14 Aug Managing Credit RiskThrough Embedded Intelligence in On-line Transaction Process

Managing Credit RiskThrough Embedded Intelligence in On-line Transaction Processing:First Union National Bank, Charlotte, NC1THE ORGANIZATIONFirst Union National Bank (FUNB) is the nation’s sixth largest banking company with $9.3billion in total stockholders’ equity and $17.2 billion in market capitalization. FUNB offers adiverse array of products such as 401(k) plans, checking and savings accounts tailored tocustomer needs, investment banking, certificates of deposit, mutual funds, credit cards and otherloan products. FUNB has presence in 12 eastern states and Washington, DC It recently acquiredof First Fidelity Bancorporation on January 1, 1996, giving it a customer base of about 12million customers from Connecticut to Florida.On June 30, 1996, FUNB had assets of $139.9 billion. The bank’s network has 1,981 offices -the nation’s largest branch banking system. It also has the nation’s fifth largest automated tellermachine network. In addition, First Union is pioneering one of the first direct banks on theInternet.Over the years, FUNB has been working towards developing a leading position in severalmarkets, including deposits and credit cards, on the assumption that scale is an essential elementof keeping unit costs low. First Union has the leading deposit share in its home state of NorthCarolina; it ranks second in Florida, New Jersey and the Washington, DC, and third inConnecticut. The company serves eight of the 10 richest counties in the US.Since 1993 FUNB has nearly tripled the size of its credit card portfolio. This growth wasachieved through targeted, national market solicitations aimed at providing geographic diversityand by trying to attract high quality, revolving credit customers. It was the 14th largest issuer ofcredit cards in the nation as of June 30, 1996. FUNB also offers on-line credit card applicationsover the Internet.This case focuses on the credit card business of FUNB.THE PROBLEMFUNB’s problem was simple: to minimize the dollar loss incurred as a result of credit card fraud.Why is this a difficult problem?Traditionally, credit card issuers have been concerned about losses due to defaults — borrowersnot paying back their charges, but in the last few years, a new kind of loss has also arisen.Financial fraud is not a petty theft situation but a high stakes business that “employs” a1This case was prepared by Professor Vasant Dhar for purposes of class discussion and not to illustrate appropriateor inappropriate handling of an administrative situation.significant number of individuals. It is organized crime that exploits several aspects of electroniccommerce:•••a side effect of the “electronization” of commerce is that more and more information aboutindividuals is publicly available without people even being aware of thisindividuals want as little red tape as possible; they don’t want to be questioned about thelegitimacy of every transactioncontrol systems are never perfect. There are invariably “holes” in most systems that criminalstry and find become they are pluggedBecause of the large amounts of money involved, organized crime gets into the game. And thismeans sophisticated methods of theft. Criminals are constantly looking for innovative ways toexploit availability of credit.To prevent losses, issuers engage in credit screening. Screening occurs at a number of levels.Issuers routinely have a “pre booking” process involving the screening of applicants,determining which ones are “safe” enough for credit cards to be issued.Screening at the transaction level is a lot more difficult. Transaction level fraud occurs when alegitimate credit card or account is illegally used or taken over by a criminal. It must be detectedin real time. This is the problem FUNB decided to focus on.Why is detecting a fraudulent credit transaction a difficult problem?First, credit is an easy medium for criminals to exploit because of the difficulty of discriminatingbetween a legitimate and a fraudulent transaction. Criminals are capable of getting a lot ofinformation about individuals such as social security numbers and other key pieces of datawithout much difficulty. When they take over a credit card or an account, this informationprovides them easy access to high priced goods and services such as jewelry, airline tickets, etc.Once criminals know that they have an exploitable credit card, they first “test” it by engaging inseemingly “normal” activity, and then hit the card hard and fast, extracting as much of itsavailable credit line as quickly as possible. Often, this behavior is not much different from that ofthe legitimate holder of the card. In other words, detecting fraud is a subtle and complex: thereare no obvious patterns that stand out as pathological behavior.Second, banks must minimize the risk of denying legitimate transactions, also referred to as the“type II error” in statistics. Embarrassment and inconvenience are a sure way of losingcustomers: you have to be virtually certain before intervening. This increases the likelihood ofapproving bad transactions, or the “type I error”.Third, customers are not always available to verify the legitimacy of a transaction even when thebank deems it important enough to do so. People are often not available by phone, sometimes fordays. Besides, criminals may also pose as the customer, especially when they are armed withsensitive customer information. Criminals have been known to completely “take over” a bankaccount, sometimes changing the billing address to their own without the real customer beingaware of this situation!Until a few years ago, banks were largely unable to combat the increasing fraud. The process oftrying to unearth fraud was woefully inadequate. Mary Ann Miller, manager of fraud preventionin the Customer Direct Access Division at First Union described the problem as follows:“In 1991, a lot of your information came from Issuers Clearinghouse Reports.These had information such as social security numbers, phone numbers andaddresses of known problematic cards in the last 30, 60, and 90 days. Thisinformation is useful for screening out transactions coming from cards that areknown to be bad — it is a useful pre-booking fraud tool. However, the informationis not relevant in finding fraud that is under way now. To deal with transactionlevel fraud, we used to specify some crude “filters” that consisted of broadparameters such as “cash transactions over $1000”, which an on-line systemwould use to flag transactions. But these kept our printers really busy. We wouldget reams of output. These reams would be taken over to analysts who wouldspend hours or days analyzing them, trying to judge which ones might befraudulent. In the early 90s, days could go by without finding a fraudulenttransaction. As a result, we devoted more analyst effort, but it was just that: moreeffort, a more labor intensive process that did not scale well. We needed a systemto do this, a system whose costs could be amortized over a large number oftransactions.”Figure 1 shows a general schematic of the situation. The problem was there was no good modelof a fraudulent profile. Without such a model, the bank could at best put transactions throughcrude filters, which represented their best guesses the kinds of things you might see in riskytransactions.The trouble was that these filters were much too loose: while many fraudulent transactions mightcorrespond to them, there were a lot more legitimate ones that also fit them. Without any way todiscriminate, analysts were deluged with a lot of irrelevant data. They were required to exercisetoo much judgment, and their performance depended largely on their experience, expertise,motivation, and luck. The bottom line was that analysts simply could not handle the volume ofoutput that flowed into them. The odds of catching fraudulent transactions were extremely low,reflected by the fact that they sometimes went for days without catching a single bad transaction.Clearly, this was not a scaleable approach to the problem.Transactions(dozens per minute)Crude Filters(dozens per minute)Reports(dozens per minute)Analyst Review(dozen per houri.e. severe overloading)Authorization Code(dozens per minute)Figure 1In a sense, the situation called for developing better filters. But not only did they have to bebetter, they also had to be dynamic, since the profile of bad transactions can keep changing: thebank might detect a pattern, but criminals realize that their current approach no longer works,and alter their strategy. By definition, the bank is always playing catch up. They could not takethe approach of developing “the correct” filters. Rather, the filters needed to be flexible enoughto adapt to new kinds of fraudulent activity, while “not forgetting” the past. In a sense, they hadto be capable of evolving in tandem with fraudulent behavior!By the same token, the problem required that a solution scale well across different customers: thebank’s customer base would keep changing, requiring that the system scale to handle differenttypes and larger numbers of customers. For example, if FUNB decided to develop a system forhandling each “profile” of customer (i.e. “urban professional”), they would need to be able toextend the system easily to handle new profiles.While a system had to be flexible enough to handle the evolving subtleties of criminal behavior,FUNB managers felt that their approval process should also be able to express and test certain“profiles” that they might hypothesize as being potentially problematic and hence worthchecking out statistically.For example, if experts felt that things like “three month payment history trend” or “number ofaddress changes in the last six months” might indicate something about consumer behavior (suchas propensity to default), the system should be able to track this information and allow an analystto query the existing database with such a filter. This would require a system to compute andstore such statistics when directed by an analyst.FUNB also realized that it would never be able to eliminate fraud completely either in principleor practically. The only way to do this would be to call customers to approve each transaction.Customers would not tolerate this. Practically speaking, it was important to determine when atransaction was deemed sever enough to get approval from the customer. The goal, therefore,was not have the most accurate system, but one that would keep fraud to “reasonable limits”.Furthermore, it was important to limit the calls to the customer. Figure 2 shows the “desired”process envisioned by FUNB as the first step. The idea was that each transaction would bescored to reflect the probability of it being a bad transaction. The idea was that each transactionwould be scored to reflect the probability of it being a bad transaction. It would then be passedon to a “Case Management System” that would decide whether to put it into a “queue” forfurther analysis by an analyst. The outcome of this analysis would in turn affect the scoreassigned to the next transaction.Transactions(dozens per minute)Scored transaction(dozens per minute)Case ManagementSystem queuesqueues(dozens per minute)Case analysis fortransactions exceedingthreshold score(a few per hour)AuthorizationCode(dozens per minute)Figure 2Finally, FUNB also realized that their data would always contain a certain number of errors.Some of these would be in the demographic data. More importantly, perhaps, there would alwaysbe some “bad” transactions that would have been classified as good, i.e. not detected as bad.Some of these might never be rectified.Questions1. What type of decision problem (classification, estimation, prediction, clustering,association, etc.) was the bank facing? Justify your answer.2. What type of model would you consider to be most appropriate for that problem? Justifyyour answer.3. Who would be the intended user for the model that you would propose to the bank? Howwould the model be used?4. Explain why the key drawbacks/limitations of the type of model that you chose inQuestion 2 are not significant factors in this context.

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.