The Rippleshot Data Breach Blog

The Problem with Score-Based Decline Rules

Written by Kaleigh Simmons | Oct 13, 2015 4:37:03 PM

We have yet to talk to a bank or credit union that isn’t employing real-time decline rules based around FICO Falcon or Visa VAA score bands - and with good reason. This solution has been around for an incredibly long time and is baked right into many existing risk management solutions. But payment card fraud is higher than it’s ever been - so what’s the problem?

The Balancing Act

For many financial institutions, capturing fraud is only as important as how effectively you can do it without disturbing your customers, who are becoming hypersensitive to false declines. In fact, according to Finsphere, 48% of consumers are concerned about false declines. Eighty-two percent of cardholders who experienced a false decline felt the episode was inconvenient, embarrassing or irritating.

Perhaps even more concerning for financial institutions, is a troubling statistic from MasterCard Vice President Krista Tedder that 20% of all re-issued cards never get reactivated. With the average American having 3.7 cards in their wallet, this delicate balancing act becomes even more important.

Here at Rippleshot, we actually plot the relationship of these values on a graph - FPR or False Positive Ratio on the x-axis, with total fraud captured on the y-axis. On the most basic level, financial institutions live and die by this curve - capture more fraud, but know that means disturbing more customers? Or lower false positives, but know that means inherently less fraud captured.

Scoring Models, Plotted Out

In order to evaluate the effectiveness of score-based rules, we have to turn back to this FPR vs Fraud Captured graph mentioned above. Ultimately, the performance of score-based rule systems has to be judged cumulatively, and against customer disturbance levels. But most financial institutions receive a report that looks something like this - to try and figure that out.


The problem with a report like this, is that the score bands aren’t measured in the same way banks and credit unions use them - which is cumulatively, but it’s also not providing a clear look at what percentage of fraud is actually captured.

When plotted out graphically, score-based rule performance tends to follow a very similar path to the graph above (which was created using actual reports from a bank). There are a couple of insights to take away from this, the first being that FPR performance stays almost flat until a FICO Falcon score band of 900 or higher is employed.

In this case, all score bands below 900 are performing at an FPR of around 5:1 - something larger credit card issuers can withstand, but not a ratio smaller banks and credit unions feel comfortable with.

But in order to get closer to a desired FPR of 1:1, a score band of 950+ is required, which drops the fraud captured percentage to below 10%.

Having mapped several months worth of these reports, we know that this kind of performance is not uncommon.

Score-Based Rule Performance Over Time

Another problem financial institutions employing score-based rules struggle with is the constant reviewing and maintenance required to keep the performance consistently high. A single score band’s performance can vary wildly over the course of a single month, but to give an even better picture, we mapped one out over 12 months using a bank’s data, to show exactly how volatile its performance is.

In this graph, we took a Visa score of 75, which was optimal for FPR and fraud captured rates at the beginning of this year (week 0 on the x-axis). You’ll see that over the course of 52 weeks, the percentage of fraud captured swung from less than 20% to nearly 40%. Unsurprisingly, the FPR graph showed a similar performance.

In this case, the year started (at week 0) with an FPR of around a 1:1, but saw swings upwards of 5:1 over the course of 52 weeks.

With the shopping season coming up, it’s important for financial institutions to keep a close eye on the performance of this, especially if FICO or Visa scores are a primary variable in decline rules. And additionally, with the EMV shift officially in place, additional struggles are anticipated using this method, as the traditional inputs of location of cardholder and transaction locations are key to these scores being calculated.

To plot your own score-based rule performance, download our FPR vs Fraud Captured Worksheet below: