Fraud detection and machine learning:
What you need to know

Fraud detection is a challenging problem. The fact is that fraudulent transactions are rare; they represent a very small fraction of activity within an organization. The challenge is that a small percentage of activity can quickly turn into big dollar losses without the right tools and systems in place. Criminals are crafty. As traditional fraud schemes fail to pay off, fraudsters have learned to change their tactics. The good news is that with advances in fraud analytics, systems can learn, adapt and uncover emerging patterns for preventing fraud.

Most organizations still use rule-based systems as their primary tool to detect fraud. Rules can do an excellent job of uncovering known patterns; but rules alone aren’t very effective at uncovering unknown schemes, adapting to new fraud patterns, or handling fraudsters’ increasingly sophisticated techniques. This is where fraud analytics, powered by machine learning, becomes necessary for fraud prevention and detection.

Machine learning is all the rage now. Most vendors claim they have some form of machine learning, especially for fraud detection. SAS has been a pioneer in machine learning since the 1980s, when neural networks were first used to combat credit card fraud. But just because we’ve been doing machine learning and fraud analytics for so long doesn’t mean we’ve been resting on our laurels. In fact, it’s quite the opposite.

Machine learning is a critical part of the fraud detection toolkit. Here’s what you’ll need to get your fraud analytics initiative started.

Data!

Data sets are only growing larger, and as the volumes increase, so does the challenge of detecting fraud. In fact, data is key when it comes to building machine learning systems. The adage that more data equals better models is true when it comes to fraud detection. Practitioners need their machine learning platform to scale as data and complexity increase. While academic tools often work well with thousands of records and a few megabytes of data, real-world problems are measured in gigabytes or even terabytes of data.

The advantages of multiplicity

There is no single machine learning algorithm or method that works. Success comes from the ability to try lots of different machine learning-based methods, trying variations on them and testing them with a variety of data sets. The data scientist needs a toolkit with a variety of supervised and unsupervised methods – as well as a variety of feature engineering techniques. Finally, there is a creative aspect or “art” to machine learning for fraud detection. It’s applying fraud analytics in new and novel ways, like combining a variety of supervised and unsupervised machine learning methods in one system to be more effective than any single method alone. 

Integration into operations

It should be obvious, but this one’s a challenge for many organizations' fraud analytics initiatives. Once you have a machine learning model developed, the challenge becomes integrating it with operations. If your data is in the cloud, it makes sense for your machine learning model to be integrated with your cloud storage and cloud computing. Similarly, if your data is streaming from the edge, you want a machine learning engine to support real-time, streaming data. Portability of the model and integration of the decision logic within operational systems is paramount to stopping fraud at scale – and as it occurs at scale.

White boxing

Explaining what a machine learning system is doing is critical; this is often referred to as “white boxing.” Machine learning methods and models are generally black boxes. It’s very difficult (if not impossible) to explain to analysts why they got the score or decision that they received. There are many approaches to making fraud analytics interpretable, including scorecards based on local linear approximation, generation of textual narratives and generation of graphical visualizations. These are approximations, but they can give users insight into the machine learning model and guide the fraud investigation process.

Ongoing monitoring

All things change, and your fraud analytics must adapt over time. Ongoing monitoring of machine learning fraud detection systems is imperative for success. As populations and the underlying data shift, expected system inputs degrade and therefore have an impact on overall performance. This isn’t unique to machine learning systems; rule-based systems have the same challenge. But newer machine learning methods can adapt to new and unidentified patterns as underlying changes occur. This eliminates some, but not all, of the machine learning retraining and evaluation steps.

A good monitoring program is based on a proactive approach. Because it looks at the data entering the system, evaluates the machine learning model’s predictions and explanations, and alerts administrators to shifting data trends and statistics before dramatic changes affect operations and the bottom line.

What about the impact on your customers?

For one financial institution, fighting fraudulent cases was a challenge. It had to identify nefarious transactions, but also maintain quality customer service. A vigilant fraud detection effort cannot be intrusive to the customer by flagging – and declining – legitimate transactions.

This financial institution wanted to modernize its rule-based fraud detection system and strike a balance between oversight and customer service. To do this, it worked with SAS to implement a machine learning-based fraud detection solution that takes advantage of an ensemble of neural networks to create two different fraud scores:

1. A primary fraud score, evaluating the likelihood that an account is in a fraudulent state.
2. A transactional score, evaluating the likelihood that an individual transaction is fraudulent.
   
   

Using this approach, the financial institution could correctly identify close to $1 million in monthly transactions that had been erroneously identified as fraud. And it identified an additional $1.5 million per month in additional fraud that had previously gone undetected. Besides dramatically improving the company’s ability to detect fraud, the analytics solution significantly increased customer satisfaction. How? By improving the transaction approval process while increasing the effectiveness of fraud detection, friction between the company and its customers was greatly reduced.

Think out of the box

Finally, successful machine learning programs have an element of ongoing experimentation. It isn’t enough to just build a machine learning model and let it crunch. Fraudsters are clever, and technology is changing fast. Having a sandbox where data scientists can freely experiment with a variety of methods, data and techniques to combat fraud has become a critical aspect of top fraud analytics programs. Investments in boosting the capacity of data scientists who combat fraud have an almost immediate payback.

So what exactly is machine learning?

Simply put, machine learning automates the extraction of known and unknown patterns from data. It expresses those patterns as either a formula or instruction set that can be applied to new and unseen data. The machine learns and adapts as outcomes and new patterns are presented to it, and can be either supervised or unsupervised.

Supervised machine learning is a class of analytic methods that attempt to learn from identified records in data; this is often referred to as labeled data. To train a supervised model, you present it both fraudulent and nonfraudulent records, and the model then attempts to infer a function or instruction set that can predict whether fraud is present by applying it to new examples. Common supervised machine learning methods include logistic regression, neural networks, decision trees, gradient boosting machines, random forests of trees, support vector machines and many more.

Unsupervised machine learning is different. Since you don’t know what data is fraudulent, you want the model to create a function that describes the structure of the data. This way the model flags anything that doesn’t fit the model as an anomaly. To train an unsupervised model, you simply present it data and the model attempts to infer a function or instruction set that describes the underlying structure and dimensions of the data. This function or instruction set can then be applied to new and unseen data.

The challenge with unsupervised methods is that it’s often hard to assess the accuracy of the detection scheme until data has been worked and verified by hand. Common unsupervised machine learning methods include self-organizing maps, k-means, dbscan, kernel density estimates, one-class support vector machines, principal component analysis and many more.

And onto artificial intelligence

We’ve come a long way from statistical analysis to machine learning and artificial intelligence. And the momentum is gaining speed. Learn how SAS can help you battle fraud through proactive detection that's built on advanced analytics, machine learning and AI techniques.