SlideShare una empresa de Scribd logo

Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detection For Online Banking

Alan McSweeney
Alan McSweeney
TecnologíaEconomía y finanzasEmpresariales
1 de 12
Descargar para leer sin conexión
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Alan McSweeney
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Contents Online Bank Fraud ..........................................................................................2 Online Bank Fraud ..........................................................................................3 Real Time Fraud Detection Solution Architecture............................................4 Internet Banking Logical Transaction Layers...............................................4 Real-Time Fraud Detection Solution Framework .........................................5 Real-Time Fraud Detection Solution Architecture........................................6 Rules Engine and Decision Making Facility..................................................8 Complex Event Processing/Event Driven Application Architecture and Approaches to Fraud Analysis..........................................................................9 Implementing a Real-Time Fraud Detection System ...................................... 10 The behaviour characteristics of online banking fraud are: • Continuous behaviour changes by criminals • Very high growth rates • Sophisticated advanced and changing fraud techniques To effectively detect and stop fraud before it happens, banks will require insight into user activity in real-time. This will be provided by a real-time online banking fraud detection and analysis solution. There are many small software vendors operating in this area and the market is still quite fragmented. There will be consolidation as vendors merge and are taken over or go out of business. There is an emerging technology in the form of Complex Event Processing (CEP) that is suitable for real-time online banking fraud detection. As part of the implementation of any real-time online fraud solution, banks will need to implement new business processes to support any solution. This will be a key element of any overall solution. A complete solution will consist of the following components: • Continuing customer education • Possible additional two-factor authentication for customers using some form of key generation tool • Profiling customer access and maintaining an up-to-date list of fraud sources to determine if a known source of fraudulent activity • Implementation of real-time fraud detection and handling system or systems • Checking transactions in real time • Handling of suspicious transactions • Processes to link all these elements together Page 2
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Online Bank Fraud This whitepaper provides an introduction to the end-to-end landscape of online banking fraud and its detection and handling. Online banking fraud can arise in a number of ways: 1. By some form of identity theft where the banking authentication details of legitimate users are stolen and used for criminal and fraudulent purposes such as phishing and crimeware attacks 2. By some form of security breach that allows criminals access to bank banking systems 3. By fraudulent activity by bank employees The numbers of crimeware- 4. By persons closely associated with legitimate users gaining access to their spreading URLs infecting PCs authentication details and performing fraud with password-stealing code rose 93 percent in Q1, 2008 to 6,500 The common thread in all this is people who are the weakest link in any security sites, nearly double the previous system. high of November, 2007 - and an increase of 337% percent from the Of these sources of fraud, phishing in all its forms will be the one that gives rise number detected end of Q1, 2007. to most concern. It will be the mechanism by which criminals get access to account information in order to defraud customers. Phishing typically employs both a social engineering and a technical approach (Crimeware) to steal consumers’ personal identity data and financial account access details. Crimeware is software that performs illegal actions not requested by a user running the software that are typically intended to yield financial benefits to the distributor of the software. Social-engineering schemes use spoofed e-mails purporting to be from legitimate sources to lead consumers to counterfeit websites designed to trick recipients into divulging financial account authentication data. Source: AntiPhishing Working Group Essentially, crimeware is divided into two broad categories: http://www.antiphishing.org Q1 2008 Phishing Activity Trends 1. Social Engineering – this involves an e-mail with an address or an Summary attachment that directs the user to the fraudulent site or inflects the user’s PC with criminal software 2. Security Exploits – these take advantage of flaws in software such as user’s operating system, browser or elements of the internet infrastructure used to gain access to the bank’s online banking site. Unfortunately crimeware is a fact of life in the online world. Crimeware is distributed in many ways such as: • Social engineering attacks convincing users to open a malicious email attachment containing crimeware • Injection of crimeware into legitimate web sites via content injection attacks such as cross-site scripting Page 3
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Number of Attacks: • Exploiting security vulnerabilities through worms and other attacks on security flaws in operating systems, browsers, and other commonly installed software • Insertion of crimeware into downloadable software that otherwise performs a desirable function. Any approach to preventing fraud needs to take account of these mechanisms and to ensure that the bank does not perform any actions that could be mistaken and misused in these contexts, such as: • Sending mails to customers that could then be confused with phishing mails Source: AntiPhishing Working • Providing users with separate downloadable software to perform functions Group such as security checking and PC fingerprint generation http://www.antiphishing.org Q1 2008 Phishing Activity Trends Real Time Fraud Detection Solution Architecture Summary Internet Banking Logical Transaction Layers In terms of examining the options for real-time fraudulent transaction analysis and determining the architectures and solutions available, there are four relevant logical layers: Frequency and Cost of Attack by Type of Attack Source: US National Consumer League, 2007 These layers are: Page 4
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking 1. User Physical Access and Location – this layer consists of the device being used by the user to perform the access, its characteristics, its physical location and other user details such as mobile telephone, mail address. 2. Internet Communication – this refers to the physical internet layer. 3. User Authentication Layer – this layer consists of the authentication information users must supply and other authentication mechanisms such as physical tokens that users might use during the authentication process. 4. Front-End Internet Banking Application – this is the suite of applications that form the Internet accessible layer of the banking systems. 5. Back-End Banking Systems and Data Warehouse and User History – this consists of the back-end banking systems and the data warehouse storing user access history. Real-Time Fraud Detection Solution Framework Implementing an effective mechanism for preventing Internet fraud will involve a multi-layer approach with multi-factor authentication and verification. It is important to understand that incidents will occur. Any system involving people will at some stage be compromised. Also, it may not be possible or worthwhile to implement a solution that is 100% secure. This may involve substantial incremental cost over a solution that is close to 100% secure that may not be justified. An integral part of any fraud detection solution is an incident handling system and associated processes. At a minimum, these should: • Contain the damage • Preserve/duplicate of the compromised system's state for further analysis • Contact the Police and the Bank’s legal department if required • Restore operations of compromised system, if relevant • Analyse problem and determine incident cause • Document incident and recovery details • Update control agents/implementation details based on analysis • Update incident response plan, if required The illusion of 100% security can be dangerous as it can lead to complacent behaviour and a substitute for sound practices. It can also cause IT users to behave more recklessly. Note that security compliance endorses an overall environment including technology and processes and not just a specific technology. The elements of an overall solution can include some of all of: Page 5
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Real-Time Fraud Detection Solution Architecture A real-time fraudulent transaction analysis and detection system will operate in parallel to the normal transaction pipeline. The transaction pipeline will consist of the following steps: 1. User will initiate the transaction using a device such as, but not limited to, work or home PC 2. The user will use an internet connection to access the bank’s internet banking system 3. The user will authenticate with the bank’s internet banking system 4. The user will performing banking transactions 5. The data warehouse will be updated with information collected during the transaction Page 6
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking In parallel, the real-time fraudulent transaction analysis and detection system will operate. It should not insert itself into the transaction pipeline as this will delay transaction processing as well as involve higher implementation costs due to the integration effort. Details of transactions should be taken in real-time at two key points: 1. User access to gather details on how the user is accessing the system 2. Transaction to gather details on what transactions the user is performing This real-time information is then compared with user access history and transaction history details to determine if the transaction is likely to be fraudulent. At a high-level, the real-time fraudulent transaction analysis and detection system will consist of a core Collect-Analyse-Decide-Respond cycle. These stages will perform the following tasks: • Collect – information on the transaction will be collected. This will consist of access information, session information and transaction details. The collection component will gather information from multiple sources at multiple stages both through the transaction life cycle and off-line from other sources such as watchlists of addresses involved in fraud. • Analyse – the transaction information collected will be analysed both within itself and also be compared with historical information collected. Based on the two sets of data, the transaction will be scored with respect to its probability that it is fraudulent. • Decide – there will be a decision engine that determines if the transaction is fraudulent. Page 7
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking • Respond – based on the decision taken a response action will be determined. This process needs to happen in real-time as transactions are happening. It needs to be scalable to handle large-volumes of transactions without delaying overall transaction processing. The real-time fraudulent transaction analysis and detection system will also provide additional functions: • Reporting and Monitoring – the system should provide reporting and monitoring facilities to report on fraud analysis activities, system throughput, performance and other areas • Offline Analysis – this will provide other non-real-time analysis facilities that allow patterns across multiple transactions to be identified • Administration – the system can be administered and managed allow actions such as new rules to be defined and the operation system to be tuned and modified. Rules Engine and Decision Making Facility This is a flexible rules-engine that takes data from multiple sources to identify transactions as potentially fraudulent: The classification will be based on multiple factors, such as: Current Transaction Details Users Profiles Transaction Amount Users Ages Transaction Type Users Locations Users Jobs Transaction History Details Transaction Frequency Session Details Transaction Type Frequency IP Address Page 8
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Account Activity Browser Type User Profile Session History Details User Age IP Addresses User Location Browser Types User Job Previously Known Sources of Fraud IP Addresses Associated With Fraud This information will be combined to assess the probability of the transaction being fraudulent: • Current Transaction Details – this will provide a profile of the transaction being performed • Transaction History Details – this will allow the current transaction to be compared against previous transactions • User Profile – this will provide a profile of the user performing the transaction • Users Profiles – this will provide a profile of all users against which the current user’s profile and the profile of the current transaction against the profile of transactions performed by similar users can be compared • Session Details – this will provide details on the internet access session • Session History Details – this will allow the current session details to be compared against previous sessions to allow changes to be identified • Previously Known Sources of Fraud – this will allow the current session details to be compared known access details associated with fraud Complex Event Processing/Event Driven Application Architecture and Approaches to Fraud Analysis There is an emerging technology in the form of Complex Event Processing (CEP) that is suitable for real-time online banking fraud detection. The topic of CEP is itself very complex. This section provides some very brief information to support its inclusion as an option for implementing a real-time fraud analysis solution. The high-level architecture of a Complex Event Processing (CEP)/Event Driven Application (EDA) architecture is: Page 9
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking The core logical elements of this approach are: • Continuous Query Engine - Processes high volumes of streaming data • SQL-based Event Processing Language (EPL) – extends SQL to handle streaming events EPL is SQL-based. It provides easier integration to relational data and the data storage facility. The key extension within EPL is the ability to handle streaming data provided by WHEN ... THEN statements rather than conventional IF ... THEN statements. Details on the levels of spending by US banks on A CEP application typically comprises of four main component types: consumer authentication and fraud detection in 2006, 1. Adapters interface directly to the inbound event sources. Adapters classified by the value of their understand the inbound protocol, and are responsible for converting the deposits. event data into a normalised data that can be queried by a processor (i.e. event processing agent, or processor). Adapters forward the normalised event data into Streams. 2. Streams are event processing endpoints. Among other things, streams are responsible for queuing event data until the event processing agent can act upon it. 3. The event processing agent removes the event data from the stream, processes it, and may generate new events to an output stream. 4. The Decide step listens to the output stream, The Decide step forward on the generated events to external event sinks such as a case management system. Source: Gartner Implementing a Real-Time Fraud Detection System Any practical approach to real-time anti-fraud will consist of the following activities: • Continuing customer education • Possible additional two-factor authentication for customers using some form of key generation tool • Profiling customer access and maintaining an up-to-date list of fraud sources to determine if a known source of fraudulent activity • Implementation of real-time fraud detection and handling system or systems • Checking transactions in real time Page 10
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking • Handling of suspicious transactions • Processes to link all these elements together Each of these will go some way to preventing fraud. Taken together they will form a comprehensive solution. Planned increase in spending intentions in 2007 from 2006 by these banks. In terms of the previous transaction pipeline, the additional steps required will be: 1. Before completing the transaction, the banking system would invoke a function to check the status of the transaction within the Decision engine. 2. The checking function will interrogate the Decision engine to get the result of the transaction check. 3. If the Decision engine has reached a decision about the transaction, this would be provided to the application status check. 4. If the transaction was determined to be suspicious, it would be written to a suspend queue where it would be held according to defined rules. 5. If the transaction was determined not to be suspicious, it would be Source: Gartner processed as normal. 6. The incident handling component would be notified. Page 11
Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking For more information, please contact: alan@alanmcsweeney.com Page 12

Recomendados

IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Spiffy
 
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationRed Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationVadim Zendejas
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...
RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...
RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...Alan McSweeney
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 

Recomendados

IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Spiffy
 
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationRed Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationVadim Zendejas
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...
RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...
RPA (Robotic Process Automation), POA (Process Oriented Architecture) And BPM...Alan McSweeney
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
ICT Association Suriname Presentation On eGovernment 2012
ICT Association Suriname Presentation On eGovernment 2012ICT Association Suriname Presentation On eGovernment 2012
ICT Association Suriname Presentation On eGovernment 2012Cyril Soeri
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Securityvikasraina
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT AuditSuman Thapaliya
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Servicessarah kabirat
 
Enterprise Architecture
Enterprise Architecture Enterprise Architecture
Enterprise Architecture Axis Technology, LLC
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information SecurityJohn Macasio
 
IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Upbaselsss
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfLERNER Consulting
 
Creating successful intranets
Creating successful intranetsCreating successful intranets
Creating successful intranetsSharon Richardson
 
Agile Solution Architecture and Design
Agile Solution Architecture and DesignAgile Solution Architecture and Design
Agile Solution Architecture and DesignAlan McSweeney
 
Task 2
Task 2Task 2
Task 2BIBEKCHAUDHARYBScHon
 
Chapter 5
Chapter 5Chapter 5
Chapter 5Dr. Muath Asmar
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Final Presentation
Final PresentationFinal Presentation
Final Presentationchris odle
 
Chapter 2
Chapter 2Chapter 2
Chapter 2Dr. Muath Asmar
 
Outsourcing & Cloud Computing
Outsourcing & Cloud ComputingOutsourcing & Cloud Computing
Outsourcing & Cloud Computingvisionetinternasional
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsPerficient, Inc.
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notesedwinlorenzana
 
Project Failure Reasons and Causes
Project Failure Reasons and CausesProject Failure Reasons and Causes
Project Failure Reasons and CausesAlan McSweeney
 
Forget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataForget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataAlan McSweeney
 

Más contenido relacionado

La actualidad más candente

ICT Association Suriname Presentation On eGovernment 2012
ICT Association Suriname Presentation On eGovernment 2012ICT Association Suriname Presentation On eGovernment 2012
ICT Association Suriname Presentation On eGovernment 2012Cyril Soeri
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Securityvikasraina
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Servicessarah kabirat
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information SecurityJohn Macasio
 
IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Upbaselsss
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfLERNER Consulting
 
Creating successful intranets
Creating successful intranetsCreating successful intranets
Creating successful intranetsSharon Richardson
 
Agile Solution Architecture and Design
Agile Solution Architecture and DesignAgile Solution Architecture and Design
Agile Solution Architecture and DesignAlan McSweeney
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Final Presentation
Final PresentationFinal Presentation
Final Presentationchris odle
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsPerficient, Inc.
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notesedwinlorenzana
 

La actualidad más candente (20)

ICT Association Suriname Presentation On eGovernment 2012
ICT Association Suriname Presentation On eGovernment 2012ICT Association Suriname Presentation On eGovernment 2012
ICT Association Suriname Presentation On eGovernment 2012
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Security
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
 
Enterprise Architecture
Enterprise Architecture Enterprise Architecture
Enterprise Architecture
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information Security
 
IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Up
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
 
Creating successful intranets
Creating successful intranetsCreating successful intranets
Creating successful intranets
 
Agile Solution Architecture and Design
Agile Solution Architecture and DesignAgile Solution Architecture and Design
Agile Solution Architecture and Design
 
Task 2
Task 2Task 2
Task 2
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Outsourcing & Cloud Computing
Outsourcing & Cloud ComputingOutsourcing & Cloud Computing
Outsourcing & Cloud Computing
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safe
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notes
 

Destacado

Project Failure Reasons and Causes
Project Failure Reasons and CausesProject Failure Reasons and Causes
Project Failure Reasons and CausesAlan McSweeney
 
Forget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataForget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataAlan McSweeney
 
Getting Good And Staying Good At (Out)Sourcing
Getting Good And Staying Good At (Out)SourcingGetting Good And Staying Good At (Out)Sourcing
Getting Good And Staying Good At (Out)SourcingAlan McSweeney
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyAlan McSweeney
 
The Myth Of Requirements
The Myth Of RequirementsThe Myth Of Requirements
The Myth Of RequirementsAlan McSweeney
 
Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...
Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...
Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...Alan McSweeney
 
Don’t Mention The “A” Word – Trends In Continuing Business And IT Misalignment
Don’t Mention The “A” Word – Trends In Continuing Business And IT MisalignmentDon’t Mention The “A” Word – Trends In Continuing Business And IT Misalignment
Don’t Mention The “A” Word – Trends In Continuing Business And IT MisalignmentAlan McSweeney
 
Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...
Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...
Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...Alan McSweeney
 
Translating Big Raw Data Into Small Actionable Information
Translating Big Raw Data Into Small Actionable InformationTranslating Big Raw Data Into Small Actionable Information
Translating Big Raw Data Into Small Actionable InformationAlan McSweeney
 
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...Alan McSweeney
 
Introduction To Business Architecture – Part 1
Introduction To Business Architecture – Part 1Introduction To Business Architecture – Part 1
Introduction To Business Architecture – Part 1Alan McSweeney
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution ArchitectureAlan McSweeney
 
Whitepaper Exchange 2007 Changes, Resilience And Storage Management
Whitepaper Exchange 2007 Changes, Resilience And Storage ManagementWhitepaper Exchange 2007 Changes, Resilience And Storage Management
Whitepaper Exchange 2007 Changes, Resilience And Storage ManagementAlan McSweeney
 
Whitepaper Server Virtualisation And Storage Management
Whitepaper Server Virtualisation And Storage ManagementWhitepaper Server Virtualisation And Storage Management
Whitepaper Server Virtualisation And Storage ManagementAlan McSweeney
 
Digital Transformation And Enterprise Architecture
Digital Transformation And Enterprise ArchitectureDigital Transformation And Enterprise Architecture
Digital Transformation And Enterprise ArchitectureAlan McSweeney
 
Systems Analysis And Design Methodology And Supporting Processes
Systems Analysis And Design Methodology And Supporting ProcessesSystems Analysis And Design Methodology And Supporting Processes
Systems Analysis And Design Methodology And Supporting ProcessesAlan McSweeney
 
Whitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology GovernanceWhitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology GovernanceAlan McSweeney
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution ArchitectureAlan McSweeney
 
Supplier And Service Provider Governance
Supplier And Service Provider GovernanceSupplier And Service Provider Governance
Supplier And Service Provider GovernanceAlan McSweeney
 
Tender Evaluation Process Notes
Tender Evaluation Process NotesTender Evaluation Process Notes
Tender Evaluation Process NotesAlan McSweeney
 

Destacado (20)

Project Failure Reasons and Causes
Project Failure Reasons and CausesProject Failure Reasons and Causes
Project Failure Reasons and Causes
 
Forget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataForget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart Data
 
Getting Good And Staying Good At (Out)Sourcing
Getting Good And Staying Good At (Out)SourcingGetting Good And Staying Good At (Out)Sourcing
Getting Good And Staying Good At (Out)Sourcing
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data Strategy
 
The Myth Of Requirements
The Myth Of RequirementsThe Myth Of Requirements
The Myth Of Requirements
 
Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...
Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...
Enterprise Business Analysis Capability - Strategic Asset for Business Alignm...
 
Don’t Mention The “A” Word – Trends In Continuing Business And IT Misalignment
Don’t Mention The “A” Word – Trends In Continuing Business And IT MisalignmentDon’t Mention The “A” Word – Trends In Continuing Business And IT Misalignment
Don’t Mention The “A” Word – Trends In Continuing Business And IT Misalignment
 
Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...
Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...
Conway's Law, Cognitive Diversity, Organisation Transformation And Solution D...
 
Translating Big Raw Data Into Small Actionable Information
Translating Big Raw Data Into Small Actionable InformationTranslating Big Raw Data Into Small Actionable Information
Translating Big Raw Data Into Small Actionable Information
 
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
Stopping Analysis Paralysis And Decision Avoidance In Business Analysis And S...
 
Introduction To Business Architecture – Part 1
Introduction To Business Architecture – Part 1Introduction To Business Architecture – Part 1
Introduction To Business Architecture – Part 1
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution Architecture
 
Whitepaper Exchange 2007 Changes, Resilience And Storage Management
Whitepaper Exchange 2007 Changes, Resilience And Storage ManagementWhitepaper Exchange 2007 Changes, Resilience And Storage Management
Whitepaper Exchange 2007 Changes, Resilience And Storage Management
 
Whitepaper Server Virtualisation And Storage Management
Whitepaper Server Virtualisation And Storage ManagementWhitepaper Server Virtualisation And Storage Management
Whitepaper Server Virtualisation And Storage Management
 
Digital Transformation And Enterprise Architecture
Digital Transformation And Enterprise ArchitectureDigital Transformation And Enterprise Architecture
Digital Transformation And Enterprise Architecture
 
Systems Analysis And Design Methodology And Supporting Processes
Systems Analysis And Design Methodology And Supporting ProcessesSystems Analysis And Design Methodology And Supporting Processes
Systems Analysis And Design Methodology And Supporting Processes
 
Whitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology GovernanceWhitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology Governance
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution Architecture
 
Supplier And Service Provider Governance
Supplier And Service Provider GovernanceSupplier And Service Provider Governance
Supplier And Service Provider Governance
 
Tender Evaluation Process Notes
Tender Evaluation Process NotesTender Evaluation Process Notes
Tender Evaluation Process Notes
 

Similar a Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detection For Online Banking

White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...Ajay Alex
 
Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention CMR WORLD TECH
 
Paper id 35201568
Paper id 35201568Paper id 35201568
Paper id 35201568IJRAT
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 
A survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac techniqueA survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac techniquebhas_ani
 
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET Journal
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
Cyber Threat Prediction using ML
Cyber Threat Prediction using MLCyber Threat Prediction using ML
Cyber Threat Prediction using MLIRJET Journal
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 

Similar a Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detection For Online Banking (20)

White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
 
Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention
 
Paper id 35201568
Paper id 35201568Paper id 35201568
Paper id 35201568
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
9 3
9 39 3
9 3
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
A survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac techniqueA survey on detection of website phishing using mcac technique
A survey on detection of website phishing using mcac technique
 
ProjectReport_Finalversion
ProjectReport_FinalversionProjectReport_Finalversion
ProjectReport_Finalversion
 
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine LearningIRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
IRJET - PHISCAN : Phishing Detector Plugin using Machine Learning
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Cyber Threat Prediction using ML
Cyber Threat Prediction using MLCyber Threat Prediction using ML
Cyber Threat Prediction using ML
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 

Más de Alan McSweeney

Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdfAlan McSweeney
 
Solution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdfSolution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdfAlan McSweeney
 
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...Alan McSweeney
 
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...Alan McSweeney
 
IT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfIT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfAlan McSweeney
 
Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution SecurityAlan McSweeney
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Alan McSweeney
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Alan McSweeney
 
Solution Security Architecture
Solution Security ArchitectureSolution Security Architecture
Solution Security ArchitectureAlan McSweeney
 
Solution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation SolutionsSolution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation SolutionsAlan McSweeney
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationAlan McSweeney
 
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...Alan McSweeney
 
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...Alan McSweeney
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureAlan McSweeney
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Alan McSweeney
 
Ireland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual ChartsIreland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual ChartsAlan McSweeney
 
Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020Alan McSweeney
 
Ireland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In DataIreland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In DataAlan McSweeney
 
Review of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsReview of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsAlan McSweeney
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureAlan McSweeney
 

Más de Alan McSweeney (20)

Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdf
 
Solution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdfSolution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdf
 
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
 
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
 
IT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfIT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdf
 
Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution Security
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
 
Solution Security Architecture
Solution Security ArchitectureSolution Security Architecture
Solution Security Architecture
 
Solution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation SolutionsSolution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation Solutions
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata Harmonisation
 
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
 
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
 
Ireland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual ChartsIreland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual Charts
 
Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020
 
Ireland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In DataIreland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In Data
 
Review of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsReview of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability Models
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference Architecture
 

Último

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detection For Online Banking

  • 1. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Alan McSweeney
  • 2. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Contents Online Bank Fraud ..........................................................................................2 Online Bank Fraud ..........................................................................................3 Real Time Fraud Detection Solution Architecture............................................4 Internet Banking Logical Transaction Layers...............................................4 Real-Time Fraud Detection Solution Framework .........................................5 Real-Time Fraud Detection Solution Architecture........................................6 Rules Engine and Decision Making Facility..................................................8 Complex Event Processing/Event Driven Application Architecture and Approaches to Fraud Analysis..........................................................................9 Implementing a Real-Time Fraud Detection System ...................................... 10 The behaviour characteristics of online banking fraud are: • Continuous behaviour changes by criminals • Very high growth rates • Sophisticated advanced and changing fraud techniques To effectively detect and stop fraud before it happens, banks will require insight into user activity in real-time. This will be provided by a real-time online banking fraud detection and analysis solution. There are many small software vendors operating in this area and the market is still quite fragmented. There will be consolidation as vendors merge and are taken over or go out of business. There is an emerging technology in the form of Complex Event Processing (CEP) that is suitable for real-time online banking fraud detection. As part of the implementation of any real-time online fraud solution, banks will need to implement new business processes to support any solution. This will be a key element of any overall solution. A complete solution will consist of the following components: • Continuing customer education • Possible additional two-factor authentication for customers using some form of key generation tool • Profiling customer access and maintaining an up-to-date list of fraud sources to determine if a known source of fraudulent activity • Implementation of real-time fraud detection and handling system or systems • Checking transactions in real time • Handling of suspicious transactions • Processes to link all these elements together Page 2
  • 3. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Online Bank Fraud This whitepaper provides an introduction to the end-to-end landscape of online banking fraud and its detection and handling. Online banking fraud can arise in a number of ways: 1. By some form of identity theft where the banking authentication details of legitimate users are stolen and used for criminal and fraudulent purposes such as phishing and crimeware attacks 2. By some form of security breach that allows criminals access to bank banking systems 3. By fraudulent activity by bank employees The numbers of crimeware- 4. By persons closely associated with legitimate users gaining access to their spreading URLs infecting PCs authentication details and performing fraud with password-stealing code rose 93 percent in Q1, 2008 to 6,500 The common thread in all this is people who are the weakest link in any security sites, nearly double the previous system. high of November, 2007 - and an increase of 337% percent from the Of these sources of fraud, phishing in all its forms will be the one that gives rise number detected end of Q1, 2007. to most concern. It will be the mechanism by which criminals get access to account information in order to defraud customers. Phishing typically employs both a social engineering and a technical approach (Crimeware) to steal consumers’ personal identity data and financial account access details. Crimeware is software that performs illegal actions not requested by a user running the software that are typically intended to yield financial benefits to the distributor of the software. Social-engineering schemes use spoofed e-mails purporting to be from legitimate sources to lead consumers to counterfeit websites designed to trick recipients into divulging financial account authentication data. Source: AntiPhishing Working Group Essentially, crimeware is divided into two broad categories: http://www.antiphishing.org Q1 2008 Phishing Activity Trends 1. Social Engineering – this involves an e-mail with an address or an Summary attachment that directs the user to the fraudulent site or inflects the user’s PC with criminal software 2. Security Exploits – these take advantage of flaws in software such as user’s operating system, browser or elements of the internet infrastructure used to gain access to the bank’s online banking site. Unfortunately crimeware is a fact of life in the online world. Crimeware is distributed in many ways such as: • Social engineering attacks convincing users to open a malicious email attachment containing crimeware • Injection of crimeware into legitimate web sites via content injection attacks such as cross-site scripting Page 3
  • 4. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Number of Attacks: • Exploiting security vulnerabilities through worms and other attacks on security flaws in operating systems, browsers, and other commonly installed software • Insertion of crimeware into downloadable software that otherwise performs a desirable function. Any approach to preventing fraud needs to take account of these mechanisms and to ensure that the bank does not perform any actions that could be mistaken and misused in these contexts, such as: • Sending mails to customers that could then be confused with phishing mails Source: AntiPhishing Working • Providing users with separate downloadable software to perform functions Group such as security checking and PC fingerprint generation http://www.antiphishing.org Q1 2008 Phishing Activity Trends Real Time Fraud Detection Solution Architecture Summary Internet Banking Logical Transaction Layers In terms of examining the options for real-time fraudulent transaction analysis and determining the architectures and solutions available, there are four relevant logical layers: Frequency and Cost of Attack by Type of Attack Source: US National Consumer League, 2007 These layers are: Page 4
  • 5. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking 1. User Physical Access and Location – this layer consists of the device being used by the user to perform the access, its characteristics, its physical location and other user details such as mobile telephone, mail address. 2. Internet Communication – this refers to the physical internet layer. 3. User Authentication Layer – this layer consists of the authentication information users must supply and other authentication mechanisms such as physical tokens that users might use during the authentication process. 4. Front-End Internet Banking Application – this is the suite of applications that form the Internet accessible layer of the banking systems. 5. Back-End Banking Systems and Data Warehouse and User History – this consists of the back-end banking systems and the data warehouse storing user access history. Real-Time Fraud Detection Solution Framework Implementing an effective mechanism for preventing Internet fraud will involve a multi-layer approach with multi-factor authentication and verification. It is important to understand that incidents will occur. Any system involving people will at some stage be compromised. Also, it may not be possible or worthwhile to implement a solution that is 100% secure. This may involve substantial incremental cost over a solution that is close to 100% secure that may not be justified. An integral part of any fraud detection solution is an incident handling system and associated processes. At a minimum, these should: • Contain the damage • Preserve/duplicate of the compromised system's state for further analysis • Contact the Police and the Bank’s legal department if required • Restore operations of compromised system, if relevant • Analyse problem and determine incident cause • Document incident and recovery details • Update control agents/implementation details based on analysis • Update incident response plan, if required The illusion of 100% security can be dangerous as it can lead to complacent behaviour and a substitute for sound practices. It can also cause IT users to behave more recklessly. Note that security compliance endorses an overall environment including technology and processes and not just a specific technology. The elements of an overall solution can include some of all of: Page 5
  • 6. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Real-Time Fraud Detection Solution Architecture A real-time fraudulent transaction analysis and detection system will operate in parallel to the normal transaction pipeline. The transaction pipeline will consist of the following steps: 1. User will initiate the transaction using a device such as, but not limited to, work or home PC 2. The user will use an internet connection to access the bank’s internet banking system 3. The user will authenticate with the bank’s internet banking system 4. The user will performing banking transactions 5. The data warehouse will be updated with information collected during the transaction Page 6
  • 7. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking In parallel, the real-time fraudulent transaction analysis and detection system will operate. It should not insert itself into the transaction pipeline as this will delay transaction processing as well as involve higher implementation costs due to the integration effort. Details of transactions should be taken in real-time at two key points: 1. User access to gather details on how the user is accessing the system 2. Transaction to gather details on what transactions the user is performing This real-time information is then compared with user access history and transaction history details to determine if the transaction is likely to be fraudulent. At a high-level, the real-time fraudulent transaction analysis and detection system will consist of a core Collect-Analyse-Decide-Respond cycle. These stages will perform the following tasks: • Collect – information on the transaction will be collected. This will consist of access information, session information and transaction details. The collection component will gather information from multiple sources at multiple stages both through the transaction life cycle and off-line from other sources such as watchlists of addresses involved in fraud. • Analyse – the transaction information collected will be analysed both within itself and also be compared with historical information collected. Based on the two sets of data, the transaction will be scored with respect to its probability that it is fraudulent. • Decide – there will be a decision engine that determines if the transaction is fraudulent. Page 7
  • 8. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking • Respond – based on the decision taken a response action will be determined. This process needs to happen in real-time as transactions are happening. It needs to be scalable to handle large-volumes of transactions without delaying overall transaction processing. The real-time fraudulent transaction analysis and detection system will also provide additional functions: • Reporting and Monitoring – the system should provide reporting and monitoring facilities to report on fraud analysis activities, system throughput, performance and other areas • Offline Analysis – this will provide other non-real-time analysis facilities that allow patterns across multiple transactions to be identified • Administration – the system can be administered and managed allow actions such as new rules to be defined and the operation system to be tuned and modified. Rules Engine and Decision Making Facility This is a flexible rules-engine that takes data from multiple sources to identify transactions as potentially fraudulent: The classification will be based on multiple factors, such as: Current Transaction Details Users Profiles Transaction Amount Users Ages Transaction Type Users Locations Users Jobs Transaction History Details Transaction Frequency Session Details Transaction Type Frequency IP Address Page 8
  • 9. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking Account Activity Browser Type User Profile Session History Details User Age IP Addresses User Location Browser Types User Job Previously Known Sources of Fraud IP Addresses Associated With Fraud This information will be combined to assess the probability of the transaction being fraudulent: • Current Transaction Details – this will provide a profile of the transaction being performed • Transaction History Details – this will allow the current transaction to be compared against previous transactions • User Profile – this will provide a profile of the user performing the transaction • Users Profiles – this will provide a profile of all users against which the current user’s profile and the profile of the current transaction against the profile of transactions performed by similar users can be compared • Session Details – this will provide details on the internet access session • Session History Details – this will allow the current session details to be compared against previous sessions to allow changes to be identified • Previously Known Sources of Fraud – this will allow the current session details to be compared known access details associated with fraud Complex Event Processing/Event Driven Application Architecture and Approaches to Fraud Analysis There is an emerging technology in the form of Complex Event Processing (CEP) that is suitable for real-time online banking fraud detection. The topic of CEP is itself very complex. This section provides some very brief information to support its inclusion as an option for implementing a real-time fraud analysis solution. The high-level architecture of a Complex Event Processing (CEP)/Event Driven Application (EDA) architecture is: Page 9
  • 10. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking The core logical elements of this approach are: • Continuous Query Engine - Processes high volumes of streaming data • SQL-based Event Processing Language (EPL) – extends SQL to handle streaming events EPL is SQL-based. It provides easier integration to relational data and the data storage facility. The key extension within EPL is the ability to handle streaming data provided by WHEN ... THEN statements rather than conventional IF ... THEN statements. Details on the levels of spending by US banks on A CEP application typically comprises of four main component types: consumer authentication and fraud detection in 2006, 1. Adapters interface directly to the inbound event sources. Adapters classified by the value of their understand the inbound protocol, and are responsible for converting the deposits. event data into a normalised data that can be queried by a processor (i.e. event processing agent, or processor). Adapters forward the normalised event data into Streams. 2. Streams are event processing endpoints. Among other things, streams are responsible for queuing event data until the event processing agent can act upon it. 3. The event processing agent removes the event data from the stream, processes it, and may generate new events to an output stream. 4. The Decide step listens to the output stream, The Decide step forward on the generated events to external event sinks such as a case management system. Source: Gartner Implementing a Real-Time Fraud Detection System Any practical approach to real-time anti-fraud will consist of the following activities: • Continuing customer education • Possible additional two-factor authentication for customers using some form of key generation tool • Profiling customer access and maintaining an up-to-date list of fraud sources to determine if a known source of fraudulent activity • Implementation of real-time fraud detection and handling system or systems • Checking transactions in real time Page 10
  • 11. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking • Handling of suspicious transactions • Processes to link all these elements together Each of these will go some way to preventing fraud. Taken together they will form a comprehensive solution. Planned increase in spending intentions in 2007 from 2006 by these banks. In terms of the previous transaction pipeline, the additional steps required will be: 1. Before completing the transaction, the banking system would invoke a function to check the status of the transaction within the Decision engine. 2. The checking function will interrogate the Decision engine to get the result of the transaction check. 3. If the Decision engine has reached a decision about the transaction, this would be provided to the application status check. 4. If the transaction was determined to be suspicious, it would be written to a suspend queue where it would be held according to defined rules. 5. If the transaction was determined not to be suspicious, it would be Source: Gartner processed as normal. 6. The incident handling component would be notified. Page 11
  • 12. Real Time Transaction Analysis and Fraudulent Transaction Detection for Online Banking For more information, please contact: alan@alanmcsweeney.com Page 12