Fighting fraud with BI
Fraud can be identified by patterns in transaction data, and monitoring these patterns can lead to early action.
Data analytics has an important role to play in combating fraud, said Vinod Vasudevan, Paladion COO, speaking at the 8th ITWeb Security Summit, in Sandton, yesterday.
"The technology behind fraud is making it much easier to execute, and therefore fraud is on the increase - and covers multiple industries, from banking and insurance to telecoms," he said. What's more, "one domain is cutting into the other. If you take a cloned SIM card, it becomes a tool to bypass two-factor authentication in banking, so fraud in telecoms leads to banking fraud".
In SA specifically, telecoms fraud is a particular concern because of the relative maturity of banking and telecoms compared to other countries, and the common practice of payments being made over telecoms networks. "In that aspect, telecoms fraud is bound to be more complex here. There is a collusive mix that can easily have a high impact."
To demonstrate the usefulness of data analysis in combating fraud, Vasudevan used the example of the 2008 RBS WorldPay attack, which saw $9 million stolen from 130 ATMs across 48 cities within 30 minutes, using data taken from systems compromised three months previously.
There were numerous identifiers of fraudulent activity in this case, noted Vasudevan. "The money was withdrawn across ATMs globally. That particular fraud was the first activity in a foreign country for many customers, and even the local ATMs were in unusual locations, where customers didn't normally transact. The fund velocity - $9 million in 30 minutes - is not a normal velocity within that channel. If there was technology to monitor these channels and put them together, you would have a mechanism to detect the fraud."
He proposed scoring transactions based on observations of deviation from normal behaviour. Basic rules could alert on every access from a foreign country, on transaction sizes greater than those in the past, or on a high number of transactions in a given period.
Vasudevan added that customer profiles can be a powerful tool, as can grouping these profiles into clusters. "This can group people into demographic population profiles within a certain clustering of behaviour, so if you see that clustering of behaviour is changing drastically for a person within a certain profile, it could mean fraud."
It is vital to integrate this data with security intelligence, he emphasised. "For most frauds that happen today, security logs are very early indicators. If you put it all together, you can either stop the activity or authenticate further."
A fraud management solution has two dimensions, explained Vasudevan, taking into account both the breadth of the problem (is it Web fraud, card fraud, employee fraud, or cross-channel) and the time taken to detect or respond (real-time, near real-time, or offline). Prioritisation is vital. "You don't need to detect all fraud in real-time - there is a cost to detecting fraud. Maybe certain types need to be detected in real-time, but other types can be detected in near real-time or offline," he added.
With the amount of data necessary for a fraud management system, ensuring systems are up to scratch is essential, Vasudevan concluded. "It becomes imperative at some point to migrate to big data architecture, even if not from day one."