Zencos has merged with Executive Information Systems (EIS)
Free Strategy Consultation
Zencos Icon


Contact Us


Reducing the Dreaded False Positives

Financial Crimes

Craig Willis



What is a False Positive?

A false positive is when a legitimate transaction is flagged as suspicious, shutting down the payment or possibly locking an account down completely. In other words, a user is incorrectly identified as a fraudster. These errors occur when a non-fraudulent transaction triggers a bank’s fraud detection system resulting in the bank denying the completion of the transaction. 

Cost of False Positives

Kount, a digital fraud prevention company, reported a cost of $2 billion for e-commerce merchants in the USA alone due to false positives.  False positives costs about 2.8% of revenue. Obviously, false positives have a big impact on the booming e-commerce industry.

40% of consumers in Europe said they won’t do business again with a merchant who declined the card when it was a legitimate purchase. Banks are working to cut down on the number of false positives, but false positive rates are still extremely high. A false positive rate of >90% is very common within financial institutions. These extremely high rates indicate organizations should be adopting advanced technology with complete and accurate data. 

A hypothetical bank that generates alerts on 0.1% of 1 million daily transactions needs to investigate 1,000 daily alerts. If the false positive rate is 95%, the bank will need to close 950 false positive alerts daily, which adds no value to the bank. 

If the average triage time for working an alert and concluding that it is a false positive is 30 minutes, optimistically, then it takes roughly 60 person days just to resolve the daily alerts. 

According to Glassdoor, the national average salary in the US for an AML investigator is $55,000/year.  The total yearly fixed cost is 60 X $55,000 or $3.32MM to chase down the false positives. In addition, while they are chasing down false positives, they are not looking into actual legitimate fraud alerts. This is $3.32MM of pure cost.

COVID-19 led to an increase in online shopping, causing the number of credit card purchases to go through the roof. The amount of digital fraud is increasing as well. Hiring more people, at a very large cost, isn’t the answer to chasing even more false positives. 

Common Causes of False Positives

There are multiple causes for the regular occurrence of false positives in fraud detection programs. Not all causes will be found in each business, but each business should be prepared for them.

Data quality 

Faulty data is one of the key contributors to the false positive problem. This can stem from poor data quality, incomplete data, data errors, or a combination of these factors.

There are a host of open source and commercial methods to aid in providing higher data quality.  There are also a host of companies who engage in the practice of consulting on best practices for data and analytics in the financial industry. These experts can provide services when the staff or expertise is not available in-house. 

Outdated Rules

Many financial institutions rely heavily, or exclusively, on rules-based systems. Criminal behavior is constantly changing. If your rules haven’t changed, then you likely will get both false positives and also an increase in false negatives. False negatives are when fraudulent behavior is happening but not causing a trigger. This is exactly what the fraud perpetrators want. You should  look at increasing the frequency of adding to and updating the current rule set that you have in place. However, this takes time and resources.

Testing and Tuning

Fraud perpetrators are getting smarter in their usage of new and different techniques to commit fraud.  

Organizations should employ a regular program of testing and tuning of the rules to ensure that the thresholds are optimized to provide the best chance of reducing false positives.  In AML/CTF programs, we can employ statistical methods known as above-the-line (ATL) and below-the-line (BTL) testing. These approaches are used to validate and tune the thresholds and parameters of the rules in the software.

To do ATL or BTL testing, the thresholds are increased or decreased to arrive at the best possible thresholds and parameters. These thresholds are adjusted in the software’s testing environment, and then alerts are generated for a period of time, for example, the previous six months. Ideally, ATL and BTL testing should not just be performed once but periodically to ensure that the model is correctly tuned. The nature of transaction data can evolve with changes in the firm’s business.

Next-generation AML

Because of COVID and other factors like increasing regulatory controls and governance, financial institutions are going through a massive digital transformation. Machine learning (ML) can, and will eventually, play a very large role in this transformation. Some larger institutions with large staff are already getting some value from ML, while small to mid-sized institutions may be unable to take advantage because of lack of resources, cost, and time to value. Like everything in the digital world, advances will be made that will commoditize advances in analytics. 

Analytics giant SAS Institute recently published a white paper discussing next-generation AML. In summary, the paper recommends the following phases of leveraging ML and next-generation AML techniques:


Digital transformation during COVID-19 has taught us that we can innovate quicker than we thought possible. Innovation in your AML systems is no exception.  Some  innovation using ML in AML has already been done so there isn’t a need to reinvent the wheel. Instead, find a partner or software vendor that can bring pre-packaged IP to the table that helps solve the problems you have today.


Data is always a factor in any digital transformation. Make sure you have a solid foundation of data, share data across borders, and before making a leap into ML make sure you have the data to support the problem you are trying to solve. 

A transformation to using more analytics may require integration of systems and processes. Be prepared to break down the silos of data that exist across an enterprise. 

Data governance is very important. Always remember the old adage, “garbage in, garbage out’.


Going all in with just rules or a single ML scenario approach is likely not going to give you the most bang for the buck. Rules and ML scenarios each have a place and purpose. Invest your time wisely and find where each fits in your company. 

The combination of multiple techniques will often lead to better, and quicker, results than just leveraging a single technique.  


Focus your attention on the important alerts today and put the other alerts into the parking lot for attention later. Unless you have a small army of investigators, you can’t chase every alert. And as we’ve already pointed out, chasing alerts that don’t bear fruit is a costly endeavor.


Fraud prevention and detection often includes the process of analyzing large datasets from enterprise-wide systems to locate potential fraud or corruption irregularities. However, these analytical searches are not without their challenges, with one of the largest being generating false positives. 

A large influx of these false positives will slow down the work of an auditor or investigator, requiring them to sort out true anomalies from false ones.  

Over time, these false positives can also strain management’s confidence in the value of investing human and financial capital, frustrate those needing to identify fraudulent behavior, and give defense counsel ammunition to challenge evidence. 

For all of these reasons, it is critical to use actionable, proven analytical methods that will reduce the opportunities for generating false positives.  

Zencos Consulting has implemented AML and analytical solutions for almost 20 years and can help financial institutions of all sizes with their AML digital transformation.

Related Insights


Real-Time AML Offers Security in an Increasingly Risky Climate


How to Navigate the Threat of Increased Fraud and Criminal Activity in an Economic Downturn


AML-as-a-Service is an Evolution in Securing Regulatory Compliance


Institutions Face Urgency to Expand AML and Watchlist Screening