The document discusses the evolving landscape of fraud, emphasizing how traditional detection systems are insufficient against increasingly sophisticated cybercriminal tactics. It highlights the significant financial impact of fraud across various sectors and suggests a holistic, real-time data-driven approach to effectively detect and counteract fraudulent activities. Companies are encouraged to integrate structured and unstructured data for better contextual understanding and response capabilities in order to mitigate losses and protect customer interests.

1. Putting Fraud
in Context
Using circumstantial evidence to transform detection

2. What is the Right Approach?
1
Bring It All Together With
Confluent to Fend Off Fraud
Conclusion
2
The Fraud Problem
3
How Do You Counteract Fraud?
4
5

3. Wherethereisanopportunityforgain,thereis
fraud.Anage-oldproblemthathasevolvedover
thecenturiesfromsimplesleightofhandtohighly
engineeredcyberattackscoordinatedamong
complexnetworksoforganizedcriminals.
The
Fraud
Problem
01
5

4. 01 the fraud problem
1 Pandemic has made the problem worse
2 The Cost of Fraud
3 UK Government Benefit Fraud
4 PWC’s Global Economic Crime & Fraud Survey 2022
t’s hard to escape the headlines dominating the news.
Financial services fraud in particular is a major crisis today,
with even the most cyber resilient organizations incurring
huge financial losses and negative reputational impact (see
right The Global Fraud Epidemic). Regardless of what is
reported, the true liability always runs much deeper and the
risk to organizations extends beyond an operational problem.
But how do the bad actors continue to outsmart seemingly
fail-proof fraud detection models?
Just as technology has advanced, so too has the fraudster’s
business model. In today’s globally connected, multi-channel
digital world, the footprint is expansive and the market is
ripe to build a virtual empire of hackers and bad actors, each
with specialized expertise to ensure successful compromise
at every potential entry point. Cybercriminal teams can
strategize to infiltrate an organization, through coordinated
internal and external attacks, with greater sophistication
and at a greater scale than ever before. The outcome could
be the theft of money or goods or the misuse or exposure of
confidential information or data.
And the pandemic has made the problem worse with the
rapid shift to online transactions and, with it, the huge
numbers of people to exploit who are less digitally aware of
scams to extract their confidential data1.
4
Fraud impacts everyone from private individuals
to large corporations, from private industry to
public sector and even the military. Financial
services firms are not the only targets of fraud in
today’s digital world. E-retailers spend more than
7% of their total annual revenue combating
fraud2. The U.K. government lost £8.5 billion
pounds in benefit fraud in 20213. PwC's Global
Economic Crime and Fraud Survey 2022
respondents reported total losses of US$42
billion4, on top of the damage to brand,
reputation, and market share. In actuality, fraud
losses are often higher than the figures reported.
Firms never want their customers to know the full
extent of what is really lost. The actual cost of
fraud incurred by organizations extends beyond
the direct loss to investigation and recovery
costs, regulatory penalties, and reputational
damage that impacts customer and partner
relationships.
The Global Fraud Epidemic

5. One of the most common, and the most damaging,
types is transactional fraud which has seen pandemic-
attributed spikes across different payment platforms
including credit card, P2P instant payment systems,
and even the more traditional bank wire transfers. Zelle
in particular, the U.S. bank-owned answer to PayPal,
has been a significant target for scams. When Zelle
customers fell victim to social engineering attacks5, the
subsequent fraudulent transactions were defined as
authorized and legitimate transfers byaccount holders
with the banks claiming no culpabilityor recompense.
That, however, has changed with recent U.S. Senate
pressure forcingJPMorgan, Wells Fargo, and Bank of
America to assume ownership and reimburse
compromised accounts accordingly6.
Perhaps more dangerous than typical transactional
fraud is the evolution of account takeover attacks,
a sophisticated long-term compromise which often
originates through data breaches, ultimatelyresulting
in some form of payment fraud.
Like everyother individual and organization across the globe,your firm will always be a primarytarget. In fact, an
attempt to defraudyour clients or firm is likelyhappening right at this verymoment, in a multitude of ways, across
manyattack surfaces onyour infrastructure (see right Examples of Financial Services Fraud).
5 Fraud is flourishing on Zelle
6 Banks to reimburse Zelle scam victims
7 Aite Group research
Bad actors can assume account credentials and
strategicallylurk over a prolonged period, assessing
furthervulnerabilities in a firm’s cybersecurityprocess
and striking when an opportunitypresents itself. In the
context of financial services, an account holder could be
unaware their bank login credentials have been
compromised, with an illegitimate payment taking
place months later rather than an instant fraudulent
transaction attempt.
Furthermore, these are usuallynot singular attacks.
A bad actor has the propensityto engineer further
attacks on a targeted account, at anytime, if it can
back up the compromised bank login with additional
identifying credentials such as an email or a phone
number for example. Having a real-time forensic view
of all potential indicators of compromise could help
mitigate this. Aite Group research reports 64% of
financial institutions have seen an increase in account
takeover fraud since pre-COVID-197.
From Transaction Fraud
to Full Account Takeover
01 the fraud problem
5
Examples of
Financial Services Fraud
Transaction frau
Cross-border payments frau
Account takeove
Synthetic identitie
Phishing and smishin
Insider threa
Scam
Market abuse and rogue tradin
Invoice and payroll frau
Application frau
Stolen cards and stolen credentials
(often sold on the dark web
ATM/IDM fraud (skimming, etc.
Check (cheque) frau
Cybersecuritybreaches
and related attack
Crypto scam
Gift card frau
BNPL(bynow paylater) scam
Moneylaunderin
Tax frau
Benefit frau
Insurance claims frau
Claims exaggeratio
Insurance premiums application fraud

6. 6
01 the fraud problem
This is due to the fact that across many organizations
fraud teams still operate independently from cybersecurity
teams and they typically have different views into the data
and use different tools and processes to address fraud.
Fraud teams typically have access to transactional
structured data but often have limited contextual insight
into those transactions. They look for likely indicators of
fraud, after the occurrence of the event, and conduct
transaction-centric assessments to determine if fraudulent
activity has occurred or not. Most fraud detection systems
rely on statistical models and rules for detection.
Unfortunately, with the exponential growth and
sophistication of attacks, the number of indicators that
can influence a fraud assessment has also grown. And this
has fraud teams adapting their “legacy” models to adjust
to evolving channels and types of fraud.
On the other hand, cybersecurity teams have invested
heavily in analytics-oriented SIEM (security information
and event management) tools that rely on the ingestion
of log data and other unstructured sources for incident
investigation and resolution. While these systems have
a good deal of context from unstructured data sources,
they often do not have an easy way to extract insights
from transactional systems such as databases,
mainframes, and e-commerce platforms.
With crime pathways converging, and the traditional
distinctions between cyber breaches and fraud and
financial crimes fading, such siloed approaches are
becoming increasingly untenable.
While organizations are pouring in millions of dollars to fight fraudulent activity, existing systems and models are
incapable of detecting and preventing fraudulent behavior and attacks in an effective way—they lack timely information
and contextual intelligence to determine if an event or a transaction is legitimate or malicious in nature.
Why Current Approaches Fail to Deliver

7. Organizationshavetoprotectthemselves
againsteveryvulnerabilitypossible,butfraudsters
(andhackers)justneedtofindone.Thatiswhy
effectivefraudmanagementshouldfocusonareas
ofprevention,detection,andintelligentresponse.
How Do You
Counteract
Fraud?
02
5
Today,manyorganizationsaretakingamoreholistic,
collaborativeviewoftheunderlyingprocessesto
createa“fusioncenter”–streamliningthebusinessand
technologyarchitecturetoeffectivelyfightfraud.
Contextiskeyandtimeisoftheessence!
Today,manyorganizationsaretakingamoreholistic,
collaborativeviewoftheunderlyingprocessesto
createa“fusioncenter”–streamliningthebusinessand
technologyarchitecturetoeffectivelyfightfraud.
Contextiskeyandtimeisoftheessence!

8. Day 1 [10:30 PM]
Successful login:
Usual IP address (FL)
Day 1 [10:30 PM]
Successful login:
Usual IP address (FL)
Day 2 [8:07 AM]
NY ATM withdrawal
Day 2 [8:07 AM]
NY ATM withdrawal
Day 2 [5:52 PM]
Failed login x2
New IP address (1)
Day 2 [5:52 PM]
Failed login x2
New IP address (1)
Day 3 [7:17 PM]
Successful login:
New IP address (2)
Day 3 [7:17 PM]
Successful login:
New IP address (2)
Day 5 [11:30 PM]
Successful login:
Usual IP address (FL)
Day 5 [11:30 PM]
Successful login:
Usual IP address (FL)
Day 6 [5:20 PM]
Funds transfer ($1):
Unknown recipient
Day 6 [5:20 PM]
Funds transfer ($1):
Unknown recipient
Day 4 [3:38 AM]
Mobile banking:
Authorize new device login
Day 4 [3:38 AM]
Mobile banking:
Authorize new device login
Day 5 [12:34 PM]
Password change:
New IP address (3)
Day 5 [12:34 PM]
Password change:
New IP address (3)
Day 10 [4:30 AM]
Funds transfer ($5k):
Unknown recipient
Day 10 [4:30 AM]
Funds transfer ($5k):
Unknown recipient
Day 2 [2:43 PM]
Onboard purchase:
United Airlines
Day 2 [2:43 PM]
Onboard purchase:
United Airlines
Capturing and understanding contextual and situational data
can help identify a fraudulent actor before an unauthorized
transaction is even invoked. Identifying unusual, erratic, or
incongruent changes to the contextual data for an account can
help prevent malevolent activities before they occur by possibly
locking the user’s account or taking other preventative action.
Let’s consider the example of payment fraud.
To understand when payment fraud happens, you need to
know more than just the fact that a transaction has occurred.
To know whether that transaction was legitimate or
fraudulent, it becomes very important to understand the
context around that transaction. To this end it becomes critical
to collect and analyze all the information that can provide that
context, regardless of which systems or data sources may
contain that data, to create the appropriate risk score.
The illustration above highlights some of the contextual data that may be critical to informing a fraud detection decision including:
Failed login attempts Did the user attempt to log in
multiple times before gaining access to the system?
Change of password Did the user change their
password recently?
User geolocation Is the user making the request in
a location that is different from their usual location?
User device/software info Is the user using a device or
software version that is new or different?
User network address info Is this request coming from
a new or different IP address or host for this user?
New payment recipient Is the user sending this payment
to a new or unknown recipient?
Amount of transaction Is the amount of this transaction
unusual for this user based on their historical patterns?
Time/Day of transaction Is the time of this transaction
unusual for this user?
Context Matters
8
02 How to counteract fraud
Day 4 [6:30 AM]
Airport Taxi card swipe
Day 4 [6:30 AM]
Airport Taxi card swipe

9. Time is Critical
In addition to having visibility into all the information
required to make a fraud determination, it is critical to gain
that important context in a timely fashion. Detecting and
preventing fraud as it happens requires decisive action in
real time.
In the example illustrated on the previous page, we can see
that the user has logged in from a new device overseas at
the same time that they have returned home to their
normal location and purchased a taxi fare. A fraud system
operating on real-time data can identify the overseas
activity as something suspicious and possibly malicious so
it can then communicate to the connected account
systems and temporarily suspend the account to prevent
any fraudulent activity from occurring. The system can also
alert the user of this activity and recommend remediating
actions. This can only happen with a system that is
leveraging the latest possible contextual information
coming in for this user and account, the moment it occurs.
However, systems that only look at historical data retrieved
from data-at-rest sources (such as databases or logs for
after-the-fact analysis), by definition, are unable to detect
fraud as it happens and thus won’t have the chance to stop
or prevent the fraudulent activity.
Fraudulent attacks can easily be averted if organizations
shift from a transaction-centric, data-at-rest processing
mindset to an event-driven, real-time processing mindset,
where every event is analyzed as it occurs and fraud threat
vectors can be updated on the fly.
9
The information that is critical for detecting fraud comes in
different types and formats, and from different data sources
and systems. The data is often available at different speeds and
times and can be delivered in large volumes. Some of the data
will be structured data such as transaction amount or user login
information and may originate from relational databases,
mainframes, or order management systems. Other data that
can help provide context may be unstructured data such as
network access log entries or geolocation information, and may
come from HTTP logs, network logs, server logs, or identity and
access management systems.
In order to proactively detect and prevent fraud, all of this data
must be aggregated and analyzed together by the fraud system
to derive the right security context and respond with intelligence.
0 2 H o w t o c o u n t e r a c t f r a u d

10. Many fraud platforms today are not able to
combine both the structured and unstructured
data, or the transactional and the contextual
information, nor are they able to put it all to
use in real time to make the best fraud
detection decision.
The
Right
Approach
03
5
True fraud detection and prevention requires
that contextual events, transactional data, and
data changes be analyzed as they happen
together, with historical patterns, to inform the
best fraud decision system possible.
True fraud detection and prevention requires
that contextual events, transactional data, and
data changes be analyzed as they happen
together, with historical patterns, to inform the
best fraud decision system possible.

11. 03 The right approach
Toinformthebestfrauddecisionpossible,organizationsneedto:
DeriveContext
Drawonmultiplesourcesofdata—structuredand
unstructured,historicalandrealtime,eventstreamingand
eventsourcing,whereveritresidesonthedataestate—to
applycontext,developgoodindicatorsandleverageafraud
scoringsystem,atscale
AutomateRiskScoring
Enabletheprocessingandtransformationofallrelevantdata
foranalysis,executedthroughtheapplicationofsophisticated
MLmodelingthatoptimizesformultipleconstraintsinstantly
and/orself-calibratesthroughlearning,tocreateappropriate
threatscoresonanomalousactivity
ConnectDataandPeople
Facilitatesharingofintelligent,contextualdatabydelivering
therightdata,totherightplace,intherightformat,atthe
righttime,forsmarterrapiddecisionmakingandwell-
orchestratedresponse
11
Previously,frauddetectionwasattemptedviaabatch/nightly
process.WithConfluent,CapitalOne’s"SecondLook"platform
movestoreal-timefrauddetectionandtriggersactionablealerts
onsuspiciousactivity(e.g.,doubleswipe/duplicatecharges,high
tips,increasedrecurringcharges).Thesolutioncombinesreal-time
accountdatawithhistoricalcontext(e.g.,past%tippingbehavior),
therebyimprovingthreatresponseandmitigatingfraudcostswith
averagesavingsof$150peryearforeachcustomer.
“We look at events as running our business. Business people
within our organization want to be able to react to events—
and oftentimes it's a combination of events.”
—VP of Streaming Data Engineering
customer story

12. Confluent is a data streaming platform
that enables you to integrate and process
large amounts of customer data at scale,
from a variety of different sources that exist
in your departmental and technology silos,
across a distributed data estate.
Fend Off
Fraud with
Confluent
04
5

13. 0 4 f e n d o f f f r a u d w i t h c o n f l u e n t
13
Our data streaming platform enables you to derive
meaningful context and distribute the data to the right
place, in the right format, at the right time, to fight fraud
and enhance your cybersecurity posture.
Unlike traditional transaction-based threat detection
systems, Confluent’s event-driven architecture can
understand the occurrence of any event whether it is part
of the actual transaction (transaction amount) or
something that provides context for that transaction (user
geolocation change).
Confluent can aggregate data from transactional
systems such as databases, file systems, mainframes, and
data warehouses as well as system logs and other
unstructured data sources, and capture every change to
these systems the moment it occurs.
By combining and contextualizing all the required data to
identify patterns, detect abnormalities, and automate
immediate actions in real time, Confluent uniquely makes
it possible to combat fraud with great precision.
Protect your money
Prevent or minimize the losses associated with
fraud and financial crime
Know your customer behavior to improve overall
customer experience and retention
Reduce the amount of downtime experienced by
a system impacted by fraudulent activity
Enable a holistic and consistent view of data to
build a next-gen fusion center and manage the
security health of the organization
Keep your customers happy
Improve business continuity
Advance security posture
Fend off fraud with a real-time,
event-driven data streaming platform
Fraud Tools
(FICO, Actimize...)
ML/AI
(BigQuery, Databricks...)
SIEM Tools
(Splunk, Elastic...)
Website Logs (HTTP)
User Actions Database
Branch and ATM Data
Transactions
Authentication Logs
Route
Filter
Join
Detect
Govern
Enrich

14. 0 4 f e n d o f f f r a u d w i t h c o n f l u e n t
14
Bank BRI needed to move from synchronous to
asynchronous microservices development on an
enterprise-ready platform and enable stream
processing for real-time data processing in flight. They
chose to use Confluent Platform and Apache Kafka® to
deploy an event-driven microservices architecture that
powers big data analytics for real-time credit scoring,
fraud detection, and merchant assessment services.
Bank BRI is now able to detect fraud in real time.
“Confluent Platform and Apache Kafka, by enabling
us to build and deploy real-time event-driven systems
for credit scoring, have helped BRI become the most
profitable bank in Indonesia.”
—Kaspar Situmorang, Executive Vp at Bank bri
customer story
Confluent’s industry-leading data streaming platform offers the following capabilities that can be
instrumental in detecting, understanding, and even preventing fraudulent activity by bad actors.
How We Do It
Connect
Harness and aggregate all the required data—
unstructured and structured, event streaming and
event sourcing, real time and historical, at massive
scale providing both contextual and transactional
information to inform and improve the fraud detection
decision process.
Confluent delivers this capability through a variety of
data source connectors, APIs, and advanced
capabilities to enable seamless mobility of data across
any combination of on-prem, hybrid cloud, and multi-
cloud environments. This capability allows teams to
improve fraud detection by leveraging full contextual
data for increased accuracy.
Govern
In the world of fraud detection and prevention,
governance and audit controls become key components
of a successful approach. Confluent provides the only
governance solution designed for the intricacies of
streaming data, allowing businesses to expand their
usage across more teams without bypassing
requirements for risk management or regulatory
compliance. Governance for data streaming is the key
to fostering the collaboration and knowledge sharing
necessary to become an event-centric business while
remaining compliant within an ever-evolving landscape
of data regulations.
Confluent’s Stream Governance suite (Stream Quality,
Stream Lineage, and Stream Catalog) establishes
trust in the data streams moving throughout your
cloud environments.

15. 0 4 f e n d o f f f r a u d w i t h c o n f l u e n t
15
Process and Enrich
Organizations can use the data in Confluent to
process, build, and maintain a real-time “fraud threat
score” or “threat vector.” Continuously combine and
analyze in-flight data with historical data for every
customer, and update that threat score every second
to derive real-time situational awareness and detect
compromised transactions.
Confluent can perform stateless and stateful
processing of both in-flight and historical data, so
the appropriate fraud threat vectors are updated
every time a new event, a relevant risk indicator,
occurs. This allows organizations to predict and detect
a compromised account before the transaction is
attempted and suspend the compromised, fraudulent
transaction proactively.
This powerful stream processing capability is delivered
with native stateless and stateful operations through
ksqlDB and Kafka Streams. This capability enables the
reduction of losses and costs by improving fraud
prevention with real-time decisioning.
Stream processing and sharing can also serve as a
real-time data pipeline to machine learning systems
to build, train, and use fraud models.
Immutable Log
Audit Logs
Stateful & Stateless Stream Processing
In Context Logs, Metrics, & Traces
Confluent Data Streaming Platform
Cheap, long-term storage
ML/AI Tools & Frameworks
Payment Data Application
Traces
Privileged
Access Data
Fraud & Money
Laundering
Authentication
Data
Transaction
Data
API Requests
Log Data
Performance
Metrics
Website &
Mobile Logs
Security Tools
Multiple teams
speaking the same language
Fraud Detection Tools
Operational Resilience Tools
Observability Tools
Security Operations
Fraud & Financial Operations
IT Operations
Bring context to your data Automate risk scoring in milliseconds
Connect data, tools,
and people for shared insights

16. 0 4 f e n d o f f f r a u d w i t h c o n f l u e n t
16
Build
Create ready-to-use data products for downstream
consumption. Confluent’s architecture is uniquely
suited to scale the processing of huge volumes of real-
time structured and unstructured data with already
mastered data, such as historical customer activity, in
a common data backplane. And with Confluent, this
aggregate data can be made available for downstream
consumers however they need it. Shifting to a data-as-
a-product mindset with data aggregated by Confluent
allows you to make sure everyone has access to the
data they need at all times.
This capability is aided by the ability to store historical
data as an immutable sequence of data records
supported by Confluent’s infinite storage subsystem.
This allows teams to understand a complete threat
history with a full audit trail giving them a way to learn
from the past.
Share
In order to make the best use of gathered fraud
detection data, one needs to share a consistent view
of that data everywhere it's needed. Share it with
your applications, systems, and cybersecurity and
fraud teams to maximize data reusability, agility, and
informed collaboration. This capability is delivered
through Confluent’s decoupled architecture enabling
the consumption of data as a self-service product, as
well as Confluent’s governance capabilities, and
connectors to third-party systems.
Confluent makes it easy for different teams to
produce, share, and consume a consistent view of the
data so all your data-dependent systems can
continuously act upon, and react to, the most up-to-
date enriched datasets.
Demand became infinite for Instacart’s grocery
delivery service nearly overnight when the pandemic
shut down much of public life in 2020. The company
gained half a million new customers in mere weeks—
and needed to serve each of them with real-time
availability. Instacart improved fraud detection and
enabled faster execution during the time of pandemic-
driven explosive growth by implementing Confluent.
“When I think of our first few wins that we’ve got
with Confluent, the one that stands out to me is fraud.”
—Nate Kupp, Director of Engineering at Instacart
customer story

17. Fraud is big business, an ever-
evolving industry that continues to
threaten every organization, every
individual, in every location.
Conclusion
05
5
While known fraud losses for some firms have been reported
to run into multi-billion dollars, the real magnitude of its
damages are rarely disclosed outside board rooms and can
have a devastating impact on a firm’s reputation and bottom
line. To acknowledge how damaging it is can be seen as an
admission of your firm’s vulnerabilities.
To err is human and savvy fraudsters will always be on the
lookout to manipulate those weakest links in your processes,
the disconnects between your teams, no matter how
impervious your vulnerability management technology may
appear to be.
You can turn the tables on bad actors by getting a step ahead
of them with the deployment and monitoring of real-time
fraud threat scores powered by always-on streaming data.
Use technology to your advantage to detect and prevent fraud
and save your organization and your customers money and
heartache. Be the fraud prevention hero that your team needs!
Check out the 10 ways that Confluent drives
transformation in financial services firms.
Explore our online fraud detection resources
Want to learn more?
Leading digital native bank EVO Banco needed an advanced
fraud detection system that could apply behavior analysis,
data analytics, and predictive modeling to its customers’
accounts, without adding friction to the customer
experience. Using Confluent Cloud, the bank is able to
combine high-fidelity, real-time data with historical
transaction data for accurate in-stream fraud detection
and predictive machine learning. As a result, the bank
successfully protects more than 500,000 daily transactions
and has decreased its fraud response time to mere seconds.
“EVO Banco has been able to reduce its weekly fraud losses by
a staggering 99% thanks to the help of Confluent. This is an
incredible feat that speaks to the power of data streaming
technology.… Imagine the impact this has on customer trust
and the bank's reputation.”
— Jose Enrique Perez, Chief Data Officer & Manager of
Innovation at EVO Banco
customer story