Capabilities of a fraud detection solution for e-banking

What can you do to stay one step ahead of the digital scammers?

Author: Floarea Serban

As an e-banking provider you have a decisive advantage. We will show you how to use it for fraud detection.

We have described the challenges of protecting your e-banking against fraud in the first part. They show that banks (and other providers of digital services) must be able to detect attempted fraud as quickly as possible in order to prevent damage. It is of limited use to detect fraud only after the transaction has been completed. If a fraud remains unnoticed for days, the fraudster has the opportunity to extend the security gap to more customers and larger amounts.

What can you do to stay ahead of the scammers?

As a financial institution, you have a decisive advantage here: you know more about the customer than the fraudster. But can you use this information to detect attempted fraud in good time? Even if you do not know how, when and where the fraudster will attack?

A solution that uses your existing database to detect fraud even before the order is executed and to stop the corresponding transactions in good time is characterized not only by the prompt processing of large volumes of data but also by high coverage in three dimensions: Which information is included in the fraud analysis, where it comes from and over which time period it is evaluated.

Bildschirmfoto-2016-03-21-um-10.09.31.png

Dimension 1: Analysed information

The information used to detect fraud can be divided into five aspects. The combination leads to knowledge about the customer behaviour regarding several aspects.

  1. Transaction attributes, such as type, amount or recipient
  2. Customer data, e.g. name, address, type of relationship or industry
  3. Service usage, e.g. time, speed of capture, distribution channel (e.g. app, web, API, B2B)
  4. Device used, e.g. language setting, IP or cookies
  5. Detected fraudulent activities of other customers

Dimension 2: Data sources included

The information to be analyzed can come from a wide variety of sources, which is enriched and correlated by the fraud detection solution. We distinguish 5 levels, whereby these build on each other:

  1. In the naive approach only the locally available application data is used
  2. Customer information from company-wide CRM or DWH is enriched
  3. Information from partner services, e.g., geolocation or creditworthiness of the recipient
  4. Public information from the web and social media, e.g. relationship network, role in the company
  5. Connection of sensors, e.g. motion profile of the mobile device
Bildschirmfoto-2016-03-21-um-12.09.50.png
Figure 1: Exemplary evaluation of the power of two fraud detection solutions. The white area in the diagram can be interpreted as potential for minimizing false positives.

Dimension 3: Period considered

The time period from which the information from the data sources is taken into account affects the ability to recognise whether the observed behaviour is normal in comparison with previous knowledge.

  1. Without time reference (now)
  2. Transaction context, e.g. risk of loss and security level (dual control principle or TAN)
  3. Session context, e.g. other recent user interactions outside the currently used service, ideally across channels
  4. Process context, e.g. preceding steps in the current business process
  5. History, e.g. date of account opening or previous use in e-banking

The higher the coverage in these three dimensions, the less manual effort for false positives and the less risk of undetected fraud (false negatives).

If a fraud detection solution evaluates the customer profile, usage profile and device profile over several months, it is easy to determine whether current behavior is normal or deviates significantly from it. And if it does deviate, whether this deviation has a plausible reason (e.g. vacation or house building). It is always important to take data protection into account.

Where does your fraud detection solution stand? What do you need to do to supplement the missing skills? In the next article we will present a solution approach that has the presented capabilities and can be easily extended with additional data sources, information and evaluations.