This final post in this three part series on Payment Card Fraud covers the evolving business landscape in countering Payment Card Fraud and will make specific recommendations from a best practices, futuristic & thought leadership standpoint.
Business Background –
As discussed previously – Consumers, Banks, Law Enforcement, Payment Processors, Merchants and Private label Card Issuers are faced with payment card fraud on a massive scale. As the accessibility and modes of usage of credit, debit and other payment cards burgeons and transaction volumes increase, Banks are losing tens of billions of dollars on an annual basis to fraudsters. The annual estimate is about $189 billion as estimated by Meridian Research.
Fraud is a pernicious problem which can also lead to Identity theft. The U.S. Department of Justice (DOJ) terms Identity theft as “one of the most insidious forms of white collar crime”. Identity theft typically results in multiple instances of fraud, which exact a heavy toll on both the consumer, the merchant and the overall economy.
Improved Consumer access to credit, complex financial products, faster electronic communications, a changing regulatory landscape and a high degree competition among financial institutions make it easier than ever for perpetrators to steal identities and falsify information. Identity theft is estimated to claim 100,000 victims a year, according to the U.S. Federal Trade Commission (FTC) and the Consumer Data Industry Association. The economic and emotional loss to consumers is staggering. It may take as long as several years to restore a victim’s credit reputation, and in the meantime financial and job opportunities may be lost. According to FTC estimates, the average identity theft victim doesn’t discover the problem for 13 months and then invests an average of $1,173 and 175 hours attempting to repair his or her credit record.[1]
Added to all this, from a regulatory perspective – the Consumer Financial Protection Bureau created as part of the Dodd Frank Act prohibits unfair & abusive acts or practices in the collection of consumer debts.
Thus, fraud has become such a complex problem that it can only be tackled via a strategic, meaningful & multi faceted operational IT model. This model should allow financial organizations a migration path from more traditional approaches in favor of innovation – all while balancing risk. Fraud is a dynamic problem where new modes & threats are constantly evolving – these need counter approaches that extend beyond the current capabilities of older fraud prevention software.
The regulatory authorities in the US (where the bulk of the problem has been centered around) are now mandating the usage of Europay, MasterCard and Visa (EMV chip) technology – which should help reduce the risk of fraudulent point of sale (POS) transactions. To be fair, Visa and MasterCard have developed EMV technology that facilitates secure Card Not Present (CNP) transactions over the internet and phone.
However, we have also discussed the fact that fraudster rings now increasingly resemble sophisticated IT Operations. So this may not be able to put a large dent in the overall problem.
Business Requirements –
- Provide capabilities to tackle the most complex types of fraud and to learn from fraud data & patterns to be able to stay ahead of criminal networks
- Provide comprehensive Omnichannel abilities to detect fraud across the multiple (and growing) avenues that payment cards are used by consumers
- Ability to view a customer as a single entity (or Customer 360) across all those channels & to be able to profile those
- Ability to segment those customers into populations based on their behavior patterns. This will vastly help improve anomaly detection capabilities while also helping reduce the false positive problem
- Incorporate many sources of data (both deep and wide) into the decisioning process in analyzing fraud. This includes not just the existing – customer databases, data on historical spending patterns etc but also credit reports, social media data and other datasets (e.g Government watchlists of criminal activity)
- Provide multiple levels of detection capabilities starting with a) configuring business rules (that describe a fraud pattern) as well as b) dynamic capabilities based on machine learning models (typically thought of as being more predictive)
- Provide multiple levels of dashboards ranging from the Descriptive (Business Intelligence) to the Prescriptive (business simulation as well as optimization)
- Out of the box integration with Government (and peer Bank’s) provided watch list information and an ability to incorporate these into the decisioning engine in realtime
Technology Requirements –
- Ingest (& cleanse) real time Card usage data to get complete view of every transaction with a view to detecting potential fraud
- Support multiple ways of ingest across a pub-sub messaging paradigm,clickstreams, logfile aggregation and batch data – at a minimum
- Allow business users to specify 1000’s of rules that signal fraud e.g. when the same credit card is used from multiple IP addresses within a very short span of time
- Support batch oriented analytics that provide predictive and historical models of performance
- As much as possible, eliminate false positives as these cause inconvenience to customers and also inhibit transaction volumes
- Support a very high degree of scalability – 10’s of millions of transactions a day and 100’s of TB of historical information
- Predict cardholder behavior (using a 360 degree view) to provide better customer service
- Help target customer transactions for personalized communications on transactions that raise security flags
- Deliver alerts the ways customers want — web, text, email and mail etc
- Track these events end to end from a strategic perspective across dashboards and predictive models
- Help provide a complete picture of high value customers to help drive loyalty programs
Next Gen Fraud Detection Platform –
Illustration : Integrated Capabilities in a Next Gen Fraud Detection Platform
The Fraud detection platform of the future will have four key integrated capabilities – an ability to support multiple channels of ingress (Omichannel), ability to store & process massive volumes of data at scale while leveraging an agile deployment (Big Data & Cloud) based architecture, advanced predictive modeling & Data Mining capabilities and finally – a native approach to Business Process Automation (BPM).
1. Native Omnichannel Capabilities –
Banking is an increasingly high tech endeavor with younger customers increasingly seeking personalization capabilities across the multiple avenues available to them. Thus, Omnichannel is the future of consumer banking. According to research from Mintel/Compremedia, almost 27 percent of all US consumers still receive at least one credit card offer per month via mail. The company’s research also shows that 43 percent of all customers (both acquisition and retention) receive an offer via digital communications, 25 percent by direct mail, 15 percent in-person and 17 percent by phone or other channels. In terms of response and application, 52 percent apply online, 18 percent by mail, 17 percent by mobile, 8 percent by phone and 6 percent other channels. [2]
Within the domain of Payment Cards themselves – offering customers multiple avenues to buy goods while making the process as seamless and secure as possible. Firms would do well to consider conducting an ideal “Customer Journey Path Analysis” as the crucial first step. The goal is to have a seamless experience for customers across internet, phone, kiosk, POS and other channels while reducing fraud that can happen due to a siloed data architecture.
Once the customer’s journey is well understood in terms of segments as well as individual attributes & behaviors, Banks can use this data aim for a variety of positive outcomes such as selling the customer a higher segment credit card, additional banking services, or simply get their online newspaper subscription paid with their credit card. Direct marketing in today’s world is a key component that makes up Omnichannel marketing. Using it effectively in online, mobile and offline environments will drive positive results.[2]
Big Data is dramatically changing that approach with advanced analytic solutions that are powerful and fast enough to detect fraud in real time but also build models based on historical data (and deep learning) to proactively identify risks. This is key to improving customer experience while improving loyalty.
2. Data Processing at Scale (NoSQL and Hadoop) –
Big Data is dramatically changing that approach with advanced analytic solutions that are powerful and fast enough to detect fraud in real time but also build models based on historical data (and deep learning) to proactively identify risks.
The business reasons why Hadoop is emerging as the best choice for fraud detection are –
a) Real time insights – Hadoop can be used to generate insights at a latency of a few milliseconds that can assist Banks in detecting fraud as soon as it happens
b) A Single View of Customer/Transaction & Fraud enabled by Hadoop
c) Loosely coupled yet Cloud Ready Architecture
d) Highly Scalable yet Cost effective
The technology reasons why Hadoop is emerging as the best choice for fraud detection: From a component perspective Hadoop supports multiple ways of running models and algorithms that are used to find patterns of fraud and anomalies in the data to predict customer behavior. Examples include Bayesian filters, Clustering, Regression Analysis, Neural Networks etc. Data Scientists & Business Analysts have a choice of MapReduce, Spark (via Java,Python,R), Storm etc and SAS to name a few – to create these models. Fraud model development, testing and deployment on fresh & historical data become very straightforward to implement on Hadoop. The combination of Big Data as well as Omnichannel allows the implementation of strong customer segmentation and profiling, which helps usher in fraud detection models based on risk scoring.
3. Predictive Analytics (Machine Learning and Deep Learning) –
Customer profiling and Behavior Patterns are key techniques used to extract meaningful information from the data produced in Big Data projects. Most fraud detection solutions operate on individual transaction data which may not contain the entire gamut of information needed to predict probability of fraud. This needs to be combined with past historical information based on the consumer’s spending patterns and history to detect anomalous (and fraudulent) behavior.
Many solutions operate using transactional data, such as credit card purchase transactions, or other types of data that change over time. In its raw form, this data is very difficult to use in predictive models for several reasons. First, an isolated transaction contains very little information about the behavior of the individual who generated the transaction. In addition, transaction patterns change rapidly over time. Finally, this type of data can often be highly complex.
4. Business Process Management & Business Rules Engines –
Business process management (BPM) as an industry discipline has been around for over a decade, but only recently have verticals like financial services realized how important it is to business automation. The core ideas around BPM are not that complex or arcane. For the newbies among us — every enterprise is composed of repeatable business activities done by human actors. These steps are the core of the functioning of the enterprise, indeed they are the very lifeblood. There is significant business value in being able to document, simulate, manage, automate, and monitor business processes.
Financial services are fertile ground for business process automation, since most banks across their various lines of business are simply a collection of core and differentiated processes. Examples are consumer banking (with processes including onboarding customers, collecting deposits, conducting business via multiple channels, and compliance with regulatory mandates such as KYC and AML); investment banking (including straight-through-processing, trading platforms, prime brokerage, and compliance with regulation); payment services; and wealth management (including modeling model portfolio positions and providing complete transparency across the end-to-end life cycle). The key takeaway is that driving automation can result not just in better business visibility and accountability on behalf of various actors. It can also drive revenue and contribute significantly to the bottom line.It enables enterprise business and IT users to document, simulate, manage, automate and monitor business processes and policies. It is designed to empower business and IT users to collaborate more effectively, so business applications can be changed more easily and quickly.
Within the Payment Card Fraud area, BPM tools can be leveraged to create fraud detection workflows, alerts & dashboards which automate away the process thus making it highly repeatable, auditable & amenable to improvement. Every business actor in the fraud domain can be brought into the business process and actions delegated to them.
Open Source alternatives are now very viable in the BPM space as well. For instance, Red Hat’s JBoss BPM Suite is a flexible and powerful BPM platform which offers integrated business process modeling, execution, and monitoring capabilities for numerous use cases. A market leading platform, it can be easily deployed in a variety environments (on prem/virtual/cloud etc), and, as a result, can be integrated into multiple runtime architectures (appservers, webservice APIs etc) and configured to support a variety of business scenarios.
The final word –
Most existing fraud solutions that are in use today have been created using a (now) legacy approach and not built for today’s requirements for Omnichannel enabled eCommerce, and are not a good fit for the millennial customer. Industry players that lack dynamic and flexible fraud prevention technology platforms are at a severe competitive disadvantage, ultimately running the risk of slowing revenue growth, customer defections & reputational risk.
References –
[1] “PayPal fights Fraud With Machine Learning and Human Detectives” – From WSJ.com
http://blogs.wsj.com/cio/2015/08/25/paypal-fights-fraud-with-machine-learning-and-human-detectives/
[2] “In Search of the Omnichannel Card Prospect” –
http://insights.mastercard.com/2014/10/13/in-search-of-the-omnichannel-card-prospect/
8 comments
Marvellous blog with deep & insightful posts.Keep it up!
I couldn’t refrain from commenting. Exceptionally well written!
Hiyaa very nice website!! Man .. Excellent .. Superb ..
Fantastic post on CC Fraud. We discussed these on your visit to Japan but thank you for writing this up.
Good article, thanks.
Many thanks for the share
Hello from France..very nice and precise description of the issues.
It was really informative and looking forward to your visit with us. Thank you for sharing!
Thank you for the great meeting today in Shenzen. The whole team loved the extensive session you led for us.Your business knowledge is vast and your technology depth across data, cloud and applications are profound.Above all you were so patient, present and responsive despite being highly tired from a long flight.I also love reading through your blog and am really look forward to all your posts! Carry on the superb work and hope you have you back in the Pearl Rive Delta region soon!