TL;DR

• Fraud KRI thresholds set at launch become misleading when your transaction volume triples — a green metric at $10M/month means something different at $100M/month
• Core fraud KRIs: fraud loss rate (bps of volume), chargeback rate by product, alert backlog age, false positive rate, and SAR filing timeliness
• Visa’s VAMP enforcement began October 2025; the merchant combined fraud-and-dispute threshold drops to 1.5% for North America, EU, and APAC effective April 1, 2026
• TD Bank’s $1.3B FinCEN penalty was driven in part by persistent SAR alert backlogs — the failure a well-calibrated backlog KRI would have surfaced years earlier
• Threshold drift is the most common reason fraud programs produce false greens; revisit thresholds whenever transaction volume changes ±25% in either direction

When you launched, you set a fraud loss rate KRI at 5 basis points. That felt conservative — responsible, even. At $10M in monthly transaction volume, 5bps is $5,000.

Eighteen months later, you’re processing $80M a month. Five bps is now $40,000. The metric still shows green. Nobody updated the threshold. And the business has quietly crossed a line where fraud losses are material — they’re just hidden behind a number calibrated for a company a fraction of your current size.

That’s threshold drift. It’s the most common reason fraud KRI programs produce false greens. And in the post-2024 enforcement environment, where regulators scrutinize both fraud controls and the monitoring programs behind them, a fraud dashboard that looks fine when things aren’t is worse than having no dashboard at all.

Why Fraud KRIs Are Different

Fraud risk isn’t static. It evolves with your product mix, your customer base, your transaction volume, and the threat landscape. That makes fraud KRIs more volatile than most operational metrics — and more prone to becoming stale.

Most operational KRIs measure control effectiveness in environments that change slowly: staff turnover, audit findings, vendor performance. Fraud KRIs measure adversarial dynamics where the threat adapts to your controls. The moment your fraud detection improves, fraud patterns shift. New customers bring new risk profiles. Seasonal volume spikes create new attack windows.

The result: fraud KRIs need a higher calibration cadence than almost anything else in your risk program. An annual review is insufficient when your volume doubles in a quarter.

There’s also a direct regulatory dimension. Transaction monitoring failures — inadequate coverage, alert backlogs, failure to file SARs — are among the most commonly cited deficiencies in bank examinations and fintech partner reviews. A fraud KRI program that surfaces those problems before an examiner does is one of the few controls that genuinely protects against material regulatory exposure.

The Core Fraud KRI Set

1. Fraud Loss Rate (Basis Points of Transaction Volume)

This is the foundational fraud KRI — what you lose to fraud as a percentage of what you process.

How to measure it: Total confirmed fraud losses (chargebacks confirmed as fraud + direct fraud write-offs) divided by total transaction volume, expressed in basis points. 1bps = 0.01% of volume.

Data source: Fraud management platform, chargebacks management system, general ledger.

Owner: Fraud Risk / Payments Operations.

Threshold drift risk: This is the highest-drift KRI in any fraud program. Per Alloy’s 2025 financial fraud statistics, US merchants now lose $4.61 for every $1 of fraud — a 37% increase from 2020 — partly because the cost multipliers behind percentage-based metrics are growing faster than the rates themselves. If monthly transaction volume has increased by more than 25% since thresholds were last set, recalibrate immediately.

2. Chargeback Rate by Product Line

Chargeback rate measures disputes — fraud-confirmed and customer-initiated — as a percentage of transactions. It’s also the metric your card networks monitor, which means your internal KRI needs to be calibrated to give you warning before they call.

How to measure it: Total chargebacks in a calendar month divided by total sales transactions in the same month. Track separately by product line because network programs operate per-portfolio.

Data source: Card network dispute data, payment processor reports.

Owner: Payments Operations, Risk.

2026 network thresholds to know:

Visa’s VAMP program, which consolidated Visa’s legacy dispute programs starting April 2025, uses a combined fraud and dispute ratio. The merchant threshold was 2.2% through mid-2025; it drops to 1.5% for North America, EU, and APAC effective April 1, 2026. At the acquirer level, a VAMP ratio above 0.7% is “excessive,” with a $10 fine for every dispute above the line. Mastercard’s Excessive Chargeback Program flags merchants with 100+ chargebacks per month and a 1.5%–2.99% ratio.

Your internal amber threshold should sit around 0.3%–0.5% — well below network thresholds — so you have runway to investigate and correct before the card network notices.

BNPL note: Disputes in BNPL rose 17% in 2024, driven by synthetic identity fraud and account takeover. If you run a BNPL product, track BNPL chargebacks separately from your core payments portfolio — the risk drivers differ enough to warrant distinct monitoring parameters.

3. Transaction Monitoring Alert Backlog Age

This KRI measures how old your unresolved transaction monitoring alerts are. It’s a leading indicator of monitoring system strain — the gap between alert generation capacity and investigation capacity.

Why it matters: TD Bank’s $1.3 billion FinCEN penalty in October 2024 documented “extensive, persistent, and prolonged backlogs within the AML function, manifesting as backlogs of alerts requiring review by investigators to resolve and prepare SARs.” From 2016 through 2019, TD had significant backlogs in its Detection and Further Investigation queues. The monitoring failure wasn’t visible in fraud loss data — it was visible in the operational state of the monitoring program. An alert backlog KRI would have flashed red years before the FinCEN consent order was signed.

How to measure it: Count of open alerts older than 15 business days, tracked as a daily snapshot.

Data source: Transaction monitoring system alert queue, case management platform.

Owner: AML/Financial Crimes Operations, BSA Officer.

The 30-day clock matters: the FFIEC BSA/AML Examination Manual (Appendix S) expects SARs to be filed within 30 days of learning the facts giving rise to suspicion. Alerts aging past that threshold aren’t just operational delays — they’re potential SAR filing failures.

4. Transaction Monitoring False Positive Rate

False positives — alerts that generate investigation but turn out to be legitimate activity — are the efficiency metric for your transaction monitoring program. High false positive rates drain investigator capacity, slow alert resolution, and create exactly the conditions where real suspicious activity slips through.

How to measure it: Total alerts resolved as non-suspicious divided by total alerts generated, in a rolling 30-day period.

Industry context: In traditional rules-based AML systems, an estimated 95% of alerts are false positives. Research across 15 financial institutions found average false positive rates of 3.2% in more sophisticated systems. A useful internal target for a rules-based system: stay below 90% false positive rate. Above 90% means your monitoring is generating more noise than signal.

Data source: Transaction monitoring system disposition data.

Owner: Financial Crimes Operations, BSA Officer.

Alert-to-SAR ratio: Track alongside false positive rate. Industry experience suggests a well-tuned program should achieve a 40–50% referral-to-SAR ratio for human-generated referrals. If your alert-to-SAR ratio is below 1%, your monitoring scenarios are likely too broad to be useful.

5. SAR Filing Timeliness Rate

This KRI measures whether SARs are being filed on time once the decision to file has been made.

How to measure it: Percentage of SAR filings completed within 30 days of the date the institution learned the facts giving rise to suspicion, tracked monthly.

Target: 100%. Anything below 95% warrants immediate review.

Data source: Case management system SAR filing log.

Owner: BSA Officer.

Context: FinCEN documented an 18.5% rise in SAR filings between July 2023 and December 2024, which means monitoring programs are generating more SARs while often operating under the same staffing levels. SAR timeliness is the canary for whether filing capacity is keeping up with alert volume.

Product-Specific Fraud KRIs

Different fintech products carry distinct fraud risk profiles. The core KRI set applies across the board, but these product-specific metrics sharpen the picture:

The Threshold Drift Problem, In Detail

The core risk with fraud KRIs isn’t that teams don’t set them — it’s that thresholds are set once and rarely revisited.

Here’s what threshold drift looks like in practice:

Month 1: You process $8M monthly. You set fraud loss rate amber at 8bps ($6,400/month). Feels conservative.

Month 18: You process $75M monthly. Your fraud loss rate is 7.5bps. KRI shows green. But 7.5bps of $75M is $56,250 — not $6,000. The “green” metric is masking a 9x increase in absolute fraud exposure.

Month 24: A bank partner or examiner asks for your fraud trend data. The dashboard shows consistently green. The underlying dollar losses tell a different story.

Threshold drift remediation:

1. Set a volume-trigger rule. Any time monthly transaction volume changes by ±25%, automatically flag all volume-denominated fraud KRIs for threshold review.
2. Add an absolute-dollar floor. Alongside percentage thresholds, add an absolute monthly loss threshold. Example: amber at 8bps OR $25,000 — whichever is lower.
3. Log threshold change history. When you update thresholds, document the date, the previous threshold, the new threshold, and the rationale. This is the evidence your examiner will request.

The Enforcement Context

The regulatory case for fraud KRIs isn’t theoretical — it’s in the consent orders.

TD Bank’s $3.1 billion resolution (FinCEN’s record $1.3B penalty, plus DOJ, OCC, and Federal Reserve components) documented a transaction monitoring program that remained “effectively static” from 2014 through 2022 — no new monitoring scenarios, no material changes to existing ones. The result: 92% of TD’s transaction volume — approximately $18.3 trillion — went unmonitored from January 2018 through April 2024. Alert backlogs ran for years. The bank failed to file SARs on approximately $1.5 billion in suspicious transactions.

The March 2026 FinCEN enforcement action against a global broker-dealer — the largest BSA penalty ever brought against a broker-dealer at $80 million — similarly cited failure to implement an effective AML program from 2018 through 2024. Six years of stale monitoring.

What KRIs would have caught these failures? Alert backlog age. SAR timeliness rate. Monitoring coverage percentage. None of these required sophisticated technology — they required treating the monitoring program as an operational process with measurable health indicators and thresholds that trigger action.

So What?

Fraud KRIs are only useful if they’re accurate. They’re only accurate if the thresholds reflect your current business, not the business you had when you first designed the program.

The operational checklist:

1. Inventory your fraud KRIs. Do you have all five: fraud loss rate (bps), chargeback rate, alert backlog age, false positive rate, SAR timeliness?
2. Check when thresholds were last calibrated. If the answer is “at launch” and volume has grown meaningfully, assume threshold drift until proven otherwise.
3. Add a volume-change trigger. Automate a threshold review whenever transaction volume changes ±25%.
4. Add absolute dollar floors alongside percentage thresholds — the dollar exposure behind a percentage changes as volume changes.
5. Review alert backlog weekly, not monthly. By the time a monthly KRI shows a backlog problem, you’re likely already behind on SAR filing deadlines.

If you need pre-calibrated fraud and payments KRIs with green/amber/red thresholds, data source mapping, and owner definitions ready to apply to your volume tier, the KRI Library (132 Key Risk Indicators) covers the full set — including fraud, BSA/AML, operational, financial, compliance, and vendor risk KRIs — with a 23-page calibration guide and threshold documentation you can show an examiner.

Related reading:

• KRI vs KPI: How to Tell Whether Your Metric Actually Measures Risk
• KRI Thresholds: How to Stop Your Dashboard From Creating False Greens and False Reds
• Key Risk Indicators Examples: 40 KRIs for Operational and Financial Risk Teams