Stolen and cloned payment cards already cost the financial industry on the order of $2 billion per year, and the bad guys are getting smarter.

That's why HSBC, the global bank and financial services firm, recently hired data analysis software company SAS to improve its ability to quickly identify payment card fraud. Currently HSBC relies on a variety of fraud detection systems that vary by region and market. George Lennox, senior manager of group credit and risk at London-based HSBC, says these disparate systems don't provide the level of protection that a global system could provide. "We believe in common systems, and we want a fraud detection system that's truly universal."

SAS has been working with HSBC to design software that the company can deploy as a global standard. The software will monitor the appropriate data sources for any given region, score the likelihood an event is fraudulent and trigger actions appropriate for the institution. SAS plans to make this technology available to other clients in the financial services field. The new system will raise the level of defense over conventional fraud detection solutions partly by relying on more data sources. "Today, most fraud management platforms just look at transactions," says Lennox. "We plan to look at the bank relationship, bank balances and customer activity beyond simple point-of-sale transactions."

For example, if the system looks at only a narrow slice of data, a cardholder on vacation buying a handmade rug could trigger an alarm, thereby displeasing the customer.

The new software will be smart enough to know such a purchase isn't likely fraud. "On the other hand," Lennox says, "the purchase of 600 liters of diesel fuel in the Czech Republic might raise a red flag." Stolen cards in Europe often end up in the hands of truck drivers, something the new system will know.

A chief problem with fraud detection today is that the statistical models used aren't dynamic enough. Statisticians can build models that sift through enormous amounts of data to detect anomalies, but static models will often flag the wrong anomalies and miss the criminal activity. This is why SAS worked with HSBC fraud managers to build models that are constantly updated with feedback from proven fraud cases—in other words, by creating a closed-loop system.

HSBC expects the software development work to be completed in the spring of 2006. Implementation and testing will push deployment into the summer, but it won't go global immediately. Lennox explains that HSBC, like many banks, relies on third-party service providers in various locations around the world to police payment card transactions. "Our goal is to stop relying on third parties and to have a global system in place by 2008."

In addition, HSBC is pushing for a consortium with other financial institutions to stop payment card fraud. "Of course, we're normally in competition with other banks," Lennox explains, "but to the extent that we can cooperate to fight fraud, we would like to do that."