Why fraud detection needs a reboot -TEISS® : Cracking Cyber Security
Saryu Nayyar, CEO and founder, Gurucul, outlines what can be done to win the battle against fraudsters.
Fraud occurs every day across a variety of industries, causing trillions in losses each year. While financial services and banking are among the hardest-hit industries, other frequent targets include retail, health care, information technology, government/public administration and utilities.
In some segments, fraud has reached the highest levels on record, affecting more organisations than ever. The pervasiveness of the problem was revealed in a recent survey by PwC. 49 percent of the businesses contacted by PwC for its 2018 Global Economic Crime and Fraud Survey reported they had experienced fraud and economic crime over a two-year period.
But what about the other 51% of organisations? Did they avoid falling victim to fraud or simply didn’t know about it? The survey noted that fraudsters hide in the shadows, exploiting organisations’ lack of visibility into their presence and activities.
Fraud is getting harder to detect
Legacy fraud management platforms have limitations that result in too many false positive alerts to investigate, a condition that enables malicious activities to go undetected. Typically, these platforms produce evidence of activity after fraud has taken place, which is a classic example of too little, too late.
A major shortcoming of these platforms is that data fed into their analytics engines are siloed and lack context, which prevents IT from making an accurate assessment of risk.
For example, suppose an enterprise is trying to find out if its accounts payable department is making fraudulent payments. If the company focuses exclusively on its payments data sets to detect suspicious or anomalous transactions, it will miss the opportunity to dig into the behaviour of the people authorized to make payments.
By analysing behaviour, the company can determine whether an insider or hacker (who has stolen an employee’s credentials) has created a fake account or accounts to which they are sending payments.
Another shortcoming of legacy platforms is their reliance on rules to make a judgment on the legitimacy of transactions. The big problem is that rules are established manually before any activity is assessed.
Consider this use case which illustrates the limitations of rule sets: A fund manager for a wealth management company exploits the rule about investing a maximum of £100,000 daily in high-risk stocks. An individual can skirt the rule and avoid detection by investing £99,000 each day. Though this isn’t necessarily a fraudulent activity, it’s still risky activity that management would want to know about. A rules-based system will not detect the activity.
Another shortcoming of these platforms is they fail to correlate activities from different channels. A good example of failure occurs in banking. Transactions take place on mobile devices, the web, a credit card, a debit card, ATMs and via face-to-face interactions at local branches. A hacker can create fraudulent accounts and transactions on one system that will not be correlated with activities or behaviours on other systems because the fraud platform is unable to link data that resides in incompatible file systems and formats.
Also of interest: How are cyber criminals collaborating?
Data analytics and fraud prevention
Recent advances in a range of technologies from big data to machine learning have coalesced to build new approaches to fraud analytics. These can detect anomalous and outlying behaviours and activities in real time and provide accurate risk assessments so that mitigations can be triggered quickly.
Here are several elements that are required to implement machine learning-based fraud detection at your company:
Big data store: The first thing you need is an architecture that can scale to millions, even billions of data points over time. A big data system should support large and varied data sets (both structured and unstructured) and enable your data analytics to uncover information, including hidden patterns, unknown correlations and trends.
Data sources: Your processing engine should be able to ingest data from all available sources, including online and offline, regardless of its format. More data sources will result in better correlations and insights.
Data linkage: The data must be normalised in some way so it can be linked to a specific identity. That identity could be a cashier, a customer service representative, a customer and so on. Likewise, the identity could be an entity, such as a point-of-sale device or a desktop computer. Linkage is essential to the creation of a baseline of behaviour for each identity so that new activities can be compared to the baseline to look for anomalies.
A machine learning model: Once you have a big data store, data sources and data linkage established, you need to set up artificial intelligence (AI) and machine learning models that can automatically analyse data feeds, establish baselines and risk score activity without being programmed. This process of learning uses sophisticated algorithms to look for patterns in data, adjust risk scores and make better decisions in the future based on data collected and analysed.
Criminals and hackers are already using advanced technologies, including AI, to harvest information and perform fraud at machine-level speed. To keep pace with attackers, organisations need to consider enhancing legacy rules-based fraud detection with new approaches that use data science to process multidimensional sources of information in ways humans cannot.