The economy relies on secure and safe transactions. Maintaining a stable and efficient business depends on effective security. In particular, eliminating fraud is fundamental to the ongoing viability of many businesses, especially those buying and selling on the Internet. The question businesses are asking is, “how do we efficiently eliminate fraud in real-time?”
Traditional fraud prevention tools alone have failed to reduce fraud
In spite of the myriad companies espousing new fraud prevention techniques, fraud losses have consistently hovered around $0.06 per $100 for the last twenty years. Why? Because fraudsters adapt and evolve their techniques while the legacy technologies used to fight fraud are incapable of adapting to continuously changing behaviors. While these technologies provide some benefits, they also suffer from several important limitations in the face of today’s ever evolving fraud schemes:
1. Popular legacy approaches, including Business Rules, Data Mining and Neural Networks, all use historical fraud data to train models and write rules. Using only data from the past limits one’s ability to identify and stop new fraud schemes. As a result, models and rules are outdated as soon as they are implemented, requiring expensive tuning and model refreshes.
2. These approaches apply the same logic to every entity (card holder, device, merchant, etc.), although the spending behavior of each entity differs. In the case of business rules, gaining insight into individual spending behaviors would require an unimaginable set of rules. Neural Networks and Data Mining try to extract macroscopic behavioral patterns from historical data. Solely relying on these approaches results in low detection and high false positive rates.
3. Modern fraudsters are exploiting the proliferation of payment technologies and methods. Financial institutions’ inherent structural rigidity can often also be a fraudster’s best friend, as silo structures and delivery channels lead to stove-pipe, myopic anti-fraud strategies that fail to share intelligence across relevant channels. This is especially important in today’s connected world, where commerce occurs via a myriad of channels and devices.
The limitations of legacy technologies
Effective fraud prevention solutions must not rely exclusively on predefined rules or structured queries to anticipate every possible scenario. This is also true of programs based on Data Mining, Bayesian Networks, Neural Networks, object-oriented languages, etc. In the case of:
• Business Rules, you must predict these possibilities by writing all of the possible rules (obviously impossible).
• Data Mining, you must generate a decision tree that takes into account all possible cases (obviously impossible).
• Neural Networks, you need to have access and train your system with all the possible patterns (obviously impossible).
• Object-oriented languages, you must foresee, know and program all possible methods (obviously impossible).
Characteristics of an effective real-time fraud prevention solution
Effective real-time fraud prevention will require technologies characterized by several key features.
1. It should not rely exclusively on predefined rules, patterns learned from historical data, or structured queries that try to anticipate every possible scenario.
2. It should be data agnostic. The proliferation of payment types and methods requires technologies that are flexible and can manage data in any format (structured and unstructured) and volume.
3. It should prevent rather than detect. Solutions that do not provide real real-time capabilities (before authorization) are inefficient as they do not proactively prevent fraud losses from occurring.
4. It should profile behavior on a 1-to-1 basis. Every individual’s spending behavior is different. Effectively reducing fraud requires understanding this behavior at an individual level.
5. It should offer multiple layers of protection. To efficiently prevent fraud, a solution must provide protection at the following layers:
• Endpoint and Navigation, using advanced device ID and clickstream analytics.
• User and Account, for providing real-time cross-channel behavioral analysis (specific to each individual cardholder and merchant outlet).
• Merchant and Business, for analysis of the relationships among internal and external entities to detect organized or collusive criminal activities or misuse.
6. It should adaptively learn over time. Once individual behavior is characterized, the technology should continuously update these individual profiles to learn behavior over time.
Additionally, a comprehensive solution should be able to identify data breaches within hours of the first fraudulent transactions occurring. A solution must manage two real-time behavioral profiling engines: a card profiling engine (CPE) and a merchant profiling engine (MPE). The card profiling engine continuously updates the behavioral profiles to learn the behavioral characteristics unique to each cardholder. The CPE uses these profiles to evaluate every transaction in real-time and assign risk scores. These scores are passed to the MPE, where they are grouped across multiple dimensions (e.g. specific merchant, branch, location). Within and across each group, shared behavioral intelligence enables comprehensive profiling of all card behavior for every merchant. Once suspected merchant breach location(s) are identified, the MPE updates the behavioral profiles for all cards visiting these locations and raises the corresponding risk scores. This approach will enable the discovery of breaches faster (as soon as the first fraudulent transactions occur).
The benefits of Smart Agent technology
As mentioned earlier, Current A.I. and machine learning technologies suffer from various limits. Most importantly, they lack the capacity for:
Personalization: To successfully protect and serve customers, employees, and audiences we must know them by their unique and individual behavior over time and not by static, generic categorization.
Adaptability: Relying on models based only on historical data or expert rules are inefficient as new trends and behaviors arise daily.
Self-learning: An intelligent system should learn overtime from every activity associated to each specific entity.
To further illustrate the limits, we will use the challenges of two important business fields: network security and fraud prevention. Fraud and intrusion are perpetually changing and never remain static. Fraudsters and hackers are criminals who continuously adjust and adapt their techniques. Controlling fraud and intrusion within a network environment requires a dynamic and continuously evolving process. Therefore, a static set of rules or a machine learning model developed by learning from historical data have only short-term value.
In network security, we know every day dozens of new malware programs with ever more sophisticated methods of embedding and disguising themselves appear on the internet. In most cases after vulnerabilities are discovered, a patch is released to address the vulnerability. The problem is it is often easy for hackers to reverse engineer the patch and therefore another defect is found and exploited within hours of the release of the given patch. Many well-known malware (Conficker is an example) exploit vulnerabilities for which there is a known patch. They use the fact that, for a variety of reasons, the patch is not deployed on vulnerable systems, or is not deployed in a timely manner leaving open targets. The attack in the fall of 2009 against Google and several other companies originating in China, called Aurora, was an example of exploitable dangling pointers in a Microsoft browser, which had previously not been discovered.
Tools that autonomously detect new attacks against specific targets, networks or individual computers are needed. It must be able to change its parameters to thrive in new environments, learn from each individual activity, respond to various situations in different ways, and track and adapt to the specific situation/behavior of every entity of interest over time. This continuous, one-to-one behavioral analysis, provides real-time actionable insights. In addition to the self-learning capability, another key concept for the next generation of A.I. and ML systems is being reflective. Imagine a plumbing system that autonomously notifies the plumber when it finds water dripping out of a hole in a pipe and detects incipient leaks.
