Fraud detection is more than cool
By John Geurts, Commonwealth Bank
You can't deny the cool factor of fraud prediction. Today, at the Commonwealth Bank Group, for those products and channels we monitor, we can reliably predict the likelihood of fraud activity for any given transaction before it is authorized. Not only that, but we can do it up to 250 times per second, get answers within 40 milliseconds of the transaction being initiated, without transaction sampling, and across multiple channels and products.
However, it is worth understanding the principles that formed the basis of how we got here and also ask, "Can we do more?"
Fraud in the banking industry is not just another cost of doing business that needs to be priced. It has its roots in crime, and we must defend ourselves against crime and misadventure. This can be a challenge in a complex technological age where the range of products and services has evolved to meet the needs and demands of our customers.
Are you and I partly accountable for fraud?
To truly understand the challenge, we can draw inspiration from research that predates consumer e-commerce. Criminologists Lawrence E. Cohen and Marcus Felson introduced the concept of capable guardianship, which identifies the role we all play to address the three precursors to crime: motive, means and opportunity.
They contend that crime is normal and that it depends on the opportunities available. If the target is not protected, crime will happen. If this is the case, then our job in financial services is more difficult because we are not just protecting ourselves from criminals or hardened offenders. We must also protect ourselves from people who take advantage of an opportunity that we created by failing to provide capable guardianship.
As a provider of services, we must take accountability for fraud and use the resources we have available to anticipate, prevent, detect and respond to fraud if it occurs. Capable guardianship implies that we, as a key component in the chain of criminal behavior in banking, must invest both intellectually and practically in guarding everything within our power to protect.
Predicting when fraud will occur
Of course, the opportunities to commit fraud have changed with the advent of technology. As systems and processes become more automated, we have an increased opportunity to implement systems and controls at appropriate places in the cycle to prevent and detect fraud.
Our key principle in detecting fraud is, simply, to stop looking for fraudulent transactions. That sounds counterintuitive, but it actually works.
Instead, our approach is to predict whether or not an event or transaction has occurred that will give rise to fraudulent activity, money laundering or other proscribed activities. This approach does not mean the end of transaction fraud rules, but they do have their limitations.
Events to watch include customer and network activities, account transactions or activities surrounding entire classes of accounts. In essence, we are looking for behavioral indicators of fraud or other activity.
It is important that we choose "the right time" to interdict a transaction of interest. We should not be seduced by the need to do everything in "real time" unless we need to, because real time is expensive.
For the Commonwealth Bank, fraud detection needs to be real-time, as we have a real-time core in our retail and business banking platform, and we seek to determine whether or not a transaction is fraudulent before it is authorized. On the other hand, an overnight batch is more appropriate for anti-money laundering obligations. Likewise, when detecting payments to sanctioned countries and entities, we can delay that transaction to make a decision later that day.
Fraudulent behavior is inconsistent with normal behavior
The real difference that has emerged in our thinking in the past six years is that we stopped just looking for fraud at a transaction level and started looking for changes in our customers' overall behavior.
Criminals do not segment themselves by product or service or geography. What they are actually doing when committing fraud or laundering money is taking advantage of a weakness, more often involving a customer or the customer's data. The fraudulent act is a behavior that can be recognizable through advanced modeling techniques because we can anticipate that the behavior is sufficiently inconsistent with known normal behavior.
This change in our thinking, coupled with a desire to streamline a number of siloed, product-specific fraud detection platforms, led to the use of SAS®.
SAS had a longstanding relationship with the Group through credit risk and customer marketing analytics solutions. In fact, much of our early success in fraud detection was due to two skilled analysts from our marketing department who joined our team and developed our early lending and transaction fraud models. Their approach was to identify the range of data sources that would be required to build a behavioral profile of the customer.
System requirements for fraud detection
Beyond the increased possibilities presented by the behavioral analytics approach, how does the approach work from a practical perspective?
Based on a customer-centric model, consider this example: A customer withdraws money with a chip-enabled debit card at an ATM in her home city, lends a friend $50 using her mobile banking device and uses Internet banking to transfer funds to a third party from an IP address located offshore. The Internet banking transaction is most likely to be fraudulent, and we must be able to pass a message back through our system to deny the transaction within 40 milliseconds or so.
Without a customer-centric fraud detection system, we likely would not be able to identify the transaction as fraud in time to stop it, and we probably would not even know it occurred until the customer complained some weeks later.
Fundamentally, fraud systems for commonly used retail products and channels must be linked to customer behavior, and we must have a good idea what "normal banking activity" looks like; otherwise, the opportunities to detect and prevent fraud are lessened.
This is not a trivial task. The efforts required to detect fraud, money laundering and other proscribed activities demand a disciplined approach and robust systems. The Commonwealth Bank operates two SAS platforms to attend to the majority of real-time and batch requirements for both fraud and money laundering.
The batch platform, which we call the Financial Crimes Platform, was developed in 2006 for transaction and origination fraud before it was extended successfully to money-laundering detection. The real-time platform was launched in 2011 for the Group's extensive debit card portfolio, with the migration of other channels and products from legacy systems progressing.
In order to understand the scale of the systems, consider the following facts:
The Financial Crimes Platform (used to detect fraud and money laundering) includes:
- 31 source systems.
- 11 million customers.
- 15 million transactions loaded each day.
- Analyses of up to 420 million transactions every night, looking for fraud and money laundering activity.
The Real-Time Transaction Monitoring system (to prevent fraudulent transactions in real time) includes:
- 11 million account profiles.
- 6 million customers.
- A current average of 80-85 transactions per second with a mean response time of 40 milliseconds.
- Tested peak volume of 250 transactions per second.
Combining a customer-centric view of fraud with advanced analytics and computing capabilities presents many opportunities.
From a traditional fraud perspective, our systems can help us:
Identify fraud where the customer is the victim or the perpetrator.
Identify activity that gives rise to the Group submitting a suspicious activity report pursuant to our statutory anti-money laundering obligations.
Provide an opportunity (in the case of a false positive) to learn more about our customer banking behavior.
Can we do more?
We have demonstrated the trust we place in our systems to reliably defend us and our customers from criminal activity.
What we have yet to demonstrate, but intuitively believe is probable, is that the fourth opportunity to be gained from a customer-centric approach to analytics is marketing.
Declining nonfraud transactions for valued customers provides a suboptimal service experience. However, we mitigate that risk by understanding all transactions and building a detailed view of what is considered normal. The factors we use to determine what is normal should also be applicable when we consider how to generate just-in-time marketing leads without swamping our consumers with too many leads.
We can do more – I have no doubt of that. While our primary role is to ensure the fraud detection systems are optimized and applicable to the threats we face, we should take every opportunity to leverage our investment in advanced systems to improve our return on investment.
*This article was originally published in Intelligence Quarterly, 3Q 2012.
Bio: John Geurts is the Executive General Manager for Group Security and Chief Security Officer for the Commonwealth Bank Group in Australia, and has had the pleasure of leading Group Security for almost 12 years. Group Security provides global security leadership for the bank, including its international subsidiaries and majority joint ventures.