Welcome to Part 2 of Holiday Fraud 2025 where I will discuss what to expect from the bank or credit union point of view and strategies you can implement now to be ready. If you missed part 1 where I described common holiday scams and how to warn your customers and members, check it out here: Holiday Fraud 2025 – Part 1

What to expect with fraud around the holidays:

• Your fraud rules and models will throw more false positives than usual – your customers are buying gifts, so their spending behavior is different.
• You will have less staff to deal with the increased alert volume due to vacation and flu season.
• Fraudsters will attack when they know that no one is on watch – posting about the company holiday party on LinkedIn? You just gave them an invitation.
• Scams, scams, and more scams.

Let’s discuss this in 2 parts:

1. Educating your customers and members before they fall victim to scams – see Holiday Fraud 2025 – Part 1
2. Training models and tuning rules for a dramatic shift in spending behavior – this article

Part 2: Training models and tuning rules for a dramatic shift in spending behavior

Around the holidays, your customer and member transaction behavior change drastically. They’re spending more. They’re shopping with merchants they don’t usually use. They’re buying gift cards. They’re traveling. Suddenly, the rules and models you’ve been tuning throughout the year don’t work. And we all know that a fraud decline at point-of-sale is embarrassing to your customer and member, creating a poor experience.

Operationally, alert volume spikes with increased transaction activity and false positives, availability of fraud investigators to work them plummets due to vacation and flu season, and you miss out on valuable time off with family dealing with the fallout. Here are some things you can do right now and hopefully manage to spend quality time away from work knowing that your defenses will hold… let’s be honest, you’re still on watch but hopefully it’s less of a burden than last year.

Now is the time to preserve your test and training data, especially third-party data. Typical data retention periods are 12-18 months. Do you know what they are internally and across all your third-party vendors? Do you really want to spend the time figuring that out? Preserve last year’s data now so you have some examples of seasonal behavior.

With that done, let’s look at how our rules and machine learning models need to be adjusted for both new applications and account/transaction monitoring. We’ll also cover data that should be collected if you didn’t have it from last year. Then we’ll close with operations, our fraud team who are the real heroes keeping watch so that our customers and members can enjoy the holidays.

What to consider in your rules and models:

Unusual transactions made point of sale (POS) local to the customer and member home address are likely valid gift purchases if the merchant is a retailer.

• Approve when:
  • Your customer or member has shopped there before
  • The amount is within range on what they usually spend around the holidays
  • It is travel related at a hotel or restaurant – and if you haven’t seen travel there before, then approve and verify.

• Verify when:
  • The amount is more than 50% above what they usually spend with a retailer.

• Decline when:
  • The transaction is unusual, and not local to the customer or member.

Online transactions:

• Approve when:
  • Your customer or member has made a purchase there before. Think “Flower of the month club”.
  • The transaction is within a normal amount for that person.
  • The transaction happens at a normal time of day. On this point I will confide that I’ve met someone who sleep shops. Regardless, that purchase at 3AM should be verified.

Gift card purchases, particularly multiple gift cards at the same time, are more common than other times of the year.

• Approve when:
  • Purchased at the same merchant (Walmart, Target, CVS) your customer has used before.
  • The total number of gift cards purchased is less than 4

• Decline when:
  • Purchasing more than 4 gift cards
  • Purchased at a merchant AND location that your customer or member does not usually shop. Consider metro areas with multiple Target, CVS, and Walmart stores.

Person-to-Person (P2P) payments like Zelle, Venmo, and Cash App increase.

• Approve when:
  • Customer or member has paid the payee before for a similar amount
  • Transaction is within a normal pattern for the customer or member
  • Transaction is below an established threshold
  • Multiple small transactions with small businesses like when people are shopping at a farmer’s or holiday pop-up market

• Verify when:
  • Customer or member links their account to a P2P provider for the first time
  • Customer attempts a transaction just under the threshold to a person for the first time

• Decline when:
  • Customer or member links their account to a P2P provider for the first time and immediately attempts 3 or more transactions regardless of amount
  • Customer or member makes multiple, under the threshold payments to the same person in quick succession

ATM cash withdrawals are more frequent.

• Approve when:
  • Customers and members withdraw from the same ATM they typically use, even if they withdraw more than usual
  • Customers and members deposit check and make a withdrawal from the same ATM they typically use

• Decline when:
  • Customers and members make withdrawals at multiple ATMs in the same vicinity – this is a “walker” technique used by fraudsters
  • Customers and members make withdrawals at 2 ATMs that are separated by a far distance using the same card – this is considered “impossible travel” indicating the card has been cloned
  • Customers and members make check deposits at an ATM they don’t typically use, then make a withdrawal at another ATM they don’t typically use in the same day

Personal checks are written more than usual.

• Checks written to utilities, property management companies and people whom the customer or member have written check to before are genuine
• Checks written for a large amount to a new payee, or multiple checks written to the same payee, or out of sequence check numbers should be scrutinized even if the payee appears to be a business

Rule and Model Prep

Re-train and re-test your rule strategies and models with last year’s data if you have it. Run train/test populations in 2-week increments staring mid-October through end of year. Build classification models for point-of-sale (POS) and online transactions with features for customer and member location, and travel & entertainment merchant types.

Implement features that allows you to rapidly respond to new and emerging fraud schemes. By rapidly, I mean within hours not days or weeks.

If you can do this, you’ll have happy customers and avoid overwhelming your operations. If you can’t, take advantage of the budget process that’s probably happening now to propose change. If you need help with that, please contact me. It costs nothing for a consultation, and you’ll come out of it with more insights.

Operations

Alert fatigue is real. If you are using legacy systems where your teams deal with an 80% false positive rate, they are burning out. At this time of year, you want them on top of their game. They also need some well-deserved time off.

Get your teams’ PTO plans in now and be prepared to negotiate coverage with them.

The flu can and will take out your best fraud investigators. Plan for backups.

If you’re onsite or hybrid, consider loosening in-office policies to give your fraud fighters some flexibility.

Tell them about tech projects designed for the holiday rush and ask for their input. Our systems have loads of data, but so do our people. Anecdotal feedback has value and fills gaps that raw data can’t answer. Also, when people feel like they have a voice in things, they are more committed to the outcome.

Final point. If you are in charge, and no one is there to cover a shift, then roll up your sleeves and do the job. You’ll earn respect from your team, and you may just realize how much you enjoyed doing the job that got you to where you are today.

You have my permission to use any of this content to educate your customers and members. And if you need my help, I’m here for you, just email me to schedule a free chat. I promise you will come away with some insights and a trusted resource.

Happy Holidays!