Unlocking fraud networks

Finally, a key for detecting and preventing fraud: take a hybrid approach

Fraud is endemic to the global payments system, and the tools that financial institutions have historically used to fight it are marginal at best. Instead, a hybrid approach using multiple analytic methods – including link or network analysis to identify suspicious behavior at the transaction, account, customer and network levels – provides the greatest return for an institution's investment.

This hybrid approach builds on traditional methods to create a more holistic way of viewing a customer or account to reduce false positives and generate higher-quality alerts. It is also better suited to the way fraud occurs – sometimes it is an isolated "one off" event, while other times it is an organized and sophisticated attack by criminal organizations.

Barta sascom
Dan Barta, SAS

Looking beyond traditional fraud patterns

For almost every fraud type – counterfeit payment instruments, synthetic identities, bust-outs – there is some type of organization behind it leaving telltale clues throughout its account and card applications, charges or payment behaviors. Clues exist in the provided addresses, phone numbers, places of business, and sources and destination of payments. With advanced analytics, fraud specialists can identify fraud earlier – even before the fraud occurs – thus eliminating or minimizing losses to better understand the fraud's full nature, such as whether a fraudster is operating independently or as part of a larger organized fraud ring.

Rules and anomaly detection are certainly helpful, but both of these monitoring methods tend to generate a high level of false positives, which can cause up to 90 percent of transaction alerts. Predictive models, in contrast, use past fraud patterns to identify current account activity that appears similar, providing a predictive assessment prior to fraud execution.

One of the best aspects of using a hybrid approach is that banks don't have to search for fraud in a single way ... institutions can choose the best method or combination of methods to identify the fraud.

Since these methods – rules, anomaly detection and predictive models – tend to focus on individual accounts and transactions they can miss the broader connection between multiple accounts and customers using similar data points such as the exchange or movement of funds, same address, phone number and employer names.

That's where network analysis plays a part – identifying indirect links between two or more entities. The linkages between multiple customers and accounts can potentially be a piece of a broader, organized fraud ring bust-out scheme. The fraud ring may use the same address, email address or phone number to manage all of the accounts involved in a bust-out [Note: a bust-out scheme involves a consumer applying for and using a credit card with the intent of maxing out all available credit and eventually disappearing].

For example, nine people over a 12-month period opened credit card accounts with a single bank. All account-holders provided the same employer phone number at application. Several accounts busted out before others were opened. As the bank assessed credit worthiness of individual customers, it never realized the link between the various individuals. After the bust-outs occurred, investigation revealed that the phone number belonged to a small construction materials supplier that had no website, an odd location and address for this type of business, and no corporate records on file – a sign of a possible front company. If this connection had been identified earlier, it may have allowed the bank to perform better due diligence on card applications after the initial bust-outs and monitor the remaining open accounts more closely.

A true hybrid approach identifies the linkages and associations between the various accounts and integrates that information with the more traditional rules and analytics to better score risk, prioritize alerts, reduce false positives, increase the efficiency of investigators and reduce fraud losses.

What it takes to use a hybrid approach

One of the best aspects of using a hybrid approach is that banks don't have to search for fraud in a single way. Instead, institutions can choose the best method or combination of methods to identify the fraud. Banks can execute network analysis in two approaches – "top down" or "bottom up."

The top-down approach analyzes all available data – addresses, phone numbers, credit reports, employee IDs, Social Security numbers, demographic info, types of credit held, lending data, "hot files," associations created through payment transactions and criminal records – to generate network-level alerts. Investigators can then investigate the networks to determine the existence of organized fraud activity and manage the risk accordingly.

With the bottom-up approach, fraud investigators start with the alerts generated by their existing tools (rules and anomaly detection) and run network analytics on these alerts to refine the risk score based on account and customer associations. When a link with a known fraudster is found, the risk score goes up and alerts go out. When a financial institution closes one account, it tips off fraudsters who will frantically bust out the remaining accounts before they are closed. With network information, the investigator can identify related accounts and close them at the same time.

Bio: Dan Barta is Director of Enterprise Fraud Strategy at SAS.

Back to Top