Payment Fraud Why banks need a smarter approach to AI
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
NetGuardians
Payment Fraud | 1
Payment Fraud
Why banks need a smarter
approach to AI
2 Payment Fraud
02 | NetGuardians
Executive
summary
Payment Fraud is the fastest- customer realizes they might
growing area of banking fraud. have been duped, today’s instant
It poses particular challenges for payment networks mean it is
banks because it usually involves already too late – the funds have
run-of-the-mill deceptions and left their account and cannot be
confidence tricks. Fraudsters recalled. The duty to protect
pose as bank staff, send fake customers from fraud will only
bills or invoices, or take intensify with the introduction of
advantage of people seeking the second EU Payment Services
romance to persuade their Directive (PSD2), which obliges
victims to transfer money. They banks to open their payment IT
frequently harvest information infrastructure to third-party
about their victims from social organizations.
media and other available online
sources – social engineering – to The standard rule-based
make their approaches appear anti-fraud systems deployed by
legitimate. banks today cannot detect or
block payment frauds because
If the fraudsters’ attempts are they are not flexible enough to
successful, the resulting deal with the huge variety of ways
transactions often evade the in which people now use digital
bank’s fraud defenses because banking channels. In response,
they have been directly authorized newer software systems are
by the customer. Even when the attempting to use Artificial
NetGuardians
Payment Fraud | 03
3
offers an answer to this situation.
Managed Learning combines
sever al super vised and
unsupervised Machine Learning
(ML) approaches within a
consistent scoring model and
employs two phases of analytics
to detect fraudulent payments.
The first phase searches for
anomalous transactions by
building a dynamic understanding
of each customer’s typical
behavior as it evolves through
time, and flagging transactions
that do not fit with this pattern.
In the second phase, the system
is trained to recognize which of
these anomalies are fraudulent
transactions (and to disregard
Intelligence (AI) to identify and the legitimate ones) by learning
block fraudulent payments in real from the feedback it receives.
time. However, this approach has One of the key strengths of
drawbacks. An individual bank’s Managed Learning is that it
data sets are just not big enough manages to accomplish this
to allow the effective training of without unbalancing the scoring
AI algorithms. This leads to what models in a way that would lead
is called “overfitting”, which to overfitting.
occurs when AI is trained using
only a limited number of fraud
The results achieved by this
examples. Overfitting results in
approach are compelling: the
AI systems that are able to detect
fraud detection rate using a
only the limited range of frauds
Managed Learning system is
that they are familiar with, but are
more than double that of a
unable to spot other types of
rule-based system, and the
fraud that they have not number of false positives is
encountered before. So far, banks
reduced by more than 80 percent.
have been reluctant to pool their
As a result, the time spent by
data to reach the critical mass
fraud teams investigating
that could allow them to overcome
suspicious payments declines by
the overfitting problem. more than 90 percent, delivering
major operational gains as well
NetGuardians’ proprietar y as a better banking experience
Managed Learning technique for customers.
4 Payment Fraud 04| NetGuardians Payment fraud: Easy money from low-tech scams Payment fraud involves stealing knowhow on the part of the crim- money via domestic or cross-bor- inal. Instead, these frauds depend der payments that have been on a variety of straight-forward authorized by the account holder methods including fake emails, – both individuals and companies bills or invoices, fake SMS – under false pretenses. This messages, telephone-based type of fraud is typically low-tech confidence tricks, online dating and most of the time requires no scams and so on. hacking expertise or technical Common examples of payment fraud include: Advance fee fraud: a caller Fraudsters email the A fraudster calls in person posing as an official from victim a fake bill, such at the victim’s home, a government department as for building work or posing as an employee or the tax authorities tells school fees, closely of a company that has the victim they face court resembling a genuine bill carried out work for the unless they pay to settle but including different victim and who has come an action against them. account details. to collect payment.
NetGuardians
Payment Fraud | 05
5
Fake invoices are emailed A telephone caller posing Fraudsters target victims
to a company again as a bank employee, through online dating
resembling a genuine informs the holder that sites or social media and
invoice but including their account has been create a fake romantic
different payment details. c o m p r o m i ze d and relationship, winning the
In smaller companies requests personal login victim’s trust with online
with few formal controls, information to help messages before asking
relatively junior staff who protect their money. Or them to send money.
have access to payment they ask the victim to
systems can be duped or transfer funds to a new
pressured by a caller “safe” account that has
posing as a senior exec- been set up for them.
utive or a customer into
making a payment or
settling a fake invoice.
These frauds frequently involve
elements of social engineering. By
harvesting information freely available on
organizations’ websites and individuals’
social media accounts, the fraudsters can
gather the information they need to make a
bill or request for money appear genuine.
Although some payment frauds are much
more sophisticated operations, such as the
attack in February 2016 on Bangladesh’s
central bank using the international SWIFT
messaging system, these remain a tiny
minority compared to the most common
types of payment fraud.6 Payment Fraud
06| NetGuardians
Payment fraud is the fastest held responsible for their losses
growing area of fraud against because they have authorized the
individuals and a serious prob- fraudulent payments and there-
lem – especially for smaller fore receive no compensation. But
“
businesses with less sophis- pressure is mounting on banks
ticated systems and fewer to provide redress. In the UK one
internal controls. The Federal bank, TSB, announced in April
Bureau of Investigation in the US 2019 that it will refund all losses
reports that in 2018 it received that its customers suffer from this
some 20,000 complaints type of fraud. A national compen-
Social relating to payment frauds sation scheme is expected to be
engineering, resulting from compromised launched in 2020.
false bills or personal and corporate email
fake phone accounts, often due to social Banks are under growing
calls that give engineering. Total losses in pressure to protect customers
the victim these cases were put at almost from payment fraud and to com-
new payment $1.3bn. A further $362.5m was pensate them for their losses
details for lost through confidence tricks
utility bills and romance frauds. Figures
are the most from UK Finance, the British
popular and financial-services trade body,
widespread show that in 2017 its members
types of reported 43,875 incidents of
payment fraud authorized push payment fraud,
these days. which led to victims losing £236m
Corporates ($287m). In 2018, it reported that
are targeted such incidents virtually doubled.
for larger
amounts, but Rapidly growing losses from
individuals payment fraud highlight
are equally both how straightfor- In 2018 there were
under attack” ward these frauds can
A. Braunstein,
be, and how difficult it
can be for banks and
84,624
Lead large companies to reported incidents of authorized
Pre-Sales, spot and block them. push payment fraud, leading to
Innovation & Not only do the pay- losses for victims of
Business ments involved closely
Development
Financial
resemble legitimate
transactions, but they
$431.4m
Messaging have been directly author-
& Services, ized by the victims themselves.
Finastra As a result, customers are oftenNetGuardians
Payment Fraud | 07
7
How a school fees
fraud could be executed
Fraudsters identify families with date, they email fake invoices
children at a private school by bearing the account details
using the school website and victims should use. By circulating
looking at Facebook, Instagram, a large number of fake invoices,
Twitter and other social media they stand a strong chance
sources. They find out when of fooling some parents and
bills for school fees are due to potentially collecting large sums
be issued and just before that of money.8 Payment Fraud
08| NetGuardians
The need for round-
the-clock monitoring
of instant payments
Payment fraud does not depend open up timing opportunities
on the availability of instant for fraudsters. For example,
payments in order to work. in the case of the theft from
However, by removing the the Bangladesh Central Bank,
time lag between initiation and using the SWIFT network, the
settlement, instant payment gang executed the fraud on
makes these frauds all but a Friday – the Muslim day of
impossible to block once the rest and prayer in Bangladesh
payment has been made. The – which was followed by the
cash will leave the victim’s weekend in the US, where the
account almost immediately and funds were held at the New
be available in the fraudster’s York Federal Reserve before
account mere seconds later. their transfer to the Philippines,
where the following Monday was
In the UK, annual losses from a public holiday. As a result,
online banking fraud almost more than three days elapsed
tripled in the 18 months after before the authorities around
the UK’s Faster Payments the world were fully mobilized.
system went live at the end of To date, of $101m fraudulently
May 2008. Fraud losses climbed transferred from the New York
from £22.6m ($27.5m) in 2007 Federal Reserve, $81m remains
to £52.5m ($63.9m) in 2008 and unaccounted for.
£59.7m ($72.6m) a year later, and
banks struggle to strengthenEqually, a fraudulent international
their internal defenses. By e-commerce payment made on
2018, the first year in which
a Friday evening will move from
UK Finance published figures,
the e-banking system to the core
losses from so-called authorized
banking platform and then be
push payment fraud had reached
transferred a few hours later to
£236m ($287m). the SWIFT system to complete
the cross-border payment. By the
International payments also following Monday, the funds haveNetGuardians
Payment Fraud | 09
9
Theft from the
Bangladesh Central Bank
SATURDAY FRIDAY
Funds are transferred Gang executes the fraud
to the New York Federal on the Muslim day of
Reserve rest and prayer in
Bangladesh
2
1
3
MONDAY
As a result of these Funds then get
shenanigans, more than three transferred to the
days elapsed before the Philippines where the
authorities around the world Monday is a public
were fully mobilized holiday
reached the fraudster’s account. a major technology challenge
This highlights the dual nature for them, but it also exposes
of the challenge that payment operational weaknesses in
fraud poses to banks in the era of organizations that do not have
instant payments. Detecting and teams in place to monitor
blocking these fraudulent and validate instant payments
payments not only represents round the clock and through
weekends.10 Payment Fraud
| NetGuardians
The impact of PSD2
The second EU Payment online payments on behalf of
Services Directive (PSD2) obliges their customers. The directive
banks to open their payment also – for the first time – requires
infrastructure and allow third- banks to deploy anti-fraud
party organizations to initiate software solutions.NetGuardians
Payment Fraud | 11
What the third-party
payment process looks
like under PSD2:
Customer visits a
merchant’s website
to purchase goods
or services online
On the merchant’s web-
site, the customer clicks No direct
to allow a Third-Party verification
Provider or TPP (i.e. not between the
the customer’s own bank) customer and
to make the payment the bank
from the customer’s
account to the merchant
The TPP authenticates
the customer’s identity,
then proceeds to initiate
the payment
The customer’s bank
receives the instruction
to make the payment
from the TPP, on behalf
of the customer12 Payment Fraud
| NetGuardians
What potential fraud
problems does PSD2 create?
“
PSD2 will allow customers to Strong Customer
grant access to their bank data Authentication Factors:
to payment service providers
and will offer new ways to pay
for things and new services.
However, it will also create more
opportunities to commit payment PSD2 will allow
fraud. customers to
grant access to
Under the payment processes Knowledge – something their bank data
set out in PSD2, customers only the user knows, such to payment
do not have to use their own as a password service
bank’s online banking channels providers and
to initiate payments from their will offer new
account, but can instead use ways to pay for
payment channels belonging to things and new
TPPs. Both banks and TPPs are services.”
obliged to use Strong Customer
Authentication, requiring a Francis
minimum of two out of three Chlarie,
possible factors. Managing
Director of
Possession – something iXendar
only the user possesses,
such as a card reader
or token
Inherence – something
unique to the user, such
as biometric dataNetGuardians
Payment Fraud | 13
However, as Francis Chlarie,
Managing Director of the regula-
tory consultancy iXendar points
out, banks that receive payment
instructions from a regulated
TPP can decide not to verify
the customer’s identity sepa-
rately for themselves. In order
to achieve the directive’s goal
of a near-instant, frictionless
customer experience, the
customer’s bank can accept the
verification of that customer’s
identity as carried out by the TPP.
In practice, some European banks
are redirecting the customer
from the TPP’s app to the bank’s
app or online banking channel
to reauthenticate their identity
before the payment is authorized.
Chlarie argues that this leaves
banks open to sanctions under
PSD2 for imposing barriers to
competition.
He also believes this problem is
likely to reappear as 5G services
are launched. The 5G infra-
structure will enable millions
of devices to be connected into
the so-called Internet of Things,
many of which will need to be
capable of initiating payments
without human intervention.14 Payment Fraud
| NetGuardians
1. Rule-based
anti-fraud systems The
Most banks today deploy rule-
based anti-fraud systems that set
weaknesses
a series of pre-defined conditions
intended to identify a potentially
fraudulent payment that will be
of existing
payment
blocked for verification. These
might include payments made
in an unusual location, such as a
fraud
foreign country, payments made
to a recipient for the first time,
and so on. However, these rigid
solutions
rules are ineffective in today’s
payments environment.
As banking has digitalized, more
of a bank’s internal payments
systems have become accessible
to the customer, allowing them to
transact whenever and however
suits them via online and mobile
channels. This digitalization has
two major security implications
for banks.
First, it means that the “attack
surface” of the bank – the
channels through which frauds
can be committed – has expanded
massively.
Second, it means that customers
now have so much flexibility and
choice in how to transact that the
payment behavior of each one is
effectively unique. Customers’
preferred ways of banking can
now vary so widely that a rule-
based system will inevitably
be too crude and inflexible toNetGuardians
Payment Fraud | 15
manage the sheer variety of accurate, an image-recognition
customer behaviors. algorithm must be shown huge
numbers of images containing
Equally, rule-based systems the target to be identified, and
cannot learn from changes in similar numbers of images that
a customer’s banking behavior do not contain it.
to distinguish suspicious trans-
actions. This inability to adapt Effective training therefore
explains why cases of payment depends on the availability of
fraud and customer losses enough data of the right kinds.
from such frauds are rising. Banking fraud data presents
Banks need to adopt a different specific challenges to this
approach. approach to training algorithms
because any transaction data set
will contain very large volumes
2. Why of negative data (legitimate
mainstream AI- transactions) and tiny volumes
of positive data (fraudulent
based approaches transactions).
fail to deliver This presents major challenges.
These banking data sets are
Banks are focusing on AI as a unbalanced: they contain too little
potential solution to the problems
positive data to train algorithms
they face with inflexible, rule- to spot the full range of payment
based anti-fraud solutions. AI frauds. And because the ML
appears to offer the potential toalgorithm can learn only from
identify fraudulent transactions the very limited number of fraud-
quickly and more accurately, ulent transactions in each data
and therefore to create fewer set, it has too little information
false positives – when legitimateto analyze and build upon.
transactions are blocked due to
suspicions of fraud. As a result, most anti-fraud
solutions that incorporate ML
Mainstream approaches to using suffer from overfitting that
AI in anti-fraud solutions have results from the very small
critical weaknesses, however, number of frauds included in
due to the nature of the data the data set. The ML algorithm
sets they must analyze. Training therefore becomes highly
Machine Learning algorithms proficient in spotting frauds that
requires data sets that are both are identical to the examples it
large enough and balanced. For is familiar with, but is unable to
example, to become sufficiently spot new variations.16 Payment Fraud
| NetGuardians
Why managed
learning solutions
are better than
mainstream AI
Managed Learning represents it has not encountered before.
an alternative way to use ML in
anti-fraud solutions for banking, This permits the creation of an
which recognizes the specific anti-fraud system that works by
challenges that bank-fraud data building a dynamic behavioral
poses for ML algorithms. This profile based on each customer’s
strategy therefore avoids the risk transaction history, and flagging
of overfitting. transactions that differ from
the customer’s existing profile.
Managed Learning combines Anomalous transactions are
sever al super v ised and flagged and those that exhibit
unsupervised ML approaches features that push them above
to enhance the way the ML the required risk threshold are
algorithm learns and enable it blocked pending verification.
to detect types of anomaly that The system progressively learnsNetGuardians
Payment Fraud | 17
person moves to a foreign
city to attend university, the
parents may pay money into a
foreign bank account that the
student opened on arrival. This
transaction – though legitimate
– will bear important similarities
to a payment fraud, which can
involve customers sending funds
for the first time to foreign bank
accounts that they have not had
any previous connection with.
There is no certain way for the
bank to determine whether this
payment is legitimate or not, so
the only means to ensure no
fraud takes place is to block the
transaction pending validation.
This highlights the conceptual
strengths of this approach
to fraud detection: ML is not
employed to identify transactions
that are fraudulent, but to identify
and flag those that are highly
unusual or suspicious – a group
that is sure to include the vast
majority of frauds.
to recognize which of these
anomalies are fraudulent (and Aviv Braunstein of the software
to disregard the legitimate ones) vendor Finastra says his
on the basis of the feedback it company’s solution, which uses
receives on flagged transactions. NetGuardians’ Managed Learning
technology, combats all types of
This approach therefore fraud by monitoring routines and
recognizes that, based on the focusing more broadly on client
transaction data available to the behavior to identify anomalies,
bank, a legitimate transaction rather than just trying to spot
can appear identical to a fraud. “The solution learns
payment fraud. There is no way patterns for normal transactions
to distinguish them without based on message parameters
blocking and investigating and raises an alert whenever a
both. For example, if a young transaction is out of the normal
usage scope,” he says.18 Payment Fraud
| NetGuardians
A better approach to
real-time anti-fraud
solutions, incorporating
managed learning
There are significant practical most important combinations of
difficulties in using ML to dis- risk factors – even if they turn
tinguish fraudulent payments out on examination to be legiti-
from legitimate transactions. mate. This conceptual distinction
Instead, the most effective way lies at the heart of the Managed
to deploy ML is to train it to look Learning approach to anti-fraud
for transactions that display the solutions.
The major features of the solutions developed by NetGuardians,
which apply this approach, include:
1. The capacity to monitor all payments in real time and test
each against the established user profile for the individual
bank customer concerned (or the authorized user of the corporate
account), based on that individual’s historic digital banking behavior.
Transaction
Initiate payment Identify Validate
& behavior
instruction customer payment
monitoring
2. Use of cutting-edge Big Data technologies to assimilate
and process data in multiple formats from every step of the
payments process – in real time – to maximize the range of information
that can be incorporated into the system’s risk assessment.NetGuardians
Payment Fraud | 19
3. Scoring of each transaction against the system’s risk model
based on that user’s historic behavior. The risk model
incorporates a wide range of contextual information, including the
transaction size, type of account involved (individual or institutional,
for example), the customer’s geolocation, the time of the day, week
and month, the user’s device, web browser and type of webpage
that is being viewed, the domestic or international destination of
any payments, whether the payee is new or previously known, and
so on. Payments are scored against the risk model and those the
system judges sufficiently anomalous are flagged
4. Deployment of a sophisticated combination of more than a
dozen analytics techniques to refine the way in which high
risk transactions are identified.
NetGuardians uses advanced algorithms and unsupervised machine
learning including neural network, statistical analysis, clustering,
peer group analysis, etc. to detect anomalies and supervises
machine learning techniques including gradient descent optimization
techniques, random forests, neural networks, etc. to lower the false
positives rates.
This approach results in the iden- of risky transactions will include a
tification of a subset of anomalous very high percentage of payment
transactions for verification by frauds and a limited number of
the bank’s fraud team. This pool legitimate but unusual payments.
Process Book to Sanction Send to Settle
payment account screening clearing transaction
Experience with users of blocking up to 0.1 percent of total
Net Guar dians’ s of t w ar e payment volumes, while in retail
demonstrates that this approach banking the upper limit can be as
will result in the system typically low as 0.05 percent of payments.20 Payment Fraud
| NetGuardians
Operational
efficiency gains
The approach described deliv- NetGuardians’ experience shows
ers a very significant operational a rate of fraud detection 118
advantage to the bank since it percent greater than a traditional
represents a narrow group anti-fraud system, and a reduc-
of transactions that can be tion of 83 percent in the number
reviewed by a small special- of false positives. This results
ist team, limiting the human in 93 percent less time being
resource required for verifications spent by bank staff to investigate
and greatly increasing efficiency. suspicious payments.
Improved customer
experience
As well as delivering major gains
from a foreign location because
in the bank’s operational effi- they are travelling, the system’s
ciency, this approach to detecting
incorporation into the risk-
payment fraud also improves the scoring model of geolocation
customer experience because data from the customer’s device
the greatly reduced proportion will indicate that the customer
of false positives results in far
has left their usual location or
fewer legitimate transactions country. Provided other features
being blocked for verification. of the transaction are consistent
This means that customers can with that customer’s user profile,
get on with their lives with fewer
the system would allow the
interruptions from the bank’s payment to be processed without
anti-fraud systems. checks. If other aspects of the
transaction are anomalous, such
For example, if a customer as the device being used or the
makes a regular payment to transaction size, the payment
the usual recipient but does so would be flagged for verification.NetGuardians
Payment Fraud | 21
118%
greater fraud detection than
traditional anti-fraud systems;
93% reduction in time spent
investigating suspicious
payments; 83% reduction
in false positives
The opportunity for large
companies to prevent
payment frauds
This anti-fraud system is before they leave the company
designed for use by banks, but to detect transactions for
it can also provide an additional unusual amounts or involving
line of defense for the treasury suspicious recipients. Major
functions of large companies international companies deal
that process millions of with multiple banks in different
payments each year. These countries, not all of which
companies can use anti-fraud will be in a position to block
software to check the payments suspicious payments using
routed through their enterprise real-time anti-fraud systems
resource planning system of their own.22 Payment Fraud
| NetGuardians
Conclusion
AI has a critical role to play in frauds. Using conventional
delivering effective solutions to ML approaches in this context
payment fraud, but it is essential risks overfitting, resulting in
to understand the challenges algorithms that cannot identify
that banking transaction data a wide enough variety of frauds
poses for those trying to use to be effective in real-world
conventional ML approaches to situations.
detect banking fraud. The data
sets are unbalanced, containing ML is not well suited to pinpointing
huge amounts of negative payment frauds directly and
data and too little positive data therefore a different conceptual
to enable effective training approach is required. Used in
of ML algorithms to identify a smarter way, ML algorithmsNetGuardians
Payment Fraud | 23
can make a major contribution to achieve significantly higher rates
identifying suspicious payments of fraud detection, make much
and reducing the number of more efficient use of anti-fraud
legitimate transactions that are resource and deliver a customer
captured in this group as false experience that is less disruptive
positives. and more secure. In a situation
where banks are coming under
Success lies in achieving the increasing pressure to refund
optimum balance of AI and all customer losses due to these
human input in detecting and types of customer-authorized
preventing payment fraud. Using fraud, the need to improve their
the Managed Learning approach defenses against payment fraud
set out in this paper, banks can has never been greater.24 Payment Fraud
| NetGuardians
For further information on how to prevent payment fraud
prevention, please contact:
NetGuardians
info@netguardians.ch
Y-Parc, Avenue des Sciences 13
1400 Yverdon-les-Bains
Switzerland
T +41 24 425 97 60
F +41 24 425 97 65
www.netguardians.ch
ABOUT NETGUARDIANS
NetGuardians is an award-winning Swiss FinTech helping
financial institutions in over 30 countries to fight fraud.
More than 60 banks, including UOB and Pictet & Cie, rely on
NetGuardians’ smarter artificial-intelligence (AI) solution
to prevent fraudulent payments in real time. Banks using
NetGuardians’ software have achieved reductions of up to
83 percent in false positives, spent up to 93 percent less time
investigating fraud, and have detected new fraud cases.
NetGuardians is the fraud-prevention partner of major banking
software companies, including Finastra, Avaloq, Mambu, and
Finacle. Our software is pre-integrated into their banking
platforms and is available on-premise and in the cloud. This
enables fast deployment so banks can protect themselves and
their customers from scams, social-engineering fraud, account
takeover fraud, cyber fraud, internal fraud, and much more.
NetGuardians was listed as a representative vendor in Gartner’s
2020 Market Guide for Online Fraud Detection and in the
Chartis RiskTech100 List in 2021. Headquartered in Switzerland,
NetGuardians has offices in Singapore, Kenya, and Poland.You can also read
