fraud detection: embracing new technologies for … · 2018-11-30 · fraud detection: embracing...

A WHITE PAPER PRODUCED BY FINEXTRA IN ASSOCIATION WITH AMAZON WEB SERVICES AND COGNIZANTDECEMBER 2018

FRAUD DETECTION: EMBRACING NEW TECHNOLOGIES FOR FRICTIONLESS PAYMENTS

01 Fraud detection: embracing new technologies for frictionless payments ....................................... 3

02 Payments fraud – the numbers ................................ 5 03 The challenges ...................................................... 8

04 Rules-based vs machine learning, artificial intelligence-based fraud detection ............11

05 Towards a frictionless customer journey .................14

06 Conclusion ...........................................................16

07 About ..................................................................177 What should financial institutions be doing about blockchain right now? 25

| FRAUD DETECTION: EMBRACING NEW

TECHNOLOGIES FOR FRICTIONLESS PAYMENTS

03

01FRAUD DETECTION: EMBRACING NEW TECHNOLOGIES FOR FRICTIONLESS PAYMENTS

Payments fraud is a significant challenge for banks and is set to become more problematic as payments channels and payment services providers (PSPs) proliferate, regulations reshape the way payments are transacted and the world migrates away from cash towards electronic, often real-time, payments. This environment is creating new ways of transacting and originating payments, and new payments architectures.

In Europe, the revised Payment Services Directive (PSD2) allows third-party developers to directly interact with a partner banks’ customers, raising questions about the use of customer data by the third parties and extension of the security boundaries. This trend towards open banking is being adopted elsewhere in the world, including in Australia, the US and Hong Kong. In the increasingly networked ecosystem of payments, identifying fraudsters will be a challenge, but under PSD2, financial institutions are required to monitor all transactions for fraud-related activities. Payments industry players have issues concerning cybersecurity, data privacy and are vulnerable to data breaches and payments fraud. Multiple stakeholders in the new payments ecosystem could result in inconsistencies in solutions communications.

In the UK, the New Payments Architecture, which will consolidate and replace the tripartite system of Bacs, Cheque and Credit Clearing and the Faster Payments Service, will include a proposed Payments Transaction Data Sharing and Data Analytics solution to fight financial crime. The aim is to enable visibility across different transactional data sources and create a rich data repository and analytical capability. Such a solution will help users to detect and prevent current and future financial crime by creating an industry-wide capability to analyse end-to-end payment transaction data from all retail interbank payment mechanisms in conjunction with other relevant sources of diagnostic information1.

1 Blueprint for the Future of UK Payments: The Payments Strategy Forum Launches a Consultation on the Future of UK Payments, Covington, 21 August 2017



04

The traditional, silo-based approach to fraud detection is fast becoming obsolete. For too long, banks have lagged in their ability to align fraud detection with the speed of transactions as payments move away from cash and on to CNP. The financial industry is shifting towards real-time data analysis, deploying technologies such as artificial intelligence, machine learning and the cloud in transitioning towards a digital ecosystem. Banks must ensure they stay ahead of the increasing technological threat from criminals and fraudsters.

“ The financial industry is shifting towards real-time data analysis, deploying technologies such as artificial intelligence, machine learning and the cloud in transitioning towards a digital ecosystem.”

02PAYMENTS FRAUD – THE NUMBERS



05How big a problem is payments fraud? In 2016 in the UK, financial fraud losses across payment cards, remote banking and cheques totalled £768.8 million, an increase of 2 per cent compared to 2015 according to Financial Fraud Action UK. Prevented fraud totalled £1.38 billion in 2016. This represents incidents that were detected and prevented by the banks and card companies and is equivalent to £6.40 in every £10 of attempted fraud being stopped.

Remote purchase (or card not present, CNP) online fraud against UK retailers totalled an estimated £189.4 million in 2016, a rise of 20% on the previous year. There was also a substantial rise in fraud against online retailers based abroad, rising 15% to £119.4 million.

£768.8m2016

FINANCIAL FRAUD LOSSES ACROSS PAYMENT CARDS,

REMOTE BANKING AND CHEQUES IN UK 2016

2%increase

from 2015

£189.4m

CNP ONLINE FRAUDAGAINST UK RETAILERS

UK 201620%

increasefrom 2015

£119.4m

FRAUD AGAINSTONLINE RETAILERS

BASED ABROAD15%

increasefrom 2015

£1.38bn

PREVENTED FRAUD, UK 2016 64%£6.40 in

every £10



06

An estimated £308.8 million of e-commerce fraud took place on cards in 2016, accounting for 50% of all card fraud and 71% of total remote purchase fraud.

Fraud is a global problem, of course. On 29 March 2018, the US Federal Reserve announced it had commissioned Boston Consulting Group to conduct a study of payments fraud and security vulnerabilities. This is a follow-up to earlier work by the Secure Payments Task Force. The study will address security vulnerabilities and stimulate market activity to effectively mitigate vulnerabilities. The Task Force identified broad payment security challenges, such as identity management, data protection and payment risk information sharing. While it found agreement that gaps exist in delivering what payment system stakeholders expect and need in payments security, interactions with members of the Task Force suggested there is some disagreement about what, exactly, those gaps are, how severe the gaps might be and how to mitigate them.

The Fed hopes that a systematic and objective analysis that identifies and prioritises payment security issues, defines potential costs and benefits of mitigation, and assesses stakeholder impact will be invaluable in measuring outcomes and in better understanding stakeholder incentives to implement improvements.

A survey for World Payments Report 2017, revealed that bank executives ranked distributed denial of service (DDOS) attacks (50.0%) and customer payments fraud (31.3%) as the top two security challenges they face. High global levels of card fraud place a significant cost burden on banks, hence its identification as a major concern. The increasing adoption of digital offerings in transaction banking is also giving rise to higher levels of payments fraud, making cybersecurity a top priority for banks and corporates.

£308.8m

E-COMMERCE FRAUDON CARDS IN 2016 50%

all cardfraud

71%of totalremote

purchasefraud



07

Customer payments fraud is the top ranked concern (45.0%) for FinTechs and other WPR survey respondents. This group is much less likely to view DDOS attacks as a threat, with only 10.0% ranking them as a digital security concern. Rather, data breaches due to hacking attacks were of more concern (30.0% versus 12.5% of banks) and internal fraud (35.0% versus 25.0% of banks).

Payments fraud, particularly CNP fraud, is a growing problem. According to Statista, retail e-commerce sales worldwide totalled $2.3 trillion and are estimated to grow to $4.88 trillion by 2021. Online shopping is one of the most popular online activities worldwide, but the usage varies by region, says Statista. For example, in 2016, an estimated 19% of all retail sales in China occurred via the internet but in Japan the share was only 6.7%. E-commerce is the fastest growing retail market in Europe and North America, according to the Centre for Retail Research. The UK online share of retail sales was 16.8% in 2016 and is forecast to be 17.8% in 2017. In Germany, the share is 15.1% and in France it is 10%.

With such growth rates in payments processing, it is imperative that fraud detection is improved.

45%CUSTOMER PAYMENTS FRAUD

WORLD PAYMENTS REPORT SECURITY CONCERN SURVEY

#1 concern forfintechs and non-banks

+DDOS ATTACKS 10% 30% fintechs andnon-banks

banks

+INTERNAL FRAUD 35% 25% fintechs andnon-banks

banks

RETAIL E-COMMERCE SALES WORLDWIDETOTALLED $2.3 TRILLION IN 2017 AND ARE

ESTIMATEDTO GROW TO $4.88 TRILLION BY 2021.ONLINE SHOPPING IS ONE OF THE MOST

POPULAR ONLINE ACTIVITIES WORLDWIDE.

4.88TRILLIONestimated

growthby 2021

$

+DATA BREACHES 30% 12.5% fintechs andnon-banks

banks



08

MAIN CHALLENGESFOR BANKS IN

FRAUD PREVENTION

1

2

34

5

03THE CHALLENGES

E-commerce growth rates are not the only catalyst for change – regulators are paying more attention to fraud and how banks are dealing with it (as evidenced by the US Fed’s announcement cited above). As payments initiation methods change and new channels proliferate, so too do payments fraud scenarios.Stakeholders across the payments ecosystem are also demanding frictionless commerce. For example, in April 2018, the UK’s largest mobile operators paid almost £1.4bn- way beyond what was expected- for 5g spectrum, firmly staking their bets on consumer demand for increased mobile and IoT services. Payments form an inevitable part of this, creating an m-commerce channel within IoT devices. Low latency is as key a feature of 5G as speed, facilitating real time transactions. Banks such as Credit Suisse are also championing the facets of 5G, in no way doubting the inevitability of its influence on financial services.

There are multiple challenges for banks as they seek to improve fraud detection while satisfying regulators – and their customers – that they have robust and effective fraud detection systems in place.. At the same time, any measures taken to strengthen detection must not damage the customer experience – a declined card transaction is often frustrating or embarrassing for a bank customer.



09

Further challenges:• Increased globalisation has resulted in an increase in cross-border transactions

and therefore fraud;• There is no defined standard for reporting and labelling fraud; • The accuracy and precision of rules-based models varies across business

scenarios as banks’ fraud departments work in silos based on line of business. Additionally, fraud monitoring is different for debit cards and credit cards;

• The introduction of the updated 3D-Secure 2.0 protocol, which is designed to ensure safe and secure online transactions. Banks can utilise the same access control server (ACS) infrastructure to process strong customer authentication and e-commerce 3D Secure transactions at the same time;

• As new payments channels and instruments evolve, the sources of transaction origination are multiplying – for example, the internet of things (IOT), which has increased complexity and changed transaction attributes;

• Systems generate many false positives as information on which to act is often insufficient.

1An inability to monitor

transactions in real-time across

multiple channels

2Slow pace of investigating

potentially fraudulent

transactions

3Most systems in place are rules-based, which act on transactions,

rather than self-learning

predictive models, and are

restricted to siloed business

departments

4The pace of evolution of

fraud detection systems is slow

compared to how quickly new ways of fraud are

perpetrated

5Detection

systems tend to be one-

dimensional and static as data from external

sources are not considered



10

This is by no means an exhaustive list; the profound changes taking place in the payments world inevitably have generated many issues to be addressed. Banks must adopt new fraud identification techniques.

The speed of fraud detection is becoming crucial as margins for this segment of the business come under pressure. In the past, card fraud used to be accepted as a cost of doing business. But as consumers move from cash to cards, reserving liquidity to cover bad debts becomes more of a problem. Bank capital rules mean now, more than ever, liquidity drives profitability and is hugely important. Holding funds in reserve to cover payments fraud is an unacceptably high cost of service.

“ The speed of fraud detection is becoming crucial as margins for this segment of the business come under pressure. In the past, card fraud used to be accepted as a cost of doing business.”



11

04RULES-BASED VS MACHINE LEARNING, ARTIFICIAL INTELLIGENCE-BASED FRAUD DETECTION

As cited above, the rules-based approach to fraud detection has limitations. Such systems lack the flexibility and open approach to new channels that are required. A rule-based system contains hard-coded thresholds and anomalies based on amounts, time of the day and other features. These are based on static rules that are independent of client behaviour and historical transactions. Therefore, the rules do not adapt to the pattern of users’ transactions.

From a customer point of view, rules-based systems are more likely to generate false positives, which create an unsatisfactory user experience. Take, for example, a customer who regularly shops at a particular store. A rules-based system will recognise this behaviour and clear the use of that customer’s card at that store. But what if someone has stolen that card and uses it in that store to make a very large purchase? The confidence level in such a transaction may not be as high as the bank would like. Moreover, users are expected to remember static passwords or security question answers as the authentication element of these systems have pre-defined questions.

By migrating from rules-based fraud detection to artificial intelligence (AI) and machine learning (ML) assisted fraud detection, banks can address many of the challenges they now face in fraud detection.

The advantages of the AI/ML approach include:• A high dependence on transaction patterns of clients;• Thresholds and anomalies are defined using past behaviour;• Dynamic setting of thresholds, depending on different clients;• The level of authentication to be submitted by the user depends on the risk

level of the transaction;• Determination of the potential risk associated with any transaction can be

made on the fly;• Such systems are scalable and provide the ability to cover new fraud

scenarios;• Real-time fraud detection; and • No fixed rule-management systems.



12

MACHINE LEARNING FRAUD DETECTION IN PRACTICE

CASE 1: DETECTION OF PAYMENT FRAUD

WHAT DOES AN AI/ML-BASED DETECTION SYSTEM LOOK LIKE IN PRACTICE?

The vision ...enabled by Machine Learning, delivering:

Comprehensive Data Sharing across LoBs

Enhanced Real-time Fraud Detection

Leveraging Geo-Location

Evolving and dynamic fraud rings

Complex link analysis to discover fraud patterns

Deep Learning Models

Detect and prevent fraud as it happens

Intelligent & Exhaustive Business Rules

ComprehensiveAnalysis

AnomalyDetection

Graphical network for comparative analysis of transactions, across time periods related to value and volume of transactions.

Track Top accoutns and flag usage decline.

Study historical pattern of transactions to uncover any abnormal activity.Cluster attributes of high transaction accounts and use it for anomaly detection for groups analyzed together.

FraudDetection

Phone | Email | Address

IntelligenceCustomer Data

Merchant Data

Geo Spatial Data

Social Media Data

Dispute |Chargeback Date

ConnectedCommerceM2M dataCustomer

Demographic Data(Census)

Transaction DataIdentify fraudulent transactions.

Flag links for transfers to blacklisted entities/countries/organizations.

PatternMining

Graphical pattern mining through transaction network analysis of transaction, temporal & session variables.Understand the nature of payments across clusters, locations, time dimension.

Causalanalysis

Identify attributes impacting fraud & explore causal relationship for fraudulent transactions.

A global bank was unable to identify, analyse or control fraudulent payments before processing. This was because it lacked a unified solution to assess risk across different business lines such as trade, payments, shipment orders and currency exchange, etc). In payments, the bank did not have a solution to identify, analyse or control fraudulent or erroneous payments (both internal and external) before they were processed. The solution– advanced analytical models applied to the data-base to help the bank detect fraudulent payment transactions. To ensure better model accuracy and reduce false positives, an ensemble approach was followed. Machine learning models were built on training data and tested on the streaming layer to identify the fraudulent transactions. Fraudulent transactions were referred to the banks with supporting information that aided decision-making. The system now scores up to 5000 transactions per second for fraudulent behaviour, enabling faster reaction to any fraudulent activities. There has been an 85% reduction in false positives, which has led to faster underwriting and a reduction of more than $17 million in underwriting costs.

“ By migrating from rules-based fraud detection to artificial intelligence (AI) and machine learning (ML) assisted fraud detection, banks can address many of the challenges they now face in fraud detection.”



13

CASE 2: REAL-TIME MACHINE LEARNING FRAUD ANALYTICS

In another case, a leading financial services institution wanted to build a fraud analytics platform to enable real-time decisions on credit card fraud to mitigate losses without increasing false positives. The platform would also help the firm to reduce financial and reputational damage arising from data breaches and card compromises.

The solution– a real-time, self-service oriented, easily configurable and high scalable model. Diverse data sources were integrated into a data lake, which enabled the firm to build predictive models based on an entire historical dataset. This resulted in better accuracy of fraud detection. The business was also able to deploy new fraud models on the live platform and balance transactions for analysis. An AutoML pipeline was created for simulation environment. In this, real-time transactions are run against multiple offline neural network models and are deployed based on performance metrics with live production data. The solution handles around 4000 transactions per second with end-to-end response times of five to six minutes, compared to previous norms of 30 minutes. The financial institution was able to create a command center that monitors end to end transactions and provide business monitoring to c-level executives.

CASE 3: CLOUD-BASED MACHINE LEARNING TO UPSCALE FRAUD DETECTION AND PREVENT LOSSES

Faced with increasingly sophisticated and ever-changing forms of fraud, a crowd-sourced fraud prevention platform needed greater numbers of more targeted and precise machine learning models. A different approach than investing more time and resource on the back end to upscale detection and prevention was required. The solution- a move to a cloud-based service enabled faster analysis and response, and application response times of under 200 milliseconds. The move also enabled the use of simple APIs to get predictions for applications without having to deploy prediction generation code. As a result the platform saves its customers around $1m a week in fraud prevention.



14

05TOWARDS A FRICTIONLESS CUSTOMER JOURNEY

As regulators open the payments industry to competition, a key business priority for payments services providers is customer experience. A frictionless customer journey in payments, from initiation through to settlement will help PSPs to increase market share. Improving systems by applying AI/ML technologies is not solely a fraud detection play, therefore.

Geo-location information, which is in fact a predictor of potential fraud, can be captured and incorporated into the fraud detection model. This means a cardholder who, for example, has travelled abroad, is less likely to have their transaction blocked as the system will have interrogated the additional information and detected that the cardholder has travelled overseas. The transaction is deemed to carry less risk and therefore can be completed.

NEXT STEPSAs the new payments landscape evolves, banks cannot afford to lose sight of the potential new sources of payments fraud. Fraud detection systems must move with the times and include solutions that challenge the existing status quo.

So, what should they be doing now? AI and ML give banks the opportunity to create transparent, flexible and open fraud detection systems that can keep pace with innovations in the payments market.

Banks must consider starting their journey for building machine learning-based solutions that can identify and learn from fraud instances, and improve customer experiences (e.g. cold start issue) by reducing false alerts. Such systems enable robust fraud monitoring by eliminating the need to run scenarios to identify new rules.

A fraud monitoring solution should be augmented with customer profiles on the card profile and should be agnostic of transaction channel and card type. A relationship should be built between the card number, cardholder’s email address, device identification, customer and merchants to identify transactions which could be fraudulent.The ideal fraud detection systems would be based on a centralized fraud management platform across all lines of business. Such a platform could



15

be hosted on the cloud – or alternative hosting, which will enable real-time streaming data analytics at scale. Real-time monitoring of transactions across multiple channels will enable banks to proactively identify suspicious activity before a transaction has taken place.

Merchants are gradually migrating to cloud-based fraud solutions from niche product vendors who are incorporating customer interaction behaviour (e.g. time spent between successive buttons) as part of their solution. These solutions are multi-tenanted, which brings data richness as evolving fraud instances are shared across merchants. This helps users to prevent not only known, but also evolving, fraud scenarios. Financial institutions, for instance, can leverage and enhance their existing fraud prevention systems by integrating their merchant fraud solutions with the issuing side. Integrated solutions can be hosted on the cloud to deliver scale benefits which can be extended as a utility play.

Currently, financial institutions receive limited transactions on which existing fraud models have been built. New industry standards like 3DS 2.0 will lead to smart data exchange between merchants, gateways and issuing banks. It will manifold increase raw transaction features available to issuing banks to augment their fraud models. Rule based eco system limits the ability of banks to fully harness the true benefits of additional information and offering friction less customer journeys.

“ New industry standards like 3DS 2.0 will lead to smart data exchange between merchants, gateways and issuing banks. It will manifold increase raw transaction features available to issuing banks to augment their fraud models.”



16

06CONCLUSION

Banks have been experimenting with AI and ML technologies; most implementations have tended to be piecemeal or on the periphery of the main system (e.g. reduction in false alerts). Focus has to be pivoted towards how banks can enhance frictionless customer experience through the use of ML/AI based fraud scoring. This provides the foundations for a holistic fraud detection platform and the scale of data required to apply AI/ML techniques in a meaningful way.

Combating real-time payment fraud continues to be crucial for banks as payments transactions become more innovative and real time schemes are rolled out globally. Many leading banks have started adopting ML for financial fraud and management of false positives. A combination of ML- and AI-based solutions have the potential to deliver business benefits and operational efficiencies to financial institutions as they battle payments fraud. Now is the time to act – banks must move away from the static, rules-based business model of payments fraud detection and take advantage of new technologies including AI and ML to switch to real-time controls, checks and balances. Fraud detection systems must be flexible to adapt to changing data and fraud scenarios. To do this, a culture of transition towards digital transformation must exist throughout the organisation.



17

07ABOUT

Finextra This report is published by Finextra Research.

Finextra Research is the world’s leading specialist financial technology (fintech) news and information source. Finextra offers over 100,000 fintech news, features and TV content items to visitors to www.finextra.com.

Founded in 1999, Finextra Research covers all aspects of financial technology innovation and operation involving banks, institutions and vendor organisations within the wholesale and retail banking, payments and cards sectors worldwide.

Finextra’s unique global community consists of over 30,000 fintech professionals working inside banks and financial institutions, specialist fintech application and service providers, consulting organisations and mainstream technology providers. The Finextra community actively participate in posting their opinions and comments on the evolution of fintech. In addition, they contribute information and data to Finextra surveys and reports.

For more information:Visit www.finextra.com, follow @finextra, contact [email protected] or call +44 (0)20 3100 3670

http://www.finextra.com

https://twitter.com/Finextra?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor

mailto:contact%40finextra.com?subject=



18 CognizantCognizant (Nasdaq-100: CTSH) is one of the world’s leading professional services companies, transforming clients’ business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant is ranked 195 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.

Amazon Web Services (AWS)For over 12 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 125 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 55 Availability Zones (AZs) within 18 geographic regions and one Local Region around the world, spanning the U.S., Australia, Brazil, Canada, China, France, Germany, India, Ireland, Japan, Korea, Singapore, and the UK. AWS services are trusted by millions of active customers around the world—including the fastest-growing startups, largest enterprises, and leading government agencies—to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit aws.amazon.com.

07ABOUT

http://www.cognizant.com

https://twitter.com/Cognizant?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor

http://aws.amazon.com

Finextra Research Ltd 1 Gresham StreetLondonEC2V 7BXUnited Kingdom

Telephone+44 (0)20 3100 3670

[email protected]

Webwww.finextra.com

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording or any information storage and retrieval system, without prior permission in writing from the publisher.

© Finextra Research Ltd 2018

mailto:[email protected]

www.finextra.com

fraud detection: embracing new technologies for … · 2018-11-30 · fraud detection: embracing...

Documents