Dark data: The elusive black swan and financial fraud, part 1
Imagine having to find a black swan at night within a flock made up of millions of regular swans. How would you search? In the dark, black swans are indistinguishable from the rest of the flock. Payment operations teams face a similar challenge in protecting their high-value payment channels from fraudsters introducing black swan fraudulent payments into their flock of genuine activity.
Not that long ago, payment operations teams thought black swans were so rare they likely didn't exist. Consequently, many teams were not even looking for black swans in their flock. As we have seen from the Bangladesh heist and other recent black swan events, high-value payments are under attack from high-tech fraudsters slipping black swans through.
Using Internet technologies from firewall penetration to phishing for executives, fraudsters find the smallest hole in the bank’s defenses and pass through payments that look (almost) valid. Once fraudsters find a hole, they attempt to exploit that hole until either it is plugged or the bank is taken down.
How do you hunt for black swans? Your first thought might be to apply the fraud-detection technology already available within your organization. Those solutions have been running successfully for decades, so why not? This first installment in a multipart series looks at the technology that may be available in your financial institution.
The challenge is that many incumbent solutions’ detection models are only good at finding normal fraud in consumer and retail payments. That task is the only one they have been asked to perform. Since black swans are not normal, and not part of consumer and retail payments, the incumbent solutions do not know how to hunt for them.
The major incumbent solutions generally use a consortium modeling approach that contributes to the inability to hunt for black swans. In consortium modeling for fraud detection, customers of the solution periodically submit their payment transactions including known frauds to the vendor. The vendor analyzes the fraud patterns in this consortium of data and delivers a fraud detection model for all to utilize. If the consortia had few, if any, fraudulent high-value transactions to report, then the fraud-detection model would not include rules to protect high-value payments.
The spreadsheet as a metaphor for detection models
Can you change the consortium models to look for black swans? Even if you identify an emerging fraud pattern, you are still reliant on the incumbent vendor for updates to the fraud-detection model. In the consortium approach, the models are delivered in the same format as a spreadsheet with formulas locked by the vendor. While enabling users to change the formulas is theoretically possible, the resources, skill level and time required render editing the models extremely challenging, if not impossible.
Because a long lead time is required to update cycles for consortium models—they are measured in months to years—protecting high-value payments is nearly impossible. Consider the average high-value payment at your institution. How many fraudulent transactions of that size are you willing to absorb while waiting for the vendor to update the detection model?
And perhaps the biggest shortcoming of the consortium modeling approach is its inability to learn about your institution, your customers and the payments processed. In the locked spreadsheet metaphor that represents the consortium model, each payment is thrown against the rules and a score is calculated. Once each detection calculation is complete, the data about the payment is discarded before making the next detection. Nothing is saved and nothing is learned about your customer’s transaction patterns to improve detection accuracy. Rather than optimizing the model for your institution and the patterns of your customers, you are limited to using the general industry fraud detection model provided by the vendor.
Elusive black swans
Finding black swans is not a task well suited to incumbent fraud solutions and their consortium models. IBM has an alternative approach leveraging cognitive computing that works in partnership with fraud professionals who can help overcome the limitations in fraud detection. While no solution can guarantee protection from fraudsters, you want to use the best tools available in the hunt. Look for an upcoming post in this series to learn how IBM helps you understand the normal behavior of your swans to be able to spot the black swans in your flock.