Multi-Signal Fraud Detection Benchmarks
Proof has developed a layered fraud detection model that combines passive signals, active checks, and collective telemetry from its Identity Authorization Network to outperform traditional passive-only methods by 600-1,300% in detecting sophisticated fraud without increasing user friction, addressing the shortcomings of standard approaches like MFA and KBA that are increasingly ineffective against targeted attacks.
As fraudsters adopt more targeted and sophisticated attacks, static defenses like multi-factor authentication (MFA) and knowledge-based authentication (KBA) are proving less effective, leaving a lot of fraud undetected. The future of fraud detection requires a comprehensive approach. Proof has built a layered intelligence model that integrates passive signals, active checks, and collective telemetry from the Identity Authorization Network (IAN) to achieve superior performance. Here’s how Proof’s model outperforms passive fraud detection by 600 - 1,300% without adding more friction for users.
1. The Industry Standard: Passive-Only Fraud Modeling
Industry standard modeling practices generally center around leveraging "passive signals"—data points like email, phone number, device details, and user history—to minimize customer friction. These approaches enable scalable fraud screening with little disruption to users, justifying their wide adoption across financial services, e-commerce, and SaaS.
However, as fraudsters adapt and target systems with increasingly sophisticated tactics, relying solely on passive signals presents serious limitations. For example, a leading fraud-screening provider claims their email risk score product captured nearly 68% of fraud at a 5% intervention rate with a 6:1 false positive ratio; however, these numbers imply a 1.05% total fraud rate, and their solution leaves over 33.6 basis points of fraud undetected.
Targeted and stateless identity intervention methods are increasingly susceptible to exploitation by sophisticated fraud actors. Recent reports show that MFA, a widely used verification solution, only blocks 30% to 50% of fraud attempts, which is significantly lower than the 99.9% efficacy claimed by some vendors. Likewise, the widespread availability of personal information on social media and through dark web data brokers has made KBA more vulnerable than ever, reducing its effectiveness as a security measure.
2. Proof's Layered Intelligence Model: Passive + Active Signals and Identity Network Enablement for Superior Performance
Proof’s layered model builds upon industry standards by integrating:
- Curated passive signals
- Active user identity verification checks
- Human-in-the-loop reviews (e.g., notaries as authenticators)
- Identity Authorization Network (IAN) enablement
Combining these layers results in less than 0.01% (or 1 basis point) of undetected fraud at a 2.25% intervention rate, with up to 6x improvement over a leading industry competitor by detection performance and up to 13x improvement by intervention efficiency.
Key Innovations
- Combining passive, active, and Proof’s IAN (consortium) signals:
- Passive signals (email, phone, device, address, etc.)
- Active signals (KBA, document verification, selfie-verification, and human-in-the-loop meeting support)
- Rich, manual training data:
- All fraud cases are verified in-house
- Proprietary evidence and strong labeling power robust model performance
- Multiple feedback loops:
- Continuous system monitoring
- Notaries and direct customer feedback
- Network-level fraud linkage identification (IAN effect)
- Industry diversity in application:
- Proven across domains: financial aid (FAFSA), bank account applications, real estate eClosings, landlord impersonations, deepfake scenarios, etc.
3. Introducing Performance Analysis Terms
To compare fraud solutions, observers must adopt performance evaluation metrics that align with the operational objective of preventing fraud:
- Recall (fraud detection rate): Percent (%) of total fraudulent transactions identified by the model.
- Intervention rate: Percent (%) of transactions flagged for review in descending order by model fraud likelihood score.
- Lift: The ratio of recall performance between competing models at a fixed intervention rate.
- Efficiency lift: The ratio of intervention rate performance between competing models at a fixed recall.
- Cumulative gains chart (recall vs. intervention): Visualizes how recall improves as more transactions are flagged.
- Lift curve: Visualizes lift at various intervention rates.
- Efficiency lift curve: Visualizes efficiency lift at various recall (fraud detection rates).
4. Methodology
Modeling Approach: Supervised Machine Learning for Fraud Classification
The team used fully labeled (fraudulent + non-fraudulent) cases where available, supplemented by positive-unlabeled (PU) learning to handle ambiguous or incomplete ground-truth outcomes common in real-world fraud and abuse detection datasets.
Performance Simulation: K-fold Cross-Validation by User/Fraud Ring ID
K-fold cross-validation was employed by partitioning the data into K distinct subsets, with each fold serving as the test set while the remaining folds were used for model training. Folds were constructed based on user and fraud ring IDs, ensuring all transactions associated with a given user or fraud ring were placed entirely within a single fold. This eliminated information leakage and provided an accurate, unbiased measure of real-world model performance.
Business-Relevant Evaluation: Policy Evaluation Tables
"High" and "Medium" risk labels were assigned to transactions using model score percentiles, applying predetermined policy thresholds that corresponded to 0.25% and 2.25% cumulative intervention rates, respectively. For each risk category, the model’s performance metrics were aggregated and summarized relative to the Cumulative Gains Chart, providing actionable insights into the model’s effectiveness at different intervention levels.
5. Performance Takeaways (Industry Benchmark vs. Proof Model)
A risk score from the industry benchmark fraud model was available for a subset of Proof’s transactions over the past year. The Defend risk engine’s simulation results were filtered to this same subset, including both fraudulent and non-fraudulent cases. Within this subset, the prevalence of fraudulent transactions was 2.78 basis points (BPS), meaning nearly 3 out of every 10,000 transactions were fraudulent. (Note: 2.78 BPS is an artificially high rate of fraud due to strategic deployment on a high-risk population.)
A. Industry Benchmark Performance
Industry Benchmark Policy Evaluation Table
| Benchmark Label | IR | Total IR | Recall (FDR) | Fraud BPS |
|---|---|---|---|---|
| High | 0.25% | 0.25% | 7.62% | 82.14 |
| Medium | 2.00% | 2.25% | 38.1% | 37.32 |
| Low | 97.75% | 100% | 100% | 1.72 |
| Total Fraud BPS | 2.78 |
The industry benchmark fraud detection model identified nearly 8% of known fraudulent transactions at the 0.25% intervention rate. At a cumulative intervention rate of 2.25%, it detected close to 40% of fraudulent transactions. At this rate, the model failed to detect 1.72 BPS of fraudulent transactions.
B. Fraud Detection Performance and Lift
Defend Policy Evaluation Table
| Defend Label | IR | Total IR | Recall (FDR) | Lift | Fraud BPS |
|---|---|---|---|---|---|
| High | 0.25% | 0.25% | 48% | 630% | 519.35 |
| Medium | 2.00% | 2.25% | 67% | 175% | 22.49 |
| Low | 97.75% | 100% | 100% | na | 0.9 |
| Total Fraud BPS | 2.78 |
The Defend Risk Engine detects 48% of known fraudulent transactions at a 0.25% intervention rate and 67% at a 2.25% intervention rate. Comparing fraud detection “lift,” the Defend Risk Engine detected 630% more fraudulent transactions at the “High” risk threshold and 175% more at the “Medium” risk threshold than the industry benchmark. At a 2.25% intervention rate, the Defend Risk Engine reduced undetected fraud to under 1 basis point (BPS).
C. Efficiency Lift
To match the Defend Risk Engine’s recall of 48% at a 0.25% intervention rate, the industry benchmark model would have needed to intervene on 3.35% of all transactions. This demonstrates that the Defend Risk Engine is more than 13 times more efficient compared to an industry-leading passive-signal fraud model. To achieve the Defend Risk Engine’s detection rate of 67% at a 2.25% intervention rate, the industry benchmark model would have required an intervention rate of 8.7%, translating to nearly a 4 times improvement in efficiency.
6. Real-World Impact
By combining passive and active signal analysis, robust human-in-the-loop review, and the collective telemetry of the Identity Authorization Network (IAN), Proof has substantially reduced undetected fraud while preserving the user experience, compared to industry-standard solutions.
"85% of buyers anticipate an increase in fraud rates over the next two years as a result of advances in GenAI, and 70% of buyers are planning to turn on passive signals to address growing fraud threats" - Liminal
Efficacy at Practical Intervention Rates
Less than 1 BPS (1 in 10,000) of undetected fraud at a 2.25% intervention rate: In Proof's year-long simulation, monitoring just 2.25% of all transactions (those flagged as “High” or “Medium” risk) enables Proof to drive undetected fraud rates below 1 BPS—a nearly 2x improvement over leading industry competitors by detection performance, and a nearly 4x improvement by intervention efficiency.
Critical Value for High-Value Transactions
Significantly lowering undetected fraud to below one BPS has a profound impact on reducing the risk of substantial financial losses. This risk reduction is especially critical in high-value scenarios, such as digital real-estate closings, where a single undetected fraud event can result in losing hundreds of thousands of dollars. The same is true for other sensitive processes like bank account openings, mortgage applications, educational financial aid disbursements, and various regulated, large-value transactions.
Minimal Tradeoff: Customer Experience is Preserved
Advanced fraud control delivers superior security without compromising the user experience. Proof’s internal data shows that user completion rates remain above 90%, and net promoter score (NPS) consistently averages between 70 and 80 out of 100, with a stable 5% response rate each month. The verification process is efficient, with typical time-to-completion averaging just 13 minutes for non-meeting transactions and 17 minutes for those requiring a meeting. These results confirm that even with increased fraud controls, Proof maintains a seamless and convenient experience for users.
Industry Transformation and Network Health
By reducing undetected fraud and maintaining an exceptional user experience, Proof provides meaningful risk reduction for individual organizations and confers broader benefits across the entire digital ecosystem. Participation in the Identity Authorization Network (IAN) creates a network effect, in which confirmed fraud detected in one area quickly propagates throughout the network and helps protect other members. Proof’s use of difficult-to-impersonate identifiers such as biometrics and government documents fortifies the strength of the network compared to competitors who rely on spoofable information such as email addresses, phone numbers, and digital devices. As high-value transactions become increasingly digital, Proof demonstrates that it is possible to achieve both rigorous fraud minimization and an outstanding user experience, raising the industry standard for modern fraud prevention solutions.
References
- 1.Microsoft. “How effective is multifactor authentication at deterring cyberattacks?” Microsoft, https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MFA-Microsoft-Research-Paper-update.pdf. Accessed 25 November 2025.
- 2.Keepnet. “Understanding MFA Phishing: Protection Measures and Key Statistics.” 2024, https://keepnetlabs.com/blog/understanding-mfa-phishing-protection-measures-and-key-statistics. Accessed 25 November 2025
- 3.Google. “Making you safer with 2SV.” 2022, https://blog.google/technology/safety-security/reducing-account-hijacking/. Accessed 25 November 2025.