The security of the 468 billion payment card transactions made annually rests on the competency of fraud detection software. Leading card payment processing companies rely on different approaches to minimize significant losses from fraud. On top of the $29 billion lost to fraud in 2019, regulators fined companies billions for non-compliance with AML and other directives.

As a result, many businesses invest in complex, costly fraud management systems that run on hand-coded rules, making them difficult to customize and update to changes in fraud patterns. Consequently, valid transactions are dismissed as fraudulent, expensive fraud reviews grow in number, and opportunities to reduce fraud are lost to inaccuracy. Once a company reaches a fraud rate greater than one percent, card networks can go as far as canceling the permission to accept and process credit card payments, a detrimental result for any business.

Card fraud worldwide

Source: Nilson report

The importance of preventing the unauthorized use of a credit or debit card to obtain money or property fraudulently is hard to overstate. With identity theft and transaction laundering being the most common forms of fraudulent schemes involving payment cards, businesses need to ensure that they and their customers are as safe as possible to prevent costly and lengthy investigations and losses. 

What is credit card fraud detection?

Credit card fraud detection identifies suspicious transactions, events, and behaviors for further investigation. Each and every operation generates hundreds of data points that are evaluated for signs of fraud derived from past data. Modern machine learning powered fraud detection systems consider the tiniest changes in a customer’s behavior patterns in milliseconds with a high degree of precision. So how do credit card companies detect fraud? 

Unlike the outdated rule-based systems that rely on stationary rule sets, machine learning approaches are much more dynamic and proactive. For years, payment providers have been building their risk management strategies based on how credit card fraud works with an invaluable machine learning component. 

Perceptions about the protection of online transactions

Source: The real cost of online fraud

Such evolving systems reduce the number of false declines of legitimate transactions, identify new patterns non-stop, and adapt to changes in a constantly changing environment and financial conditions payment service providers and merchants operate in. Some large service providers processing millions of transactions every day share their fraud detection experiences with the industry, and some even provide open access to their solutions to the general public. 

Let’s explore how the biggest names in business tackle the challenge of credit card fraud detection and what businesses can learn from them. 

Paypal fraud detection

Research commissioned by PayPal outlines that companies are losing an average of $4.5 million per year due to online fraudulent transactions. PayPal’s fraud detection system needs to sustain constant attacks to prevent sizable losses for a company with hundreds of millions of customers worldwide. By taking a deep learning approach that leverages a massive amount of fraud data accumulated over the years, PayPal has kept its fraud loss rate to just under 0.3%. 

Starting with logistic regression machine learning over a decade ago, PayPal has implemented more advanced techniques in recent years. Gradient Boosted Trees and neural networks enable PayPal’s fraud detection system to evaluate risky transactions with a high degree of accuracy in real-time. 

For PayPal, the largest jump in online spending to 21.3% of total retail sales in the U.S. in 2020 came with a significant increase in online scams and sophisticated fraud attempts by malicious actors. To respond to pandemic-fueled changes, PayPal rolled out the Fraud Protection Advanced service to help merchants identify, investigate, resolve, and mitigate fraud in the increasingly complex digital landscape. The new solution leverages custom filters, risk scores, block and allow lists, and custom options that use a merchant’s historical data to detect and prevent fraud. 

Fraud reports by fraud method

Source: FTC

Amazon fraud detection system

Strong fraud detection is absolutely necessary for the world’s largest online retailer to reduce consumer friction and prevent losses. Amazon invests heavily in sophisticated machine learning techniques to combat fraudulent activity and stay a step ahead of the cybercriminals. Besides the tons of data Amazon has generated over decades in business, it also uses AWS customers’ datasets to train its fraud detection systems. 

Amazon leveraged its internal developments and experience in combating scams to roll out a public version of its fraud detection system as a fully managed service in 2020. Amazon Fraud Detector powered by machine learning integrates via API and combines customers’ historical data with its own to create customized models that detect suspicious behaviors indicative of identity theft or transaction laundering. 

The Amazon fraud detection service works in real-time and can automatically identify potentially fraudulent transactions in milliseconds. Customers can fine-tune their machine learning models by creating decision logic to assign outcomes to predictions. Depending on the risk score, customers can predetermine the right course of action to prevent needless losses and time-consuming investigations.

eBay fraudsters

As the largest auction site in the world, eBay is an attractive platform for scammers because they can exploit the necessary trust between buyers and sellers. As eBay pushes back with stronger safeguards, fraudsters come up with new ways to cheat the system. 

The most common eBay buyer scams range from receiving empty boxes and counterfeit goods to asking for payments outside of eBay or through gift cards. All of these methods aim to create a veneer of legitimate behaviors so that eBay sides with fraudsters in case of a dispute. When scammers pose as buyers, they exploit eBay’s consumer protection measures to defraud honest sellers by overpaying, changing addresses, claiming that packages arrived empty, and many more.

Unlike automatic fraud detection systems that look for fraudulent behaviors, eBay has turned the process on its head. As fraudsters keep on coming up with new scams and patterns to circumvent the system, eBay chose to look for good behavior patterns that do not change with time instead. A report published by eBay executives describes how the auction site’s new AI algorithm can identify credit card fraud transactions with high precision by identifying outliers using a clustering method to formulate a score for consistency and good behavior. 

Visa fraud monitoring program

In 2020, Visa’s AI fraud monitoring program prevented $25 billion worth of losses by partnering with financial institutions and merchants to combat illegitimate transactions. The Visa Advanced Authorization system processes and evaluates more than 500 transaction parameters to estimate the risk of fraud in about a millisecond. Time, geo-location, amount, spending patterns, transaction type, circumstances, and many more attributes are analyzed to generate a risk score that is sent to a cardholder’s bank for the final decision. 

Visa chargeback and fraud monitoring programs have achieved a fraud rate of less than 0.06% by building a multi-layered security infrastructure with an AI fraud detection system at its core. Visa has reduced latency for its 3.5 billion cards and 210 billion annual transactions by layering AI and ML tools in systems outside its main transaction processing network. Visa leverages recurrent neural networks and gradient boosted trees to lower customer friction and faster fraud detection with a 20-30% lift in model performance. 

Mastercard fraud monitoring program

As one of Visa’s closest competitors, Mastercard fraud prevention also relies on identity verification. With the Mastercard Identity Check program and its EMV 3D-Secure 2.0 technology, the financial services company helps merchants and card issuers authenticate card-not-present transactions quickly and securely. 

The Mastercard fraud prevention program leverages AI and machine learning to check 150+ transaction parameters to assess risks and filter legitimate transactions from illegitimate ones in real-time. Depending on a transaction’s risk score, card issuers can decide whether they want to authenticate an operation or not. 

Besides time, amount, location, and other standard variables, Mastercard checks screen brightness, customer gestures, history, and merchant-specific parameters to calculate the probability of a transaction being fraudulent. Mastercard fraud prevention can require additional authentication with biometrics or a one-time password for suspicious transactions. Additional checks are better than blocking operations outright as they reduce customer friction without impeding the purchasing journey.

Source: Mastercard

Apple Pay fraud detection and prevention

Through a wholly-owned subsidiary called Apple Payments Inc., created to prevent the rest of Apple from interacting with customer information, the company verifies the identity of each Apple Pay user. Customers may be asked to provide their name, address, social security number, and government ID before making transactions through Apple Pay. While Apple cannot read this information, they minimize the chances of bad actors committing fraud on their platform by requiring comprehensive identity verification in the very beginning. 

When verified users use Apple Pay for adding or transferring money to another person or bank account, Apple fraud prevention checks their approximate use patterns on their Apple devices. This can include how frequently a payer communicates with the payee by phone, email, or text messages. 

Apple does not collect the context of communication, such information is stored for a limited time, and it cannot be linked to the payer unless a transaction requires further investigation due to suspicious activity. By leveraging platform-specific device parameters, Apple Pay fraud protection strives to add another layer of security to everyday transactions.

Source: Apple 

Google Pay fraud protection

100 million users are making payments using Google Pay and the number is growing steadily, driven by the pandemic induced shift towards touch-free payment methods, digital wallets, and mobile payment apps. To protect customers and thousands of merchants, reduce chargebacks, and reduce customer friction, Google Pay fraud protection assesses customer data whenever a new card is connected to the system for risk criteria using an identity and verification (ID&V) process. 

The ID&V process is complemented by the Google Pay fraud department and their use of the latest security protocols to protect consumer data from bad actors, scammers, and even fraudulent merchants. Google encrypts and stores customer payment credentials on their servers to prevent unauthorized access.  Lastly, users need to unlock their devices for each transaction and authorize the operation with a password or biometric authentication. 

Furthermore, Google Pay creates single-use virtual account numbers for purchases at points of sale, preventing merchants from seeing a customer’s actual payment credentials. Even if a terminal is hacked, the payment information cannot be used to make further unauthorized transactions or clone payment cards. 

Let’s take a look at SDK.finance’s demo video to see how SDK.finance offers a complete overview and management of client transactions, as well as advanced AML and fraud prevention capabilities, enabling institutions to stay proactive in combating financial crime:

Conclusion

It is implausible that fraud and scams will stop anytime soon. Bad actors will continue looking for ways to exploit weaknesses in payment systems, and companies will patch their security in an ever-evolving cycle. Businesses that decide not to leverage the latest technologies will see their fraud rates grow as scammers flock towards companies with weaker security and avoid those with AI-powered fraud detection. 

The post Credit Card Fraud Detection. Big Players’ Experience appeared first on SDK.finance - White-Label Digital Banking Software.

It’s a lender’s nightmare. You approve a home loan or a line of credit. A few months later, the account holder tells you someone else had taken out the loan in their name using a stolen ID. You try to track down the money, but it is long done. You contact the authorities but there’s nothing they can do to help you. So your business has to eat the loss.

Loan application fraud is no boogeyman tale. It’s a real issue faced by thousands of lenders all over the world. 

It is estimated that financial institutions lose billions of dollars yearly to this type of scheme, with synthetic identity fraud alone being responsible for over six billion dollars of credit losses. In the US alone, close to 300,000 people fall victim to credit fraud every year. And the average amount a bank can expect to lose due to a single loan fraud case is estimated to be around 6,000 USD.

With the amount of consumer debt increasing steadily over the last five years, it looks like the situation will only get worse. So lessening the negative impact of fraudulent payments should be a top priority for financial institutions.

Read this article to find out more about fraud on loan applications and how the latest trends in lending software development can help shield you and your customers from it.

What Is Loan Application Fraud? 

Loan Application Fraud Definition

Credit fraud or loan application fraud is a type of financial fraud during which the criminal takes out an illicit loan they have no intentions of ever paying off.

They can take out the loan in their own name, in which case we would label it first-party fraud. 

More commonly, however, the line of credit will be taken out in the name of a third party using faked or stolen identification documents. In this case, we will label it as third-party fraud.

Loan Application Fraud Statistics

According to the 2021 report by the Federal Trade Commission (FTC), almost 30% of all financial fraud complaints in the US involved identity theft. This represents a 50% increase from the year before. And loan application fraud was one of the main sources of these increased complaints.

It is currently estimated that a whopping 10% of all “bad debt” held by banks in the United States is a product of credit fraud. And it’s not just payday lenders with lax identity check procedures that get defrauded. Criminals target all types of institutions, with experts estimating that first-party loan fraud accounts for 0.75%-1.50% of AAA prime bankcard and demand deposit portfolios.

Which Loan Types Are Most Susceptible to Financial Fraud in 2021?

According to the FTC, federal student loans, personal loans, and auto loans experienced the biggest rises in financial fraud last year. That being said, this year’s report revealed a general sharp increase in loan application fraud, with all types of lenders suffering more damage than the year before.

#1 Federal Student Loan (188% Increase)

Federal student loan fraud rose by a whopping 188% between 2018 and 2019. In the vast majority of cases, this was first-party fraud.

#2 Personal Loans (116% Increase)

Business and personal loan fraud rose by 116% over the same time period.

#3 Auto Loans (105% Increase)

The data also revealed a sharp increase in car loan application fraud, with auto-loan and lease fraud increasing by 105% in 12 months.

Types of Loan Application Fraud

There are two main types of loan application fraud: first-party and third-party fraud. 

First-Party Loan Application Fraud

First-party fraud involves the criminal applying for a line of credit or a personal loan using their own legal name and documents. The criminal will then withdraw all of the money from the account and disappear without a trace.

Naturally, this method represents a high degree of risk for the fraudster as they have to voluntarily hand over their own personal data to the lender. While an unscrupulous actor could simply cross a state border and start a new life a century ago, this is borderline impossible in today’s digital world.

As a result, this method is becoming less and less popular every single year.

Third-Party Loan Application Fraud

Third-party loan fraud, on the other hand, involves receiving loans in the name of another person. To do this, the criminals can use either stolen or faked identity documents. If you want to know more about how they do this, read our article on the document fraud. 

As we discussed in our article about payment fraud, by the time the identity theft victim notices that something is amiss, the criminal (and the money) is usually long gone. And the financial institution that issued the loan has to suffer the loss.

And because the criminals can switch to a new identity after every loan application spree, third-party application fraud can inflict a lot more damage to your business.

Synthetic Identities in Third-Party Loan Fraud

The last few years have seen a sharp increase in the use of so-called synthetic identities in loan fraud. Explained simply, a synthetic identity is a legitimate-looking persona that is created via a combination of real and fictitious information.

SAS calls synthetic identities the “gold standard” of banking application fraud. And for a good reason. Artificial identity loan applications are notoriously difficult to spot and prevent.

Why Synthetic Identities Are Hard For Financial Institutions to Deal With?

Loan fraud using synthetic identities is harder for financial institutions to detect for a variety of reasons.

First of all, most fraud models were not created with detecting synthetic identities in mind. As a result, a reported 85-95% of all cases of synthetic identity fraud cases are not being flagged as even potentially fraudulent by traditional loan application fraud detection systems.

Secondly, as there is no actual identity theft victim, no one will alert your team about it. The account will be dealt with like a legitimate one until your team realizes what’s going on. Which can take weeks or months. Further increasing the criminal’s chances of avoiding punishment.

How Big of a Problem Is Synthetic Identity Fraud?

A report by Auriemma Consulting attributed an astonishing one fifth of all credit losses suffered by financial institutions to synthetic identity fraud. 

How to Prevent Loan Application Fraud

Banks can battle fraud on loan applications in a wide variety of ways. By integrating these methods into your company’s lending software development efforts, you will make your financial institution much more resilient to credit line fraud.

In-Depth Monitoring of New Account Application Data

By maintaining a corpus of existing and closed accounts, your financial institution can look out for device fingerprints and data reuse.

Implemented as part of a rule system, this information can serve as an effective tool for loan application fraud prevention at the earliest stages.

Monitoring of Existing Accounts For Suspicious Activity Patterns

A financial institution’s loan application fraud detection efforts should not just focus on new applications. Identifying cases of fraud in already-issued loans is key when it comes to minimizing your fraud losses.

Here are a few suspicious patterns you need to look out for:

• An account that uses up its credit lines shortly after it is created.
• Accounts with a dormancy period followed by a sudden increase in transaction frequency.
• Several accounts making payments to the same merchant from one device (via device fingerprinting.
• An account whose data points match those seen on high-risk accounts.
• Payments to merchants that seemingly have no plausible connection to the account holder (e.g. 18-year-old male from a small town in Kansas paying for ESL English lessons in Curaçao).

Identity Verification Tests to Prevent Loan Account Fraud

There are a variety of third-party identity tools and methods that can greatly improve your security systems. Using a combination of them can help your financial institution lower its risks of getting defrauded. Read this article to get more information about credit card fraud detection.

Identity Verification Testing

The most common, widely used loan fraud detection method is identity verification testing. This can come in a wide variety of forms.

You may ask the user to verify their identity via a real-time selfie or have one of your representatives call them.

The most common way of identity verification testing, however, are personal questions the answers to which only the client can know.

The main downside to identity verification testing is that it invariably introduces friction into the banking process and a frustrated client may elect to take their business elsewhere.

To develop a reliable money transfer app, check this article. 

Identity Verification with Enriched Data Collection

As we mentioned in our article on CNP fraud prevention, data enrichment is one of the most effective tools for detecting fraudulent financial activity. Data enrichment solutions can take the information you already have about your client and use sophisticated algorithms to gain additional data about the account holder.

If your client is a real person, the service will find a lot of additional information about them (no matter how “off-grid” they are). Your security system can then use this enriched information to better assess the risk associated with the client. If the client’s name appears in registers of known payment dodgers or databases of stolen IDs, your team can decide on a course of further action.

On the other hand, if the system can’t find any (or can only find minimal) information about the account holder, you are likely dealing with a case of synthetic identity fraud.

Machine Learning-Based Document Verification

One of the most exciting new developments in the field of preventing finfraud is AI-powered document verification. While criminals have found clever ways to bypass traditional identity document verification methods, AI-powered tools are much more difficult to fool. 

A properly configured AI-powered document verification tool can:

• Recognize ID documents from various countries of territories.
• Run a near-instant check for document inconsistencies.
• Accurately recognize biometric data using state-of-the-art facial recognition.
• Detect the use of deep fakes, masks, and other face alteration methods.

Now, let’s check out the SDK.finance’s demo video to explore how SDK.finance provides a comprehensive view and control over client transactions, along with advanced AML and fraud prevention features, empowering institutions to stay ahead in the fight against financial crime:

Final Words

Fraudulent loans are responsible for an astonishing 20% of all bad credit held by banks and other types of financial institutions. A single fraudulent loan costs the lender an average of 6,000 USD. Today’s fraudsters are much more technologically sophisticated than those of yesteryear and routinely use deep fakes and advanced image editing techniques.

Having quality loan application fraud detection measures in place is paramount for every financial institution.

Proper in-house security techniques and third-party AI-based solutions can protect financial institutions and their clients from the negative impact of fraud on loan applications.

The post Detecting and Preventing Loan Application Fraud with AI-Powered Online Document Verification appeared first on SDK.finance - White-Label Digital Banking Software.

The popularity of online payments is a double-edged sword. While it helped fuel the growth of the financial sector, it also brought with it a never-before-seen amount of payment fraud. Today, card not present (CNP) credit card fraud is by far the most popular kind of payment fraud out there.

If you’re a bank or a payment provider, then in many cases you’ll be the one who will have to swallow the cost of payment fraud via chargeback fees, investigation fees, as well as government fines. The costs associated with fraudulent payments can be so large that they may force your company to shut down.

Read this article to find out what CNP fraud is and how to protect yourself and your clients.

Card Not Present Fraud Definition

So what is CNP exactly? As we mentioned in our article on preventing payment fraud, card not present fraud is a type of transaction fraud that does not require the presence of a physical debit or credit card during the criminal act.

In this case, a card not present transaction is any transaction that takes place over the internet or over the phone.

For card-not-present fraud to occur, all a criminal needs is the victim’s credit card number, name, three-digit security code (CVV), and the expiration date.

Why Is Card Not Present Fraud So Difficult to Deal With?

One of the most frustrating things about CNP fraud is that there is very little a bank or a payment processor can do to prevent the falling of sensitive client data into unscrupulous hands.

Customers value convenience and low payment friction above all else. And, with the safety net of chargebacks, they are often very lax when it comes to the security of their credit card data. This means that breaches are close to inevitable.

Once that payment information is out there, it is out there for good, often being sold and resold to several criminal outfits.

And the customer might allow several fraudulent payments to take place before blocking their card and issuing a chargeback.

This is because, in many cases, the victim won’t realize that any funds have been stolen from them until they see their bank statement. Which can happen weeks (or even months) after the first fraudulent payment occurs.

How Do Criminals Obtain Credit Card Information?

Fraudsters can obtain the payment information of their victims in a variety of ways. The most common of these include phishing attacks and database breaches.

After the attacks are carried out, the data is typically sold off to other criminal outfits on the dark web.

These criminals, in turn, will be the ones carrying out the actual CNP fraud.

Who Suffers Most From Card Not Present Fraud?

When card-not-present fraud occurs, it is not the direct victim that bears the loss. The sum they lose is typically refunded by the payment provider, the bank, or the merchant.

On top of this, credit card companies may subject your business to additional chargeback fees and investigation fees.

Card Not Present Fraud Statistics

As of 2021, CNP fraud is 81 percent more common than card present fraud. While card-present fraud is much less prevalent now thanks to the introduction of chip and PIN technology, CNP fraud is only becoming more and more widespread year after year.

What’s even more worrying is that gaining access to stolen credit card data is only becoming easier for criminals as time goes by.

Breaches of sensitive payment data, such as credit card numbers and e-retailer login credentials, are becoming more and more widespread.

According to an industry report, the number of stolen credit cards available for sale on the dark web has increased by an astonishing 153% last year alone.

And according to a study by Juniper Research, retailers will lose 130 million US dollars due to CNP fraud in 2023.

4 Steps to Better CNP Fraud Prevention

There are hundreds of methods using which banks and payment processors can prevent card-not-present fraud.

While no do-it-yourself approach can offer you the protection of dedicated CNP fraud protection software, the 4 step process listed below can be a good starting point for modernizing the fraud prevention system of your bank or payment processing company.

Step 1: Embrace Improved Data Collection Techniques

Whether you run a traditional bank or an e-payment system, more is always better when it comes to the amount of data you have about your customers.

Always make sure that you log not just the bare minimum regulator-required information about your clients, but also gather additional pieces of data that will help you understand whether they are actually the ones using the account. 

Some people in marketing might tell you that introducing any additional friction into the client registration process is unacceptable. There is some truth to this. Introduce too many steps into a procedure and some users will undoubtedly go to a competing service.

So what do you do in this situation?

How to Gather Client Data Without Introducing Friction

Data enrichment is the best way to collect additional data about your clients without introducing any additional friction. Put simply, data enrichment is the process of taking separate data points from your clients and using them to gain additional information about your clients thanks to a separate service.

You can use your user’s name and an address to see if they have been involved in any fraud. Or you can take their email address and see whether it’s connected with any real social media accounts. Or if the IP address associated with your client is seemingly used by dozens of other credit card holders.

Gaining this additional information helps your team (and your automated systems) notice discrepancies and suspicious activity where they wouldn’t otherwise see it.

And, as data enrichment is completely invisible to the client, it introduces zero friction into the process.

Step 2: Monitor All Unusual Behavior

Once you have enough information about your clients and their normal behavior, you can create rules or integrate AI-based fraud detection schemes to help protect your clients from payment fraud risks. 

The behavior of criminals almost always follows certain patterns that can signal payment fraud. 

By turbo charging your security solutions with enriched data points, you can make them much more accurate. They will now be capable of identifying fraudulent transactions that would have flown under its radar before and recognizing genuine transactions as such in places where they could’ve flagged them as potentially malicious before.

Card Testing in Credit Card Not Present Frauds

One of the most common fraud-related payment patterns are micro transactions. Before attempting to make a large purchase, the fraudsters will typically test the card with a small amount of money to see if the credit card data they purchased is correct or if the associated account has any cash on it.

Perhaps they will sign up for a $0.99 trial of a subscription service or make a minimal payment in a mobile game.

If this micro transaction is a success, the fraudsters will then typically attempt to use the stolen card to buy a much more expensive item.

Identifying card testing immediately is a great way of flagging fraudsters before they are able to do any serious damage by making a big payment.

Step 3: Ask For Additional Authentication

Having a large amount of information, you can accurately assess which transactions are of high risk.

Whenever you find this to be the case, don’t be afraid to ask the user for additional authentication steps.

If you’ve done everything correctly up to this point, the vast majority of transactions falling into this group will be fraudulent.

And if, despite all of your efforts, any legitimate users have fallen into this group by mistake, then they will have no difficulty going through these additional steps. 

Heavy KYC

If your systems are very certain that the transaction is fraudulent, you can ask the user to provide a lot of Know Your Vustomer information, so that you can be sure without a shadow of a doubt that the transaction is legitimate before letting it go through.

Light KYC

On the other hand, if your systems have detected a fringe case that only barely triggers your fraud detection algorithms, then you can opt to ask for fewer and simpler identity verification methods from the user.

Step 4: Stick to Data Protection Best Practices

Lastly, nothing will be able to protect you from fraudulent payments if your company is the main source of them.

One of the best things you can do for your business is to do your best to protect the payment information of your clients.

Having the credit card information of a large portion of your client base compromised is both a PR and a chargeback nightmare.

So make sure your security team stays on top of all of the latest security rules and standards. 

For example, many security experts will tell you to use state-of-the-art 256-bit Secure Sockets Layer (SSL) encryption to encipher all of the sensitive payment data you receive from and transmit to your clients. Price-wise, upgrading from 128-bit to 256-bit SSL encryption is rather inexpensive, so there’s no reason not to do it.

To get more information about credit card fraud detection, check this article.

Now, let’s check out the SDK.finance’s demo video to explore how SDK.finance provides a comprehensive view and control over client transactions, along with advanced AML and fraud prevention features, empowering institutions to stay ahead in the fight against financial crime:

Conclusion

Card-Not-Present fraud is the most prevalent method of payment fraud today.

CNP fraud is 81 percent more common than traditional card-present fraud, and the gap between the two is only likely to rise in the future.

According to a Juniper Research projection, in 2023 retailers will lose an astronomical 130 million US dollars CNP fraud in 2023.

Protecting your business from chargebacks and fines associated with CNP fraud can be expensive. Thankfully, third-party solutions can give you all of the benefits of a custom, AAA-tier system for a fraction of the cost.

The post The 2021 Guide to Card-Not-Present Fraud Prevention appeared first on SDK.finance - White-Label Digital Banking Software.

While machine learning may seem incomprehensible, it is much easier to understand than you might think. In our previous article ‘All You Need to Know About Machine Learning Based Fraud Detection Systems‘ we talked about machine learning vs. rule-based systems in fraud detection and the benefits of using machine learning in fraud detection. In this article, we will take a look at what goes into building a machine learning-based system and the most common types of ML models that are used in payment fraud detection.

Creating a Machine Learning Payment Fraud Model

Dataset Preparation

Before you can do anything else, you need to prepare a dataset. In most cases, the data points you use will need to be manually labelled as either genuine or fraudulent.

Your archive of past payments, which has already been labelled by your security team, will make for a perfect dataset.

The bigger (and higher quality) the pool of data you will train your neural network on, the more accurate and efficient your system will be.

Introduction of Features

Next, you will need to introduce features, which are data points describing customer behavior and giving you a clear signal that something is wrong with the transaction.

The most common features in payment processing are:

• Customer identity
• Order information
• Payment method
• Location information

Having a large, pre-prepared corpus of fraudulent payment features will help your system identify fraudulent payments with ease from the very start.

Algorithm Training

After features are introduced, you need to train the algorithm on a training set of historical data. Once the training phase is complete, you will have a finished model that can start identifying fraudulent payments.

The higher quality the training set, the better and more accurate the system will be.

Continuous Improvement

During the first stage of its operation, your security team will need to monitor the system and make sure that it is performing the way it should.

A great security team will also be able to log all of the algorithms’ mistakes and errors. These will be labelled and added to the dataset that will be used to train a new version of the model.

As a result of these actions, the system will become better and better as time goes on.

As you can see, training up an ML algorithm is by no means easy and can be very expensive in terms of both man-hours and funds. Thankfully, third-party solutions exist to help businesses take advantage of the latest developments in AI technologies at a minimal cost.

Top 5 Most Popular Machine Learning Models

The five most popular ML models are random forest, support vector machine, k-nearest neighbors, neural networks, and deep neural networks. Let’s take a bird’s-eye view at them all.

Random forest

One of the best examples of intuitive naming in machine learning, a random forest is essentially a collection of separate decision trees that are “grown” using the training set.

When a piece of data needs to be classified, each of the decision trees will tell the forest how close it is to its class. The forest then picks the tree that gave the new piece of data the most votes.

In the context of payment fraud, you can create a forest filled with various common and not so common types of transactions. When a new transaction occurs, the random forest will immediately tell your team what type of transaction it is.

Support vector machine

Another popular classification method is the support vector machine (SVM). In this method, each feature is presented as a coordinate point. Each data item is plotted as a point on an axis of features. 

If we wanted to create a classification of all transactions based on two variables, such as account age and payment sum, we’d plot the two variables in a 2D space where each piece of data would have two coordinates. 

Large payments from a new account would be labeled as high-risk. Smaller payments from older accounts would be labeled as being safer.

K-nearest neighbors

Another simple, yet effective algorithm is K-nearest neighbors. It stores all available cases and then classifies all new cases via a majority vote from its K neighbors. The case assigned to a new class will be the most common among its K nearest neighbors as measured by a distance function.

This system is very similar to the way we intuitively classify things as people. Let’s say your bank gets a new corporate client. This client is a member of various industry organizations, has accounts in a wide variety of other banks, and regularly does business with many of your best clients. Birds of a feather flock together. You and your security team instinctively know that this client is legitimate, because their “neighbors” are trustworthy.

Neural networks

Neural networks are based on a model of the human brain. They are designed to recognize patterns in raw data. Thanks to this, they can help businesses classify and cluster vast amounts of information quickly and efficiently.

Simply supply a labeled data set to a neural network and it will be able to group future data according to similarities without the need for you to add any additional features (although features can still be used to reinforce the model). 

Deep neural networks

White normal neural networks are great for a lot of classifying work, they can never be creative. That’s where deep neural networks come in.

Being a much more complicated and many-layered system than regular neural networks, deep neural networks can also do a lot more. Companies use them for such things as analytics, predicting future outcomes, solving creative-thinking tasks, and even creating art.

What’s more, deep neural networks do not need as much guidance as their regular neural networks and can even function with completely unlabeled data sets. Which means that you can use deep neutral networks to solve problems you yourself don’t know how to solve.

Examples of deep neural networks include the Deep Dream Generator, YouTube and Tik-Tok content-serving algorithms, as well as Sony CSL’s music-creation algorithm.

Daddy’s Car, a Beatles-style song generated by the Sony CSL AI

Deep learning fraud prevention systems are still somewhat rare, but the technology has a lot of potential to revolutionize the way financial systems work and create a much safer operating environment for financial institutions and their clients.

Watch the SDK.finance’s demo video to explore how SDK.finance provides a comprehensive view and control over client transactions, along with advanced AML and fraud prevention features, empowering institutions to stay ahead in the fight against financial crime:

Final Words

Machine learning-based fraud prevention is an exciting new development in the prevention of illicit payments.

By replacing outdated rule-based systems with modern machine learning solutions, banks and payment processors can reduce the losses they incur due to fraud, lower their security system-related expenses, and reduce payment friction for their clients.

As for the companies that are hesitant to switch, the costs associated with maintaining their legacy payment fraud systems will eventually outweigh the investment necessary to introduce the more modern system. It is predicted that all major financial industry players will eventually transition to machine learning-based payment fraud prevention systems.

The post How to Detect Payment Fraud Using Machine Learning? appeared first on SDK.finance - White-Label Digital Banking Software.

Fraud detection algorithms are an integral part of all modern financial systems.

They are an invaluable tool that protects financial institutions from chargebacks, investigation fees, government fines, and reputational damage. A good prevention and detection system can help your business in a variety of ways. It can filter out the vast majority of fraudulent transactions, freeing up the resources of your security team.  

But not all fraud detection systems are created equal. Credit card fraud detection using machine learning is an exciting new development in the sphere of identifying payment anomalies. It allows financial institutions to block fraudulent transactions with never before seen accuracy. It helps them reduce the number of false positives for genuine transactions. And it does so while reducing overall IT costs.

So what exactly is machine learning-based payment fraud prevention? Is it right for your financial institution? How expensive is it? And is there a future for rule-based systems?

Read on to find out.

Fraud Statistics

As we’ve already discussed in our article on payment fraud, illegitimate payments are becoming an ever-increasing concern for financial institutions. The total amount of losses incurred by businesses due to payment fraud have more than tripled in just the last decade. In 2011, $10 billion was lost due to illicit payments. In 2020, this figure climbed to more than $32 billion, with 6.83 cents out of every $100 being lost to fraud.

And, according to industry analysts, the costs of payment fraud will only continue to increase. It is projected that fraud losses will rise a further 25% and exceed $40 billion by 2027. And that is not even mentioning the ever-present chargeback fees, investigation fees, and fines from governments and credit card issuers.

One of the most popular and effective ways banks and payment processors deal with payment fraud is through fraud detection algorithms. In 2020, detection algorithms were implemented by more than 60% of all banks.

The two principal routes a business can go about transaction monitoring is by implementing either a rule-based or a machine learning-based system. Let’s look at what these systems are and which option is best for your business.

Machine Learning vs. Rule-Based Systems in Fraud Detection

Rule-based systems and fraud detection machine learning algorithms are two completely different approaches to combating illicit payments.

Rule-based systems are more traditional. They are configured by internal security teams to help automate procedures and checks that a human expert would typically handle. This is by far the most common system out there today. Read this article to get more information about credit card fraud detection. 

Machine learning (ML) systems are a much more modern and efficient way of dealing with safety procedure automation. A lot of major industry players have had outstanding success with ML algorithms, but they are still much less common than rule-based systems.

Rule-Based Systems

Rule-based systems use pre-programmed behavior scripts to identify suspicious transactions. This is similar to the way classic antivirus software functions.

Once a behavior linked to a fraudulent payment becomes known by the bank’s security team, they implement a rule to combat it. The criminals will then try to outsmart the rule.

Banks and payment processors using rule-based systems can only react to an exploit once their security team detects it. Naturally, by that point, at least some fraudulent payments have been committed and at least some losses have been incurred.

On top of that, rule-based systems become more and more expensive to maintain as they grow larger and more complex. Their proper functioning requires the hiring of a large team of IT specialists.

Machine Learning-Based Fraud Prevention Systems

The love child of time-tested fraud detection and modern machine learning technologies, ML systems offer a much more proactive and flexible approach to identifying fraudulent payments. 

Machine learning systems enable financial institutions to detect irregularities and identify subtle changes in large data sets in a much more precise and granular way than was previously possible.

Rather than becoming more expensive to maintain with time, machine learning systems tend to become more effective and efficient without requiring any additional specialist labor.

What Are the Benefits of Using Machine Learning in Fraud Detection?

In order to understand the key benefits of ML fraud detection, let’s look at the most common frustrations the security departments of the world’s leading financial institutions have when dealing with rule-based approaches and how they are solved by machine learning.

Effortless Scaling

As criminals work their way around old rules, security teams must continue to introduce new, more sophisticated rule sets. As a result of this, rule-based systems keep getting larger, heavier, and slower as time goes on.

Additionally, as there is only so much granularity you can introduce into a rule, human-run reviews become needed more often, putting added stress on your security team.

High-quality financial fraud detection machine learning systems, on the other hand, tend to age like fine wine.

As the system is exposed to more data and new instances of fraud, it only becomes better at separating fraudulent payments from genuine transactions. This means that it can potentially require fewer manual reviews per million transactions as time goes on.

Reducing the Number of False Positives

As rule-based systems become more and more complex, another important problem surfaces. Using heaps of rules layered upon rules results in more and more genuine transactions being blocked by the system.

While these rules may save you some money on chargebacks, they will introduce added payment friction to your clients. As a result of this, some of them may turn to one of your competitors for their payment needs.

Being much more granular and precise, machine learning algorithms do not suffer from this problem.

Flexible Outcomes

As rules are based on yes/no answers, they necessitate fixed outcomes. If you’ve spent any length of time in the financial services industry, you know that it is anything but static.

Let’s say your fraud team analyzes all fraud cases for the last year and imposes a rule that scrutinizes all orders above $300.

Years pass. You acquire new business clients. Many of them serve an upmarket audience. Now, orders of over $750 are the norm. Unless you want to alienate your new clients and their wealthy customer base with increased payment friction, you will need to amend the rule or make a set of exceptions. 

At the same time, you receive an influx of customers from a less developed region who like your services due to their low transaction costs. Now low-value transactions are more common. As a result, fraudsters use smaller payments of $20 to $50 to blend in with them. The $300 rule won’t do you any service here, either.

Payment fraud detection machine learning systems, on the other hand, are much more flexible in nature. They can understand data sets in a way no human ever could.

Check out the SDK.finance’s demo video to explore how SDK.finance provides a comprehensive view and control over client transactions, along with advanced AML and fraud prevention features, empowering institutions to stay ahead in the fight against financial crime:

Final Words

Machine learning-based fraud prevention is an exciting new development in the prevention of illicit payments.

By replacing outdated rule-based systems with modern machine learning solutions, banks and payment processors can reduce the losses they incur due to fraud, lower their security system-related expenses, and reduce payment friction for their clients.

As for the companies that are hesitant to switch, the costs associated with maintaining their legacy payment fraud systems will eventually outweigh the investment necessary to introduce the more modern system. It is predicted that all major financial industry players will eventually transition to machine learning-based payment fraud prevention systems.

The post Machine Learning Based Fraud Detection Systems in Finance: All You Need to Know appeared first on SDK.finance - White-Label Digital Banking Software.

Payment fraud is one of the most common forms of identity theft in the world. In 2020, the total amount of losses incurred by businesses due to financial fraud rose to a record $56 billion, with over 2,800,000 cases of credit card fraud being reported in the UK alone.

A large portion of these losses was borne by banks and payment processing service providers. These institutions are often responsible for covering chargeback costs. In the case of money laundering, they may also be subjected to million dollar fines from government authorities. Not to mention the costs of dealing with the PR nightmare that seems to always follow suit.

With more and more consumers taking their spending habits online, investing into better fraud prevention systems is one of the best decisions a financial institution can make. It will help your business avoid hefty penalties. It will safeguard your clients from unnecessary stress and headaches. And it will help you maintain a stellar reputation.

In this article, you will find out what payment fraud is, its main types and forms, as well as the most effective payment fraud detection tools available.

Source: PwC. 2020 Global Economic Crime and Fraud Survey. 

What Is Payment Fraud?

Payment fraud is an umbrella term for illegal financial transactions. The European Union Agency for Law Enforcement Cooperation (Europol) categorizes payment fraud as a low-risk, high-profit criminal activity. 

The combination of low stakes and high rewards makes this type of fraud very popular with criminal outfits of all sizes.

Source: European Fraud Report – Payments Industry Challenges. Date: 2019

What Are the Main Types of Payment Fraud?

Financial Identity Theft

When most people hear the word payment fraud, they think of financial identity theft. Simply put, this is the purchasing of goods using stolen payment information. Financial identity theft can be divided into two types, card-present fraud and card-not-present fraud.

Card-Present Fraud

As the name implies, this first type of credit card fraud involves the criminals having direct access to a copy of the victim’s physical card.

Fraudsters create these copies with the use of card skimming devices. After the victim inserts their card into a skimmer, the device reads and copies the authentication information exchanged between the credit card and the bank. This can happen, for example, at a compromised ATM or when the victim hands their credit card to an unscrupulous restaurant waiter. Check this article to get more information about credit card fraud detection. 

The criminals then use the credit card to make fraudulent purchases until the victim notices the transactions and blocks their card.

Source: European Central Bank Sixth Report on Card Fraud Date: 2020

Card-Not-Present Fraud

Unlike the method we just discussed, card-not-present fraud does not require any direct contact with the victim or the purchase of expensive skimming and card creation equipment. All the criminals need are the victim’s payment details. 

Criminals can gain this data in several ways, ranging from phishing attacks and social engineering to database breaches. Alternatively, they may simply purchase a database of already-stolen credit card information from the dark web. 

Due to its low barrier to entry, card-not-present is by far the most common type of credit card fraud today.

Traditionally, this type of fraud was very difficult to deal with. However, modern software can help banks and payment processors successfully deal with most cases of card-not-present fraud instantly. Usually, it is trained on a database of billions of both legitimate and fraudulent transactions. So it’s like having a team of experienced employees instantly review every single payment.

Source: Experian

Money Laundering

There are many ways in which criminals can use credit card transactions for money laundering. Modern security software made old-fashioned schemes of using money mules to make deposits at dozens of different bank branches per day obsolete. So criminals have devised new ways to launder their ill-gotten money. 

Merchant Identity Fraud

One of these ways is merchant identity fraud. The criminals register a business and create a legitimate-looking website for it. They then set up a merchant account and make payments to that account using stolen credit cards or the cards of their mules.

These fake businesses can pretend to sell anything from digital marketing services and personal coaching to foreign language courses. It actually does not matter what they do. It’s just a facade. No actual services are provided.

By the time most AML teams discover the fraud, the fake company is already nowhere to be found.

The best ways to protect yourself from digital fraud in banking is by investing in state-of-the-art Know Your Customer (KYC) and Anti-Money Laundering software.

Additional tools, such as anomaly detection, can act as an additional layer of security by highlighting which of your clients show signs of engaging in fraudulent activities and which credit card may have been stolen or is being used by money mules.

Modern Payment Fraud Prevention Tools

When it comes to combating payment fraud effectively, having good software on your side is a must. Bad actors are constantly figuring out new ways to outsmart payment providers and banks. By investing into the best credit card and retail banking fraud detection tools you can afford, you ensure that your business stays several steps ahead of them.

AML Fraud Prevention Tools

There are hundreds of AML fraud prevention tools on the market. Anti-Money Laundering software ranges from solutions that help your in-house team collect and process AML documents more efficiently to automated checkers that assign a reliability score to each client. There are also software suites that offer all-in-one packages.

Here are a few popular AML options:

• ComplyAdvantage
• NorthRow
• Sumsub
• Folio Digital Identity
• AML Manager

None of these solutions is universally better than the rest. Whether a particular piece of software is the right choice for you depends on the unique needs and wants of your business, as well as the AML requirements of the regulators you work with.

Source: Getid.ee

Fraud Protection with KYC Systems 

Investing in a good Know Your Customer solution allows you to block bad actors before they have a chance to use your platform. Modern KYC solutions can instantly check your new clients against a list of persons and businesses under financial sanctions and known bad actors. They can also flag new or recently bought companies that aren’t in those lists but are of potentially high risk.

KYC solutions are often found bundled in AML software packages, but stand-alone options also exist.

Many KYC tools are tailored to meet the specific Know Your Customer requirements of government regulators. This helps ensure that your KYC procedure meets all the necessary guidelines.

Here are a few options that are popular with specialists across the globe:

• Mitek
• Comply Advantage
• Identity Mind Global
• Trulioo
• Fenergo
• Equiniti KYC Solutions
• Accuity
• Opus
• Simple KYC

Source: ShuftiPro

Digital banking and payment fraud is a serious problem that no player in the financial services market can afford to ignore.

In 2024, the losses incurred by businesses due to illicit transactions rose to a record $56 billion. With more and more inexperienced customers taking their shopping online, it is very likely that this figure will continue to grow year after year.

The best way for banks and payment processors to safeguard themselves and their clients from payment fraud is by investing into high-quality Know Your Customer (KYC), Anti-Money Laundering (AML), and anomaly detection software.

Watch SDK.finance Platform’s demo video to explore how to manage your users, ensure KYC compliance, and prevent fraud with the robust system back office. This video showcases real-life scenarios demonstrating the power of the Clients section:

Anomaly Detection Systems for Payment Fraud Prevention

AI-driven anomaly detection tools are the latest development in digital banking fraud prevention that can be used for payment processors as well. With the help of big data, tools for anomaly detection in finance can easily handle cyclical, seasonal, and even idiosyncratic payment pattern variations while still being effective at filtering out fraudulent payments.

Why is this important? Because it provides great protection for you and your clients while not introducing any sales friction into the process. Your clients can enjoy a seamless payment process while the anomaly detection software does all the heavy lifting in the background.

Users whose transactions fall into this category are asked to complete an additional verification procedure. This helps you separate criminals from genuine customers who are making a highly unexpected purchase.

The post How to Prevent Payment Fraud: Solutions for Banks and Payment Processors appeared first on SDK.finance - White-Label Digital Banking Software.

Payment card fraud affects everyone. Almost 30 billion dollars were lost worldwide in card fraud and identity theft only in 2019. Although financial institutions are locked in an escalating arms race against cybercriminals and scammers, losses still have to be accounted for. Consumers end up paying for money lost to fraud out of pocket, in the form of vendor and transaction fees. While corporations and governments spend more billions investigating and handling fraud cases. 

Modern fraud prevention is expensive. Digital ID checks cost around $2 per document, companies spend millions on KYC and AML, and still, the number of fraudulent transactions is growing. Banks have been relying on passive measures to counteract fraud based on past breaches or fraud behaviour history, and only some have invested in pro-active or predictive fraud prevention. 

Card-based payment systems worldwide generated gross fraud losses of $28.65 billion in 2019, amounting to 6.8¢ for every $100 of total volume. Source: Nilson Report

To understand what financial institutions can do to improve their fraud prevention efforts, we need to examine the current protection mechanisms. Payment cards that hold a set of credentials or cardholder data act as keys to a customer’s bank account and enable two types of transactions: card-present and card-not-present. 

Payment card fraud basics

Card-present is when a payment card is physically used to make purchases or withdraw money from ATMs by entering a PIN. For decades, scammers have been using cameras, sensors, ATM skimmers, and other devices to make copies of cards and extract PINs. 

In one case, a waiter was discovered using a portable magnetic stripe reader in his shoe to copy customers’ cards while walking to the register. In another scam, criminals used NFC readers to steal small amounts from people’s cards on the subway. By coming close to pockets and bags, they were able to charge cards without people noticing. 

Phone confirmations for larger amounts and RFID blocking wallets can partially counter card-present fraud. Card-not-present transactions are more complex as they happen remotely, where a cardholder does not present a card to a merchant in person. CVV code on the back of the card is most often used to confirm that the person paying has physical access to the payment card, but 2FA methods via SMS OTP (3DSecure) and in-app authentications are becoming more widespread. Read this article to get more information about credit card fraud detection.

Scammers can intercept OTPs, consumer sessions, cardholder data (PAN, EXP, NAME, CVV), and even steal app credentials. The Lazarus Group from North Korea is notorious for using military-grade cyber expertise to steal money using man-in-the-middle software and cloned credit cards to withdraw cash from ATMs. 

Banking: old vs. new

PSD2, the revised European Payment Service Directive that covers the whole of the EU brought into law in 2018, aimed to fix the lack of an Open banking regulatory environment, improve security, and protect customers, among other goals. Before banks started to adopt OpenAPI, companies had to go through hell to integrate with banks using ancient file exchange systems. 

PSD2 standardized how payment and financial institutions interact with each other and with third-party providers. The directive enabled AISPs (Account Information Service Providers) to access information from multiple financial institutions with a customer’s permission. AISP services, for example, can aggregate data from different accounts in different banks and show it to a consumer in one place or application.

PISPs (Payment Initiation Service Providers) can go a step further and make payments on behalf of consumers. PISPs can pay incoming utilities, internet, and service bills that a consumer receives automatically. Although AISPs and PISPs are still in the early stages of development and adoption, similar initiatives are already being implemented worldwide. 

In 5-10 years, OpenAPI initiatives will reach their potential and unlock digital banking’s benefits. Truly interactive banking experiences are great, but these changes open the industry to completely new attack vectors that need to be accounted for and prepared for. 

Spotting fraudulent transactions using AI & ML

In one of the great weekly newsletters from deeplearning.ai, Andrew Ng, a leading AI expert, mentioned that financial anti-fraud systems broke because consumers changed their behaviour with the global pandemic’s arrival. Models used to predict consumer behaviour, supply, and demand had to be retaught to account for new patterns and spikes. 

Let’s assume that we are a financial institution and that a customer’s payment card was compromised during the pandemic. What can we do to spot fraudulent transactions early on? We can take a data set, mark confirmed fraudulent transactions with a chargeback or other documented problem, and analyze it to determine correlations. 

For most areas, obtaining a comprehensive dataset is not a problem. However, privacy laws protect banking and transaction data from being disclosed. GDPR in the EU provides customers with the right to be forgotten, and Big Tech companies are already being sued for billions for breaching the privacy laws. In terms of machine learning, if a consumer asks for his data to be deleted, does the request apply to the results of calculations based on their data? How far the law reaches will be discussed for years to come.

Raw data 

As a result, there are very few datasets with real customer data in the public domain. I used a relatively large 150 MB dataset from Kaggle with hundreds of thousands of anonymized transactions from European credit card users recorded in 2013. Locating useful information in a raw dataset is a very resource-intensive task that usually requires multiple data scientists and analysts. 

I tried to approach the situation as a technology executive with a heavy managerial workload who can’t spare a couple of weeks to clean, spot anomalies, and balance the dataset. I decided to test a relatively new AutoML approach that could take on all of the routine and repetitive tasks that come with in-depth data analysis and extract insights from raw data.  

There are many AutoML solutions to choose from today. Giant AWS SageMaker, Google AutoML, AutoAI with IBM Watson Studio, Microsoft Azure ML, and Oracle AutoML are complemented by smaller, but not less interesting DataRobot, Auto Weka, AutoML-Freiburg-Hannover, and H2O Driverless AI. 

I chose the latter, H2O Driverless AI, simply because I could run all experiments on a local server or even a laptop instead of relying on the cloud. Whenever financial data is involved, most regulators restrict its movement to prevent data transfers outside the country or into the cloud. Another important point is that cloud-based solutions are often limited by the amount of processable data. Some products restrict tables to one million rows and add other restrictions to encourage users to purchase expensive enterprise-level licenses. 

Even though H2O is a commercial project, there’s also a free version that does not have a handy GUI, but that should not be a problem for skilled hands. I used H2O Driverless AI with an educational license because I am in the process of getting a Ph.D.

The dataset itself was a CSVfile with only a few readable variables: time, amount, and class – whether a transaction was fraudulent or not. The rest were anonymized to protect the privacy of consumers. This makes it more interesting as we can observe how the system will behave with many unknown variables. 

Raw credit card fraud detection dataset. Source: Kaggle

Setting up AutoML in H2O Driverless AI

I ran the experiments on IBM System X 3300 M Server with 12 Cores, 32 GB RAM, and Ubuntu Linux 18.04 LTS. It’s an old workhorse without a GPU but it provides a clearer picture of the performance. After importing the dataset into H2O, the system automatically analyzed the type and structure of data and suggested the best preliminary models, classificators, and analysis tools based on what’s inside the dataset. In my case, the dataset was highly unbalanced, so H2O recommended the Log Loss scorer. 

Immediately after importing the dataset, H2O quickly showed the problem and unbalanced areas. After confirming a wide variety of settings, the system began to analyze the data. GUI showed preliminary results during the process, which could be explored and changed before full analysis is completed. Overall, it took about five days to process the data on my setup. 

After completing the experiment, H2O offered a choice of models ready to be deployed on the cloud, servers, or data centres. This enables almost seamless continuous delivery or delivery after pressing a single button. Both options are very beneficial because updating such systems is a complex process that requires specialist skills. 

Then, I chose to interpret the model. In other words, what did H2O find in this model while processing it by itself? In another day and a half, the system returned results that showed influence, dependence, importance, or weight of different variables in the dataset. 

H2O demonstrated the importance of variable V14 that we should and need to examine further. The rest of the results consisted of other synthesized cluster functions. Using these results, we can go through each function separately and analyze whether it’s essential or not. 

We can see how the system taught itself, made decisions, approached maximum results, and where it was incorrect. H2O shows different patterns and possible interpretations of different values and how the system sees relationships between other variables and results in the dataset.

To check our hypotheses, we ran two additional experiments where we excluded fields that came up in the first experiment to see and ensure whether we will get the same results without them. Overall, the new experiments were successful. Sometimes, there were differences in the variables’ influence, and in other cases, H2O synthesized new functions. 

AutoML results

In the end, the true positivity rate of the prediction was 0.9733, which is an excellent result. We found that variables 12, 14, and 17 peaked, showing a possible relationship between time, amount, and some merchant attributes, but unfortunately, we won’t know for sure. H2O then visualized the interpretation that can be used by an executive like me, a data scientist, and other relevant people. 

There are various visualization tools available that can show how variables correlate, a group in heat maps, and where outliers lie. 

Perhaps one of the best parts is that H2O auto generates a “Word” .doc file as a report with all of its findings and the lifecycle of the analysis that I can print out and read whenever. It shows everything the system did, methods, how long it took, how effective, shifts, and importance. It would have taken me at least a full week to document the same process in a report if I did it manually. 

A key takeaway from this is whether, instead of delegating complex tasks to teams of developers, engineers, and data scientists, it’s worth exploring and demonstrating the capabilities of existing tools and software first. H2O can deliver incredible results without typing a single letter in the command line. 

I can turn the model H2O created into a java or python application that will generate a set of APIs, import a raw dataset with transaction variables, and the system will show whether the transaction is fraudulent or not, and how sure it is in that decision. I can then decide whether to allow the transaction to be processed or stop it immediately. 

These tools can be used by top management, CTOs, and even marketing departments to generate valuable insights into business operations:

• When’s the best time to push notifications about a new product? 
• Is it when consumers make the most transactions or the opposite of that? 

AutoML can help find answers and improve business decision making through data analysis.

The solution is not a magic bullet against all fraudulent transactions or the only right method to roll out such a model. The experiment has provided me with enough information about what’s inside AutoML, what I can work with, and what else I can explore. However, it is reassuring that a research team that spent six months working on the same dataset reached the same conclusions as I did in around a week. 

New attack vectors

Payment card fraud is limited by card expiry dates, limits, and security notifications. The method explained above can help find and stop fraudulent transactions made by perpetrators, but what if customers unwittingly transfer money by themselves? 

In 2019, the executive of a UK-based energy firm thought he was speaking on the phone with his boss, the CEO of the firm’s German parent company, who asked him to send €220,000 to a Hungarian supplier. The caller said the request was urgent, directing the executive to pay within an hour, which he did. Instead of his boss, the executive spoke to a voice recording generated by artificial intelligence-based software that successfully impersonated the CEO. 

Live facial biometric data many digital-only banks rely on to authenticate their customers is not fraud-proof either. Cybercriminals found a way to recreate 3D models of faces using recorded videos that can be used to log in by generating head tilts and turns on demand. 

Social engineering plays a significant role in modern fraud cases. A man behind an Instagram account with 2.5 million followers www.instagram.com/hushpuppi, flaunting his opulent lifestyle told people they could earn as much as him by sending him money. He was arrested after stealing over 400 million from individuals and businesses worldwide. 

There are many examples of money flippers on social media that promise to turn your $100 into $1000, $500 into $5000, and so on. Suffice to say that people don’t get their investments back. If the recipient is not blacklisted, has a business, and receives money regularly, training a system to detect such type of fraud is challenging, if not impossible, for now. 

Payment card and identity fraud are closely tied to criminal activities that aim to launder money and conceal identities. Modern compliance and anti-money laundering (AML) investigations check social media accounts for suspicious posts and activities. To get around these checks, criminals buy inexpensive accounts created and maintained for a few years to develop a plausible online identity. 

People who want to take on a different identity can buy a passport and a new identity with social media accounts, diplomas, and other documents for relatively little money. On one side, it’s easier to obtain a new identity than before. On the other, regulators and service providers are tightening security and making it more difficult to evade their checks.

The minimum cost of a brand new identity. Source: Safety detectives

In an attempt to balance convenience and security, security is losing. Customers don’t like long passwords and additional verification methods. They frankly don’t care if their information leaks because “they have nothing to hide and don’t have that much money anyway.” AutoML has the potential to slow down the advancement of financial fraud, and we’re about to find out for how long. 

About the author

Pavlo Sidelov is a CTO at SDK.finance with 15+ years of experience in FinTech. A patented inventor, accomplished IT architect, journalist, and an author of The World Of Digital Payments book. Pavlo is currently working on a PhD in economics and banking. 

Linkedin

Twitter

The post Detecting Payment Card Fraud with Machine Learning. H2O Driverless AI + Kaggle Dataset appeared first on SDK.finance - White-Label Digital Banking Software.