Skip to content

The Importance of Deploying a Rules Engine in Check Fraud Detection

  • What is a rules engine?
  • Utilizing a rules engine for check fraud detection
  • Identifying use cases for rule engines in check fraud

The importance of having a multi-layered technology approach to check fraud cannot be overstated. It's crucial to integrate myriad technologies -- such as transactional/behavioral analytics, image forensic AI, consortium data, dark web monitoring, and payee positive pay -- to increase check fraud detection capabilities while reducing fraud losses.

However, one key factor that is lesser known is what is called a rules engine.

Fraud rules engine, also known as a fraud detection rules engine, is specialized decision-making software used by financial institutions to detect and prevent suspicious activities.

Here’s how it works:

  • Detection Mechanism: It employs logic-based rules to identify potentially fraudulent transactions or activities based on predefined criteria
  • Functionality: Fraud rules engines analyze data, correlations, statistics, and logical comparisons to pinpoint possible fraudulent actions
  • Operational Techniques: These engines are middleware applications that allow the creation and prioritization of rules to manage fraud effectively
  • Adaptive Systems: While traditional, they may be considered less adaptive compared to newer AI-driven fraud detection methods

Or, as noted by Unit21:

A rules engine is a software program that automatically makes decisions and performs actions when certain conditions are met. When a condition is triggered, a rules engine can be trained to look at the circumstances of that condition and make different decisions based on these variables.

How Rules Engines are Used for Check Fraud Detection

For check fraud detection, a rules engine is a critical component that enables financial institutions to address specific fraud trends identified by the FI. In an optimal workflow, a rules engine should be embedded as a centralized piece of technology that takes in inputs from all other technologies, as seen in the diagram below.

Rules Engine

As inputs are received from one or more check fraud detection technologies, they are analyzed. If certain criteria are met, a rule is applied -- i.e. if "A," "B," and "C" criteria are met, then "D."

This enables FIs to easily address specific fraud trends or situations -- important for check fraud, as fraudsters follow certain scripts for their schemes. When an FI identifies this certain trend, they can deploy a rule that can quickly identify a new attempt and stop the fraudster in their tracks.

For example:

  1. Deposit amount (or check) is greater than $600
  2. Account is <90 days old
  3. Balance prior to the deposit is < $100

This rule example helps banks identify new drop accounts. Typically, a fraudster will establish an account, perform minor transactions for about 30 days to establish the account, and then deposit one or several large stolen or counterfeit checks. The set of rules above address these accounts and flag transactions and accounts for review.

Image Forensic AI Rules Engine

For image forensic AI, a rules engine take the outputs from the scoring engine to decide which items to review. As many are aware, certain thresholds are established for each analyzer; if the confidence score does not meet the threshold, that item is flagged for review.

In the simplest form, if a check stock analyzer scores the item as a "60 out of 100" confidence score, but the threshold is "70 out of 100" confidence score, then the item will be flagged for review by a fraud analyst.

However, FIs can leverage rules engines to target specific use cases:

If the financial institution is seeing increase counterfeit checks from Bank A (Bank of First Deposit), a rule can be applied that if the item is from Bank A, and confidence score of check stock is lower than 80 out 100, then flag item for review.

If a financial institution is seeing an increase in drop accounts where establish accounts are being utilized by fraudsters, a rule can be applied that if account is dormant for more than 90 days and sees a increase of large check deposits in a short period of time, than flag for items for review.

Rule engines are meant to be specific to each FI, and it's important for fraud departments to deploy specific rules related to the trends affecting them, enabling banks to tackle the challenges holistically, rather than manually.

If you are interested in learning more about rules engines, click to access the release notes for our OrboAnywhere Sherlock 5.3.

Leave a Comment