Same Math, Different Enemies: The Unit Economics of Credit and Fraud Risk

Dec 28, 2025

In my previous post, I discussed standard risk metrics like AUC, KS, Precision, and Recall. But metrics are just a means to an end. How do the actual decision-making processes differ between Credit Risk and Anti-Fraud?

Having recently rotated from the Credit Risk team to the Anti-Fraud team, I’ve realized that while the terminology differs, the fundamental logic—derived from the first principle of Maximizing Profit—is remarkably similar. Below, I demonstrate the mathematical unity of the two domains and highlight the key strategic differences.

The Shared Math: Maximizing Incremental Value

Let’s start with the basics. Total profit equals the revenue from good users minus the losses from bad users.

True Negatives (TN): Approved users who pay (Profit).
False Negatives (FN): Approved users who default/fraud (Loss).

Define positive as “we block/reject because predicted bad,” and negative as “we approve.

We can express this as:

\(Total\ Profit = TN \cdot R - FN \cdot L\)

Where R is Revenue per Good User and L is Loss per Bad User.

However, this equation is too static for strategy design. To decide whether to approve or reject a specific segment, we need to look at the Counterfactual: What is the value added by our decision model compared to doing nothing?

If we compare our strategy against a baseline of “Approving Everyone,” the Total Profit can be rewritten as:

\(\begin{align*} Total\ Profit &= TN \cdot R - FN \cdot L \\ &= (N_{good} - FP) \cdot R - (N_{bad} - TP) \cdot L \\ &= \underbrace{(N_{good} \cdot R - N_{bad} \cdot L)}_{\text{Baseline Profit}} + \underbrace{(TP \cdot L - FP \cdot R)}_{\text{Incremental Strategy Value}} \end{align*}\)

N_good,N_bad: Total population of good and bad users (Constant).
TP⋅L: The loss saved by correctly blocking bad users.
FP⋅R: The revenue sacrificed by incorrectly blocking good users.

Since the Baseline Profit is constant (determined by the population), maximizing Total Profit is mathematically identical to maximizing Incremental Strategy Value.

The Optimality Condition: MC = MB

Economics teaches us that profit is maximized when Marginal Cost equals Marginal Benefit.

Let p^ be the probability that the next user we assess is “Bad.”

Marginal Benefit: If we block them and they are Bad, we save L.
Marginal Cost: If we block them and they are Good, we lose R.

We should stop blocking exactly when the cost outweighs the benefit:

\(\begin{align*} Marginal\ Benefit - Marginal\ Cost &= 0 \\ \hat{p} \cdot L - (1 - \hat{p}) \cdot R &= 0 \\ \hat{p} \cdot (L + R) &= R \\ \hat{p} &= \frac{R}{L + R} \end{align*}\)

This simple ratio, R/(L+R), is the “Universal Cutoff.” But the two teams view it from opposite ends.

1. The Anti-Fraud View (The Defender)

In fraud, we “block” transactions.

Revenue (R): The cost of insulting a good customer (C_insult), which is the interest loss.
Loss (L): The fraud loss saved (C_fraud), which is the principal loss.

The probability p^here represents the probability of fraud—which is exactly the definition of Precision for that marginal alert.

\(Precision_{min} = \frac{C_{insult}}{C_{insult} + C_{fraud}} = \frac{Interest}{Interest + Principal}\)

If the model’s precision drops below this threshold, the cost of insulting good customers exceeds the value of the fraud we stop.

A Note on Terminology: Why does Probability (p^) equal Precision?

It might seem confusing to equate a single user’s probability score (p^) with a group statistic like Precision. However, at the margin, they are identical. Simply apply the Law of Large Numbers:

Imagine our model assigns a risk score of 0.20 to a specific transaction. This prediction literally means: “There is a 20% chance this specific transaction is fraud.” , assuming the model is well-calibrated.

Now, imagine we gather 100 transactions that all share this exact risk score of 0.20.

Expected Fraud (TP): 20
Expected Legitimate (FP): 80

If we block this specific bucket of users, the Precision is:

\(Precision = \frac{TP}{TP + FP} = \frac{20}{20 + 80} = 20\%\)

Thus, the Probability Score at the cutoff is simply the Marginal Precision of the decision at that cutoff.

2. The Credit Risk View (The Attacker)

In credit, we “approve” loans.

Revenue (R): Interest Income.
Loss (L): Principal Loss.

The probability p^ here represents the Probability of Default (PD).

\(PD_{max} = \frac{Interest}{Principal + Interest}\)

If the user’s PD rises above this threshold, the expected principal loss exceeds the potential interest income. (Of course, this is a simplified way to calculate revenue and cost but it captures the essence.)

Conclusion: Same Line, Opposite Directions

Mathematically, Minimum Precision and Maximum PD are the exact same number.

The Anti-Fraud team defends the gate, blocking bad actors until the precision drops to the cutoff.
The Credit Risk team expands the market, approving users until the risk rises to the cutoff.

The Strategic Divergence: Different Enemies

If the math is identical, why do the jobs feel so different? Because while the equation is the same, the enemy is not.

1. Definition of “Bad”

Credit Risk: “Bad” is defined solely by default.
Anti-Fraud: “Bad” is defined by intent (Deception). Thus, default alone is not sufficient. The team will also look for suspicous patterns.

2. Static vs. Dynamic (Game Theory)

This is the most critical difference.

Credit Risk mostly plays against Nature. Borrowers are relatively stable. A user with a 620 credit score today behaves similarly to a 620 user yesterday. Historical “Vintage” data is highly predictive of the future.
Anti-Fraud plays against an Adversary. Fraudsters are intelligent, coordinated, and reactive. If you set a static rule to block X, they immediately shift to Y.
- Implication: Credit teams optimize for Efficiency (Calibration). Fraud teams must optimize for Adaptability (Exploration).

3. The Action Space

Anti-Fraud: The decision is usually binary (Approve vs. Reject) or friction-based (Step-up Verification).
Credit Risk: The decision is multi-dimensional. We can manage risk not just by rejecting, but by adjusting the Credit Limit, Tenure, or Pricing (EIR). We have more levers to force the unit economics to work.

4. The Entity Dimension (Multi-Modal Risk)

Credit Risk is almost exclusively User-Centric. We underwrite the person (or the business entity) applying for funds. The unit of analysis is stable.
Anti-Fraud is Multi-Modal. We don’t just assess the User; we assess the Device, the IP address, the Credit Card, and the Merchant.

The Economic Implication: The variables in our profit equation (C_insult and C_fraud) shift drastically depending on what we are blocking.

Blocking a Device: If I block a suspicious device ID, the CinsultCinsult might be low (the user is annoyed but can switch devices). Result: I can afford a lower precision threshold.
Blocking a Merchant: If I block a merchant in a marketplace, I cut off revenue from all their customers. The C_insult(Lost Revenue) is massive. Result: I need an extremely high precision threshold—often requiring manual review—before pulling the trigger.

While Credit Risk optimizes one curve (User Risk), Anti-Fraud constantly juggles multiple curves with different breakeven points.

Closing Thoughts

I am still very much a learner in this space, but realizing that Credit Risk and Anti-Fraud share the same Unit Economics has been a helpful anchor for me.

It means that while I am learning new tactics (Game Theory, Pattern Recognition), the underlying grammar of Profit Maximization remains the same.

ZhiZhi Gewu

Discussion about this post

Ready for more?