Has anyone compiled a shareable rule set for corporate P-Card fraud indicators beyond Benford? I’m tuning a Python/pandas workflow against SAP Concur exports to flag split transactions, MCC outliers, weekend swipes, and approval lags over 36 hours, and would value a lean reference or whitepaper to benchmark thresholds and false-positive rates?
I’d add peer‑group z‑scores by department/title/region so MCC outliers are graded on a curve, and set a rule like: ‘same card + same merchant + <30 min gap + amounts within 10% => split candidate’. For benchmarks, I’ve seen audit teams target 5–12% false positives after calibrating on about 90 days of clean spend, then tighten until manual‑review precision clears about 60%. Do you have labeled exceptions or approver comments you can use as positives to tune the pandas thresholds?
Try a geodistance rule: merchant city/ZIP >100 miles from the cardholder’s base (or outside the trip itinerary) plus two+ swipes in 24h → escalate — it’s a low‑tech geofence that snags card sharing and ghost merchants. Caveat: calibrate by role and exclude travel MCCs to keep FPs in check. Do you have home/office ZIP and itinerary fields in your Concur export, @eblack2023?
One rule that consistently pops fraud for me: flag ‘just-under-limit bursts’ — ≥3 transactions by the same card within 72 hours at 90–99% of that card’s single-swipe limit, especially when combined with an approval lag >36h. Pair it with simple merchant-name normalization (strip punctuation/case) to catch splits that dodge your current detector. Do you have per‑card limit fields in the Concur export, or are you joining to policy tables?