Our solution approach for fraud detection in e-banking

We present an approach that integrates into your system landscape and prevents fraud in e-banking in six steps

Author: Floarea Serban

What does a fraud detection solution for the digital world of tomorrow look like?

We described the capabilities of a future-proof fraud detection solution in our last blog. In this article we show how these requirements can be implemented in an IT system. Our experience shows that a timely response to fraud attempts is crucial: Even while the transaction is still in progress or even before it is fully recorded, the easiest way to prevent damage is to use a fraud detection solution.

From a logical point of view, in such a fraud detection system, six levels of processing and three types of interaction with surrounding systems can be distinguished to optimally support the requirements.

Join us on a journey through an ideal fraud detection solution!

Figure 1: Different events (blue and grey) are pre-filtered in isolation (left and right) and then combined into significant events.

Interaction type 1: Events related to an e-banking transaction are made known to the fraud detection solution in a timely manner, whether it is technical information about the user's device, the content of the financial transaction or the time and place of card transactions at ATMs or on the Internet.

Processing step 1: The majority of transactions are already approved as harmless in this first processing step. An isolated analysis checks, for example, whether a user's device is infected with malware. Or whether it is a risk-free AHV pension payment.

Processing step 2: The temporal or relational correlation of different events from different IT systems in the bank's system landscape is a core task of the fraud detection solution. For example, it links the card transaction via the direct debit account and the customer with the current e-banking payment. On the other hand, it recognizes that five payments have already been made within one minute from a customer's e-banking account.

Figure 2: Comparison of contextual information on risky transactions with the standard behaviour of the customer to identify suspicious deviations

Processing step 3: The remaining (few) transactions are enriched in the third step with customer profile, device profile and usage profile or e-banking.

Interaction type 2: The information to be enriched is stored locally in order to minimize access time and to enable a timely reaction to suspicious transactions.

Processing step 4: The fourth step uses all this information to identify whether the current usage, the currently used device configuration or transaction (e.g. the credit account) deviates significantly from the norm and is excessively risky. It uses pattern recognition, technical rules or statistics for this purpose.

Figure 3: An automated response stops suspicious transactions before they are booked.

Processing step 5: Financial transactions reach this stage only in the per mille range. It is very likely to be a case of fraud. As a precautionary measure, the affected transactions are suspended immediately.

Interaction type 3: The IT systems for e-banking and order management offer specific (internal) interfaces. This uses the fraud detection solution to react immediately to a detected case of fraud, e.g. to prevent the entry of further orders in e-banking across channels.

Processing step 6: In the last step, the decision remains with the specialist, in order to clarify the suspicious transaction with the customer in case of doubt. The future will show to what extent this task can be performed by an IT system (e.g. by means of machine learning).

Due to the loose coupling of the individual stages and the surrounding systems, a fraud detection solution based on the approach presented here is prepared for all eventualities. Even if you do not know today which fraudster will strike when and where.