Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches

Firms are increasingly relying on software to detect fraud in domains such as security, financial services, tax, and auditing. A fundamental problem in using detection software for fraud detection is achieving the optimal balance between the detection and false-positive rates. Many firms use decision theory to address the configuration problem. Decision theory is based on the presumption that the firm's actions do not influence the behavior of fraudsters. Game theory recognizes the fact that fraudsters do modify their strategies in response to firms' actions. In this paper, we compare decision and game theory approaches to the detection software configuration problem when firms are faced with strategic users. We find that under most circumstances firms incur lower costs when they use the game theory as opposed to the decision theory because the decision theory approach frequently either over- or underconfigures the detection software. However, firms incur the same or lower cost under the decision theory approach compared with the game theory approach in a simultaneous-move game if configurations under decision theory and game theory are sufficiently close. A limitation of the game theory approach is that it requires user-specific utility parameters, which are difficult to estimate. Decision theory, in contrast to game theory, requires the fraud probability estimate, which is more easily obtained.