Enterprise Payment Fraud: Why banks need a smarter approach to AI
Enterprise Payment Fraud (EPF): Easy money from low-tech scams
How a school fees fraud could be executed
Fraudsters identify families with children at a private school by using the school website and looking at Facebook, Instagram, Twitter and other social media sources. They find out when bills for school fees are due to be issued and just before that date, they email fake invoices bearing the account details victims should use. By circulating a large number of fake invoices, they stand a strong chance of fooling some parents and potentially collecting large sums of money.
The need for round-the-clock monitoring of instant payments
Theft from the Bangladesh Central Bank
The impact of PSD2
What potential fraud problems does PSD2 create?
The weaknesses of existing EPF solutions
Why managed learning solutions are better than mainstream AI
This permits the creation of an anti-fraud system that works by building a dynamic behavioral profile based on each customer’s transaction history, and flagging transactions that differ from the customer’s existing profile. Anomalous transactions are flagged and those that exhibit features that push them above the required risk threshold are blocked pending verification. The system progressively learns to recognize which of these anomalies are fraudulent (and to disregard the legitimate ones) on the basis of the feedback it receives on flagged transactions.
This approach therefore recognizes that, based on the transaction data available to the bank, a legitimate transaction can appear identical to an EPF. There is no way to distinguish them without blocking and investigating both. For example, if a young person moves to a foreign city to attend university, the parents may pay money into a foreign bank account that the student opened on arrival. This transaction – though legitimate – will bear important similarities to an EPF, which can involve customers sending funds for the first time to foreign bank accounts that they have not had any previous connection with.
There is no certain way for the bank to determine whether this payment is legitimate or not, so the only means to ensure no fraud takes place is to block the transaction pending validation. This highlights the conceptual strengths of this approach to fraud detection: ML is not employed to identify transactions that are fraudulent, but to identify and flag those that are highly unusual or suspicious – a group that is sure to include the vast majority of frauds.
Aviv Braunstein of the software vendor Finastra says his company’s solution, which uses NetGuardians’ Managed Learning technology, combats all types of fraud by monitoring routines and focusing more broadly on client behavior to identify anomalies, rather than just trying to spot fraud. “The solution learns patterns for normal transactions based on message parameters and raises an alert whenever a transaction is out of the normal usage scope,” he says.
A better approach to real-time anti-fraud solutions, incorporating managed learning
NetGuardians uses advanced algorithms and unsupervised machine learning including neural network, statistical analysis, clustering, peer group analysis, etc. to detect anomalies and supervises machine learning techniques including gradient descent optimization techniques, random forests, neural networks, etc. to lower the false positives rates.
This approach results in the identification of a subset of anomalous transactions for verification by the bank’s fraud team. This pool of risky transactions will include a very high percentage of EPFs and a limited number of legitimate but unusual payments.
Experience with users of NetGuardians’ software demonstrates that this approach will result in the system typically blocking up to 0.1 percent of total payment volumes, while in retail banking the upper limit can be as low as 0.05 percent of payments.
Operational efficiency gains
The approach described delivers a very significant operational advantage to the bank since it represents a narrow group of transactions that can be reviewed by a small specialist team, limiting the human resource required for verifications and greatly increasing efficiency. NetGuardians’ experience shows a rate of fraud detection 118 percent greater than a traditional anti-fraud system, and a reduction of 83 percent in the number of false positives. This results in 93 percent less time being spent by bank staff to investigate
Improved customer experience
As well as delivering major gains in the bank’s operational efficiency, this approach to detecting EPF also improves the customer experience because the greatly reduced proportion of false positives results in far fewer legitimate transactions being blocked for verification. This means that customers can get on with their lives with fewer interruptions from the bank’s anti-fraud systems.
For example, if a customer makes a regular payment to the usual recipient but does so from a foreign location because they are travelling, the system’s incorporation into the risk-scoring model of geolocation data from the customer’s device will indicate that the customer has left their usual location or country. Provided other features of the transaction are consistent with that customer’s user profile, the system would allow the payment to be processed without checks. If other aspects of the transaction are anomalous, such as the device being used or the transaction size, the payment would be flagged for verification.
The opportunity for large companies to prevent payment frauds
This anti-fraud system is designed for use by banks, but it can also provide an additional line of defense for the treasury functions of large companies that process millions of payments each year. These companies can use anti-fraud software to check the payments routed through their enterprise resource planning system before they leave the company to detect transactions for unusual amounts or involving suspicious recipients. Major international companies deal with multiple banks in different countries, not all of which will be in a position to block suspicious payments using real-time anti-fraud systems of their own.
AI has a critical role to play in delivering effective solutions to EPF, but it is essential to understand the challenges that banking transaction data poses for those trying to use conventional ML approaches to detect banking fraud. The data sets are unbalanced, containing huge amounts of negative data and too little positive data to enable effective training of ML algorithms to identify frauds. Using conventional ML approaches in this context risks overfitting, resulting in algorithms that cannot identify a wide enough variety of frauds to be effective in real-world situations.
ML is not well suited to pinpointing payment frauds directly and therefore a different conceptual approach is required. Used in a smarter way, ML algorithms can make a major contribution to identifying suspicious payments and reducing the number of legitimate transactions that are captured in this group as false positives.
Success lies in achieving the optimum balance of AI and human input in detecting and preventing EPF. Using the Managed Learning approach set out in this paper, banks can achieve significantly higher rates of fraud detection, make much more efficient use of anti-fraud resource and deliver a customer experience that is less disruptive and more secure. In a situation where banks are coming under increasing pressure to refund all customer losses due to these types of customer-authorized fraud, the need to improve their defenses against EPF has never been greater.
If you are interested in taking those information with you: