Blog article
See all stories »

Five step fitness for fraud monitoring in 2013

Now, it may seem flippant of me to claim you can distil the ‘perfect’ fraud system down to five steps, but I’ve given it a go nonetheless by listing the five things that are going to be top of my list when speaking with clients about bringing their fraud monitoring system up-to-speed for 2013.


1)    Beware attacking zombies

Know Your Customer (KYC) and Enhanced Due Diligence are key factors in reducing fraud. This means verifying all customers’ identities, and if you’re unable to do so automatically, treat them as high risk until they are able to prove their credentials to you.

KYC is not just proving an identity exists, but also proving the person you’re dealing with is the true owner of the identity – it is dangerous to assume someone in possession of personal details is that person. Generally speaking, real people providing real identities don’t tend to commit fraud, as they know they can be traced; non-existent, or ‘zombie’ customers using stolen or synthetic identities will happily churn through as many of these as they like while they try to defraud you.


2)    Enrich, enrich, enrich

If you can obtain additional data on a customer or transaction (even from within your organisation), then do so. Enriching the data in this way gives you a clearer view of what’s going on, and strengthens profiling and segmentation. Such enrichment data may include device fingerprints, geocoding of customer addresses, demographic data or contact information - even social media and news feeds can hold real value in some scenarios.


3)    Look at EVERYTHING!

If you have data on a customer or transaction, no matter how insignificant you may feel it is, statistically validate it with your counter fraud systems; anomalies can hide anywhere. Spotting the one variable from a billion that looks out of place can potentially create cost efficiencies that save huge amounts of money.

High-Performance Analytics enables you to analyse billions of rows of data in seconds. This may have taken days or weeks to perform just a few years ago but real-time solutions are no longer prohibitively expensive. Real-time analysis paves the way for innovative systems to be applied at point-of-acquisition, enabling you to fast-track more good customers and weed out the undesirable ones before they even get through the door.


4)    ‘Unlike’ the social network

It may have been the ‘trendy’ topic five years ago, but it’s still valid today; Social Network Analysis (or Network Analysis as I prefer to call it) is as important as ever. Understanding the entities in your system, how they connect and interact is fundamental to spotting certain types of fraud.

If network analysis is not currently being used during customer acquisition for an immediate decision then it needs to be. It’s not just about matching names, addresses or contact details to each other; it’s also about the ‘inferable behaviour’ links. Seemingly unconnected individuals may be exhibiting exactly the same behaviours, and if they are you can create an inferable behaviour link. This is a great technique for detecting both fraud and money laundering and should be at the top of the fraud manager’s to-do list.


5)    Visual Analytics
Understanding the bigger picture of what’s going on in your organisation is critical to understanding where the risks may be, and unless you’re Neo seeing the Matrix, trillions of binary digits won’t make a lot of sense to you.

Visualisation of data is not just about producing dashboards or metrics; visualisation assesses how systems are performing in real-time. This includes an up-to-the minute view of your risk exposure, actual losses and any patterns of fraudulent behaviour. Most importantly it empowers analysts to visually examine correlations between terabytes of data in seconds.

Your analysts understand your business and the fraud risks associated with it better than anyone else, so empower them with visualisation tools that identify previously unseen patterns and anomalies in the data.



There are, of course, many layers to a powerful and successful fraud monitoring system, but the above is really a call to action for fraud managers. Can you honestly say that you are following these five tips? If not they are the best starting point for whipping your fraud monitoring system into shape in 2013.


Comments: (6)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 12 February, 2013, 17:57Be the first to give this comment the thumbs up 0 likes

From anecdotal evidence about and personal experience with overzealous fraud detection and prevention systems, let me add "minimization - if not elimination - of false positives" as another ingredient of a great FD&P system. Above all, the system and its practitioners shouldn't forget that any business has to take calculated risks and exists only to enable, not block, transactions. 

A Finextra member
A Finextra member 15 February, 2013, 13:49Be the first to give this comment the thumbs up 0 likes

Agreed - sadly I fear elimination of false positives is probably a step beyond that which is achievable though!

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 15 February, 2013, 14:38Be the first to give this comment the thumbs up 0 likes

Agreed but when they're combined with 2-way SMS Alerts of the type I'd described in this Finextra post, FD&P systems can go a long way from their present approach, which is largely to "throw the baby out with the bath water". I also think that half the challenge with lowering false-positives arises out of poor problem definitionL Even in this day and age of online shopping, we keep hearing flawed examples of fraud like "John Doe was in City A, his card was charged in City B". Isn't it high time that all concerned stakeholders came to terms with how Card-Not-Present transactions work? 

A Finextra member
A Finextra member 15 February, 2013, 16:55Be the first to give this comment the thumbs up 0 likes

Nice article, and in one sense, yes this may prevent CNP fraud if universally adopted (I wrote something similar about the use of out-of-band two-factor previously - However, the flaw comes in that the customer has to have their phone with them, sufficient credit/signal to respond and also only if the phone has not also been compromised/stolen. Accepting a phone as a strong IDV method could be dangerous, but is certainly better than nothing at all! Then there's the technical aspects, such as how long can you resonably 'hold' a transaction for before authorising/rejecting...

Either way, you raise some valid points and there's certainly plenty of food for thought!

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 15 February, 2013, 18:15Be the first to give this comment the thumbs up 0 likes

Most buildings are designed to withstand either an earthquake or a hurricane but not both at the same time. Likewise, I'd think that an FD&P system designed for either the card being compromised or the phone getting lost but not both at the same time, is good enough! I agree that there are risks around using a mobile phone in this context. But in this day and age of using mobile phones for actually making payments, I guess most cardholders will feel safe enough about using them for responding to fraud alerts. 2-way SMS Alerts can be generated only after the transaction is authorized - so there are really no technical issues around holding the transaction. When I'd written "block a fraudulent transaction" in my post, I meant that the transaction will not be settled even though it has been authorized. But, that's a matter of detail since it makes no difference to a cardholder who has effectively been insulated from a fraudulent transaction.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 17 February, 2013, 17:58Be the first to give this comment the thumbs up 0 likes

Just stumbled on to Finsphere, a company that recognizes that minimizing false-positives is key for cardholders and provides a solution for doing so. (Full Disclosure: I have no personal or professional affiliation with Finsphere) 

Now hiring