FRAUD ANALYTICS

What is fraud analytics?

Organizations face two types of fraud threats, internal (committed by employees, managers, owners, etc.) and external (committed by customers, vendors and other parties). Fraud analytics involves collecting and analyzing large sets of data to detect and prevent fraud. Collected data is mined for patterns and irregularities that are translated into insights used by organizations to identify false transactions, find instances of money laundering, assign fraud risk scores, detect asset misuse, data leakage, privacy issues and more.

Fraud analytics can be used in conjunction with artificial intelligence (AI) to develop effective fraud prevention and fraud detection strategies.

There are a number of different fraud analytic techniques, including:

• Predictive:?By analyzing patterns, predictions on future activity or risk of fraud can be made.
• Pattern recognition:?Identifying activity that strays from the norm can be used to identify fraud.
• Investigative:?The examination of confirmed fraud cases can identify relationships between data and users, helping to detect potentially fraudulent behavior and uncovering cooperation between bad actors.

Benefits of fraud analytics

Users expect brands to provide environments where online transactions can be completed in a safe and secure manner. Additionally, it is imperative to an organization’s bottom line, culture and reputation that instances of illicit activity are addressed. Fraud analytics can be used across various industries to build fraud detection and prevention strategies to make this possible. Other benefits include:

• Uncovering hidden patterns:?Together with AI, fraud analytics can be used to uncover new patterns and trends that traditional efforts were unable to identify.
• Increased business intelligence (BI):?Fraud analytics provide insights from all aspects of a business so that leaders can make informed decisions on how effective a fraud detection strategy is, or what gaps may exist.
• Increases efficiency:?Manually investigating and prosecuting fraud claims can be time-consuming. Machine learning algorithms can analyze hundreds of thousands of transactions per second, with neural networks taking this capability a step further by making decisions in real-time. These technologies are successful in culling the high number of flagged transactions that occur, and providing a concise list of those that require further investigation by a human counterpart.
• Increases accuracy:?Fraud detection technology ensures agents are armed with the proper information and tools to correctly identify fraudulent activity. Augmented intelligence — where machines and humans work together in tandem — streamlines and ensures the accuracy of the fraud detection process.

Financial crime use cases

• Account Takeover: ATO is when a fraudster uses stolen credentials to access an existing online account, for example at a bank or merchant.
• Sim Swapping: This is a form of ATO where the fraudster uses a victim’s personal information, stolen from a data breach or gleaned from other information sources such as social media, to convince the mobile company to port the victim’s phone number to the fraudster’s mobile phone.
• Phishing: A phishing attack is when the fraudster impersonates a legitimate website in an email or text to get the victim ultimately to divulge personal information or transfer funds.
• Malware: Fraudsters use various methods, phishing for example, to trick the victim into loading malicious software onto their device to log keystrokes, corrupt data, or render the device unusable unless a ransom is paid.
• Card Not Present (CNP): In CNP fraud the fraudster uses a stolen credit card account to make a transaction where the physical card is not required, for example an online purchase from an ecommerce site. As with other forms of fraud, credit card fraud is on the rise.
• Man in the Middle Attack: A MitM attack occurs when a fraudster intercepts communication between an online service and the customer for the purpose of stealing information or hijacking the online session.

Fraud analytics is key to financial fraud risk management

The bad news is that online fraud is constantly evolving. As banks put remediation measures in place, new threats appear. Traditional, static rules-based fraud prevention systems can’t keep pace. The good news is that there is a wealth of data available to financial organizations that can be used to predict and detect financial fraud and adapt to new threats.

Collecting a username and password at login is no longer sufficient to guard against fraudulent activity. When someone accesses, or attempts to access, an account there is other data that can be used to determine whether or not this is a legitimate customer and whether or not the transaction requested is legitimate. This includes data like:

• What device are they using?
• Has this device been previously registered with the bank?
• Can they verify their identity with a fingerprint?
• Does the transaction being requested fit their historical patterns?

In an authentication sense, this data can be broken out into four categories:

• Knowledge:?something the user knows, e.g. their password, social security number, etc.
• Possession:?something the user has, e.g. their mobile phone, etc.
• Inherence:?something the user is, e.g. their fingerprint, palm print, etc.
• Behavioral:?something the user does or is doing, e.g. their requested transaction

Answering all these questions requires accessing and analyzing big data. It would be impossible for fraud analysts or data scientists to process such requests manually. One thing banks absolutely don’t want to do is add any unwarranted friction into the customer session.

Traditionally, banks had in place a set of rules that would examine requests and offer a go/no go decision. These rules-based anti-fraud systems keep expanding the rule sets and becoming extremely complex, yet don’t adapt to hidden or unknown threats. They typically result in too many false-positives – blocking legitimate transactions – and missed fraudulent transactions.?On the other hand, machine learning (ML) provides the ability to collect massive amounts of disparate data, analyze that data at scale and in context, and assign a risk score in real-time. This enables a risk-based fraud analytics solution to apply the precise level of security, at the right time, through step-up authentication.

Machine learning models for fraud detection and prevention

Fraud analytics applies machine learning techniques to financial data. Machine learning is a subset of Artificial Intelligence (AI). Where AI is the computer implementation of a human-like thought or decision-making process, machine learning uses mathematical algorithmic techniques to extract complex relationships within the data being analyzed. Fraud analytics uses machine learning to examine all the pertinent data regarding a transaction and assigns a risk score to the transaction. Based on the risk score it makes a recommendation to allow the transaction, block the transaction, or ask for step-up authentication before allowing the transaction. And this can all be done in real time with or without human intervention, providing the financial institution with enhanced fraud prevention without causing undue friction in the customer session. Every transaction, from login to logout, can be examined for potential fraud risk.

A machine learning system can be supervised or unsupervised. Unsupervised machine learning models analyze unlabeled data to identify anomalies between what is usual and what is unusual.?The model can then detect otherwise hidden relationships in the data to infer a function or instruction set that describes the underlying structure and dimensions of the data. This function or instruction set can then be applied to new and unseen data to continue the learning process.

That’s good. But a supervised model is better. With supervised machine learning, the model is trained using labelled data (fraud data and other data) and predicts the likelihood of fraud.?You train a supervised model by presenting it with both fraudulent and legitimate events and running it to develop an instruction set or algorithm that is applied to further examples. The trained model can then identify unknown as well as known patterns to produce an accurate risk score for a requested transaction.