Scanning the Internet for External Cloud Exposures via SSL Certs
Transactional Fraud Detection A Modular Approach
1. IBM Software Thought Leadership White Paper
WebSphere
Transactional fraud detection:
A modular approach
Addressing the next generation of financial crimes
2. 2 Transactional fraud detection: A modular approach
Contents This white paper discusses the benefits of collaboration and
constructively challenging the status quo by integrating different
2 The deployed software model versus the evolution technologies to form a comprehensive fraud detection and
of fraud prevention solution that meets specific business requirements. It
2 Challenge currently deployed solutions also provides key considerations for developing a strategic road
map for detecting and preventing enterprise financial crimes.
2 Finding the right transactional fraud detection vendors
2 Leverage multiple technologies to stop persistent
The deployed software model versus the
fraudsters evolution of fraud
As fraud detection professionals know, fraud is a constantly
3 React quickly with real-time fraud detection evolving organism. Like a virus, it evolves and mutates to seek
out weaknesses in an incumbent detection system and, once
3 Know the leading nonmonetary fraud indicators
found, will quickly exploit those weaknesses before moving—or
3 Base solutions on integrated technology changing—to ensure continuous income for the fraudster or
organized group. Prevention methods that work today cannot be
4 Look beyond packaged solutions guaranteed to work tomorrow. The reality of this limitation is
that deployed, packaged software applications require costly and
Introduction bulky upgrades or retraining over time just to keep pace with
The increasing prevalence of enterprise financial crimes has fraud trends. The applications are only effective for a short time
made fraud prevention and investments in prevention technol- before they must be upgraded or replaced. Today, more effective
ogy a long-overdue priority to organizations around the world. technologies are enabled by deploying components through
As a result, organizations are learning that the consolidated cloud computing and through more mature software as a service
software platform approach to fraud detection is fundamentally (SaaS) models.
flawed and falls short on detecting and preventing fraudulent
transactions. Challenge currently deployed solutions
Fraud software today is significantly richer in feature functional-
Instead, there are more effective ways to help fraud strategy ity than legacy solutions. But organizations should question if
managers and their organizations avoid the many pitfalls of their current solutions are keeping pace with the continuous
deployment, deliver on the promise of holistic coverage evolution of fraud or if they are merely providing a richer user
and increase the chances of successful delivery aligned with interface that employs the same detection routines as its legacy
business goals. A “one-size-fits-all” offering is unlikely to counterparts. For instance, one example of an ongoing problem
deliver enterprise-class performance with results that benefit with legacy solutions is high false positive rates (FPRs) and
the organization and the customer. To achieve high perform- inappropriate transaction declines, both of which negatively
ance, organizations must align strategic vision with industry impact customer service. To maintain competitive advantage,
knowledge. organizations must treat valued customers as such. Decisions
3. IBM Software 3
about transactional viability should be based on sound, clearly reported, these vendors can make data available to antifraud
understood logic and they should be modifiable as needed. group consortium members to assist in catching fraudsters and
“Black-box” detection paradigms, typically based on neural closing down concurrent attacks across multiple institutions.
networks and other, similar, paradigms, are not the only means Effective data management and security coupled with strong
of providing effective fraud detection that is tempered with analytical capabilities provide the technological backbone for
respectful customer service. implementing effective detection strategies that can be shared
across consortium participants.
Finding the right transactional fraud
detection vendors React quickly with real-time fraud
It is important to note that just because it is possible to access detection
data in a transaction system for fraud detection, it does not Legislative, technological and competitive pressures are
mean that fraud technology vendors have the ability to design a shortening the timeframe for reacting to fraud threats.
transactional fraud detection system. For instance, antimoney- Real-time fraud detection may be the only effective way to
laundering (AML) systems are designed to ensure compliance block fraudulent transactions. Additionally, as organizations
with regulatory requirements, not to catch fast-moving fraud. move toward real-time capabilities, those that have not adopted
Typically, an AML system will not flag a low FPR, given that this functionality will be even more exposed as fraudsters learn
auditors and compliance resources may prefer to decline more that a weak link exists. For instance, in the United Kingdom,
transactions to err on the side of caution. Requiring an AML real-time funds availability and the “faster payments” initiative
system to do the opposite and provide high-quality alerts with mean that “day 2” fraud processes will become obsolete in a few
low FPRs is nearly impossible since the system is being asked to years. Next-generation technology must be able to adapt and
do something for which it was not designed. Reengineering the grow as market dynamics continue to change to justify any
system for this purpose is usually ineffective. strategic investment.
Leverage multiple technologies to stop Know and analyze nonmonetary fraud
persistent fraudsters indicators
Fraud is a problem that transcends individual organizations. Nonmonetary account activity is a significant indicator of
It does not respect corporate boundaries, and fraudsters will potentially fraudulent action, and yet, many organizations either
prey on the fact that legal and technological constraints often ignore or are unable to capture and react to these indicators.
make effective data sharing within organizations impossible. It is Over time, disparate and seemingly unconnected events, or
common to find that, after multiple fraudulent events, the same nonevents, associated with an address change request, a password
person or group has been perpetrating similar attacks concur- change request or PIN change request can be strong indicators
rently on peer institutions. However, some data security vendors of account takeover or identity theft. The use of powerful
and storage providers act as trusted custodians that can provide predictive analytics technology and complex event processing
access to transactional detail that shows what is happening at an
industry level. As fraud or suspicious activity is identified or
4. 4 Transactional fraud detection: A modular approach
functionality can help organizations understand the nature of Look beyond packaged solutions
their fraud problem better before the event. Organizations need Fraud detection practitioners and strategists need to look beyond
the ability to assess a sequence of events or nonevents and assign the capabilities provided by packaged solutions. By partnering
a risk/threat level to that combination of activities at the front with an external consultant, organizations may confirm that
end. Preventing fraud is significantly more desirable than existing software capabilities and associated operational practices
deploying expensive resources to manage the results of fraud— are adequate. If not, a consultant can also provide an effective
for the organization and, more importantly, for the customer. review and recommendations for operational enhancement.
Deploying this mix of technology, analytics and human-centric Enhancement efforts should complement existing capabilities,
knowledge can provide significant operational efficiencies, and existing budgetary constraints, while providing a nondisrup-
enhanced detection rates and an improved customer experience. tive path to improved detection and prevention.
Base solutions on integrated technology To implement effective fraud detection, card issuers must
Effective fraud detection capabilities face a multitude of chal- develop an understanding of the enhanced capabilities
lenges across different payment methods. i.e. online, deposit, provided by predictive analytics, pattern and name matching /
ATM, check, debit card and ACH/wire. To effectively meet recognition, complex event processing, business rules, content
these challenges, organizations must be able to move from analytics and, most importantly, the means for implementation.
fragmented fraud detection and prevention to an environment IBM’s ability to draw on best-of-breed components ensures that
that is equipped to address the evolving threat of fraudulent an issuer is not tied to a specific specialization or paradigm, a key
activity in an integrated, holistic, enterprise-wide fashion. benefit when considering the specific nature of card fraud within
They must ask questions like: Is this technology a viable and any single geography. IBM and its broad partner ecosystem are
achievable ambition for return on investment? How much uniquely positioned to assist institutions that are ready to begin
depends on technology and how much on the implementation this journey.
of industry and domain knowledge? What are the benefits for
the organization and its customers? And in short, is it worth Conclusion
investing in improvement? The fight against fraud is continuous and evolving at a rapid
pace, and the sophistication of fraudulent attacks is ever increas-
The answer is yes. Any organization that stops investing in ing. In planning the strategy for future prevention and mitiga-
technology to combat evolving and mutating fraudulent activity tion efforts, organizations should consider external challenges
is effectively writing a blank check for the fraudster. However, and whether their current solutions are able to address those
investment in technology alone is not sufficient to mitigate challenges. New technologies can provide more effective ways to
fraudulent activity. Any investment must conform to a clear monitor and detect fraud and better position the organization
vision and strategy that is likely to be multiphased over several for success. While examining different solutions, it is important
years and able to evolve over time. While packaged solutions to develop an understanding of the underlying detection logic.
may seem effective, as outlined in the previous section, a
“one-size-fits-all” solution is destined to fail.
5. IBM Software 5
The most effective solution sets are those that can adapt quickly, About the authors
offer industry and enterprise breadth, can function in real-time Richard Collard
and monitor cross-channel activity. IBM Worldwide Subject Matter Expert
Transactional Fraud Detection, AML and Risk Management
IBM’s approach to fraud detection and prevention is aligned and richard.collard@uk.ibm.com
effectively executed through the technological and commercial
vision that IBM customer and business partner FIS offers. FIS’ Richard Collard comes to IBM as part of the acquisition, in
depth of experience and acquisition strategy, which includes 2009, of ILOG. He draws on a business-based career with
Certegy and Metavante among others, ensures that its core major global fraud analytics organizations and specializes in the
offerings are infused with ideas and best practices from different, provision of fraud detection solutions and consulting for credit
but aligned, industries. and debit card issuers and for AML. Prior to joining ILOG, he
worked to develop a radical, new approach to rules-based fraud
For more information detection through the automated generation of rules using
For more information about fraud detection solutions from genetic algorithms and evolutionary computing techniques. This
IBM, contact your IBM representative or IBM Business Partner, technique is holistic and non-prescriptive, espousing the belief
or visit: ibm.com that there is no such thing as a “one-size-fits-all solution,” and is
aligned with IBM’s modular approach to the challenges facing
For more information about fraud in the United Kingdom, visit the card industry.
the UK Cards Association at theukcardsassociation.org.uk/
Richard’s operational reviews for card issuers in South Africa
Additionally, financing solutions from IBM Global Financing have generated significant savings and operational efficiencies.
can enable effective cash management, protection from technol- They have also been instrumental in the recent adoption of
ogy obsolescence, improved total cost of ownership and return business rules management systems (BRMS) technology as a
on investment. Also, our Global Asset Recovery Services help major component of a hosted fraud detection solution. Richard’s
address environmental concerns with new, more energy-efficient ability to draw on global experience allows significant knowledge
solutions. For more information on IBM Global Financing, visit: transfer of global best practices. His approach is consultative and
ibm.com/financing respectful of geography and culture, ensuring that the thought-
leadership that he provides is positively received—traits that
have earned him significant respect through his engagements.