The perpetrators of fraud change tactics faster than conventional methods of detection can track. Predictive analytics, authentication and rules engines will help detect and fight crime before the losses mount.
You've seen the headlines--$3 billion in credit-card fraud anticipated in 2006. Fraud amounts to 10 percent of U.S. health-care expenditures. Up to 10 million people are victims of identity fraud each year. Fraud costs insurers about $30 billion annually. It sometimes seems as if financial services firms spend as much time trying to fight fraud as they do providing service to their legitimate customers.
The transaction-monitoring technologies used to fight fraud in financial services are well-established. (Chances are you've received more than one call or contact from your credit-card company in the past few years on transactions that raised red flags.) However, technology has had to continually adapt to keep up with changing fraud patterns.
Conventional data-matching (names or addresses against "negative file" databases of chargebacks or known fraudulent activity, street address verification with USPS address databases, and so on) has expanded to include measures needed in the online purchasing world such as comparing the geolocation of the IP address from which a person placed an online order to the cardholder's address. Predictive modeling systems continually modify the parameters of what typical fraud cases look like in order to pattern-match incoming transactions. And data mining combined with link-analysis visualization tools help financial institutions connect the dots across individual transactions to detect wider fraud rings.
But the biggest change for financial services firms in recent years has been the speed at which fraud perpetrators change their behavior. Mike Hamlin, product manager at payment processor eFunds, illustrates this with the example of detecting a pattern of fraudulent transactions originating from a particular foreign country. In the past when those transactions were blocked, it would take fraud operators days to re-establish operations elsewhere. "Now when we block [those transactions], the same type of activity happens just a few hours later from another country," he says.
The challenge for banks is to create a rolling, real-time picture of who an account holder is and combine new transaction data with that picture as well as known fraud patterns to make a quick decision. "The sooner you discover fraud, the smaller the loss," says Rubina Johannes, research analyst at Javelin Strategy & Research.
eFunds, which markets its own set of fraud and risk management tools, needs to use antifraud technology for the payment processing services it provides banks and other credit-card issuers. In 2005, eFunds deployed Fair Isaac's Falcon Fraud Manager 5.1 in its processing data centers in part to address the limitations of an offline, batch-processing analytical system it had previously used.
Falcon's key components are a Java-based predictive modeling engine based on a proprietary neural network and a Web-based workstation that card issuers use to create and maintain rules and change rule parameters. The network analyzes incoming transactions against typical and expected activity for individual cardholders, assigning each transaction a fraud probability score from 1 (low) to 999 (high). A training period is needed to set up any new card issuer that eFund services in order to build up a profile of cardholder activity, a process which Hamlin says typically requires about a week's worth of transactions.
Depending upon the fraud score and the rules established by a card issuer, a transaction might be blocked automatically, but most are referred to case management. Hamlin says that for larger banks with their own case management staff, the company turns these referrals over to them. The majority of banks, however, rely on eFunds to contact cardholders when suspected fraud occurs. The system prioritizes cases so that higher scores move to the front of the line.
By operating in an online mode rather than batch mode, the Falcon system has enabled eFunds to detect more fraud, which the company measures in terms of a 30 percent increase in "deposits protected"--the amount of cardholder money at risk when fraud goes undetected.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.