Financial services: Real-time fraud countermeasures
From the simple to complex, fraud committed against financial institutions costs them and their customers billions of dollars per year. Here are some examples:
- Stolen credit card numbers are used to purchase a variety of expensive items in a short amount of time, before the owner notices the charges.
- Legitimate checks are duplicated using high-quality copiers and cashed using falsified identification.
- A member of a fraud ring hacks into a bank account after infecting consumers’ accounts with Trojan horses that let them steal log-in information. He liquidates stock in the brokerage account and transfers the funds into a new account set up by a partner. The partner removes the cash and divides it among members of the ring.
Fraud against financial institutions is a problem worldwide. In Australia, for example, fraud doubled in the last six months of 2009, according to KPMG’s Fraud Barometer, which monitors the incidence of large frauds coming before the criminal courts in Australia. Banks and financial institutions accounted for one-third of total fraud. In India, financial fraud doubled in 2009, with 87 percent of public and private sector organizations reporting losses, according to the “India Fraud Survey Report 2010.”
In the United States, the Federal Deposit Insurance Corporation (FDIC) issued an alert to financial institutions in August 2009 regarding fraudulent electronic fund transfer (EFT) transactions. The alert cautioned banks about the increase in losses due to compromised login credentials. One small bank in Pittsburgh failed after a single, large fraudulent transfer. A LexisNexis study estimated the value of fraudulent credit card losses to banks at about $10 billion. Losses due to check fraud by banks, businesses and individuals are estimated at $50 billion.
Detecting suspicious behavior
Although online fraud is not the sole origin of fraud, the proliferation of electronic transactions has opened new options for fraudsters. At the same time, having transactions available electronically also means they can be monitored the same way. Solutions from business intelligence (BI) vendors and specialized software programs are providing an important line of defense against fraud.
The Banco Agrario in Colombia provides banking services for rural customers and those involved with agriculture, livestock, fishery, forestry and agribusiness. It has more than 8.5 million customers and completes over 7 million transactions per month. The bank wanted to manage its risk and comply with regulations from the Superintendencia Financiera de Colombia, which is the national supervisory agency for Colombian financial institutions. Banco Agrario, therefore, was seeking a method for analyzing the transactions to detect behavior that might be indicative of fraud.
Rather than relying on a retrospective analysis, Banco Agrario wanted to use a predictive model for early detection of potential fraud. In January 2008, the bank selected IBM SPSS predictive analytics software. The IBM SPSS software was chosen after an evaluation process based on technical performance, vendor experience and professional services. The suite includesdata collection, modeling, analytics and reporting components.
The risk department of Banco Agrario is responsible for controlling risks set in the Basel II Accord, and one of the units within the department is specifically responsible for fraud. After obtaining training and consulting from outside the bank, personnel are now able to develop and maintain the models on their own.
Looking for outliers
The IBM SPSS software compares customer behavior to normal models and detects anomalies. Those divergent patterns are used to flag behavior that is consistent with fraudulent actions. Through the use of IBM SPSS predictive analytics, the bank has been able to quickly detect and block fraudulent operations. Its success in doing so produced a very quick ROI.
“We are very satisfied with the results obtained through the implementation of these tools,” says Eliecer Perdomo, VP of risk at Banco Agrario. In addition, the use of an analytic solution for fraud detection has produced a cultural change in the organization, with greater awareness of the importance of caution and controls.
In general, the detection of fraud through pattern analysis focuses on looking for outliers. “Inconsistencies in credit card charges is an example of how analytics can aid in fraud detection and prevention,” says Erick Brethenoux, predictive analytics strategist for IBM. “A customer can’t make legitimate transactions in five different physical locations simultaneously, so that’s a clear warning sign.”
Many consumers have had the experience of a credit card company putting a hold on their card if such inconsistencies arise. “Unusually large purchases for someone with a small income, or an unusually large number of small purchases are events that can easily be picked up by analytical tools,” Brethenoux says. Rules within the system trigger an alert that allows the bank to follow up quickly.
Detecting fraud in banking has much in common with detecting fraud in other spheres. “In healthcare, we also look at patterns, such as going to a large number of different doctors or filling prescriptions at multiple locations,” Brethenoux adds. Demographics, past behaviors and the nature of the transactions are all ingredients for such analyses.
Data mining, which searches for previously unknown relationships in the data, offers greater flexibility than systems based solely on rules. “Sometimes you don’t know the questions to ask,” Brethenoux says, “and it can take a long time to figure out what is relevant. With data mining, the analyses can highlight these relationships, and then a rule can be constructed to set off an alert.” Because the analyses are ongoing, organizations can keep up with a constantly changing set of fraudulent activities.
Organizations can make back their investment in a relatively short time. “Although the ROI varies widely,” says Brethenoux, “about 94 percent of our customers break even on the investment within a year, when all the resulting benefits are considered.” The change is most dramatic when the product is first deployed, and then tapers off, but clearly the advantages remain as part of a long-term risk management strategy.