Features for Identifying Anomalies in Financial Transactions

Identifying anomalies in financial transaction data is at the top priority for the digital payment platforms. This is the key driver of their business. Credit/debit card transactions, cheque transactions, peer-to-peer money transfer, purchase of goods from merchant’s websites, conversion of one currency to another, bank transfers, all require accurate, fast anomaly detection to conduct business safely and protect merchants and customers from devastating losses.

If we figure out anomalies in the above-mentioned transactions, possibly we can detect the fraud and AI based anomaly detection systems can be helpful to detect anomalies beforehand by finding the patterns which can be-- outliers, exceptions, peculiarities that deviate from expected behaviour within datasets. Fraud detection uses anomaly detection to uncover behaviour intended to mislead or misrepresent an actor. The goal of anomaly detection system is to identify bad actors (humans or programs), fraudulent transactions, or network intrusions and take actions based on such identification which can be alerting fraud investigation team, freezing, or suspending accounts, devices, or cards.

Why AI can provide the best solution to the problem

• Seeing the nature of the problem where bad actors or fraudsters are constantly trying to produce transactions that don’t look like an outlier. Hence, a system that constantly learns and adapts is required which can be designed using AI techniques.
• Customers & merchants globally keep changing the face of financial transactions and banking by dynamic spending trends. It changes the datasets over time and a system that can adapt to its users is needed.
• Financial transactions are highly time sensitive, business and customers can’t afford to wait, any delay in the transaction can have huge consequences. An attempt to predict anomalies is risky but can help guide timely decision-making hence, highly fast & accurate machine learning models need to be developed.

Types of anomalies

• Point anomalies: these are simply single, anomalous instances within a single larger dataset. The transaction can be as rare as a person send $1 trillion to someone which is very hard to trust because even lot big conglomerates don’t make this much in a year.
• Contextual anomalies: there are the points which are considered anomalous but in a certain context. For example, a person spending $10,000 a month on a credit card would look normal but when limit of his credit card is set to $5,000 a month in such scenario this transaction looks anomalous. Consider the amount that can be transferred to a newly added beneficiary within first 24 hours, if anything goes off limits it becomes anomalous and should raise eyebrows.
• Collective anomalies: when multiple related datasets or parts of the same dataset taken together are anomalous with respect to the entire dataset. For example, data points generated by a person who uses a credit card to spend on a hotel services in Las Vegas matches the credit card details used in a Lido show in Paris to buy some champagne at the same time, this surely looks anomalous. These two transactions separately are legitimate but when all the datasets are considered together this signals an issue.

Vintage style of fraud detection

Earlier systems used for fraud detection were rule based. They pose few challenges.

• Using rule-based approach may result into lot of false positives which may result into blocking of legitimate transactions and genuine customers. For example, a high-value order or orders from high-risk locations are more likely to be fraudulent.
• Rules are based on absolute yes/no answers. Threshold of faulty behaviours may change over time—if the price changes, the average order value can go up, which means the norm may change and rules become invalid.
• It is hard to scale rule-based approach. Fraudsters are evolving every day, they find smarter and faster means to steal customer data and impersonate genuine customer comparatively rule-based systems are slow, appending rules every time fraud evolves puts heavy maintenance burden on the fraud analyst and platform development team.

Input data for modelling can be grouped into below categories

• Identity

Customer’s email address, age of his account, number of devices customer has used in the past, fraud rate of customer’s IP address, billing address, average spending.

• Orders

Average order value, no. of failed transactions, no. of orders placed in past few weeks, basket content.

• Payment

Mode of payment, fraud rate of issuing bank, similarity b/w customer name and billing name, cards from other countries.

• Locations

Shipping address matches the billing address, shipping country matches country of customer’s IP address, fraud rate at customer’s location, time b/w transactions of two retail locations in the past 1 or 2 weeks, number of retails locations per day.

• Network

No. of emails, phone numbers or payment methods shared within a network, age of customer’s network. These features focus on network topology to detect any fraud. For example, an account is being shared within the family in a same house v/s account takeover where 100s of accounts use the same few devices.

• Session

Velocity of orders, time spend on a page, length of time b/w adding a new card and making an order. This tells about customer’s behaviour, if he is pasting card number into the checkout, if he is using a password vault.

• Real-time traffic

Collect real time rate of fraud by categories like, region, country, ASN card digits, email domain. The real-time traffic monitoring helps merchants to expand their businesses into new markets.

During the modelling whether we choose to go with logistic regression, decision tree, random forest, or neural networks the set of input parameter will look like as mentioned above. There can be some additions to the above list but mostly fall under these broad 7 categories.

?

?

?

?