Faster Than the Speed of Fraud: The Ultimate Guide to Real-Time Analytics and Behavioral Modeling
Fraudsters can strike and disappear in seconds, but the latest innovations do more than just collect data faster.
One of the unintended side effects of the digital transformation of banking has been the exponential increase in the number of new avenues of attack due to the “API economy.” Translated, this means applications, services, and data have been democratized and opened up to multiple third parties in order to increase operability, customer value, and, of course, to monetize these same resources. As a result, APIs are the new open ports on firewalls, providing greater access and convenience to cybercriminals.
I have witnessed firsthand the evolving landscape of financial fraud and it has become an AI arms race between bad actors and institutions, with banks urgently needing to increase their use of AI to detect and prevent sophisticated fraud. We’re no longer dealing with isolated incidents but a huge volume of attacks that can be launched across multiple vectors quickly and cheaply. This proliferation of attacks is being fueled by a thriving secondary market on the dark web. There, would-be criminals can easily obtain fraud tool kits (for self-service) and managed fraud services, both of which remove any technical barriers to entry.
Further complicating the picture is the fact that fraud is also a nation state activity. North Korea is a great example of a country resorting to organized fraud and extortion to build up its coffers after being squeezed by sanctions. A U.N. report in 2019 estimated that North Korea had raised $2 billion through cybercrime as a way of circumventing sanctions but since then, “the pace and the ingenuity of North Korea’s online threat” have only accelerated.
I want to explore how real-time analytics and advanced behavioral modeling are setting a new standard in financial security, one that can keep pace with this new reality. Ultimately, we want to accelerate this whole flywheel so the balance of power is tipped back in favor of banking enterprises and consumers.
1. The Evolving Fraud Landscape
In today’s world, where people are constantly context-switching, it’s easy for attackers to grab a slice of their attention. Even the most vigilant individuals, overwhelmed with tasks, can fall prey to phishing and social engineering scams. This vulnerability is exacerbated by the fragmentation of payment systems. Banks, providers, and merchants simply do not have the budget to control risks across myriad payment methods. We are even seeing an increase in check fraud while check usage itself continues to steadily decline.?
Fraud, of course, is being supercharged by AI and improved automation. For would-be criminals, building fraud weapons and toolkits is now just a “drag and drop” exercise. Without being bound by AI and privacy regulations, they are moving fast to adopt AI tools and techniques. For example, in addition to traditional phishing tactics, malicious actors increasingly employ AI-powered voice and video cloning techniques to impersonate trusted individuals, such as family members, co-workers, or business partners.
In this arms race, fraudsters are using a seemingly infinite army of bots at the frontline of attack networks, providing the means to trick a lot of detection software reliant on a limited number of identifiers such as MAC address, etc. Companies such as Forter, Riskified, DataDome all operate in this space, specializing in advanced bot detection and mitigation.
As we can see below, fraud is only growing in cost and sophistication:
1. By the Numbers: Financial fraud is a trillion-dollar issue. The UN estimates that money laundering alone accounts for 2-5% of global GDP annually.?
2. Sophistication of Attacks: Fraudsters are employing advanced technologies to create more complex and harder-to-detect schemes.
3. Speed of Transactions: They can strike and disappear in seconds, making traditional detection methods obsolete.
4. Diverse Attack Vectors: From account takeovers to synthetic identities, the types of fraud are multiplying, challenging traditional siloed detection approaches.
5. Synergy of Malware and Fraud: For an example of this, look at the spate of ATOs in travel. An initial malware (“infostealer”) attack allows the criminal entry to the value chain, where they can perpetrate multiple scams and frauds. In other words, they can easily pose as the customer, then the OTA, and then the merchant, etc. across a multi-stage attack. This is known as “imposter fraud.” Case Study: Telegram Scam Bots A recent real-world demonstration showed the alarming potential of AI to impersonate a customer service rep and gain access to customer accounts. Watch this video to see how a Telegram scam bot allows cybercriminals to exploit phone calls for harvesting victim data. They simply initiate a call through the bot and specify the type of information a customer service rep would typically request from a victim. With alarming ease, these tools can then extract one-time passwords, PIN codes, CVVs for credit cards, and even social security numbers with just a click of a button.?
The 360-Degree Threat: Attacks from Every Direction
The increased volume and speed of attacks are also magnifying a longstanding challenge in fraud detection: the “reject rate” of legitimate transactions incorrectly flagged as fraudulent. This is happening at the same time that it’s becoming harder for people to stay vigilant. They might not fall for the first scam attempt, but after seeing similar messages multiple times, people often let their guard down. That is how sophisticated attacks work — they are persistent and come at the customer from multiple angles, with new stratagems appearing all the time. For instance, attackers are now crafting bespoke scams and social engineering campaigns online using AI. Literally seconds after a major event (or disaster), Go Fund Me scams are spun up in a very convincing manner. This is a technique where attackers inject themselves into an evolving or established event and then craft personalized narratives to attract donations — and it happens at the speed of AI. Unfortunately, this tactic has proven very effective, tricking people who otherwise would not have fallen for the scam.
2. The Limitations of Traditional Fraud Detection
The use of artificial intelligence and cloud computing to automate attacks on a massive scale has exposed the limitations of traditional fraud detection systems. These older systems were built assuming predictable patterns of fraud. They relied on fixed rules — reviewing transactions for anomalous patterns or suspicious activity at set intervals, like once a day or once an hour. But they were not designed to handle fraud happening continuously and at high speed.
By assuming a certain order and finite number of checks, traditional security systems are vulnerable to modern attacks at scale. False positives are an issue because rule-based systems cannot model the complex behaviors exhibited in real-world attacks. For example, phishing emails, combined with fake websites and social engineering phone calls, can all form part of a coordinated attack. Typically, 90% of all transactions flagged by legacy systems are legitimate transactions. Meanwhile, false alarms end up draining resources,? increasing operational costs, and hurting customer confidence. As the founder of PYMNTS.com, Karen Webster, points out, the diversification of payment methods — from mobile wallets to cryptocurrencies — has created a complex ecosystem ripe for exploitation. Banks struggle to keep pace, with each new channel requiring unique fraud prevention measures. This fragmentation creates blind spots for fraudsters to target and leaves institutions in a constant game of catch-up.
Among the other costs and limitations of traditional systems: 1. Rule-Based Systems are reactive and struggle to keep up with new fraud patterns.
2. False positives cost the credit card industry $298 billion in lost fees globally.?
2. Batch Processing at the end of the day allows fraudsters hours of undetected activity.
4. Siloed Approaches where institutions use different systems for different types of fraud prevent a proactive, coordinated defense.
5. Limited Data Utilization means traditional systems miss crucial insights.
3. Real-Time Analytics and Behavioral Modeling
To keep up with the proliferation of threat actors and their avenues of attack, we need to improve the speed at which we collect data (see below), increase the volume of data we can process, and develop more sophisticated methods for analyzing and modeling that data. Splunk’s fraud-detection platform does that by first ingesting a wide variety of data types from multiple sources, including:?
Financial data: Transactions, account balances, credit applications.
Customer data: Profile information, contact details, account history.
Behavioral data: Login patterns, transaction habits, device usage.
Technical data: IP addresses, device fingerprints, geolocation.
External data: Credit bureau information, watchlists, dark web intelligence. Sources include internal systems (e.g., core banking, CRM), customer-facing channels (web, mobile, ATM, POS), and third-party providers (credit bureaus, identity verification services).?
Splunk leverages all of this data to provide a comprehensive, real-time approach that combines machine learning and behavioral analytics. I have seen how this platform is revolutionizing fraud detection across multiple fronts, including account creation fraud, ATO, credit card fraud, and fraudulent applications for financial services or government benefits. Here is how Splunk’s system works to address these specific challenges:
Real-Time Data Ingestion: The platform processes data from all sources in real-time, including transaction data, customer profiles, device information, and external sources.
Advanced Machine Learning: A suite of machine learning models detects anomalies, classifies transactions, identifies fraud rings, and predicts future behavior.
Behavioral Biometrics: The system analyzes user behavior patterns to create unique profiles and detect anomalies in real-time. This is crucial for catching fraudsters who otherwise go under the radar when they create “drop accounts” for check fraud, as seen in the video below.
Network Analysis: Relationships between entities are mapped to identify hidden connections and potential fraud rings.
Real-Time Decisioning: Transactions are scored for fraud risk in milliseconds, with appropriate actions triggered instantly.
Adaptive Feedback Loop: The system continuously improves by incorporating analyst feedback and adjusting to new fraud patterns.
Addresses Specific Fraud Challenges: This includes account takeovers, new account fraud, payment fraud, insider threats, and money laundering.?
4. Overcoming Implementation Challenges
There is still a place for proprietary solutions where companies build unique capabilities that give them a distinct advantage. But in this new world of fraud, you cannot do it alone. Enterprises need to harness the power of the entire industry and the broader network. That’s where platforms like Splunk come in — the more data and insights we collectively gather, the better we all become at detecting and preventing fraud.?
While implementation can be challenging, Splunk is already helping institutions overcome common hurdles across four dimensions:
1. Data Integration
2. Model Tuning and Customization
3. Operational Integration
4. Regulatory Compliance
5. Future Enhancements in Fraud Detection
With the bar being consistently raised for basic expectations in fraud prevention, real-time analytics and behavioral modeling represents the future of fraud detection. From a CTO’s perspective, enterprises need to leverage technology stacks and capabilities, but this investment isn’t just about now — it’s about anticipating future threats and innovations. As we look ahead, Splunk is investing in evolving fraud detection across these categories:
Quantum-Resistant Cryptography: Preparing for quantum computing to ensure unbreakable encryption.
Advanced NLP: Improving fraud detection in text-based communications, including email and chat analysis.
Cross-Institution Collaboration: Developing secure ways for financial institutions to share fraud intelligence without compromising privacy.
IoT and 5G Integration: Incorporating IoT device data and leveraging 5G networks for ultra-low latency fraud detection in mobile transactions.
Explainable AI: Developing AI models that provide clear explanations for fraud decisions and assist analysts in understanding complex patterns.
The fight against financial fraud is not just a technological challenge — it’s a critical component of maintaining trust in our financial system and keeping a strong, healthy global economy. Every dollar saved from fraud is a dollar that can be put back into growth, innovation, and customer value. As the AI arms race continues and the threat landscape evolves, our strategies must evolve with it. That means continuously raising our standards and leveraging technology to stay one step ahead of fraudsters.
Software Engineer
1 周Great insight as always Matt
World traveler, manager of unique short-term rental properties, polyglot, makeup artist, beauty brand ambassador, content creator
2 周Or, you can just say you have NO IDEA how to fight fraud at Payfare, since I was just stolen $450+ off my Dasher Direct “bank” account (powered by Payfare), and your customer support told me I should try calling the merchant about the unauthorized transactions (sh I most, ironically, we’re with Door Dash!! This is all happening while I’m overseas in a country that does not even have a Door Dash service!).? So, riddle me this!? I was told they don’t have access to Apple Pay transactions, don’t have access to the IDs of transactions that happened in their system, don’t know whose Apple Pay was my Dasher Direct card added to because it was not mine, etc… In conclusion, Payfare is NOT A SECURE SERVICE, and if people donate to your GoFundMe, and you make the huge mistake of connecting your GoFundMe with your Payfare, somebody is going to use those donations to order on Door Dash 8 times in one night, spend $250 on SHEIN and $70 on TikTok Shop, all in one night. You will call about it, and they will tell you you need to cancel your card and order a new one, for which they will charge you $4.50, after which you will still have a $128.67 unrecognized transaction on your account, which will take it into OVERDRAFT which isn’t even allowed on this service. So overall, it’s a whole mess. Fraud won here!?
GTM Leader, Non-Profit & Start Up Board Advisor, Sustainability Investor, Music Producer, Board Rider
3 周Great insight here Matt Swann - always learn something valuable!