Which Model Is Best for Safeguarding Against Fraud?

• In the U.K., fraudsters stole £580 million in just the first six months of 2023, according to UK Finance. More than 40% of this (£239 million) was due to authorized push payment (APP) scams, such as purchase and investment scams, a rate that’s up about 27% over the 2020 figures.
• In the U.S., fraud cost customers a record $10 billion last year according to the Federal Trade Commission, including $4.6 billion from investment fraud and $1.8 billion lost in scams involving bank transfers, thanks in part to the difficulty of thwarting real-time push payment scams.
• In the Asia-Pacific (APAC) region, according to our own 2023 True Cost of Fraud study, nearly three out of five respondents reported a rise in fraud year over year. And increased verification checks are taking a toll on customer satisfaction: 75% of respondents reported declining customer conversion rates.

The fast-evolving world of financial services represents the ultimate high-value target for fraudsters, who are investing a lot of time and resources to try and bypass security solutions. The result is a dizzying variety of fraud types, from account takeovers to social-engineering scams to exotic vehicles like Automated Clearing House fraud in the U.S., where a scammer uses a stolen checking account and routing number to steal funds. 

Fraud detection tools have evolved in sophistication to help banks combat this activity, at scale and in close to real time, including spot security solutions as well as comprehensive platforms like LexisNexis® ThreatMetrix® and LexisNexis® Emailage.® But before they can leverage tools, institutions need to define their best strategy. And one major question to be decided is whether to adopt a “single model” or “multiple models” approach to discovering suspicious interactions, thwarting fraud, reducing risk, and clearing the path for trusted customers.

The single-model approach collects data on a proposed interaction and assigns it a single risk score, so the institution can quickly decide whether to accept, deny, or review the transaction. This solution can be very effective at denying fraudsters, but it doesn’t help the institution identify what type of fraudulent activity was in play. Sometimes this doesn’t matter, but more often than not it does. 

The multiple-models approach produces multiple scores, measuring each transaction against the telltale patterns of distinct fraud types, such as scams versus account takeovers. With a clearer picture of what’s happening, banks can intelligently decide what specific actions to take next. Multiple-models approaches can be more complex to set up and integrate, but they deliver fine-grained data that can trigger better informed enterprise response.

Consider an email analogy. As a customer, you might be content to have your email provider simply block all spam and phishing attempts—you don’t need to know which is which. That’s a single-model approach. Your email provider, on the other hand, might be very interested in knowing which is which: After all, spam is mainly a nuisance, but phishing attempts betray criminal intent, and that needs to be addressed as an ongoing threat. Distinguishing between the two calls for a multiple-models approach.

LexisNexis® Risk Solutions has the flexibility to implement either approach for clients, or even a hybrid between the two, as we’ll detail below. To achieve the best results in securing customers and assets, it’s important that financial institutions use the right system for their unique situation. Here’s a deeper dive into the advantages and challenges of both approaches.

The Single-Model Approach: Speed, Simplicity, and Ease of Integration

A company using the single-model approach has one risk score to analyze and track: Each proposed digital transaction is either approved, reviewed, or denied. This simplicity is a key advantage, and the single-model approach can be faster to deploy and easier to integrate into an existing fraud mitigation strategy. LexisNexis® Risk Solutions experts who support implementing the single-model approach say it can require one third less training than adopting multiple models. And when a company has other security processes downstream of this customer transaction, the single score’s simplicity can make the entire interaction run more smoothly.

In fact, for some smaller companies and newer financial institutions the single model approach could be the only viable solution. Some enterprises have risk engines that take in inputs from multiple sources and can only consume a single transaction risk score without extra programming. Others, particularly in highly regulated industries like financial services, may wish to avoid compliance issues related to the complex machine learning algorithms employed by multiple-models solutions, delaying implementation. Other financial institutions may simply not have the teams available to evaluate multiple-models scores or may not produce a high enough volume of robust fraud data to properly feed the machine-learning algorithms that multi-models approaches depend on to be effective. For institutions facing these challenges, the single model approach may be best.

By modeling the differences between legitimate transactions and confirmed fraudulent transactions, single-model solutions can offer significant fraud protection, and can be a reasonable compromise for many financial institutions, particularly those with smaller or more homogenous fraud teams. However, different kinds of frauds and scams merit different security responses, and therein lies the main disadvantage of the single-model approach. Once a suspicious transaction is detected, that single “fail” score doesn’t leave institutions with a detailed picture of what happened—and doesn’t provide any insight as to what they should do next.

The Multiple-Models Approach: Fine-Tuned Defense and Informed Next Steps

Organizations that deploy a multiple-models approach can gain deeper insights into each fraud attempt and tailor their responses accordingly. If a customer has unknowingly fallen prey to an account takeover, for example, sending a one-time password is a reliable way to neutralize the threat: A real customer can likely supply the password, and a fraudster likely can’t. But if the fraud in question is a trusted customer being scammed, that OTP won’t help the situation—it might even help the scammer get what they’re after. Understanding the difference at the point of each transaction attempt enables a more strategic approach to addressing the risk in real time and defining what the next step should be without defaulting to treating their honest customer—the victim—like a criminal.

The multiple-models approach is favored by many larger and more mature financial institutions, especially those with dedicated teams focused on different types of frauds and scams. The approach can employ AI to analyze reams of transaction data for subtle indicators of particular fraud patterns, making predictions whose accuracy improves over time. Armed with a complex, customized solution that employs multiple models, businesses can position themselves not only to thwart frauds and scams, but to better understand what type of fraud happened, so they can respond accurately and appropriately. 

Every fraud mitigation strategy can be expected to degrade over time, as fraudsters adapt their tactics to try bypassing each new security measure. Single-model approaches to fraud detection may be more vulnerable in this regard: Fraudster successes that degrade any component of the single score will make that single score less valuable. The multiple-models approach, on the other hand, is more robust: If the model for scams loses effectiveness, for example, that doesn’t degrade the models that detect and defend against account takeover and other types of out-and-out fraud. This lets businesses focus on addressing any evolution of a specific fraud type while still maintaining effective strategies against other fraudulent schemes.

The slight added complexity of a multiple-models approach is that the business now needs to decide on a threshold or thresholds for each model individually to block transactions or drive other authentication processes. While this requires additional analysis to determine the optimal combination, it also enables more strategic options. The tolerance for false positives, in some instances, might be entirely different between different fraud types and authentication methods. For example, a business might decide to use OTP authentication for the top 1% of scores from the account takeover model, but might decide to show scam warning messaging to the top 5% of scores from the scam specific model because the friction added to the customer journey has less impact on the user experience of a genuine customer.

Case Study: Single and Multi-Model Go Head-To-Head

The LexisNexis® Risk Solutions Professional Services team completed a recent project with a leading financial institution in the UK where the aim was to experiment with the different methods available and identify the best route forward.

When comparing a single model approach to a multiple-models approach with an optimal combination of thresholds, the multiple-models approach provided 3.3% additional fraud value detection on the testing data. This may seem like a small difference in performance, but when considered on an annual basis for this client, the difference results in nearly $1 million in additional fraud detected.

This incremental value detection makes it easy to justify the added complexity in training time, governance, and deployment of a multiple-models solution – whilst also providing the client with the strategic and operational tools that they need to correctly and efficiently investigate risky cases. The client makes additional use of the 2 scores to ensure that their operational teams utilize appropriate questioning if they contact the customer to verify a transaction.

The Third Path: A Hybrid Approach

For banks that want (or need) the simplicity of the single-model approach but crave the interpretability of the multiple-models approach, a third path is emerging.

In a hybrid approach, the system first assigns a single overall risk score to every transaction, feeding the enterprise risk engine and halting fraudulent behavior of any kind, immediately. Then a secondary model takes over, analyzing the risky transaction data more closely to determine what type of fraud or scam attempt this probably was, supplying an additional data point that can be used to drive downstream decisions. The secondary model is trained only on the fraudulent transactions, allowing the model to home in on the behavioral patterns that uniquely identify each individual fraud type without the noise added by the genuine transactions. This could be a binary model, for example scams vs account takeovers, or it could be a multi-class model extending to whatever total number of unique fraud types the organization suffers from.

This hybrid approach combines the simplicity of a single score with the actionable responses of a flexible multiple-models approach. For many financial institutions, it provides the best of both worlds.

There are literally thousands of components that contribute to the risk analysis of LexisNexis® ThreatMetrix®, but here’s one example: Is the device being used this user’s recognized, long-term phone, or is it a different one or a brand-new device they’ve never used before? This feature alone is likely to be quite important in determining the overall risk of a transaction, but is one among many signals used to generate the final risk score. In the context of the secondary model, though, the same feature can have a much higher importance in determining the most likely fraud type: A device used by a fraudster in account takeover is unlikely to have ever accessed the user’s account before, whereas the device seen in a scam is likely to be the user’s recognized, long-term device.

The following graphic shows how the above feature is distributed for genuine transactions, scam transactions and account takeover transactions in a real-world dataset:

It’s clear to see from the distributions that this feature would be very useful separating account takeovers from either of the other 2 groups of transactions, but not useful at all for separating scams from genuine transactions.

LexisNexis® Risk Solutions has deep experience helping institutions find the right mix of strategies to reliably mitigate fraud without causing undue friction for their legitimate customers. Backed by business intelligence based on a dataset of over 286 million identities in the U.S. and its territories, our solutions equip enterprises to build powerful and scalable strategies that keep their customers’ accounts and identities safe.