Five trends in fraud solutions
How leading financial firms are stepping up the game to protect data, customers, reputations and compliance
By Stu Bradley, Senior Business Director, SAS Security Intelligence Practice, and
David Stewart, Business Director, SAS Security Intelligence Practice
In spite of massive investments in cybersecurity technology, the average time to detect an intrusion is still typically measured in days or months, not minutes. After-the-fact analysis of questionable transactions might stop next week’s similar fraud, but what about today’s new tactics?
With the constantly changing variants of cyber attacks, financial firms can no longer simply rely on the known attack vectors profiled in existing perimeter or endpoint fraud solutions. Furthermore, most existing fraud solutions do not enrich the information with multiple data sources or provide the depth of analytics to make a difference. These systems tend to look at a narrow area of security risk but cannot scale to an enterprise perspective or use Big Data to detect and mitigate risks.
Against a backdrop of rising threats from fraudsters and high expectations from customers and regulators, five trends are reshaping the defense and giving financial institutions more power and protection than ever.
With a greater breadth and depth of data – plus the high-performance computing capabilities to crunch it – you can fully understand the behavior of an entity across the enterprise, or even across multiple organizations where information sharing exists.
1. High-performance computing redefines the possible.
With conventional IT platforms, it was impractical to analyze all relevant data in full context to uncover potential fraud – unless you could wait hours or days for results. Today’s high-performance analytics can rapidly analyze massive amounts of data using technologies such as grid computing, in-database analytics and in-memory analytics.
For example, using in-memory analytics, simulations that once took hours now take seconds. Fraud analysts can now rapidly test multiple methods to determine which models work best. Speedier model development/testing means better models get deployed sooner, giving institutions more agile response to the flash fraud and zero-day threats that can manifest in online channels.
Hadoop brings high-performance data storage and processing to the fraud-fighting arsenal, operating on large clusters of commodity hardware. Hadoop makes it fast and affordable to support analytics processes that can find anomalies in millions of records.
Analytical insights can be delivered to visual interfaces and automated workflow systems. Imagine arming your investigative team with visualizations that clarify where to look, along with supporting detail about threats as they are developing, rather than days or weeks later.
2. Hybrid analytical techniques deliver richer insights.
By combining analytical approaches, you can detect and prevent more fraud with fewer false positives, protecting the firm while preserving the quality of the customer experience. For example:
- Hybrid models can use your firm’s data at the core, consolidating data both internally and externally with a consortium model to create an even more predictive model.
- SAS’ unique “signatures” approach captures nuances about how the user interacts with the system to detect variances that could indicate identity theft or malware.
- Neural network models use machine learning to interactively learn from the data without human intervention, so the algorithms become smarter and more accurate with every iteration.
3. Behavioral analytics transcend rules-based systems.
Fraudsters can easily out-maneuver rules-based systems, so it’s essential to have adaptive analytics that can detect unknown risks and new ways of trying to break the bank.
A behavioral analytics approach captures behavioral patterns from every source and evaluates that information every time a transaction is scored. This process builds a deep profile of the historical norm for an account, card holder, customer, merchant, POS terminal, device, web session, etc. The more profiles available, the richer the understanding of whether a payment transaction or new product application is legitimate.
The end goal for behavioral analytics will be to identify potentially fraudulent behavior before a payment is made or a customer’s account is compromised.
4. Investigative workflow becomes more efficient.
Firms need to become more efficient in detecting, triaging and building investigations on suspicious activity. Four important must-haves make this possible. The ideal fraud solution would:
- Stage the data so transactions can be bridged to associated accounts and those accounts to parties – and if applicable, to households, corporate parents or other networked entities.
- Aggregate work items for a subject, rather than require analysts to review separate work items. This reduces the number of widgets to be worked and gives analysts a more complete view of subject behavior.
- Present the most meaningful information. Why are there events on this subject? Who are the players in these transactions? What is normal for them? Does this merit further investigation?
- Automatically assemble alerts from multiple monitoring systems, prioritize higher-risk activities and auto-assign alerts to investigators based on the firm’s unique rules and requirements.
A well-designed fraud solution will reduce queries to source systems, increase efficiency and provide governance through automated workflow for dual controls for investigation and filing of regulatory reports.
5. Financial institutions become crime-fighting partners.
Banks haven’t gotten enough credit for the significant role they can play in working with law enforcement to help prevent, investigate and prosecute criminal activity. Leading institutions are building out this capability to be crime-fighting partners. They are establishing proactive intelligence units that scour negative news events, referrals, case data, social media, consortium data and cyber events to detect previously unknown risks. They are deploying in-memory data architectures that enable sophisticated analyses such as global search, text mining, visualization, and network analysis to piece together clues from masses of disparate data. When attacks occur, or when helping law enforcement work critical events, firms now have the tools to provide immediate answers.
What does the future hold?
If present trends continue, the art, science and technology of fraud solutions will improve in several ways:
- Stronger authentication. Given the millennial generation’s demand for convenience and frictionless commerce, the biggest challenge will be authenticating users without impeding the customer journey. Innovative fraud operations will find ways to tighten controls without inconveniencing users, perhaps through some combination of biometrics, near field communications and analytics.
- More data for richer profiles. Models and signatures will incorporate more data, such as from biometrics, consortia, interface devices, digital voice recordings and other novel sources. Information sharing among merchants and institutions will become more prevalent and efficient. We will continue to see convergence of cyber data with behavioral profiles for enhanced fraud detection.
- High-performance fraud solutions. Real-time prevention will be faster and scale to higher transaction throughput. More firms will implement fraud solutions that can correlate billions of daily transactions and enrich that data with business context and threat insights across the enterprise. In so doing, they will create smarter data that can be analyzed in many different combinations and peer groups – across products and organizational entities – to find anomalous behavior that could look innocuous in local context.
The end game is to have a continuous picture of active security risks in real time, intelligently prioritized for further triage and investigation. That should look good to any firm that wants to avoid making headlines for a high-profile breach.