Check fraud vs ML, Computer Vision, and UX: A solution by Q2
- Check fraud impacted 6 out of 10 companies last year, and check fraud tactics are continuing to evolve.
- Fighting check fraud requires a mix of technologies and a network approach. Q2 is working on a product that targets the full stack of complexities within the space.
40% of companies use paper checks as their primary form of payment, according to research. And with paper checks comes check fraud, which affected 6 out of 10 US companies last year. Technologies that can be used to forge fraudulent checks and attack vulnerabilities in the payment infrastructure are evolving with each passing year.
Bad actors in this space try out multiple tactics and zero in on the ones that work. This means that even one successful fraudulent attempt can spill into many more. On top of a check being stolen from the mail, information like the account number can be sold on the dark web for future fraudulent ACH transactions, according to Gulf Coast Bank & Trust Company’s Vice President and Security/Fraud Manager, Lauren Fitts. “A client may place a stop payment for the individual check without a thought or concern for how else it can be used. We’re seeing individual checks duplicated then altered in programs like Nitro Pro, etc. We had a client see 50 sequential checks clear from a singular check used to counterfeit 49 more,” Fitts said.
This presents a multistep problem for FIs and technology providers to solve. Not only do they need to identify every instance of fraud but counteract any information from being abused in the future. Fitts adds that bad actors are also learning to keep checks in sequence, which nullifies warnings for out of sequence checks. On top of digital alteration and the market for compromised information, structural and operational realities of how FIs operate complicate matters.
Even within an organization, different teams may see different parts of an ongoing fraud attempt, and in the absence of a structure to communicate, critical information about the evolution of fraud gets locked into silos. If communication within an FI is difficult, exchange of information within multiple organizations is hampered by lack of incentives and internal policies. All of which means that when a tactic fails at Bank A, bad actors can recalibrate and try the same ploy at Bank B.
Hence, robust anti-fraud systems not only have to prevent day-to-day attempts but also circumvent systemic barriers within the industry. Q2’s Chief Data Scientist, Jesse Barbour, thinks his company is well on its way to building a comprehensive anti-fraud system that can counteract the full stack of complexities in the fraud space.
Establishing a behavioral baseline: Q2’s experience in the industry has already equipped it with the data and technology needed to establish baseline behaviors. Granular understanding of a business’ payment behavior allows the company to detect anomalies. “If you pay close enough attention to these details around application access and traversal, there's a significant signal there, which you can use to stop the downstream fraud event,” he added.
However, this only scratches the surface of the solution ideally needed to combat check fraud. Unlike digital payments, for instance, payments by check not only generate structured data but also images of the check itself – images that can be doctored or falsified. This means that firms need to employ technologies that can parse check images pixel by pixel to ensure their validity.
Converging technologies: Successful anti-fraud strategies therefore have a few moving parts. Image recognition and analysis, which is also known as computer vision, must be able to speak to ML through software engineering. On top of this, insights drawn from these algorithms and automations must then be presented to fraud teams in a manner that efficiently communicates key concerns and trends bringing in elements of UX design.
During its research, Q2 found that traditional fraud reports do not communicate critical information effectively. The traditional Suspect Transaction Report has quite a few problems: it presents too much information at once while also underreporting key areas of interest such as granular information about location of a fraud instance. This demanded a rehaul, and by using cognitive science and visual design principles, Q2 gave it one.
To reduce the cognitive load on the user, the new report provides high-level information first and allows the user to click for summaries and detailed information.
Network approach: To effectively fight fraud, FIs could benefit from each other’s learnings without compromising policies and competitive advantages. “We want to make it very easy for all these experts to intuitively share their insights with us. At that point, we've got automated mechanisms that are able to consume those insights, build them into our systems and then propagate the benefit of those insights out not just to the individual that shared those details, but to the entirety of the network,” said Barbour.
Q2 isn't alone in recognizing the importance of a network approach when fighting fraud. Recently, both Visa and Plaid have come up with strategies that allow the companies to function as a central node through which insights about fraud across multiple institutions can be communicated on a wider scale, signaling a change of approach within the industry.
To counteract check fraud, banks already have some systems in place. For example, Positive Pay is a service offered by FIs to their clients which compares the date, check number, dollar amount, and account number of every presented check with a list furnished by a bank’s clients. This safeguards against the risk of forged, altered, and fake checks.
But this system isn’t perfect. “We’d rather have something get returned in error than pay for something fraudulent. Prior to Q2, the default for Positive Pay would authorize payment for questionable items. That simply doesn’t protect them or the bank,” said Jennifer Maggio, Gulf Coast Bank & Trust Company’s Vice President and Business Solutions Manager.
According to her, Gulf Coast Bank & Trust Company has directly benefited from its ongoing work with Q2, which has improved fraud detection capabilities and its user experience overall.
“Our users really love it. They look at some of the apps and sites of large financial institutions and we're just as good if not better,” she added. Q2’s new solution which operationalizes the software company’s network, ML, computer vision, as well as the new report, are still under development and likely to launch fully in 2024.