Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
May 8, 2017
Calculating Fraud: Part 1
When analyzing payments fraud rates, we have to consider what is being measured and compared. Should we measure fraud attempts that might have been thwarted—fraud that penetrated the system but might not necessarily have resulted in a loss—or fraud losses? Whatever the measure, it is important that the definition of what is included in the numerator and denominator be consistent to properly represent a fraud rate.
In calculating a fraud rate based on value or number, a fraud tally is needed in the numerator and a comparison payment tally in the denominator. The formula works out as follows:
Fraud Rate = Numerator
Where, for any given period of time
Numerator = Value, or number of fraudulent payments across the payments under consideration,
Denominator = Value, or number of payments under consideration.
This post offers a process for tallying payments for the denominator. Part 2 of this series will focus on tallying the numerator, basing its approach on the process that the Federal Reserve Payments Study 2016 used. That process includes fraud that initially cleared and settled, not attempts, and does not exclude losses subsequently recovered.
The Fed’s 2016 payments study offers a method for whittling down all payment transactions to a subset of transactions suitable for calculating a fraud rate. Below is an extract, with clarifying commentary, from one of the study’s questionnaires, which asked card networks for both the value and number of payments.
At first blush, totals for value or number under questions 1, 2, 3, and 4 could conceivably be used to provide a comparison tally for fraud. However, we should rule out the total from question 1 since the definition includes declined authorizations, making it unnecessarily broad. Question 2, "total authorized transactions," has the disadvantage of including pre-authorization only (authorized but not settled). While some of these transactions could have been initiated as part of a fraud attempt, they were never settled and consequently posed no opportunity for the fraudster to take off with ill-gotten gains. On balance, the preferred measure for payments is the result of question 3, which measures "net, authorized, and settled transactions." Unlike "net, purchased transactions" under question 4, this measure has the benefit of not excluding some of the fraud captured by chargebacks under question 3b.1. Other types of fraud are not covered under chargebacks, including when card issuers elect to absorb losses on low-value payments to avoid the costs of submitting a chargeback.
We could follow a similar process for tallying payments for ACH and checks, with adjustments to account for potential fraud resulting from the lack of an authorization system like that for cards, which requests authorization from the paying bank.
Part 2 of this series, which covers the process for calculating the numerator, will appear in June.
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Merchant Surcharging: Winners and Losers
- Fintech for Financial Wellness
- Advice to Fintechs: Focus on Privacy and Security from Day 1
- Convenience Always Wins, In One Form or Another
- Mobile Banking and Payments' Weakest Link: Me
- Webinars Discuss Mobile Banking and Payments Survey Results
- Webinar to Explore Faster Settlement and Funds Availability
- Explosive News Regarding ATMs
- Best Practices for Data Privacy Policies
- If the Password Is Dying, Is the PIN Far Behind?
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud