Fraud Operation Structure of Credit Card Business

Fraud Protection in credit card business is a multi-faceted task that requires the input of several important teams. The three most active of these can broadly be called Fraud Operations, Fraud Analytics and Information Technology. This article will consider the relative “geography” of these teams and the internal structural requirements of each.

Fraud Operations is at the figurative ‘coalface’ of the fight against fraud. This is the team that monitors the queues of system-generated alerts, identifies suspicious transactions, contacts customers to confirm or allay those suspicions and performs the administrative work required when a fraud is confirmed – closing the account, listing its details on industry databases, processing charge-backs, etc. The success of this team is dictated by the efficiency with which it processes alerts.

If the success of Fraud Operations is dependent on the efficient execution of a given set of tasks, the success of Fraud Analytics is dependent on the inherent effectiveness of those tasks. This team is responsible for analysing implicit and explicit data to optimise fraud-detecting rules and systems. To do this well, the team must perform a mix of re-active and pro-active data analyses.

Re-active data analytics optimises the performance of the system by optimising the performance of its existing components, and does so in two important ways – the statistical review of historical data and the post-hoc reporting of fraud performance and trends. Historical data is analysed to identify embedded patterns that may be indicative of fraudulent spend. The results of such an analysis are then used to inform the design of the rules that will scan transactions and generate the alerts to be worked by Fraud Operations. Historical data is also used as the basis for management reporting and, in particular, the reporting of prevailing fraud trends and the recent performance to budget.

Pro-active data analytics, on the other hand, optimises the performance of the system by creating entirely new components. Historical data is still a key input into the process but the results of the analysis thereof are forward-looking and usually presented in the form of a business case or project proposal. So, where the results of re-active data analytics may inform an improvement in a particular fraud-detection rule, the results of pro-active data analytics may suggest a pilot project to test the value of SMS transaction alerts as an alternative to the rule altogether.

Linking these two teams is the IT team. IT maintains the systems on which Fraud Operations depend and implements the updates and upgrades suggested by Fraud Analytics. The role of IT is primarily to enable the efficient execution by Fraud Operations of the strategies set by Fraud Analytics. As such, their success is linked directly to the performance of the systems they maintain and which, should they fail, have the potential to undermine the performance of the other major stakeholders.

The specific roles and responsibilities of each of these teams should be clearly demarcated and used to inform the evaluation team performance and the recruitment process.