When your business pays an invoice, how do you know your money is going to the right account? To help make payments safer, Sis ID wanted to provide a trustworthy source of verified bank data for its clients.
Sis ID built a blockchain in the IBM Cloud that acts as a tamper-proof repository of verified bank information, and developed a service that helps clients check transactions and detect anomalies in seconds.
Defendsagainst fraud by verifying over 160,000 supplier bank accounts
80%reduction in manual fraud control workload
Agilecloud architecture helps Sis ID scale up as its community of clients grows
Business challenge story
Paying the price of fraud
Fraud today is a multi-billion dollar industry, led by sophisticated groups of professional criminals who are constantly working on new methods to defraud companies. According to a 2018 survey, 49 percent of global organizations admit to being victims of fraud and economic crime—and this number is likely to be a significant underestimate, since many frauds go undetected or unreported.
The economic impact of fraud is wide-reaching: 39 percent of successful frauds involve losses of more than USD 100,000, and 3 percent cost USD 50 million or more. Moreover, in 46 percent of cases, fraud-related investigations and interventions cost companies as much or more than the fraud itself.
The founders of Sis ID, a French company that specializes in fraud protection, noticed one type of fraud that seemed particularly widespread and pernicious. When a company is trying to pay its invoices, a fraudster somehow substitutes their own bank details into the process, and receives the payment that was intended for the true supplier. The Sis ID founders estimated that this “fake provider fraud” accounted for approximately 50 percent of all successful fraud attempts that they had experienced.
Laurent Sarrat, Co-founder and Managing Director of Sis ID, explains: “Fake provider fraud is difficult to guard against, because there are so many ways to do it. A fraudster might simply phone or email the victim, pretend to represent the supplier, and claim that their bank account details need to be updated. Or when invoices are being scanned into the system, they could paste their bank account number onto the invoice. Or they could even hack into the company’s ERP system and change the details there.”
Sis ID realized that companies needed a better way of sharing and managing bank account information: they needed a platform where this information could be exchanged securely, with strong guarantees that the data was accurate and could not be tampered with.
“We didn’t want to build a proprietary database where one company would ‘own’ all the data,” says Laurent Sarrat. “It needed to be a decentralized, community-driven effort that every business would trust, and where every business would be accountable for keeping its own banking information up-to-date. That’s why we started investigating blockchain.”
Building a responsive service in the cloud
Sis ID initially looked at blockchain implementations such as Bitcoin and Ethereum, but those projects are designed to act as currencies, not to help people share data. The Sis ID team also knew that asking companies to store sensitive bank details in a public blockchain would probably not be a winning strategy.
“We decided that we would need to build a new type of blockchain for ourselves—but back in 2016, although blockchain was a newspaper buzzword, it was hard to find people who really understood the technology,” recalls Laurent Sarrat. “When we discovered the Hyperledger project, and saw that IBM was one of the main contributors, we realized that their blockchain experts at Montpellier could help us turn our vision into reality.”
Up until that point, Sis ID had used a commodity cloud provider to host most of its systems, but the company decided to build its new system on IBM Cloud. Using the IBM Cloud Kubernetes Service, it deployed its own Hyperledger image in a Docker container, and integrated it with several other container-based IBM Cloud services, such as IBM Compose for MongoDB and IBM API Connect. The whole environment is managed by Kubernetes, which automates resource management to provide resilience and instant scalability.
“IBM Cloud makes it quick and easy to develop applications by simply composing whatever technologies you need,” says Laurent Sarrat. “The container-based approach saves all of the time you would normally spend on infrastructure management, and it’s an ideal platform for building a microservices architecture.”
The application itself provides an API that Sis ID clients can easily integrate into their existing accounting and payment systems, allowing them to automatically check the International Bank Account Number (IBAN) for any forthcoming payment and confirm whether or not the number has already been verified and added to the Hyperledger blockchain. The system runs an 18-stage verification process before providing a risk score for each transaction, and automatically sends alerts if unusual behavior is detected.
Laurent Sarrat comments: “API Connect gave us everything we needed to create a super-professional API: we got all our documentation, code examples, and forums online in weeks. As a 15-person company, this would probably have taken us six months if we had needed to build everything from scratch.”
Sis ID is also using IBM Cloud to develop a web portal that allows providers to join the community by registering their bank details in the blockchain, or to update their existing details if their bank account changes.
The portal uses a combination of keystroke dynamics and many other sophisticated techniques to check that the user who is updating the information is the same person who entered it in the first place. If the system cannot automatically verify that the new account belongs to the company, Sis ID will check it manually.
Enabling safer payments with seamless identity validation
The Hyperledger solution is now in production, and Sis ID can count some of the largest companies in France as founder members of its community. The blockchain already contains verified bank account information for over 160,000 companies, and the service is currently used to validate approximately 500,000 transactions every month.
Laurent Sarrat comments: “It’s hard for us to say how many cases of fraud we are preventing, because most companies want to keep this information private. But one unique feature of our service is that it includes insurance that indemnifies our clients against fake payer fraud—and we couldn’t offer this if our system wasn’t effective!”
Besides significantly reducing the risk of successful fraud attempts, the platform also saves time and money for the companies who use it. Instead of checking the payment details on each invoice manually, the Sis ID solution provides a simple “traffic light”-style risk assessment. If the light is green, it means the bank account has been verified by the blockchain, and the payment can proceed. If it’s orange, it means the account is unknown, and needs to be checked. If it’s red, then the bank account does not exist, the company has closed, or there are other anomalies that make the transaction potentially suspicious.
“Typically, 80 percent of transactions receive a green light and are processed straight away,” says Laurent Sarrat. “By saving 80 percent of the time your accounting team used to spend manually checking invoices, the Sis ID solution typically pays for itself within a matter of months.”
In the future, Sis ID is planning to work even more closely with IBM—for example, to integrate IBM Watson services into its platform, and use deep neural networks to learn to detect fraud attempts even more accurately.
“We’re currently using open source predictive modeling software,” says Laurent Sarrat. “It is a good start, but the algorithms are getting too complex to maintain manually. IBM Watson could help us harness deep learning techniques to build models that learn to detect fraud for themselves, much more effectively than a human can.”
He concludes: “No individual company can fight efficiently against cyber fraud, because there’s a power imbalance: criminal groups can dedicate themselves 100 percent to the pursuit of fraud, but legitimate companies can only afford to invest a small proportion of their resources in anti-fraud defense.
“The only way to succeed is to have safety in numbers: by working together and sharing trusted data, we can create a network effect that makes every individual company stronger. With IBM’s help, we are building a community that gives large and small companies equal protection from fraudsters, not only within France, but across Europe and around the world.”
Sis ID is a technology startup that focuses on providing a payment data repository for companies in France and across Europe. The company has harnessed blockchain technology to build a tamper-proof shared ledger of verified payment information for thousands of companies, combined with highly responsive web services designed to authenticate payees and combat forgeries and fraud.
For more information, visit https://www.sis-id.com/en/ (link resides outside IBM).