25 October 2014

44975

Retired Member

699 | posts 2,182,185 | views 831 | comments

Five step fitness for fraud monitoring in 2013

08 February 2013  |  2730 views  |  4

Now, it may seem flippant of me to claim you can distil the ‘perfect’ fraud system down to five steps, but I’ve given it a go nonetheless by listing the five things that are going to be top of my list when speaking with clients about bringing their fraud monitoring system up-to-speed for 2013.

 

1)    Beware attacking zombies

Know Your Customer (KYC) and Enhanced Due Diligence are key factors in reducing fraud. This means verifying all customers’ identities, and if you’re unable to do so automatically, treat them as high risk until they are able to prove their credentials to you.

KYC is not just proving an identity exists, but also proving the person you’re dealing with is the true owner of the identity – it is dangerous to assume someone in possession of personal details is that person. Generally speaking, real people providing real identities don’t tend to commit fraud, as they know they can be traced; non-existent, or ‘zombie’ customers using stolen or synthetic identities will happily churn through as many of these as they like while they try to defraud you.

 

2)    Enrich, enrich, enrich

If you can obtain additional data on a customer or transaction (even from within your organisation), then do so. Enriching the data in this way gives you a clearer view of what’s going on, and strengthens profiling and segmentation. Such enrichment data may include device fingerprints, geocoding of customer addresses, demographic data or contact information - even social media and news feeds can hold real value in some scenarios.

 

3)    Look at EVERYTHING!

If you have data on a customer or transaction, no matter how insignificant you may feel it is, statistically validate it with your counter fraud systems; anomalies can hide anywhere. Spotting the one variable from a billion that looks out of place can potentially create cost efficiencies that save huge amounts of money.

High-Performance Analytics enables you to analyse billions of rows of data in seconds. This may have taken days or weeks to perform just a few years ago but real-time solutions are no longer prohibitively expensive. Real-time analysis paves the way for innovative systems to be applied at point-of-acquisition, enabling you to fast-track more good customers and weed out the undesirable ones before they even get through the door.

 

4)    ‘Unlike’ the social network

It may have been the ‘trendy’ topic five years ago, but it’s still valid today; Social Network Analysis (or Network Analysis as I prefer to call it) is as important as ever. Understanding the entities in your system, how they connect and interact is fundamental to spotting certain types of fraud.

If network analysis is not currently being used during customer acquisition for an immediate decision then it needs to be. It’s not just about matching names, addresses or contact details to each other; it’s also about the ‘inferable behaviour’ links. Seemingly unconnected individuals may be exhibiting exactly the same behaviours, and if they are you can create an inferable behaviour link. This is a great technique for detecting both fraud and money laundering and should be at the top of the fraud manager’s to-do list.

 

5)    Visual Analytics
Understanding the bigger picture of what’s going on in your organisation is critical to understanding where the risks may be, and unless you’re Neo seeing the Matrix, trillions of binary digits won’t make a lot of sense to you.

Visualisation of data is not just about producing dashboards or metrics; visualisation assesses how systems are performing in real-time. This includes an up-to-the minute view of your risk exposure, actual losses and any patterns of fraudulent behaviour. Most importantly it empowers analysts to visually examine correlations between terabytes of data in seconds.

Your analysts understand your business and the fraud risks associated with it better than anyone else, so empower them with visualisation tools that identify previously unseen patterns and anomalies in the data.

 ---

 

There are, of course, many layers to a powerful and successful fraud monitoring system, but the above is really a call to action for fraud managers. Can you honestly say that you are following these five tips? If not they are the best starting point for whipping your fraud monitoring system into shape in 2013.

TagsSecurityRetail banking

Comments: (6)

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 12 February, 2013, 17:57

From anecdotal evidence about and personal experience with overzealous fraud detection and prevention systems, let me add "minimization - if not elimination - of false positives" as another ingredient of a great FD&P system. Above all, the system and its practitioners shouldn't forget that any business has to take calculated risks and exists only to enable, not block, transactions. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member | 15 February, 2013, 13:49

Agreed - sadly I fear elimination of false positives is probably a step beyond that which is achievable though!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 15 February, 2013, 14:38

Agreed but when they're combined with 2-way SMS Alerts of the type I'd described in this Finextra post, FD&P systems can go a long way from their present approach, which is largely to "throw the baby out with the bath water". I also think that half the challenge with lowering false-positives arises out of poor problem definitionL Even in this day and age of online shopping, we keep hearing flawed examples of fraud like "John Doe was in City A, his card was charged in City B". Isn't it high time that all concerned stakeholders came to terms with how Card-Not-Present transactions work? 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member | 15 February, 2013, 16:55

Nice article, and in one sense, yes this may prevent CNP fraud if universally adopted (I wrote something similar about the use of out-of-band two-factor previously - http://www.finextra.com/Community/Fullblog.aspx?blogid=7032). However, the flaw comes in that the customer has to have their phone with them, sufficient credit/signal to respond and also only if the phone has not also been compromised/stolen. Accepting a phone as a strong IDV method could be dangerous, but is certainly better than nothing at all! Then there's the technical aspects, such as how long can you resonably 'hold' a transaction for before authorising/rejecting...

Either way, you raise some valid points and there's certainly plenty of food for thought!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 15 February, 2013, 18:15

Most buildings are designed to withstand either an earthquake or a hurricane but not both at the same time. Likewise, I'd think that an FD&P system designed for either the card being compromised or the phone getting lost but not both at the same time, is good enough! I agree that there are risks around using a mobile phone in this context. But in this day and age of using mobile phones for actually making payments, I guess most cardholders will feel safe enough about using them for responding to fraud alerts. 2-way SMS Alerts can be generated only after the transaction is authorized - so there are really no technical issues around holding the transaction. When I'd written "block a fraudulent transaction" in my post, I meant that the transaction will not be settled even though it has been authorized. But, that's a matter of detail since it makes no difference to a cardholder who has effectively been insulated from a fraudulent transaction.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 17 February, 2013, 17:58

Just stumbled on to Finsphere, a company that recognizes that minimizing false-positives is key for cardholders and provides a solution for doing so. (Full Disclosure: I have no personal or professional affiliation with Finsphere) 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

7-day account switch: customer empowerment or indifference

18 June 2014  |  1840 views  |  1  |  Recommends 0 TagsRisk & regulationRetail banking

On Reinventing Money.

03 June 2014  |  1237 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Operational Lessons for New Boutique Asset Managers

27 May 2014  |  624 views  |  0  |  Recommends 0 TagsRisk & regulation

Trading System Failures Cannot Be Our Norm

21 May 2014  |  1480 views  |  0  |  Recommends 0 TagsRisk & regulationInnovation

Around the Clock Tweeting

15 May 2014  |  1950 views  |  0  |  Recommends 0 TagsMobile & onlineRetail banking
name

Retired Member

job title

company name

member since

2014

location

Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who is commenting on Retired's posts

Rasvan Stanescu
Sian Bentley
Tony Wenzel
Jorge Yui
Ketharaman Swaminathan
Mark Pavan
Vishal Chaturvedi
Matt Scott
Geoffrey Barraclough
Thad Peterson
Marinka Ryan
Alexander Peschkoff