Dark data: The elusive black swan and financial fraud, part 2


How do you spot a black swan payment in the dark within a flock made up of millions of regular swans? The first installment in this series dealt with this question by discussing the challenges that payment operations teams in financial institutions face in protecting their high-value payment channels from fraudsters who introduce black swan payments into the organization’s flock of genuine activity. Specifically, many challenges exist in repurposing incumbent fraud detection used in consumer and retail payments for the protection of high-value channels. This installment in this blog series takes an alternative approach to the hunt for elusive black swans.

How do you spot the black swan fraudulent payment? This metaphor for the hunt means you are trying to identify the black swan in the dark. You cannot casually glance and determine the color of your payments, whether they are black swans or genuine payment instructions. You can only detect tiny nuances from normal activity that may help identify the black swan in the dark.

Grasping with the new reality of fraud

In applying this metaphor to payments, one must first thoroughly understand the normal behavior of each customer and then detect the tiniest variance from the customer’s normal patterns as payments are processed. This very fine-grained focus on the details can protect high-value payments within the new reality of fraudster tactics.

In this new reality, fraudsters seek to create an episodic explosion of fraud. Using Internet technologies from firewall penetration to phishing for executives, they find the smallest hole in the bank’s defenses and pass through payments that look (almost) valid. Once the hole is confirmed, fraudsters scale up their activity until the hole is plugged or the bank is taken down. Therefore, finding the fraudster’s initial attempt is imperative.

How do you execute with this fine-grained attention to detail to find that first attempt? This level of hunting is only possible when you have your customer’s payment history online and readily available to the detection process. The online data is necessary to understand each customer’s current behavior in real time and to simultaneously look at past activity so you can detect payments that are not normal. This approach requires maintaining a year or more of transaction data at your fingertips that is already organized for the detection process. Several attributes can be considered when defining each customer’s normal behavior: 

  • Regular transaction currencies
  • Common counter parties
  • Normal intermediaries
  • Standard temporal patterns
  • Recent transaction velocities
  • Expected communication methods 

To find those tiny variances from normal activity, every payment is evaluated in real time against the customer’s normal transaction patterns. Large variances are often easy to determine and resolve, but the small variances require superior technology for the hunt.

Refining fraud detection

Imagine a payment with a foreign currency, amount and transaction pattern that is perfectly normal. However, the customer has only used its domestic currency for this type of counter party. Pairing this type of counter party with a foreign currency is not normal and inherently suspicious. Detection of variances this small can find the black swan fraud in your flock.

For those organizations considering this methodology, some worry it will flood their environment with false positives and only waste significant and costly staff time to investigate for a resolution. That concern is addressed by the second requirement, which is cognitive analytics working in partnership with your payment operations team. What is cognitive analytics? It is an approach to analytics that learns at scale and reason for purpose to build insights that mimic those of top performers and quickly delivers recommendations to elevate the quality of decision making across your environment.

With each new piece of information, cognitive analytics evaluates the detection model using recent payment history and makes suggestions to improve the fraud detection model. Your payment operations team reviews the suggestions made and makes the final decision to add a new rule, change an existing rule or delete an old rule that is no longer effective. Over time, detection model fit is continually improved based on your customers, their payments and the bank’s policies. The result is better fraud detection with a minimum of false positives.

In protecting payments from black swans, IBM Safer Payments can execute the fraud detection methodology just described and is ready to hunt for the tiny variances. It keeps deep transaction history available online for the detection process. Using cognitive analytics, each payment is evaluated in real time to determine whether it might be a black swan.

As detections are resolved and more is learned about your customers, cognitive analytics simulates your environment to determine how the detection model can be improved. As suggestions are made, your payment operations team will determine if, how and when changes to the fraud detection model will occur. The result is a detection process that is continually fit to your customers and their payments. This fined-grained ability to hunt in this manner can catch the first black swan introduced by the fraudster.

Hunting with the right tools

While other solutions may be able to mimic some of the capabilities offered within IBM Safer Payments, they often require long development times and deep technical skills to configure. IBM Safer Payments is fraud detection for payment operations teams. They have the control to adapt models when needed as the business sees fit, with no reliance on others. This process maximizes the skills, knowledge and capabilities the team already has.  

IBM Safer Payments is just one part of the IBM Counter Fraud Management Suite, a proactive, integrated counterfraud offering that enables financial institutions to detect, disrupt, predict, prevent and investigate a broad range of fraudulent activities including payments that can impact their business. While no solution can guarantee that it will spot all the black swans entering your flock, you want to hunt with the best tools available. Stay tuned for the next installment in this series to learn what to do when you suspect you have found a black swan.  

Detect and prevent banking fraud

Follow @IBMAnalytics

This entry was posted in Big Data. Bookmark the permalink.