Lloyds Detected and Blocked > £200k Genuine Fraud in One Month While Reducing False Positives


Lloyds Banking Group is one of the UK’s leading providers of current accounts, savings, personal loans, credit cards and mortgages, with over 30 million customers. A sizable minority of the bank’s customers are now mobile only, highlighting the bank’s drive to prioritize a “mobile-first” strategy with a full-service mobile app.

The bank’s vision is to provide simpler, streamlined customer interactions across online and mobile. This relies on allowing customers to access their account and carry out real-time transactions whenever and wherever they choose, without experiencing unnecessary step-ups or interventions.

With a combination of advanced behavioral analytics and a white-box approach to machine learning, Lloyds Banking Group can:

  • Prioritize a streamlined customer experience with reduced false positives and fewer unnecessary interventions.
  • Provide a greater degree of trust around what constitutes normal behavior for individual customers.
  • Better detect complex and evolving fraud patterns with a higher degree of accuracy.

Business Problem

Global financial institutions continue to walk a tightrope between effective fraud control and exceptional customer experience. The balancing act is precarious; robust fraud detection cannot come at the expense of streamlined access to full-service online channels. The challenge for banks, however, is that consumer behavior is diversifying and is less predictable than ever before, making the definition of “normal” somewhat redundant. In tandem, fraudsters are becoming more adept at duping banks and customers alike, creating pitch perfect social engineering attacks that fool even the most technologically savvy, and behaving more like good customers than many good customers themselves.

Banks must remain at the forefront of advanced behavioral analytics and intelligent machine learning to better differentiate between evolving fraud vectors and the full spectrum of good customer behavior.

What Smart Rules have enabled us to do is to tailor rules and strategies for individual behavior rather than assuming that everyone behaves in the same way, which of course is not the case. We can better differentiate between true fraud, and legitimate “strange” behavior.”

Daniel Holmes, Lloyds Banking Group

Using Advanced Behavioral Analytics to Better Distinguish Genuine Customer Behavior from Potential Fraud

ThreatMetrix Smart Rules analyze behavior on an individual user level, comparing current event data to what is normal for that customer. This approach isolates genuinely high-risk transactions from those that may seem unusual, but form part of a customer’s normal online footprint.

Smart Rules Advantages

  • Configuring of dynamic thresholds, calculated based on the context of the transaction. Compare current events with historical information specific to the user.
  • Analysis of consumer behavior at different levels of granularity. Smart Rules can be defined at a user level or at an entity level like IP address or device.
  • Can be defined in a hierarchical manner by combining different sets of rules; either using all Smart Rules or a combination of Smart Rules and static business rules.

Smart Rules are underpinned by intelligence from the ThreatMetrix Digital Identity Network, that crowdsources intelligence from millions of daily consumer interactions including logins, payments, and new account applications across thousands of global businesses.

Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations, and anonymized personal information, alerting businesses to any high-risk deviations.

Smart Rules have allowed us to normalize the use of legitimate Remote Access Tools so that we can better identify behavioural changes that might be indicative of fraud. By reducing false positives we have been able to reinvest the alerts and the headcount back into refining our strategy, stopping fewer people but more fraud.

Daniel Holmes, Lloyds Banking Group

Extending the Success of Smart Rules with a Clear-box Approach to Machine Learning

Following the success of Smart Rules for better detecting genuine fraud, Lloyds Banking Group tasked ThreatMetrix with building a machine-learnt challenger policy to create more trust for good customers, thereby reducing friction.

ThreatMetrix inputted Lloyds truth data with intelligence from the Digital Identity Network to build a Smart Learning model which Lloyds used to augment its existing policy, when more context was required for a particular transaction.

Smart Learning Advantages

  • Machine Learning from ThreatMetrix employs an iterative approach to adapt to changing customer behaviors over time.
  • Businesses can choose to ‘selectively’ incorporate rules generated via a Smart Learning model to augment their existing policy.
  • Other machine learning offerings require additional operational effort cleaning data coming in from disparate sources before it can be consumed by the machine learning platform. Since ThreatMetrix Smart Learning consumes data coming in from the ThreatMetrix policy engine, the data is already cleansed and normalized, saving time and money.

This machine-learnt model if deployed would help reduce the day-to-day requirement to manage
individual rules, aggregating scores in a smarter, more automated way

ThreatMetrix Smart Learning has given us a machine-learnt challenger to our current policy score, enabling a 10% improvement in genuine customer trust levels at login. When weaved into fraud decisions this gives the opportunity to create less customer false positives and friction.

Daniel Holmes, Lloyds Banking Group

Schedule a Consultation

Start Today
close btn