False positives and fuzzy matching in name screening

Anyone who has run name screening at scale knows the central frustration: the system flags far more than it should. Most "hits" turn out to be the wrong person entirely. These false positives are not a bug to be eliminated so much as a fundamental property of matching messy human names against lists — and managing them well is what separates useful screening from box-ticking.

1Why a name match is hard

Matching a name to a watchlist sounds trivial. It is not, for several stubborn reasons.

Common names. "Mohammed Ali", "Maria Garcia", "John Smith", "Wei Chen" — names shared by millions of people will match list entries that have nothing to do with your customer. The more common the name, the more noise.

Transliteration. Names originally written in Arabic, Cyrillic, Chinese and other scripts can be rendered into the Latin alphabet many different ways. "Muhammad", "Mohammed", "Mohamad", "Muhammed" are the same name; "Gaddafi", "Qaddafi", "Kadafi" likewise. A screen that only matches exact spelling will miss real targets — so screens deliberately cast wider, which generates more false positives.

Spelling, order and form. Typos, missing middle names, surname-first conventions, maiden vs married names, abbreviations and nicknames all break exact matching.

2What fuzzy matching does

To catch real targets despite all that variation, screening uses fuzzy matching — algorithms that score how similar two names are rather than demanding they be identical. Common techniques include:

• Edit distance (e.g. Levenshtein) — how many single-character changes turn one string into another.
• Phonetic matching (e.g. Soundex, Metaphone) — matching names that sound alike.
• Token-based methods — comparing the component parts of a name regardless of order.

Fuzzy matching has a built-in trade-off. Loosen the threshold and you catch more genuine targets but drown in false positives. Tighten it and you cut the noise but risk missing a real match — including, potentially, a sanctions target, where a miss is far more serious than a false alarm. There is no setting that gives you only true matches and nothing else.

3Disambiguation: turning hits into decisions

Because the raw match rate is high, the real work is disambiguation — deciding which hits actually refer to your subject. This is where secondary identifiers earn their keep:

• Date of birth (or year) — often the single most powerful discriminator.
• Nationality and country of residence or operation.
• Role, employer, or known associations.
• Identifiers such as passport or company numbers, where available.

A "Mohammed Ali" born in 1942 in one country is plainly not the "Mohammed Ali" born in 1980 in another. Good screening uses every available data point to separate the one relevant hit from the dozens of irrelevant ones — and records why a hit was dismissed.

4What good practice looks like

Effective handling of false positives:

• Tunes thresholds to risk — tighter where false negatives are catastrophic (sanctions), more generous where the cost of a miss is lower.
• Uses secondary identifiers systematically, not ad hoc.
• Documents the decision — a discounted hit should leave a record of who reviewed it and why, so an auditor can follow the reasoning.
• Distinguishes the three checks. A false positive on sanctions is treated more conservatively than one on adverse media; the consequences of getting each wrong differ.
• Measures quality, not volume. The metric that matters is how accurately the screen separates relevant from irrelevant — not how many hits it returns.

5The cost of getting it wrong

Both failure modes have real cost. Too many false positives overwhelm reviewers, slow down legitimate customers, and — through alert fatigue — risk a real hit being waved through in the noise. A false negative on a sanctions target can mean an actual breach, with strict-liability consequences. The discipline is to minimise noise without lowering the wall where it matters most.

6Where Probitas fits

Probitas treats disambiguation as the core of the job, not an afterthought. A screen uses the identifiers it has — name variants, date of birth, country, role and corporate links — to separate the relevant from the coincidental, and it shows the basis for each finding rather than handing back a raw count of matches. The aim is signal you can act on, with the evidence attached. As ever, the final call on a borderline match is yours to make and to record.