by Andy Scherpenberg
More and more financial institutions are attempting to tackle the issue of fraud, which is taking on new forms and ever larger proportions at a rapid pace. Phishing has been replaced by aggressive ‘vishing’ (voice phishing), which has hoaxed corporates such as Michelin into transferring millions to ill-intentioned parties. The modus operandi has shifted from cyber thugs attempting site takeover to online fraudsters using unsuspecting mule accounts or organized collusions with people who hand over their accounts to be used as transfer accounts while levying a fee for the service.
Financial institutions often used to rely on their customer facing employees to detect and prevent fraud. But many incidents and fraud methods were invisible to the human eye because of the sheer volume, the speed and/or the complexity of the transactions.
Why use analytics to detect fraud
Reverting to analytics is definitely the way to go. When correctly implemented, data analytics will help uncover these events and fraud methods that would escape the human eye. However, a potential stumbling block is the data itself. ‘Garbage in garbage out’, goes the adage – trouble is defining quite exactly what is the data needed to meet the end objectives of the fraud program.
Gathering the data that ‘makes sense’ and that enables the fraud detection team to run the common sense business rules is a first step, but you need to go the extra mile and get “related” data. You should not shy away from the additional effort that is needed to get the data you dreamed of. Enabling business users to explore the data and run their own simulations will give them wings and ideas for additional related data that could make the difference, espe-cially when modeling is introduced. Provide analysts with exploration and simulation tools, provide them with the training and they will perform miracles in digging up the potential data nuggets in their production systems.
Not a project but a process
However, in order not to fail, a few guidelines need to be adhered to. Data projects are complex and cannot be considered as peripheral – data analytics need to be considered as a core service very much like logistics, HR or marketing. The implementation of a fraud project will therefore require executive buy in, given the fact that the new use of data will require improved data feeds, a new ‘unbiased’ look at alerts and most probably a shift in who is looking at what. Very often the bank needs to change its procedures: customer facing teams will perform a first level of screening, and the more com-plex cases will be forwarded to a central, specialised team.
Break down the silos!
Finally, break down the silos! All too often banks have set up separate teams to look at differ-ent types of fraud – a team for online banking, a team for check fraud and yet another for credit fraud or for card fraud… Experience has taught us that a customer-centric view that goes beyond the line of business or type of transaction, will bring you a long way in identifying fraud schemes. Fraud spreads like oil stains on paper : the wider the page you’re looking at, the more likely you are to detect fraud, to determine where it originated from, and to stop the fraud from damaging your business.
The author, Andy Scherpenberg, is a Solution Specialist Fraud & Cyber Security at SAS.