Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Calculating Fraud: Part 1

When analyzing payments fraud rates, we have to consider what is being measured and compared. Should we measure fraud attempts that might have been thwarted—fraud that penetrated the system but might not necessarily have resulted in a loss—or fraud losses? Whatever the measure, it is important that the definition of what is included in the numerator and denominator be consistent to properly represent a fraud rate.

In calculating a fraud rate based on value or number, a fraud tally is needed in the numerator and a comparison payment tally in the denominator. The formula works out as follows:

Fraud Rate = Numerator
Denominator

Where, for any given period of time
Numerator = Value, or number of fraudulent payments across the payments under consideration,
Denominator = Value, or number of payments under consideration.

This post offers a process for tallying payments for the denominator. Part 2 of this series will focus on tallying the numerator, basing its approach on the process that the Federal Reserve Payments Study 2016 used. That process includes fraud that initially cleared and settled, not attempts, and does not exclude losses subsequently recovered.

The Fed’s 2016 payments study offers a method for whittling down all payment transactions to a subset of transactions suitable for calculating a fraud rate. Below is an extract, with clarifying commentary, from one of the study’s questionnaires, which asked card networks for both the value and number of payments.

At first blush, totals for value or number under questions 1, 2, 3, and 4 could conceivably be used to provide a comparison tally for fraud. However, we should rule out the total from question 1 since the definition includes declined authorizations, making it unnecessarily broad. Question 2, "total authorized transactions," has the disadvantage of including pre-authorization only (authorized but not settled). While some of these transactions could have been initiated as part of a fraud attempt, they were never settled and consequently posed no opportunity for the fraudster to take off with ill-gotten gains. On balance, the preferred measure for payments is the result of question 3, which measures "net, authorized, and settled transactions." Unlike "net, purchased transactions" under question 4, this measure has the benefit of not excluding some of the fraud captured by chargebacks under question 3b.1. Other types of fraud are not covered under chargebacks, including when card issuers elect to absorb losses on low-value payments to avoid the costs of submitting a chargeback.

We could follow a similar process for tallying payments for ACH and checks, with adjustments to account for potential fraud resulting from the lack of an authorization system like that for cards, which requests authorization from the paying bank.

Part 2 of this series, which covers the process for calculating the numerator, will appear in June.

By Steven Cordray, payments risk expert in the Retail Payments Risk  Forum at the Atlanta Fed

May 8, 2017 in ACH , checks , debit cards , fraud | Permalink

Comments are moderated and will not appear until the moderator has approved them.