In the wake of the pandemic, people across the world moved comprehensively online = for work, education, entertainment, shopping and financial transactions. This has dramatically increased the surface area for attacks and created unprecedented op[portunties for bad cyber actors.
The simple answer to the challenges faced by the financial services industry and other agencies is to make better use of all available data and advanced analytics to detect and prevent fraud.
Of course, this may be easier said and done. In fact, the plethora of tools, solutions and platforms available may make the task more complicated. The following provides some starting points.
Understand the Categories of Fraud-Detection Tools
The ‘market’ is flooded with potential solutions, all offering to address fraud. The utility of each toolset relies on the business context and available data. All need to be integrated with business processes and supported by policy settings.
Here is a short overview that can assist in mapping such tools in terms of their function(s).
Detect Known Knowns
A watch list that holds information about known criminal entities (people, organisations, addresses, events, etc) is a good, universal start-point.
The challenge is matching the known entity against a new transaction. Simple name-matching systems tend to be quickly overwhelmed with irrelevant matches (imagine searching for Mr Jones on Google – around 5,070,000,000 results!).
Data science can assist here by establishing a probabilistic matching system with variable threshold settings. An organisation can then match the threshold settings to match its risk tolerance.
The next level of detecting suspicious entities is to see the connection between a current transaction and previously identified fraud. It could be as simple as ‘this person lives at the same address’ to ‘the phone number used has been used to commit fraud before’ and countless variations on this theme.
Some of the most effective network analytics systems used for fraud detection use non-obvious data. For example, the links may well be established by connecting IP addresses, MAC codes etc. Some of the best data may well reside in system logs!
Predictive models examine available data against known patterns associated with fraud. At a basic level, the technique can utilise simple attribute matching (eg gender, age, nationality, etc) but more sophisticated tools can substantially increase the accuracy and consume hundreds of variables.
Predictive models are usually based on data analytics but it is also possible to build intelligence-based models when current data holdings do not support sufficient accuracy. The range of processes that can fall into this category is only limited by data availability, the skills of the data science team and the capacity to integrate such systems.
A rich source of data is frequently-ignored metadata. For example, systems that monitor mouse
movements and keystrokes and identify potential deceit based on the way a client completes an online form are available now.
This often-overlooked tool can provide early warning if there is a variation in normal trends. For example, a sudden, non-seasonal surge in refund claims from a particular region may indicate the emergence of fraudulent behaviour.
Tools that can automatically monitor trend data at global and more granular levels are readily available and generate alerts when tolerances are breached. While some tools visualise the trend variation on a dashboard, the best tools also generate alerts automatically and do not rely on someone spotting a problem manually or even loading a dashboard.
An integrated, end-to-end, fraud detection and mitigation system may well consist of all or a number of these solutions and usually requires a level of integration with processing platforms. Fortunately, current solutions (eg containers) simplify the challenge.
Fraud Mitigation Framework
Most government agencies and financial institutions collect and maintain large volumes of data in support of their operations. Making optimal use of these data collections underpins the ability to identify and prevent fraud.
Data-driven decision-making relies on:
- being able to collect and see information (data);
- understanding the information and data;
- responding with appropriate counter-measures,
- monitoring/evaluating the effectiveness of these measures; and
- adjusting the system based on the continuous analysis.
Seeing Information/data – if it’s invisible, it is difficult to defeat
The ability to collect and store information and data for downstream processing within required timeframes is a fundamental building block to any fraud-mitigation process. Most organisations collect process data such as applications and claims. Most would also store the results of such processes (eg refused application/claim, approved application/claim).
An organisation that records incidents of identified malpractice in such applications and claims creates a powerful anti-fraud dataset.
Most data systems tend to collect vast volumes of meta-data like system logs. Much of this resource is generally stored and not effectively uses to detect fraud. Tools that collect transaction metadata (eg mouse movements, keystrokes) and feed artificial intelligence that can accurately predict potentially fraudulent intent.
Capturing contextual information for analysis provides additional attributes that will enhance identified fraud but may also provide valuable intelligence around existing but undetected fraud.
Understanding – ‘why’, ‘how’, ‘when’, ‘where’ and ‘what’ happened
Analysis of data and intelligence can reveal how the various fraudulent techniques work. Generally, this relies on a team of subject matter experts working with data science teams to develop deep insights.
Responding – see when suspicious things are happening and stop them
Once the fraudulent techniques are understood, a data science team can build predictive analytics models to detect the adverse patterns in the data to flag similar patterns associated with current (live) transactions. Such models can manage hundreds of variables in close to real-time and identify problematic behaviour with a known level of accuracy and work in close to real-time.
There are many ways of using this process to respond to potential malpractice. One simple example is:
- Applications/claims that are identified as low risk by our risk systems can be expedited. This reduces the cost of processing and increases client satisfaction.
- Applications/claims that are identified as high-risk could be diverted to a process that enables more data collection and/or greater scrutiny.
Monitoring – are countermeasures working?
Once a fraud detection system has been deployed the world will have changed. Eventually, criminals will adjust their approaches and possibly develop new methodologies.
Automated monitoring of an analytics-based system is always desirable as it can detect when expected accuracy or other performance is no longer being achieved. There are many reasons why this will occur but one of them is that criminals have developed new techniques and workarounds.
Monitoring the performance of the analytics-based system and, importantly, collecting and analysing intelligence can close much of this gap.
Adjusting – respond quickly to changed circumstances
The final part of the process closes the loop – lessons learnt through the monitoring processes is fed back into the next version of the system to refresh predictive models and other components.
Why this process?
This process leverages data and intelligence, supports continuous improvement and a capacity to respond to changed circumstances. Importantly, the process maximises the capacity to apply the most appropriate measures to mitigate fraud. In many cases, a response is based only on the detection of a problem. The analysis of the problem provides insights into the method of operation in this case. Once this is understood, an analysis of current data may indicate if this is an isolated case or if more such cases have remained hidden.
Moreover, it ensures that any countermeasures target the real problem. If the problem is potentially widespread, then the effort to build a data-driven model to detect other such cases and a predictive model to identify similar cases in future transactions is warranted. Automated monitoring and feedback loops provide a level of assurance that our solution is still doing what is expected.