxanalyAcs.com   6  

Cost  /  Benefit  FuncAon  and  the    
Payoff  Matrix  of  a  Fraud  Detector  
Outcome  Costs  
or  Benefits   Example  
♦  $303,841.12  of  apempted  
fraud  
Unit  Payoff   ♦  Payoff  matrix  as  shown  at  
Matrix   leq  
$1,390.88 ($9.12)
($1,400.00) $0.05 ♦  DetecAon  rate  is  149/
ConAngency     (149+69)  =  68%  
Table  
149 1528 ♦  OperaAonal  cost  of  the  
69 4998254 detector  is  $110K  
♦  Benefit  is  $207K  
$207,241.12 ($13,935.36) $193,305.76 ♦  Net  Benefit  is  $346K  
($96,600.00) $249,912.70 $153,312.70
♦  “Do  Nothing”  alternaAve  
$110,641.12 $235,977.34 $346,618.46
net  benefit  is  -­‐$69K  

Net  Benefit  

October  20,  2011   www.gcxanalyAcs.com   7  

Economic  OpAmizaAon  of  the  Alert  Score  Threshold  

♦  Various  alert  score  thresholds  allocate  TP,  FP,  FN,  TN  in  differing  proporAons  to  
the  conAngency  table  
♦  Combined  with  the  payoff  matrix,  this  generates  a  cost/benefit  curve  that  can  be  
opAmized  with  respect  to  the  alert  threshold  score  
♦  OperaAonal  constraints  must  also  be  considered,  however  

October  20,  2011   www.gcxanalyAcs.com   8  

Determining  the  Best  Business  Case    
by  Net  Present  Value  
1.  Develop  the  ROC  of  the  detector  
2.  IdenAfy  the  op.mal  score  threshold  by  inspecAon  
3.  Establish  the  payoff  matrix  for  outcomes  
4.  Tabulate  the  conAngency  table  at  the  opAmal  
threshold  
5.  Compute  the  periodic  net  economic  benefit  (e.g.  
monthly)  
6.  Establish  the  planning  horizon  (e.g.  3  years)  
7.  Establish  the  cash  flow  discount  rate  (e.g.  10%)  
8.  EsAmate  system  implementaAon  one-­‐Ame  costs  
9.  EsAmate  other  system  operaAonal  recurring  costs  
10.  Develop  the  cash  flow  series  
11.  Compute  the  NPV  of  the  cash  flow  series  
Example  Cash  Flow  Profile  
12.  Perform  sensiAvity  analyses  to  determine  
robustness  of  the  business  case  

October  20,  2011   www.gcxanalyAcs.com   9  

 CASE  STUDIES  
 

1. Debit  Card  Rescoring  

2. Credit  Card  MulAchannel  Data  

Kurt  Gutzmann  
Managing  Director  
GCX  Advanced  Analy.cs  LLC  
www.gcxanalyAcs.com  
October  20,  2011   www.gcxanalyAcs.com   10  
 TransacAon  Classifiers,  Authorizers,  and  Re-­‐Scoring  Models  
“TransacAon  Advice”  
Basic  Scoring  System  
Accept  
Primary  Fraud  
TransacAon  
Scoring  Engine   Reject  

Other  

Re-­‐Scoring  System   Improved  Score  

Primary  Fraud   Improved  “TransacAon  Advice”  

TransacAon  
Scoring  Engine  
Accept  

Re-­‐Scoring  Model   Reject  

Addi.onal  Data  

Other  
October  20,  2011   www.gcxanalyAcs.com   11  
Case  1:  Re-­‐Scoring  Model  Performance  Improvement  versus  ExisAng  
Debit  Card  

♦  ExisAng  Dollar  DetecAon  Rate  was  44%,  Improved  to  60%  at  the  same  False  PosiAve  Rate  
♦  Re-­‐Scoring  model  provided  a  wide  range  of  operaAonal  points  to  trade  off  alert  volume  vs  detecAon  rate  
♦  Re-­‐Scoring  reduced  fraud  dollar  losses  by  32%  versus  the  previous  model  
♦  Savings  are  proporAonal  to  business  volume;  for  this  regional  bank  this  model  generated  a  net  benefit  of  
$6M  over  a  two  year  planning  horizon  
 

October  20,  2011   www.gcxanalyAcs.com   12  

Case  2:  MulAchannel  Credit  Card  Residual  Model  Performance  

♦  Model  uses  enterprise  customer  data  in  addiAon  to  credit  card  transacAon  data  
♦  DetecAon  performance  is  on  the  residual  fraud,  so  all  detecAon  is  incremental  improvement  
♦  Model  detects  78%  of  fraud  otherwise  undetected  by  exisAng  system  at  FPR  of  3%,  AUC  =  0.92  
♦  Other  risk  score  vectors  for  debit  card  and  DDA  arise  from  this  mulAchannel  approach  
♦  Annual  increase  in  fraud  dollars  detected  across  debit  card,  credit  card,  and  DDA  was  $48M  
October  20,  2011   www.gcxanalyAcs.com   13  
 
Simple  OperaAonal  Deployment  of  Rescoring  Models  

♦  Most  vendor  soluAons  for  card  fraud  detecAon  have  a  ‘business  rules  engine’,  ‘business  rules  
management  system’,  or  ‘policy  management’  component  for  ad  hoc  applicaAon  of  rules  
aqer  the  iniAal  score  is  generated  
♦  The  BRMS  usually  has  the  capability  to  call  a  web  service,  a  library  funcAon,  or  shared  object,  
as  well  
♦  The  rescoring  model  is  placed  into  the  BRMS  as  a  ‘final  rule’  that  adjusts  the  score  of  the  
transacAon  and  provides  the  ‘advice’  
♦  Deployment  is  simple  and  straighvorward  
♦  Leverages  exisAng  risk  scoring  applicaAon  features  

BRMS  

October  20,  2011   www.gcxanalyAcs.com   14  

Summary  
1.  The  ROC  shows  the  performance  envelope  of  a  fraud  detector  
2.  The  payoff  matrix  and  ROC  generate  the  business  case  for  the  detector  
3.  Rescoring  model  deployment  is  straighvorward,  leveraging  the  exisAng  
fraud  plavorm  
4.  Rescoring  models  for  card  payments  have  economically  apracAve  
business  cases  

Q&A  

October  20,  2011   www.gcxanalyAcs.com   15