The FraudClassifier℠ model helps organizations better classify fraud involving payments The FraudClassifier℠ model helps organizations better classify fraud involving payments

Model enables the industry to speak same language and strengthen fraud defense Model enables the industry to speak same language and strengthen fraud defense

August 17, 2020

Cracking down on payments fraud is a priority for every organization in the payments industry, but two things are essential to doing so – having a holistic understanding of fraud and speaking the same language.

That’s where the FraudClassifier model comes in.

This new model for classifying fraud involving payments was developed by a cross-industry group led by the Federal Reserve. It provides payments stakeholders with a simple approach to classify fraud in a similar manner.

Over decades of fighting fraud, different terms for the same things, or different meanings for the same terms, have cropped up among the country’s more than 10,000 U.S. banks and credit unions, as well as payment operators, survey organizations, and technology companies.

“It’s not surprising, considering their varying size and distinct commercial and geographic identities,” said Mike Timoney, vice president for secure payments at the Federal Reserve Bank of Boston and head of the team that led the model’s development. “Sometimes there are even multiple and different ways to classify fraud within the same organization.”

The lack of a common approach to classifying fraud limits understanding of the scope and magnitude of fraud involving payments within an organization and across the industry.

“It was clear to us that in order to get a better handle on things, the good guys need to speak the same language,” Timoney said.

Model designed to be straightforward and intuitive

Timoney said the cross-industry work group quickly realized that in order to help the industry consistently apply the model, the approach needed to be intuitive and not overly complex. The group also recognized it was important to ensure a unique classification for each event to prevent the risk of “double counting” fraud.

The resulting model involves a decision tree with three questions. The first is, “Who initiated the payment?” The second is, “How was the fraud executed?” The third asks for specifics around the fraud tactic. This classification approach helps capture information on what fraud occurred and how it was perpetrated. Some fraud classifications focus more on the fraud impact (e.g., dollar amount), but leave out this type of insight, which is crucial to understanding fraud trends and how to potentially mitigate future attempts.

“The classifications include supporting definitions, which the work group knew were imperative to helping the industry consistently understand and apply the model,” Timoney said.

Encouraging widespread adoption of the FraudClassifier model

The FraudClassifier model’s effectiveness depends on how broadly it is used.

To encourage voluntary adoption, Timoney and Andrés Rapela, an assistant vice president in the Boston Fed’s Secure Payments department, have been speaking (virtually) at industry events and meeting with different institutions and organizations to spread awareness about the model and its key benefits.

The model enables classification independently of payment type, channel, or other characteristics. This allows for a comprehensive view of fraud across payment types, allowing an organization to get the bigger picture on fraud. While the model was built to help classify fraud involving wire, check, and ACH payments, it can be extended to other payment types.

Rapela said perhaps its greatest advantage is the full picture the FraudClassifier model offers by including classifications for payments initiated by both authorized and unauthorized parties. The industry has not consistently tracked authorized party fraud, in part because financial institutions are often not liable for payments initiated by the authorized party. Authorized party fraud includes when an authorized party acts fraudulently (e.g., embezzlement), but also when an authorized party is manipulated by a fraudster (e.g., romance scams or business email compromise).

“By including authorized party fraud, and better understanding it, an organization can more effectively educate its customers on current fraud trends and how to protect themselves,” Rapela said. “Including both authorized and unauthorized party fraud provides a holistic picture of fraud and the ability to see the movement of fraud trends across the model’s classifications.”

Organizations across the industry are encouraged to consider voluntary adoption of the model. Rapela said, “By using the FraudClassifier model, you are able to better measure and understand fraud, which can help you develop a better fraud defense strategy.”

Find out more about the FraudClassifier model.


up down About the Authors