Financial institutions have accelerated their digital transformation projects since the pandemic started. When customers were no longer able to visit branches or meet in person with a financial advisor, financial institutions had to find other means to continue to serve them.
Banks started to rapidly adopt and improve their automation tools to interact with their customers online, using technologies that enable chatbots, recommendation engines, mobile apps, robo-investing, contactless payment cards, digital verification for onboarding, robotic process automation (RPA) for loan, credit card, brokerage, and insurance applications, and more. For example, Ernst and Young (E&Y) has seen a 72% increase in the use of FinTech apps in Europe since the start of COVID-19.
As financial institutions scrambled to build these expanded digital services, cybercriminals quickly identified and exploited any weakness in the infrastructure that provides the backbone for these technologies. Financial institutions have always been a coveted target for fraudsters, as they house a wealth of sensitive personal and financial information and present an opportunity to dishonestly siphon money into their accounts. Add in pandemic relief funds, increased unemployment benefits, and stimulus payments, and fraudsters viewed this as a buffet to feast on. As Willie Sutton so famously (supposedly) replied when asked why he robbed banks, "Because that's where the money is."
And the fraudsters did feast at the buffet. Credit card fraud, which historically has been one of the fastest-growing types of fraud, continued that trend, increasing from 45,131 reports in Q1 2019 to 93,408 in Q4 2020. And COVID-19 accelerated other types of fraud. For example, according to the Federal Trade Commission (see graph below), government documents and benefits fraud increased in 2020 from 5,921 reports in Q1 to an alarming 235,849 reports in Q4—becoming the most common type of fraud.
A recent report found that every dollar lost to fraud costs financial service companies as much as $3.78 — an increase from $3.25 in 2019. But fraud’s impact goes beyond pure dollars. It drains company resources to investigate and prosecute fraud, damages reputations, and puts customer retention at risk. For these reasons alone, systems and processes must be in place to combat fraud.
Many financial institutions still depend on rule-based systems created decades ago to mitigate fraud risk. These systems can consist of thousands of predefined rules that store, sort, and manipulate data to find fraud patterns. For example, a rule could say, if there is a credit card transaction in one state and another transaction in a different state within a 30-minute time frame, then this is likely a fraudulent transaction and therefore it declines the transaction.
However, rule-based systems are static, hard-coded, and time-consuming to update, and are often one step behind the sophisticated techniques fraudsters use. When fraud occurs, the typical response is to create another rule that prevents another attack, but it’s often too late. Fraudsters continue to find new ways to commit fraud that rules don’t capture.
Financial institutions are increasingly moving away from rule-based systems and adopting AI and machine learning-based systems that are more flexible. Since these systems can be self-learning and there is so much more data available, they can be much more effective when fueled with more information. Rather than using tens of data attributes with rule-based systems, AI and machine learning-based systems can analyze hundreds of data attributes over enormous data sets and longer time frames to automatically detect with higher accuracy unusual behaviors that indicate fraud. Barclays is an example of a bank that has implemented AI systems to detect and mitigate fraud, while improving the customer experience by reducing false positives and false negatives.
The more advanced financial service organizations are moving into neural networks and deep learning-based systems, which are modeled on how a human brain works. These systems can process up to 10 million data attributes in real time. PayPal, which is a leader in fraud detection innovation, has incorporated neural networks into its fraud detection systems.
The road for AI and machine learning-based systems is headed toward explainable AI (XAI), an emerging field in machine learning that addresses how AI systems arrive at their black-box decisions. Financial institutions know the inputs and outputs of these systems, but they lack visibility into how they reached the results.
By building XAI into AI systems, banks can understand how decisions are made and create better models to improve their systems by removing bias. For example, suppose a fraud system declines a legitimate customer’s credit card transaction. In that case, the financial institution needs to understand why there was a false positive so it can further refine its model.
Another advantage of XAI is around data privacy. Under the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)—and with other data privacy laws coming—financial institutions need to comply with specific mandates. For example, they must be able to explain how they use a customer’s personal information and how they made a decision such as declining a credit card transaction. By overlaying XAI on top of their AI systems, they can now gain greater visibility into how their AI/ML systems are making decisions.
Building a Fraud System Architecture
Financial institutions should look to understand and pursue best practices when building their AI-based fraud systems to emulate some of the industry’s more innovative organizations. They should work not only with their technology organization but also with their line of business managers to understand how fraud is impacting their business, what their greatest vulnerabilities are, what’s needed to improve customer satisfaction, and how they can incorporate customer fraud/risk metrics into their customer analytics to improve their omnichannel marketing campaigns. Marketers should know that the customer data collected and analyzed by their fraud teams are some of the most robust depositories of customer information.
Financial service firms should consider a number of steps when looking to build a world-class system. First, the fraud system needs to likely consume hundreds of terabytes of data, perhaps even petabytes for the largest firms. They must continuously update the data in real time from many sources such as internal customer and transaction data from storefronts, web pages, and mobile devices, as well as third-party demographic, behavioral, geo-location, identity management, credit bureau, and other data types. This data often needs to be prepared, e.g., cleansed, standardized, and normalized, to convert it into a form that AI/ML models can more easily digest and understand.
Once prepared, the data needs to move back to the central data platform to be further enriched. Here, financial institutions can fine-tune the model parameters, test and select the optimal machine learning algorithms, feed them with data to learn the underlying patterns, and validate the model’s accuracy to make good decisions using data that was not part of the training set. After they complete these steps and have satisfied themselves, financial institutions can then deploy the model into production to act in the microsecond moments that matter to fight fraud.
In summary, as technology continues to evolve, all organizations should strive to implement a best-in-class fraud solution to combat the increasingly sophisticated fraudsters. This requires the implementation of three key technology elements: 1) large data sets (TBytes, PBytes) consisting of both internal company data supplemented with third-party data; 2) highly optimized and validated AI/ML algorithms to detect fraud while minimizing false positives and false negatives; and 3) a real-time data platform capable of running these AI/ML algorithms across enormous data sets in sub-millisecond response times to provide customers with the fast customer experience that they expect.
Stuart Tarmy is the Global Director of Financial Services Industry Solutions at Aerospike, a next-generation, real-time NoSQL data solutions provider. He has over 25 years of experience as a general manager and head of sales, marketing, and product management for leading global financial service technology, e-commerce, payments, AI/ML, data management, and predictive analytics companies. He has held executive roles with Fiserv, MasterCard, Bankers Trust, and McKinsey & Company.