IBM RegTech Innovations

Nine questions to ask an Enterprise Fraud Management vendor

Share this post:

When observing the waves, you may miss the shifting tides.

Enterprise Fraud Management is being reinvented. Assessing revolutionary risk and compliance management solutions with outdated factors and antiquated perspectives may prevent you from seeing the bigger picture. Here are some key questions that should be asked of Enterprise Fraud Management vendors:

Question #1: How versatile is your data model?
New digital services expose banks to new unknown users, with increased identity and payments risk. Sophisticated criminals exploit the gaps in visibility, scaling up new threats with more variety and velocity. Most fraud detection solutions only ingest out-of-the-box transactional data and basic customer and account information. Any additional data elements require long and costly configuration effort. It is hard to see threats looking at one slice of customer’s activity.

IBM Safer Payments enables profiling behavior across channels and rapidly adapting the profile variables, rules, and models using the complete picture of the customer are critical to remaining effective and efficient. It can integrate multiple contextual data sources and construct a picture of customer behavior (and other entities) across all payment types, interaction channels, and brands. Using any data out-of-the-box as input including payments, non-monetary events, authentication, cybersecurity data (malware and device data) and AML sources to provide a 360-degree view of every customer, counterparty, intermediary, account, device, employee—and their relationships. The system is open to map any input from authentication, security, money mule analyses, or third party alerts. Add new data types while running at full capacity.

Question #2: Can new detection models be adopted without requiring IT or Professional Services assistance?
According to an IBM Institute of Business Value study of 500 bank C-level executives, many legacy fraud systems are perceived as hard to adapt to new, faster, and changing cross-channel threats. 81% say it takes over 4 weeks to discover a new pattern, then another 4 weeks to adjust the scoring engines. While machine learning techniques have long been used in fighting fraud, applications have been constrained by the need for data scientists and dependency on vendor provided “black box” models that are hard to understand, explain, and adapt.
IBM Safer Payments is a “White Box” that uses artificial intelligence to generate simple logic that anyone with payments knowledge can understand and modify (subject to permissions) thereby bridging the gap between expert-driven rules and traditional predictive modeling by applying artificial intelligence to partner with the bank’s human experts in suggesting best fit analytics interactively. The system acts as “virtual analyst” to identify patterns and design “best fit” models.

Question #3: Can ‘Champion/ Challenger’ model selection be performed on real data within an hour?
The speed of model iteration is key to success. New, faster payments and cross-channel schemes have patterns (and therefore predictors) which are constantly changing. So, new profile variables must be easy to create and test in rules and models on real data. The faster a financial institution can do this, the better it can adapt to new fraud patterns.
IBM Safer Payments runs in-memory, so it is fast to create profile variables, back-calculate them, and test them interactively in minutes—a capability that isn’t possible with most systems. Speed of iteration matters because algorithms alone don’t drive model effectiveness—they need the best “features” or profiles to fuel them. Existing models can be validated and updated within 60-90 minutes by fraud analysts at their discretion; completely new decision models can be developed in one day. Via a “compare models” button, a model reviewer can conduct a “champion / challenger” comparison of the current production model and the proposed new model. Changes can be put into production using an “in-flight, go-live” command, all without production interruption.

Question #4: Does your solution have ‘BYOM’ (Bring Your Own Models) capabilities?
Some payment fraud management software vendors treat their detection capabilities as black-box solutions, with the solution’s detection capabilities considered their intellectual property. Providing out-of-the-box one-size fits-all detection models, which often are too generic to apply to any specific use case only to create a lot of noise and require rigorous and costly tuning efforts. To add insult to injury, they often require their customers to only use their professional services for implementation and tuning which adds hidden costs and unexpected delays in solution deployment.
IBM Safer Payments is all about transparency since only open systems can truly address the unique set of clients’ challenges for every use case, channel and customer base. By providing a ‘Model Factory’, detection models can easily be created within the solution as well as import models that have been built externally (in various types: random forests, decision trees, neural networks). Thereby, fraud managers can create “ensemble” models using factors that originate from within and outside the solution to deliver the best results.

Question #5: Can your solution share or segregate data where need?
Enterprise Fraud Management solutions need to help global operations share data and functionality where appropriate and segregate where necessary to support different geographies, lines of business, customer segments, or even specific business customers.
IBM Safer Payment is multi-tenancy so multiple tenant groups can seamlessly share a single installation, each with own permissions, data, models and user interface. Tenants can be created, edited, deleted, split, and combined in full flight, and tenants can add specific data fields and data feeds. Safer Payments also has Hierarchical Inheritance (aka Polymorphic modeling) which uses the multi-tenant architecture and allows financial institutions to maintain market-level data, profiles, and models at the global level that can be inherited and used by any unit, plus the ability to segregate specific data, profiles, and models that are only available at lower levels in the hierarchy—such as for specific geographic locations, channels, or customer segments.

Question #6: Does your solution offer real “real-time” fraud detection?
Customer experience demands real-time fraud resolution. Performing ‘real-time’ computation requires high scalability and reliability with low latency response times – sometimes as low as 5 milliseconds. Therefore, for high performance throughput, especially when factoring high transactional data volume, standard database retrievals may not be sustainable and require data to be cached in memory to meet processing time restrictions. IBM Safer Payments has been designed from the ground up to be extensibility, reliable for high -performance throughput and low latency with in-memory capabilities.

Question #7: What is your solution’s TPS (transactions per second) and availability rate?
With growing inbound/outbound transactions per year, financial institutions have a demanding environment that only few vendors can meet with the requisite speed, scale, latency, availability, flexibility, and security. IBM Safer Payments is architected specifically to meet the needs of tier one distributed payments environments with many brands, departments, geographic locations, payment types, and interaction channels. It has been tested to support more than 4,000 TPS with response times in the single digit millisecond range and is designed for 12,000 TPS. (Existing clients, including French payment processor STET, have scaled to 2000 transactions per second sustained throughput with response time averaging 5 milliseconds.) All Safer Payments installations are operated on a 24×7 basis, with 99.999% availability.

Question #8: Will your solution run while upgrading software, OS or hardware?
Resiliency is key with your Enterprise Fraud Management solution. Any disruption may impact customer experience and increase fraud threats. IBM Safer Payments customer installations typically use three clusters that allow updating of the software, operating system, and hardware components without any interruption to production. If one instance is shut down for maintenance, two redundant instances still support the operation. The individual instances of IBM Safer Payments can be operated in physically separated datacenters to protect financial institutions against environmental risk.

Question #9: Is your solution PCI Payment Application Data Security Standard (PA-DSS) certified?
Payment systems are under increasing risk from cyber-attacks. Just recently, the Federal Bureau of Investigation warned of a serious hacking threat that could result in millions of dollars being taken out from ATMs in a highly choreographed, global fraud scheme known as an “ATM cash-out.” If you are concerned about your payment software, then ensure they are compliant with the applicable PCI-DSS requirements as well as PA-DSS certified and monitor all third-party providers.

IBM Safer Payments is PCI PA-DSS certified. Payment Application Data Security Standard (PA-DSS), is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC). PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications and dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI-DSS). For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes protections.

WW Sales Leader, IBM Safer Payments, Watson Financial Services

More IBM RegTech Innovations stories

Why FIS chose IBM Safer Payments for payment fraud prevention

With new payments products surfacing regularly, unpredictable threats also continue to increase with these new platforms and services. Balancing the need for adequate antifraud measures without impacting the customer experience has never been more important. In the emerging world of real-time person-to-person (P2P) payments, establishing a frictionless (and “fraudless”) experience is even more critical since […]

Continue reading

Understanding alternative assets and the challenges of managing their risk

Why alternative assets Unless one has been in a Rip Van Winkle-style cryogenic state over the past few years, it would be hard not to notice the shift in asset allocations toward “alternative assets” for investment portfolios of buy side institutions. There are several reasons behind the tilt. Pension and Insurance funds suffered from the […]

Continue reading

Succeeding in the future of payments

Embracing the future in the age of instant gratification The payments industry is at an inflection point. Customers increasingly demand new payment options like real-time payments and P2P payments, underpinned by security and trust. The costs of running payments operations, complying with a myriad of regulations and enforcing payments standards are increasing. Exposure to operational […]

Continue reading