Understanding Risk Scores

A comprehensive guide to interpreting Trutina risk scores, flag categories, severity levels, and recommended actions. Written for credit analysts and compliance officers.

Risk Score Overview

Scores range from 0 to 100, where 0 is lowest risk and 100 is highest risk.
The composite score is derived from 5 detection categories, each with its own maximum point cap.
Each flag has a severity and weight that contribute to the category total.
Scores are deterministic — the same inputs always produce the same score.

Score Thresholds

0 – 19

20 – 44

45 – 69

70 – 100

Low Risk

Medium Risk

High Risk

Critical Risk

0 – 19Low Risk

Action: Approve

Documents appear genuine. May have minor informational flags that do not indicate fraud.

Common reasons

–Minor metadata quirks (e.g., unusual PDF producer but consistent content)
–Salary marginally above median but within 75th percentile

20 – 44Medium Risk

Action: Manual Review

Some anomalies detected that warrant human verification. Most turn out benign but should be documented.

Common reasons

–Salary above ABS benchmarks for stated occupation
–Minor metadata quirks (e.g., mismatched creation/modification dates)
–Super rate slightly outside 10–14% tolerance

45 – 69High Risk

Action: Manual Review (Priority)

Significant issues detected. Multiple flags across categories suggest the document may not be genuine.

Common reasons

–Employer ABN registered to a different entity name
–Mathematical inconsistencies (gross − tax ≠ net)
–Suspicious PDF metadata (browser-created, excessive fonts)
–UK/US terminology in an Australian payslip

70 – 100Critical Risk

Action: Reject

Strong indicators of fraud or fabrication. Multiple critical flags across categories. Recommend escalation to fraud investigation.

Common reasons

–AI-generated content detected with high confidence
–Gross − tax ≠ net (mathematical impossibility)
–ABN does not exist or is cancelled
–PDF created in browser, not payroll software
–Network clustering with known fraudulent broker submissions

Flag Categories

Each flag category has a maximum point cap. Flags within a category are summed (weighted by severity) up to the cap. The total risk score is the sum of all category scores, capped at 100.

PDF Forensics

max 25 pts

What it checks

•PDF producer/creator metadata (e.g., "Chrome" vs "Xero Payroll")
•Creation and modification timestamps (future dates, identical timestamps)
•Font variety (>3 fonts suggests copy-paste editing)
•Text-in-image detection (text rendered as images to avoid extraction)

Common flags

SUSPICIOUS_PRODUCERPDF not created by known payroll software (Xero, MYOB, KeyPay, Employment Hero, Sage)

FUTURE_TIMESTAMPCreation or modification date is in the future

EXCESSIVE_FONTSMore than 3 font families detected — common in manually assembled documents

TEXT_AS_IMAGEText rendered as raster image to prevent content extraction

Known clean producers: Xero, MYOB, KeyPay, Employment Hero, Sage, ADP, Definitiv

AI Content Detection

max 35 pts

What it checks

•Semantic analysis for AI-generation patterns and phrasing
•Terminology anomalies (UK/US terms in Australian documents)
•Field inconsistencies (generic values, placeholder-like data)
•Overall document authenticity evaluation

Common flags

AI_GENERATED_HIGHClaude confidence >90% that document text was AI-generated

UK_TERMINOLOGY"Basic Salary" instead of "Ordinary Earnings", "National Insurance" instead of super

GENERIC_SUPER_FUNDSuper fund name is generic or does not match known APRA-registered funds

PLACEHOLDER_VALUESRound numbers, sequential identifiers, or template-like field values

How it works: Claude Sonnet reads the full extracted document text and evaluates authenticity against Australian payroll conventions, industry terminology, and AI-generation patterns.

Math & Date Consistency

max 30 pts

What it checks

•Payslip: Gross − Tax = Net (within ±$1 rounding tolerance)
•Super = ~11.5% of ordinary earnings (SGC rate, ±2% tolerance → 10–14%)
•YTD figures consistent with pay periods elapsed since 1 July
•Bank statement: Opening balance + Credits − Debits = Closing balance
•Date sequencing (no impossible or future dates)

Common flags

PAYSLIP_MATH_ERRORGross minus tax does not equal net pay (outside ±$1 tolerance)

SUPER_RATE_WRONGSuperannuation rate falls outside 10–14% of ordinary earnings

YTD_INCONSISTENTYear-to-date figures do not align with the number of pay periods since 1 July

BALANCE_MISMATCHBank statement opening + credits − debits ≠ closing balance

Tolerance: Super rate: ±2% (10–14% acceptable). Net pay: ±$1 rounding. YTD: ±5% cumulative tolerance.

Cross-Reference Verification

max 20 pts

What it checks

•ABN exists and is active via ABN Lookup API
•Employer name fuzzy-matches the registered ABN entity name
•BSB exists in the RBA BSB directory
•Salary compared against ABS average weekly earnings for stated occupation

Common flags

ABN_NOT_FOUNDABN does not exist in the ABR

ABN_CANCELLEDABN exists but has been cancelled

ABN_NAME_MISMATCHEmployer name on document does not match ABN-registered entity

UNKNOWN_BSBBSB number not found in the RBA directory

SALARY_ABOVE_90TH_PERCENTILEStated salary exceeds the 90th percentile for the occupation/industry

Data sources: api.abn.business.gov.au (free, live), RBA BSB directory, ABS average weekly earnings (Cat. 6302.0)

Broker Risk Profiling

max 15 pts

What it checks

•Submission velocity (>5 applications in 7 days)
•Fraud flag rate (>20% of submissions flagged high/critical)
•Network clustering (shared employer ABN, address, or phone across submissions)

Common flags

HIGH_VELOCITYBroker submitted more than 5 applications within a 7-day window

HIGH_FRAUD_RATEMore than 20% of this broker's submissions have been flagged high or critical risk

NETWORK_CLUSTER_DETECTEDMultiple submissions share the same employer ABN, address, or phone number

Note: Broker scores are cumulative and update across all their submissions. A new submission by the same broker re-evaluates their entire history.

Severity Levels

Each flag is assigned a severity level that determines its weight in the score calculation. Higher severity flags contribute more points.

Critical×1.0

Strong fraud indicator. Requires immediate attention and investigation.

High×0.7

Significant anomaly. Likely requires investigation before proceeding.

Medium×0.4

Noteworthy finding. May be benign but is documented for review.

Low×0.15

Informational only. Unlikely to indicate fraud on its own.

Score Calculation Formula

Category score

category_score = min(category_cap, sum(flag_weight × severity_multiplier))

Total score

total_score = min(100, sum(all_category_scores))

Category caps

PDF Forensics: 25AI Content Detection: 35Math & Date Consistency: 30Cross-Reference Verification: 20Broker Risk Profiling: 15

Total possible: 25 + 35 + 30 + 20 + 15 = 125, capped at 100

Reading the Report Narrative

Every analysis includes a plain-English summary written for bank credit officers and compliance teams.
The narrative references specific evidence from the documents (e.g., “ABN 12345678901 is registered to ‘Smith Holdings Pty Ltd’, not ‘Acme Corp’ as stated on the payslip”).
Reports are suitable for inclusion in APRA/ASIC documentation and audit trails.
Each flag in the report is expandable, showing the raw field values, expected values, and the confidence level of the detection.

Example: Low Risk (Score 12)

Low Risk

Recommended: Approve

Summary narrative

The application from Sarah Mitchell (Loan: $620,000) includes 2 payslips from “Melbourne Consulting Group Pty Ltd” and 3 months of bank statements from ANZ. All documents appear genuine.

ABN 51 824 753 186 is active and registered to “Melbourne Consulting Group Pty Ltd” (exact match). BSB 013-442 (ANZ Melbourne) is valid. Gross ($8,200) minus tax ($2,050) equals net ($6,150) — correct. Super at $943 represents 11.5% of gross — matches current SGC rate. YTD figures align with 4 fortnightly pay periods since 1 July.

One informational flag: salary is above the 75th percentile for “Management Consultants” (ABS Cat. 6302.0) but within normal range for senior roles.

Flags (1)

LOWSALARY_ABOVE_75TH_PERCENTILECross-Reference · +2 pts

Example: Critical Risk (Score 82)

Critical Risk

Recommended: Reject

Summary narrative

The application from James Parker (Loan: $1,200,000) contains 2 payslips from “Acme Corp” and 3 months of bank statements. Multiple critical issues detected across 4 of 5 categories.

PDF Forensics: Both payslips were created in “Google Chrome” (not payroll software). 5 different font families detected. Creation timestamp is identical to modification timestamp (no editing history).

AI Content Detection: Claude confidence 94% that payslip text is AI-generated. Uses “Basic Salary” (UK terminology) instead of “Ordinary Earnings”. Super fund listed as “Australian Super Fund” (generic, not an APRA-registered entity name).

Math Errors: Payslip shows Gross $12,500, Tax $3,125, Net $9,575 — actual net should be $9,375 (discrepancy of $200). Super at $1,000 represents 8.0% of gross (below SGC minimum of 11.5%).

Cross-Reference: ABN 98 765 432 100 is registered to “Acme Trading Holdings Pty Ltd”, not “Acme Corp” as stated. Salary of $325,000 p.a. exceeds the 99th percentile for the stated occupation “Administrative Assistant”.

Flags (9)

CRITICALAI_GENERATED_HIGHAI Detection · +35 pts

CRITICALPAYSLIP_MATH_ERRORMath & Dates · +12 pts

HIGHSUSPICIOUS_PRODUCERPDF Forensics · +8 pts

HIGHSUPER_RATE_WRONGMath & Dates · +7 pts

HIGHABN_NAME_MISMATCHCross-Reference · +7 pts

MEDIUMEXCESSIVE_FONTSPDF Forensics · +4 pts

MEDIUMUK_TERMINOLOGYAI Detection · +4 pts

MEDIUMSALARY_ABOVE_90TH_PERCENTILECross-Reference · +3 pts

LOWGENERIC_SUPER_FUNDAI Detection · +2 pts

This page is print-friendly. Use Ctrl+P (or Cmd+P) to save as PDF.