Ibm financial crime management solution 3
Upcoming SlideShare
Loading in...5
×
 

Ibm financial crime management solution 3

on

  • 1,273 views

This is IBM anti-fraud solutoions in GCG.

This is IBM anti-fraud solutoions in GCG.

Statistics

Views

Total Views
1,273
Views on SlideShare
1,273
Embed Views
0

Actions

Likes
0
Downloads
42
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • 利用 IBM 金融犯罪管理解决方案有效地预防与管理金融犯罪

Ibm financial crime management solution 3 Ibm financial crime management solution 3 Presentation Transcript

  • IBM Financial Crime Management Solution Overview and Solution Demo
  • Financial Crime I s O n the R ise!
    • of businesses were victims of fraud
    • of banks failed to catch fraud before funds were transferred out
    • of fraud attacks, the bank was unable to fully recover assets
    • of businesses said they have moved their banking activities elsewhere
    • Only 20% of banks were able to identify fraud before money was transferred.
    • “ The ROI of investing in fraud prevention is clear.”
    58% Source: Ponemon Institute/Guardian Analytics study, March, 2010 80% 87% 40% 20% A poll of 500 executives and owners of small and medium businesses showed:
  • Fraud activities continue to rise 48% of fraud cases involve insiders 5% fraud activities cause 5% of pre-tax income for U.S. financial institutions $1,000,000 Average loss when a high-level executive is involved 400% When an insider is involved, loss increases by an average 400% A study in U.S. found:
  • Example: Common Types of Credit Card Fraud Fraudulent possession of card details (CNP Fraud) Counterfeit Lost or Stolen Mail non-receipt fraud Identity theft Detect at application, activation and account maintenance Detect at Activation Detect at trax authorization 14% 7% 30% 26% 23% Often organized crime Western Countries Detect at trax authorization Detect at trax authorization
  • Challenge #1 – Follow up instead of intercept Off-line Analysis and Investigation Asynchronous Monitoring and Confirmation Real-Time Automatic Decisioning and Approval Precise Rules and High Performance System
  • Challenge 2 – Traditional Technology Can’t Process Large Transaction Volume For example, a large international or regional bank’s credit card center will have to detect over 10M transactions a day = 623/second (99% confidence level) or 644/second (99.9%confidence level) or 663/second (99.99% confidence level)
  • Challenge 3 – Traditional Technology Only Monitor Single Transactions Multiple activities usually involve in a fraud event Many fraud patterns involve diverse systems and seemingly unrelated activities, e.g. multiple login attempts, followed by a combination of changes in PIN and contact information followed by an unusually large withdraw or transfer.
  • Challenge #4 – False Positive Rate Too High Event What is Happening? When to Act? What Action? Event Rules Business Rules Precise Event Rules and Business Rules Reduce False Positive Rate !
  • Solution from Package Vendors Transaction Score Action Model Blackbox? Need vendor to change ? Other events (Change of Address, PIN error, replacement card, call center query, etc.) 1000’s Trax/Sec Is environment developing too fast to train the models? Performance? Mode Description Disadvantage Real-Time Transaction scores in real time & recommendation send to authorization decision ing High HW requirement Online Plus Score is based on last transaction, send to authorization server for decision making 1st fraud transaction is lost Online Enables analyst response, but no feedback to authorization
    • No feedback to authorization decision
    • Detection response depend on analyst action
    Near Online / Frequent Batch Score batch send to analyst workstations at pre-determined time intervals Time lag from transaction execution to analyst action may reduce effectiveness ? ? ? ? ? ? ? ? ? ? ? ?
  • Banks Require a Flexible and Expandable Platform Leverage strengths of existing systems that are cost effective, adopt best-of-breed alternatives to address deficiencies
    • An integrated crimes platform:
    • Consolidates alerts across channels
    • Conducts 2 nd tier analytics
    • Automates certain user activities
    A consolidated and integrated operational organization (to the extent possible) addresses customer-based alerts Integrated environment generates improved Business Intelligence which benefits tactical functions and enables strategic thinking
    • The Financial Crimes Steering Committee:
    • Implements top-down policy based on organization risk tolerance
    • Prioritizes and manages initiatives
    • Collaborates with stakeholders to drive a smarter, safer business
  • IBM’s Smarter Way of Fighting Financial Crime + + Instrumented Interconnected Intelligent
  • IBM’s Smarter Way of Fighting Financial Crime Attitudinal Data Interaction Data Behavioral Data Demographic Data Event Rules Profile Rules Management Console Transactional & Channel Systems Historical Data IBM Financial Crime Real-Time Detection & Prevention Solution Event Detector IBM Financial Crime Case Mgmt Solution IBM Financial Crime Analytics Solution
  • Effectively Prevent and Manage Financial Crime Case Analysts use IBM Financial Crime Analytics Solution to discover patterns Investigators use IBM Financial Crime Case Management Solution for investigation and collaboration with bank’s auditing department and law enforcement Financial Crime Cases Business Rules Analysts use IBM Financial Crime Real-Time Detection & Prevention Solution to turn patterns into rules that can be deployed for real-time detection and prevention
  • IBM’s Smarter Way for Real-Time Financial Crime Detection Events Score Actions 1000’s trax/sec Other Financial Crime-Related Activities Watch List Filtered financial crime Event Event Rules Profile Rules Rules that can be customized and continually optimized by banks Pre-filtering allows 100% potential events to pass through decisioning real-time without hurting performance Automatically generated watch lists are used to monitoring selected fraud activities Monitor any events relevant to financial crime activities Change Password Password Error Report of Lost Card Online Activation Change of Addr ------ ------ ------ ------ ------ ------ ------ ------ ------ ------ ------ ------
  • IBM Financial Crime Management Solution Architecture Banking Existing IT System Business event XML/JMS WBE Event association judgment Filtered event and type XML/JMS ILOG anti fraud rule Event score Case management Change Password Report of Lost Card Online Activation Change of Addr Payment Event rule Customer history behaviors Anti fraud database
  • IBM Financial Crime Management Online Monitor Architecture
    • Exist system interface
      • Recommend use JMS , for asynchronous event process.
      • Other supported interface:
    • SOAP 、 RDBMS 、 HTTP 、 SMTP 、 FTP 、 File
    • Event server
      • Receive business event, execute event rule judgment, filter questionable transaction to rule engine for further process
    • Rule engine
      • Score transaction based on event type, customer behavior model
    • Data mart
      • Store customer, account, channel, merchant, tansaction log and etc.
    • Case management
        • Push monitor result to case management platform for Investigator to process
  • Credit card online monitor process Process? meet Y N N Y R R R R Pass >500 Y : Yes B : No R : Read W W <500 Pass Base event and behavior rule Event rule filter Auth request
    • Create potential fraud case
    • Adjust customer base score
    • Cardholder :
    • name
    • job
    • credit
    • Expiry date
    • other
    • Contact card holder
    • MP
    • SMS
    • E-Mail
    Customer info Account info Merchant info
    • Profiles:
    • time
    • merchant
    • channel
    • country
    • Card holder
    • History transaction score
    • Behavior score
    Case management process UI Triggered rule Card info Transaction log investigate
    • Update fraud data
    • increase
    • decrease
    • keep
    Submit to higher level to process Channel info Transaction log
  • WBE event process server overview Event cloud Protocol exchange Format exchange Events connector Actions WBE Runtime connector Database JMS Push History module Topics Dashboard SOAP RDBMS HTTP SMTP FTP File XSL JMS JDBC JDBC & SOAP SOAP RDBMS HTTP SMTP FTP File XSL JMS Topics WBE development Relativity cache Information based time sequence Event cloud WBE object store lab
  • Pre-Built Rules & Design Interface - WBE
  • Rule engine component view Design Maintain Share Deploy Line Of Business Production Development Rule Solutions for Office Rule Studio Rule Team Server Decision Validation Services Rule Repository Transparent Decision Services Rule Execution Server Rules for COBOL Custom Web Applications
  • Event rule sample case Condition A: Transaction occurs between 0:00am to 6:00am Condition B: Transaction ammount is lager then 2000 Condition C: 3+ times transactions in passed 1 hour and Potential transaction TM01 Condition A: Password was modified within today Condition B: 3+ times transactions in passed 1 hour Condition C: Accumulative total amount is larger than 8000 and Potential transaction TM02
  • Pre-Built Rules & Design Interface - iLog
  • Event rule implement sample
  • ILOG base score based on event type
    • get customer info, do fraud type check
    • based on fraud type, call related score table to score transaction
    • base on fraud score, generate fraud case and write in database
    规则流 base score table based on event type Event type A Event type A Score table A Score table B Event type C Event type and score table relationship ( N:1)
  • ILOG score base on customer behavior
    • when input event type meet this table, do condition match and adjust base score
    Score table base on customer behavior model
  • Data Model
  • Generate potential fraud case Input column : First column : potential fraud type Second column : transaction score Output column : First column : final fraud type Second column : description of fraud Generate potential fraud case based on event type and score
  • Management UI
  • Card Fraud Reference Deployment Model Credit Card System (IBM Z) ATM & Debit Card Internet Banking ACH etc Credit Card Authorization Module Other Systems Event Engine Watchlist Generation Rules Fraud Decisioning Rules Event engine detects and maintains dynamic watchlists using pre-defined event rules 1 Rules engine as a stage of the authorization process 2 Rules engine calls the dynamic watchlists and relevant CIF and historical data to make fraud scoring decision 3 Historical & Customer Data Rule Engine Essentis / Triad Event Engine supports high-performing detection on CICS Contact Center / CRM CIF Dynamic Watchlist Event Detectors supports all major platforms Transaction Systems Credit Card ------ ------ ------ ------ ------ ------ ------ ------ ------ ------ ------ ------
  • Retail Banking Fraud Reference Deployment Source 1 Router Source 2 … … … Transaction Processing System 1 Transactions come from all sources 2 Router makes a duplicate 3 Main copy flows via existing route Duplicate copy is sent to IBM Financial Crime Mgmt Solution
    • Router Process:
    • Wait if result from IBM Financial Crime Mgmt Solution arrives first
    • Wait only X msec if result from IBM Financial Crime Mgmt Solution hasn’t arrived
    5 Need to reverse transaction is blocked by Router based on decision from IBM Financial Crime Mgmt Solution 7 Router combines decision from existing system and IBM Financial Crime Management Solution and returns result to source system 6 4
  • Deliver project team sample
    • Recommend project team:
      • Business consultant: analysis customer business and develop requirement
      • System architecture : analysis requirement, design data mart and rules for event server/rule engine
      • WBE developer : develop WBE rule and integrate with front system
      • iLog developer: develop iLog rules
      • Database admin : create/maintain database and customer/account /etc data
      • UI developer : customize case management
    • SWG resource
      • SWG Industry Solution Team
      • Industry Solution Service
      • CDL/LBS
  • System Configuration Option
    • Full rule life cycle benefits of JRules BRMS on zOS using all JRules products.
      • - Rule execution close proximity to the data on zOS
      • - Rule versioning and control
      • Rules administration
      • - Testing and Simulation
      • Contains Hot Deployment option
    • Core business rule mgmt benefits of JRules while retaining your existing COBOL architecture
    • Rule execution as COBOL code
    • Performance is not a concern
    • Close proximity to the data on the mainframe
    • Rule versioning and control
    • Fits into their application development standards
    • New technology but with a familiar face
    Starter Configuration Extreme Configuration Event Engine WebSphere Business Events WebSphere Business Events for Z/OS Rules Engine ILOG JRules
    • ILOG JRules for Z/OS (Rules Engine on Z )
    • - or -
    • ILOG Rules for COBOL (Rules Hosted on Z )
    Event Detector CICS Events for WebSphere Business Events SupportPac (enable CICS TS v3 as an emitter of events in a format directly consumable by WebSphere Business Events) Rules Development ILOG Rule Studio ILOG Rule Team Server ILOG Rules Solution for Office WebSphere Business Events Design Tool Monitoring (Optional) WebSphere Business Monitor Integration (option) WebSphere Message Broker, WebSphere DataPower, WebSphere MQ
  • Demo 1: Card Fraud Detection
  • Demo 2: Online Banking Fraud Detection
  • Summary
  • IBM Solution is Uniquely Positioned ??? Powerful technical support from IBM. Implementaiton “ It depends”? Fully supporting IBM Z/OS and providing decisioning capability at high performance. Performance Single-purpose, point solution reduces ROI. Banks can utilize this platform for future AML, customer churn management and real-time cross-selling projects. Expandability Trade off between performance and effectiveness? IBM event engine produces real-time, dynamic watchlists for rules engine to make precide decisions. Capability of Real-Time Detection Mostly only for transaction decisioning with high false positive rates. IBM complex event engine uses event detector to monitor different systems to increase accuracy of decisioning Capability to monitor multiple systems “ Black box” Rules and models are owned and managed by bank Rules and Model Mgmt Legacy Solutions from ISVs IBM Financial Crime Management Solution
  • Prospecting Questions
    • Is there a dedicated organization for financial crime management or AML?
    • Is there a roadmap for AML or Anti-Fraud?
    • How much does the bank suffer from fraud activities in credit card and other payment transactions?
    • Has the bank been fined by regulators for money laundering related activities?
    • If the bank uses foreign packages for AML and Fraud management, does the bank feel having control and ownership to adapt to the fast-changing environment and fraud patterns?
    • Show the demo.
    • Will you be interested in :
    • - Financial Crime Assessment & Planning Workshop ?
    • - Financial Crime Rules Discovery Workshop ?
    • - Financial Crime Proof of Concept / Technology / Value Workshop ?