Share this post:
What do you get when you combine rapid innovation in financial services with unprecedented data breaches? A fundamentally safer ecosystem, or a golden age for criminals?
Let’s take a look.
There is unprecedented transformation in the payments ecosystem, with Fintechs disintermediating banks, PSD2 opening APIs, firms creating new financial products with more convenience and speed, and each department scrambling to onboard new customers earlier. All of this is great for firms and consumers.
Unfortunately, the old fraud and money laundering controls can’t always adapt to new payments types, speeds and channels. For instance, many legacy credit card fraud solutions struggle to handle card-not-present fraud now that chip cards have been introduced in the U.S. Many ACH fraud solutions don’t handle real-time RTP and Zelle payments.
At the same time, the bad guys are aggressively innovating to take advantage of the blind spots. With the wave of data thefts, there’s a flood of cheap raw material on the black market with which to create synthetic identities and take over accounts. When the person logging into the web or dialing the call center has all the credentials to be you – and cleverly distributes activity across different interaction channels and payment types – no single legacy system sees anything out of the ordinary.
For example, if someone signs on to a bank account at 3 am, it might not be normal behavior for that individual, but it’s probably insufficient to determine fraud. Perhaps a new device is being used. That, too, can be normal. However, if the person initiates a large international wire transfer from an unusual device following an unusual login at an unusual time, the combination would obviously be risky. While this is an extreme example, the point is that understanding all customer behavior is the best way to protect against threats.
To top it all off, the bad guys have technology, too. And they create software platforms that allow them to systematically test new schemes to see what works and then scale up attacks quickly.
So what are financial institutions to do? The answer isn’t as simple as saying “artificial intelligence.” After all, AI has been used in the fraud domain for 30 years. It used to be that standard fraud-detection models were focused on a particular payment type (e.g. credit cards) or a particular channel (e.g. online) and were rebuilt every year or so on historical data at a remote vendor site, on the vendor’s schedule. Today, modern data science techniques can be used to do it faster, but the model building process is still slow and constrained by several factors including (1) the ability to combine data across different payment types and interaction channels, and (2) the speed and ease with which fraud experts can create and test new features and evaluate the fraud protection vs. false positives.
The opportunity is in more rapidly identifying emerging threats and deploying countermeasures, and in looking at behavior across all channels in real time to ensure a complete understanding of each customer’s behavior.
IBM is doing some interesting things in this area. IBM Safer Payments applies augmented intelligence not just to find fraud, but also to suggest the best analytics to human experts, allowing them to rapidly evaluate and adapt to new threats on the operations floor. The system helps people evaluate among the millions of permutations of raw data, derived statistics, rules, models and thresholds, the combination that provides the highest fraud protection for the lowest false positives. The analysis can be done in seconds by fraud analysts, not just coders, so they can continuously adapt to new and changing fraud threats with the right combination of countermeasures. This approach is a new paradigm in fighting fraud – providing dramatically fewer false positives, radically faster scale and speed, and more control and transparency.
Here’s why adapting faster matters: All frauds are predictable, but only in the window between first detection and the time a countermeasure is put in place. The longer it takes, the more money the criminals make. (See Figure 1)
Figure 1: Lifecycle of a single fraud event.
In a survey of 500 Financial Institution C-Level executives by the IBM Institute of Business Value, 81 percent of bank executives say it takes more than four weeks to discover a new pattern, then another four weeks to adjust the scoring engines. During that entire eight week period, exposure remains. This exposure happens for every fraud. (See Figure 2)
Figure 2: Lifecycle of all frauds. Eventually, each fraud is stopped…but the longer it takes and the higher the peaks, the bigger bottom line impact.
IBM Safer Payments models may be updated in hours or days so each unique fraud attack can be minimized. Multiply by 100s of attacks against an institution at any given point in time, and the ability to tamp down the money criminals can make from each fraud attempt makes the whole enterprise much less profitable for criminals…and may drive them to greener pastures.
Safer Payments makes machine-learning part of everyday fraud management – no more guessing rules; generate optimized up-to-the-minute models as needed.
This is the idea of Augmented Intelligence.
Customers such as the national payments switch in France, known as STET, rely on IBM Safer Payments to protect the payments of the entire country with billions of transactions per year at latencies of just a few milliseconds.
To learn more about the latest in fighting cyber-crime and bank fraud, we hope you’ll meet with us in Toronto at Sibos 2017. To schedule a meeting, please go to ibm.com/sibos. Visit IBM’s Stand # E08 at Sibos located in the Metro Toronto Convention Center.
For more information on IBM Safer Payments, please go to www.ibm.com/saferpayments.