← Back to Docs

Understanding Risk Scores

A comprehensive guide to interpreting Trutina risk scores, flag categories, severity levels, and recommended actions. Written for credit analysts and compliance officers.

Risk Score Overview

  • Scores range from 0 to 100, where 0 is lowest risk and 100 is highest risk.
  • The composite score is derived from 5 detection categories, each with its own maximum point cap.
  • Each flag has a severity and weight that contribute to the category total.
  • Scores are deterministic — the same inputs always produce the same score.

Score Thresholds

0 – 19
20 – 44
45 – 69
70 – 100
Low Risk
Medium Risk
High Risk
Critical Risk
0 – 19Low Risk
Action: Approve

Documents appear genuine. May have minor informational flags that do not indicate fraud.

Common reasons
  • Minor metadata quirks (e.g., unusual PDF producer but consistent content)
  • Salary marginally above median but within 75th percentile
20 – 44Medium Risk
Action: Manual Review

Some anomalies detected that warrant human verification. Most turn out benign but should be documented.

Common reasons
  • Salary above ABS benchmarks for stated occupation
  • Minor metadata quirks (e.g., mismatched creation/modification dates)
  • Super rate slightly outside 10–14% tolerance
45 – 69High Risk
Action: Manual Review (Priority)

Significant issues detected. Multiple flags across categories suggest the document may not be genuine.

Common reasons
  • Employer ABN registered to a different entity name
  • Mathematical inconsistencies (gross − tax ≠ net)
  • Suspicious PDF metadata (browser-created, excessive fonts)
  • UK/US terminology in an Australian payslip
70 – 100Critical Risk
Action: Reject

Strong indicators of fraud or fabrication. Multiple critical flags across categories. Recommend escalation to fraud investigation.

Common reasons
  • AI-generated content detected with high confidence
  • Gross − tax ≠ net (mathematical impossibility)
  • ABN does not exist or is cancelled
  • PDF created in browser, not payroll software
  • Network clustering with known fraudulent broker submissions

Flag Categories

Each flag category has a maximum point cap. Flags within a category are summed (weighted by severity) up to the cap. The total risk score is the sum of all category scores, capped at 100.

1

PDF Forensics

max 25 pts
What it checks
  • PDF producer/creator metadata (e.g., "Chrome" vs "Xero Payroll")
  • Creation and modification timestamps (future dates, identical timestamps)
  • Font variety (>3 fonts suggests copy-paste editing)
  • Text-in-image detection (text rendered as images to avoid extraction)
Common flags
SUSPICIOUS_PRODUCERPDF not created by known payroll software (Xero, MYOB, KeyPay, Employment Hero, Sage)
FUTURE_TIMESTAMPCreation or modification date is in the future
EXCESSIVE_FONTSMore than 3 font families detected — common in manually assembled documents
TEXT_AS_IMAGEText rendered as raster image to prevent content extraction
Known clean producers: Xero, MYOB, KeyPay, Employment Hero, Sage, ADP, Definitiv
2

AI Content Detection

max 35 pts
What it checks
  • Semantic analysis for AI-generation patterns and phrasing
  • Terminology anomalies (UK/US terms in Australian documents)
  • Field inconsistencies (generic values, placeholder-like data)
  • Overall document authenticity evaluation
Common flags
AI_GENERATED_HIGHClaude confidence >90% that document text was AI-generated
UK_TERMINOLOGY"Basic Salary" instead of "Ordinary Earnings", "National Insurance" instead of super
GENERIC_SUPER_FUNDSuper fund name is generic or does not match known APRA-registered funds
PLACEHOLDER_VALUESRound numbers, sequential identifiers, or template-like field values
How it works: Claude Sonnet reads the full extracted document text and evaluates authenticity against Australian payroll conventions, industry terminology, and AI-generation patterns.
3

Math & Date Consistency

max 30 pts
What it checks
  • Payslip: Gross − Tax = Net (within ±$1 rounding tolerance)
  • Super = ~11.5% of ordinary earnings (SGC rate, ±2% tolerance → 10–14%)
  • YTD figures consistent with pay periods elapsed since 1 July
  • Bank statement: Opening balance + Credits − Debits = Closing balance
  • Date sequencing (no impossible or future dates)
Common flags
PAYSLIP_MATH_ERRORGross minus tax does not equal net pay (outside ±$1 tolerance)
SUPER_RATE_WRONGSuperannuation rate falls outside 10–14% of ordinary earnings
YTD_INCONSISTENTYear-to-date figures do not align with the number of pay periods since 1 July
BALANCE_MISMATCHBank statement opening + credits − debits ≠ closing balance
Tolerance: Super rate: ±2% (10–14% acceptable). Net pay: ±$1 rounding. YTD: ±5% cumulative tolerance.
4

Cross-Reference Verification

max 20 pts
What it checks
  • ABN exists and is active via ABN Lookup API
  • Employer name fuzzy-matches the registered ABN entity name
  • BSB exists in the RBA BSB directory
  • Salary compared against ABS average weekly earnings for stated occupation
Common flags
ABN_NOT_FOUNDABN does not exist in the ABR
ABN_CANCELLEDABN exists but has been cancelled
ABN_NAME_MISMATCHEmployer name on document does not match ABN-registered entity
UNKNOWN_BSBBSB number not found in the RBA directory
SALARY_ABOVE_90TH_PERCENTILEStated salary exceeds the 90th percentile for the occupation/industry
Data sources: api.abn.business.gov.au (free, live), RBA BSB directory, ABS average weekly earnings (Cat. 6302.0)
5

Broker Risk Profiling

max 15 pts
What it checks
  • Submission velocity (>5 applications in 7 days)
  • Fraud flag rate (>20% of submissions flagged high/critical)
  • Network clustering (shared employer ABN, address, or phone across submissions)
Common flags
HIGH_VELOCITYBroker submitted more than 5 applications within a 7-day window
HIGH_FRAUD_RATEMore than 20% of this broker's submissions have been flagged high or critical risk
NETWORK_CLUSTER_DETECTEDMultiple submissions share the same employer ABN, address, or phone number
Note: Broker scores are cumulative and update across all their submissions. A new submission by the same broker re-evaluates their entire history.

Severity Levels

Each flag is assigned a severity level that determines its weight in the score calculation. Higher severity flags contribute more points.

Critical×1.0

Strong fraud indicator. Requires immediate attention and investigation.

High×0.7

Significant anomaly. Likely requires investigation before proceeding.

Medium×0.4

Noteworthy finding. May be benign but is documented for review.

Low×0.15

Informational only. Unlikely to indicate fraud on its own.

Score Calculation Formula

Category score
category_score = min(category_cap, sum(flag_weight × severity_multiplier))
Total score
total_score = min(100, sum(all_category_scores))
Category caps
PDF Forensics: 25AI Content Detection: 35Math & Date Consistency: 30Cross-Reference Verification: 20Broker Risk Profiling: 15
Total possible: 25 + 35 + 30 + 20 + 15 = 125, capped at 100

Reading the Report Narrative

  • Every analysis includes a plain-English summary written for bank credit officers and compliance teams.
  • The narrative references specific evidence from the documents (e.g., “ABN 12345678901 is registered to ‘Smith Holdings Pty Ltd’, not ‘Acme Corp’ as stated on the payslip”).
  • Reports are suitable for inclusion in APRA/ASIC documentation and audit trails.
  • Each flag in the report is expandable, showing the raw field values, expected values, and the confidence level of the detection.

Example: Low Risk (Score 12)

12
Low Risk
Recommended: Approve
Summary narrative
The application from Sarah Mitchell (Loan: $620,000) includes 2 payslips from “Melbourne Consulting Group Pty Ltd” and 3 months of bank statements from ANZ. All documents appear genuine.

ABN 51 824 753 186 is active and registered to “Melbourne Consulting Group Pty Ltd” (exact match). BSB 013-442 (ANZ Melbourne) is valid. Gross ($8,200) minus tax ($2,050) equals net ($6,150) — correct. Super at $943 represents 11.5% of gross — matches current SGC rate. YTD figures align with 4 fortnightly pay periods since 1 July.

One informational flag: salary is above the 75th percentile for “Management Consultants” (ABS Cat. 6302.0) but within normal range for senior roles.
Flags (1)
LOWSALARY_ABOVE_75TH_PERCENTILECross-Reference · +2 pts

Example: Critical Risk (Score 82)

82
Critical Risk
Recommended: Reject
Summary narrative
The application from James Parker (Loan: $1,200,000) contains 2 payslips from “Acme Corp” and 3 months of bank statements. Multiple critical issues detected across 4 of 5 categories.

PDF Forensics: Both payslips were created in “Google Chrome” (not payroll software). 5 different font families detected. Creation timestamp is identical to modification timestamp (no editing history).

AI Content Detection: Claude confidence 94% that payslip text is AI-generated. Uses “Basic Salary” (UK terminology) instead of “Ordinary Earnings”. Super fund listed as “Australian Super Fund” (generic, not an APRA-registered entity name).

Math Errors: Payslip shows Gross $12,500, Tax $3,125, Net $9,575 — actual net should be $9,375 (discrepancy of $200). Super at $1,000 represents 8.0% of gross (below SGC minimum of 11.5%).

Cross-Reference: ABN 98 765 432 100 is registered to “Acme Trading Holdings Pty Ltd”, not “Acme Corp” as stated. Salary of $325,000 p.a. exceeds the 99th percentile for the stated occupation “Administrative Assistant”.
Flags (9)
CRITICALAI_GENERATED_HIGHAI Detection · +35 pts
CRITICALPAYSLIP_MATH_ERRORMath & Dates · +12 pts
HIGHSUSPICIOUS_PRODUCERPDF Forensics · +8 pts
HIGHSUPER_RATE_WRONGMath & Dates · +7 pts
HIGHABN_NAME_MISMATCHCross-Reference · +7 pts
MEDIUMEXCESSIVE_FONTSPDF Forensics · +4 pts
MEDIUMUK_TERMINOLOGYAI Detection · +4 pts
MEDIUMSALARY_ABOVE_90TH_PERCENTILECross-Reference · +3 pts
LOWGENERIC_SUPER_FUNDAI Detection · +2 pts
This page is print-friendly. Use Ctrl+P (or Cmd+P) to save as PDF.