IBM Software Thought Leadership White PaperWebSphereTransactional fraud detection:A modular approachAddressing the next generation of ﬁnancial crimes
2 Transactional fraud detection: A modular approachContents This white paper discusses the beneﬁts of collaboration and constructively challenging the status quo by integrating different 2 The deployed software model versus the evolution technologies to form a comprehensive fraud detection and of fraud prevention solution that meets speciﬁc business requirements. It 2 Challenge currently deployed solutions also provides key considerations for developing a strategic road map for detecting and preventing enterprise ﬁnancial crimes. 2 Finding the right transactional fraud detection vendors 2 Leverage multiple technologies to stop persistent The deployed software model versus the fraudsters evolution of fraud As fraud detection professionals know, fraud is a constantly 3 React quickly with real-time fraud detection evolving organism. Like a virus, it evolves and mutates to seek out weaknesses in an incumbent detection system and, once 3 Know the leading nonmonetary fraud indicators found, will quickly exploit those weaknesses before moving—or 3 Base solutions on integrated technology changing—to ensure continuous income for the fraudster or organized group. Prevention methods that work today cannot be 4 Look beyond packaged solutions guaranteed to work tomorrow. The reality of this limitation is that deployed, packaged software applications require costly andIntroduction bulky upgrades or retraining over time just to keep pace withThe increasing prevalence of enterprise ﬁnancial crimes has fraud trends. The applications are only effective for a short timemade fraud prevention and investments in prevention technol- before they must be upgraded or replaced. Today, more effectiveogy a long-overdue priority to organizations around the world. technologies are enabled by deploying components throughAs a result, organizations are learning that the consolidated cloud computing and through more mature software as a servicesoftware platform approach to fraud detection is fundamentally (SaaS) models.ﬂawed and falls short on detecting and preventing fraudulenttransactions. Challenge currently deployed solutions Fraud software today is signiﬁcantly richer in feature functional-Instead, there are more effective ways to help fraud strategy ity than legacy solutions. But organizations should question ifmanagers and their organizations avoid the many pitfalls of their current solutions are keeping pace with the continuousdeployment, deliver on the promise of holistic coverage evolution of fraud or if they are merely providing a richer userand increase the chances of successful delivery aligned with interface that employs the same detection routines as its legacybusiness goals. A “one-size-ﬁts-all” offering is unlikely to counterparts. For instance, one example of an ongoing problemdeliver enterprise-class performance with results that beneﬁt with legacy solutions is high false positive rates (FPRs) andthe organization and the customer. To achieve high perform- inappropriate transaction declines, both of which negativelyance, organizations must align strategic vision with industry impact customer service. To maintain competitive advantage,knowledge. organizations must treat valued customers as such. Decisions
IBM Software 3about transactional viability should be based on sound, clearly reported, these vendors can make data available to antifraudunderstood logic and they should be modiﬁable as needed. group consortium members to assist in catching fraudsters and“Black-box” detection paradigms, typically based on neural closing down concurrent attacks across multiple institutions.networks and other, similar, paradigms, are not the only means Effective data management and security coupled with strongof providing effective fraud detection that is tempered with analytical capabilities provide the technological backbone forrespectful customer service. implementing effective detection strategies that can be shared across consortium participants.Finding the right transactional frauddetection vendors React quickly with real-time fraudIt is important to note that just because it is possible to access detectiondata in a transaction system for fraud detection, it does not Legislative, technological and competitive pressures aremean that fraud technology vendors have the ability to design a shortening the timeframe for reacting to fraud threats.transactional fraud detection system. For instance, antimoney- Real-time fraud detection may be the only effective way tolaundering (AML) systems are designed to ensure compliance block fraudulent transactions. Additionally, as organizationswith regulatory requirements, not to catch fast-moving fraud. move toward real-time capabilities, those that have not adoptedTypically, an AML system will not ﬂag a low FPR, given that this functionality will be even more exposed as fraudsters learnauditors and compliance resources may prefer to decline more that a weak link exists. For instance, in the United Kingdom,transactions to err on the side of caution. Requiring an AML real-time funds availability and the “faster payments” initiativesystem to do the opposite and provide high-quality alerts with mean that “day 2” fraud processes will become obsolete in a fewlow FPRs is nearly impossible since the system is being asked to years. Next-generation technology must be able to adapt anddo something for which it was not designed. Reengineering the grow as market dynamics continue to change to justify anysystem for this purpose is usually ineffective. strategic investment.Leverage multiple technologies to stop Know and analyze nonmonetary fraudpersistent fraudsters indicatorsFraud is a problem that transcends individual organizations. Nonmonetary account activity is a signiﬁcant indicator ofIt does not respect corporate boundaries, and fraudsters will potentially fraudulent action, and yet, many organizations eitherprey on the fact that legal and technological constraints often ignore or are unable to capture and react to these indicators.make effective data sharing within organizations impossible. It is Over time, disparate and seemingly unconnected events, orcommon to ﬁnd that, after multiple fraudulent events, the same nonevents, associated with an address change request, a passwordperson or group has been perpetrating similar attacks concur- change request or PIN change request can be strong indicatorsrently on peer institutions. However, some data security vendors of account takeover or identity theft. The use of powerfuland storage providers act as trusted custodians that can provide predictive analytics technology and complex event processingaccess to transactional detail that shows what is happening at anindustry level. As fraud or suspicious activity is identiﬁed or
4 Transactional fraud detection: A modular approachfunctionality can help organizations understand the nature of Look beyond packaged solutionstheir fraud problem better before the event. Organizations need Fraud detection practitioners and strategists need to look beyondthe ability to assess a sequence of events or nonevents and assign the capabilities provided by packaged solutions. By partneringa risk/threat level to that combination of activities at the front with an external consultant, organizations may conﬁrm thatend. Preventing fraud is signiﬁcantly more desirable than existing software capabilities and associated operational practicesdeploying expensive resources to manage the results of fraud— are adequate. If not, a consultant can also provide an effectivefor the organization and, more importantly, for the customer. review and recommendations for operational enhancement.Deploying this mix of technology, analytics and human-centric Enhancement efforts should complement existing capabilities,knowledge can provide signiﬁcant operational efficiencies, and existing budgetary constraints, while providing a nondisrup-enhanced detection rates and an improved customer experience. tive path to improved detection and prevention.Base solutions on integrated technology To implement effective fraud detection, card issuers mustEffective fraud detection capabilities face a multitude of chal- develop an understanding of the enhanced capabilitieslenges across different payment methods. i.e. online, deposit, provided by predictive analytics, pattern and name matching /ATM, check, debit card and ACH/wire. To effectively meet recognition, complex event processing, business rules, contentthese challenges, organizations must be able to move from analytics and, most importantly, the means for implementation.fragmented fraud detection and prevention to an environment IBM’s ability to draw on best-of-breed components ensures thatthat is equipped to address the evolving threat of fraudulent an issuer is not tied to a speciﬁc specialization or paradigm, a keyactivity in an integrated, holistic, enterprise-wide fashion. beneﬁt when considering the speciﬁc nature of card fraud withinThey must ask questions like: Is this technology a viable and any single geography. IBM and its broad partner ecosystem areachievable ambition for return on investment? How much uniquely positioned to assist institutions that are ready to begindepends on technology and how much on the implementation this journey.of industry and domain knowledge? What are the beneﬁts forthe organization and its customers? And in short, is it worth Conclusioninvesting in improvement? The ﬁght against fraud is continuous and evolving at a rapid pace, and the sophistication of fraudulent attacks is ever increas-The answer is yes. Any organization that stops investing in ing. In planning the strategy for future prevention and mitiga-technology to combat evolving and mutating fraudulent activity tion efforts, organizations should consider external challengesis effectively writing a blank check for the fraudster. However, and whether their current solutions are able to address thoseinvestment in technology alone is not sufficient to mitigate challenges. New technologies can provide more effective ways tofraudulent activity. Any investment must conform to a clear monitor and detect fraud and better position the organizationvision and strategy that is likely to be multiphased over several for success. While examining different solutions, it is importantyears and able to evolve over time. While packaged solutions to develop an understanding of the underlying detection logic.may seem effective, as outlined in the previous section, a“one-size-ﬁts-all” solution is destined to fail.
IBM Software 5The most effective solution sets are those that can adapt quickly, About the authorsoffer industry and enterprise breadth, can function in real-time Richard Collardand monitor cross-channel activity. IBM Worldwide Subject Matter Expert Transactional Fraud Detection, AML and Risk ManagementIBM’s approach to fraud detection and prevention is aligned and firstname.lastname@example.org executed through the technological and commercialvision that IBM customer and business partner FIS offers. FIS’ Richard Collard comes to IBM as part of the acquisition, indepth of experience and acquisition strategy, which includes 2009, of ILOG. He draws on a business-based career withCertegy and Metavante among others, ensures that its core major global fraud analytics organizations and specializes in theofferings are infused with ideas and best practices from different, provision of fraud detection solutions and consulting for creditbut aligned, industries. and debit card issuers and for AML. Prior to joining ILOG, he worked to develop a radical, new approach to rules-based fraudFor more information detection through the automated generation of rules usingFor more information about fraud detection solutions from genetic algorithms and evolutionary computing techniques. ThisIBM, contact your IBM representative or IBM Business Partner, technique is holistic and non-prescriptive, espousing the beliefor visit: ibm.com that there is no such thing as a “one-size-ﬁts-all solution,” and is aligned with IBM’s modular approach to the challenges facingFor more information about fraud in the United Kingdom, visit the card industry.the UK Cards Association at theukcardsassociation.org.uk/ Richard’s operational reviews for card issuers in South AfricaAdditionally, ﬁnancing solutions from IBM Global Financing have generated signiﬁcant savings and operational efficiencies.can enable effective cash management, protection from technol- They have also been instrumental in the recent adoption ofogy obsolescence, improved total cost of ownership and return business rules management systems (BRMS) technology as aon investment. Also, our Global Asset Recovery Services help major component of a hosted fraud detection solution. Richard’saddress environmental concerns with new, more energy-efficient ability to draw on global experience allows signiﬁcant knowledgesolutions. For more information on IBM Global Financing, visit: transfer of global best practices. His approach is consultative andibm.com/ﬁnancing respectful of geography and culture, ensuring that the thought- leadership that he provides is positively received—traits that have earned him signiﬁcant respect through his engagements.