As a result of the pandemic, people around the world have moved online = for work, education, entertainment, shopping and financial transactions. This has dramatically increased the attack surface and created unprecedented opportunities for malicious cyber actors.[portuntiesforbadcyberactors[portuntiesforbadcyberactors
The simple answer to the challenges facing the financial services industry and other agencies is to make better use of all available data and advanced analytics to detect and prevent fraud.
Of course, that may be easier said and done. Indeed, the plethora of tools, solutions and platforms available can make the task more complicated. Here are some starting points.
Understand the categories of fraud detection tools
The “marketplace” is flooded with potential solutions, all offering to combat fraud. The usefulness of each set of tools depends on the business context and available data. All must be integrated into business processes and supported by policy settings.
Here is a brief overview that can help map these tools according to their function(s).
Detect Known Known
A watch list containing information on known criminal entities (people, organizations, addresses, events, etc.) is a good universal starting point.
The challenge is to match the known entity to a new transaction. Simple name matching systems tend to be quickly overwhelmed with irrelevant matches (imagine Mr. Jones’ Google search – around 5,070,000,000 results!).
Data science can help here by establishing a probabilistic matching system with varying threshold parameters. An organization can then match the threshold settings to match their risk tolerance.
The next level of suspicious entity detection is seeing the connection between an ongoing transaction and previously identified fraud. It could be as simple as “this person lives at the same address” or “the phone number used was previously used to commit fraud” and countless variations on that theme.
Some of the most effective network analysis systems used for fraud detection use non-obvious data. For example, links may well be established by connecting IP addresses, MAC codes, etc. Some of the best data may well reside in system logs!
Predictive models examine available data against known patterns associated with fraud. At a basic level, the technique can use simple attribute matching (e.g. gender, age, nationality, etc.), but more sophisticated tools can dramatically increase accuracy and use hundreds of variables .
Predictive models are typically based on data analytics, but intelligence-based models can also be created when current data holdings do not support sufficient accuracy. The range of processes that can fall into this category is limited only by the availability of data, the skills of the data science team, and the ability to integrate such systems.
Frequently ignored metadata is a rich source of data. For example, systems that monitor the mouse
movements and keystrokes and identifying potential deceptions based on how a customer completes an online form are now available.
This oft-overlooked tool can provide an early warning when normal trends change. For example, a sudden, non-seasonal increase in refund requests from a particular region may indicate the emergence of fraudulent behavior.
Tools capable of automatically monitoring trend data at aggregate and more granular levels are readily available and generate alerts when tolerances are exceeded. While some tools visualize the trend variation on a dashboard, the best tools also generate alerts automatically and don’t rely on someone spotting a problem manually or even loading a dashboard.
An integrated end-to-end fraud detection and mitigation system may well consist of all or a number of these solutions and typically requires a level of integration with processing platforms. Fortunately, current solutions (e.g. containers) simplify the challenge.
Fraud Mitigation Framework
Most government agencies and financial institutions collect and maintain large volumes of data to support their operations. Optimal use of these data collections underpins the ability to identify and prevent fraud.
Data-driven decision making relies on:
- to be able to collect and see information (data);
- agreement information and data;
- to respond with appropriate countermeasures,
- surveillance/evaluate the effectiveness of these measures; and
- setting the system based on continuous analysis.
See information/data – if they are invisible, it is difficult to defeat them
The ability to collect and store information and data for downstream processing in a timely manner is a fundamental part of any fraud mitigation process. Most organizations collect process data such as requests and complaints. Most also store the results of these processes (eg request/request denied, request/request approved).
An organization that records incidents of malpractice identified in such applications and claims creates a powerful anti-fraud data set.
Most data systems tend to collect large volumes of metadata like system logs. Much of this resource is typically stored and not used effectively to detect fraud. Tools that collect transaction metadata (e.g. mouse movements, keystrokes) and power artificial intelligence that can accurately predict potentially fraudulent intent.
Capturing contextual information for analysis provides additional attributes that will enhance identified fraud, but can also provide valuable insight into existing but undetected fraud.
Understand – ‘why’, ‘how’, ‘when’, ‘where’ and ‘what’ happened
Analysis of data and information can reveal how various fraudulent techniques work. Typically, this relies on a team of subject matter experts working with data science teams to develop in-depth insights.
Respond – see when suspicious things are happening and stop them
Once the fraudulent techniques are understood, a data science team can create predictive analytics models to detect adverse patterns in the data to flag similar patterns associated with current (live) transactions. Such models can handle hundreds of variables in near real time and identify problematic behaviors with a known level of accuracy and operate in near real time.
There are many ways to use this process to respond to potential malpractice. A simple example is:
- Requests/complaints identified as low risk by our risk management systems may be expedited. This reduces processing costs and increases customer satisfaction.
- Requests/complaints identified as high risk could be redirected to a process allowing for greater data collection and/or further review.
Monitoring – are the countermeasures working?
Once a fraud detection system is deployed, the world will have changed. Eventually, criminals will adjust their approaches and perhaps develop new methodologies.
Automated monitoring of an analytics-based system is always desirable because it can detect when expected accuracy or other performance is no longer being achieved. There are several reasons why this will happen, but one of them is that criminals have developed new techniques and workarounds.
Analytics-based system performance monitoring and, most importantly, intelligence gathering and analysis can close much of this gap.
Adjustment – reacting quickly to changing circumstances
The final part of the process closes the loop – lessons learned through monitoring processes are fed back into the next version of the system to update predictive models and other components.
Why this process?
This process harnesses data and intelligence, supports continuous improvement and the ability to react to changing circumstances. Importantly, the process maximizes the ability to apply the most appropriate measures to mitigate fraud. In many cases, a response is based solely on the detection of a problem. Analyzing the problem gives insight into the method of operation in this case. Once this is understood, an analysis of current data can indicate if this is an isolated case or if other such cases have remained hidden.
Additionally, it ensures that all countermeasures target the real problem. If the problem is potentially widespread, then the effort to build a data-driven model to detect other similar cases and a predictive model to identify similar cases in future transactions is warranted. Automated monitoring and feedback loops provide a level of assurance that our solution always does what is expected.