Evolution of Fraud Analytics – An Inside Story
The amazing analytic innovations in payment fraud prevention can be grouped into three major categories: large data-set modeling, sparse data-set modeling, and false-positive reductions - a view from the inside.
Payment Fraud Prevention: The First Big Data Success Story
Some of us are old enough to remember when store clerks made phone calls to get authorization for credit card purchases. And who can forget the clunky gadgets that smashed credit card numbers onto carbon paper? The speed of commerce has come a long way — and so has the speed of fraud prevention.
(see also FICO: 20+ Years of Analytics Innovations to fight Fraud)
One of the major fraud challenges of the early 1990s was the rise in counterfeit transactions. Fraudsters were defeating physical fraud-prevention elements on payment cards. The solution to this problem turned out to be analytics. In my view, the modern age of payment fraud prevention started in 1992 when HNC Software introduced Falcon Fraud Manager. This software used analytics to evaluate the authenticity of credit card transactions in real time.
It’s easy to forget how much payments have changed in the past 22 years. In 1992, there were no smartphones or mobile payments. The Internet didn’t exist outside of a few government and university labs. And the notion of e-commerce was closer to science fiction than reality for everyone except passionate CompuServe users. Similarly, payment fraud today bears little resemblance to 20 years ago, when criminals were stealing carbon copies of credit card receipts.
The constant adaptation of anti-fraud technology has not only kept pace with changes in payment and fraud patterns, it has actually made payments safer. In the U.S., payment card fraud was equivalent to roughly 18 basis points (0.18%) of all payment card activity in 1992. Today, payment fraud in the U.S. is closer to 5 basis points of all card payments.
Payment fraud prevention was one of the earliest commercial successes of Big Data analytics.
Each time a payment card is swiped or inserted, anti-fraud applications run up to 15,000 calculations in a matter of milliseconds -- leveraging the accumulated intelligence from trillions of previous transactions -- to determine the likelihood that the transaction is fraudulent.
Because of this, the payments industry was able to introduce new payment methods such as e-commerce that have lower friction for the customer, albeit with an inherent risk of fraud.
As I look back over the last 20+ years and consider the incredible analytic innovations in payment fraud prevention, I find they can be grouped into three major categories: large data-set modeling, sparse data-set modeling, and false-positive reductions.
Large data-set modeling is where analytic techniques are used to take complex, large data sets and translate the data into a format that is usable for real-time scoring. Examples include:
- Transaction profiling (1992) summarizes complex transaction histories into a concise set of recursive variables to enable real-time scoring. This technology was first used to build profiles of cardholder behavior, and it has since been applied to merchants and even devices.
- Neural network models (1993) work like the human brain to understand non-linear interactions between variables (e.g., transaction amount and location). These models are the foundation for identifying interactions hidden in data and providing a practical method for computing them to identify fraud patterns.
Sparse data-set modeling solves problems where large sets of historical data do not exist, leading to innovations in self-learning and auto-calibrating models. Examples of this include:
- E-commerce fraud modeling (1999) protects merchants from card-not-present fraud. This may seem like a Big Data problem today, but in 1999 e-commerce transactions were a fraction of what they are today. Even today, the challenge is to identify a potential fraud problem when a customer is buying at a new website or in a product category for the first time.
- Outlier models (2005) increase precision by examining unusual payment incidents within the context of other outlier transactions. This has been a useful technique for modeling emerging payment types.
- First-party fraud modeling (2006) recognizes when people are committing fraud under their own names or invented names. The challenge that analytic innovation had to overcome was the rarity of clearly tagged examples that could be used for model development.
- Self-calibrating technology (2008) allows anti-fraud software to fine-tune itself in real-time as transaction trends shift. This is particularly valuable when no historical data is available for model development. This technology construct self-learning fraud-detection systems to predict high-risk payments that need further review.
- Global intelligent profiles (2009) identify the riskiest ATMs, merchants and regions so extra scrutiny can be applied where risk is greatest. This improves detection rates while solving a critical problem — how to select the necessary data for computation in order to avoid slowing down card processing.
- Adaptive analytics (2010) enables analytic software to adjust models as fraud patterns change. With patterns changing at an increasingly fast pace, this technique allows models to learn and adapt based on the newest information, which leads to both a decrease in false positives and increased detection levels.
- Behavior sorted lists (2013) improve the ability to identify suspicious transactions by building a more complete picture of a consumer's likely behavior. This has been a major enhancement in tracking behavior at the consumer level. Fraud models can know the websites, retailers, etc. that a consumer uses most often, which helps identify transactions that are more likely to be genuine.
T.J. Horan leads the FICO fraud solutions business unit and is responsible for developing the strategic direction for FICO’s fraud products. He is also a key strategic leader in the area of transaction decisioning and analytics. T.J. began his career with DuPont, where he helped design and maintain Expert Systems for process control. Since then, T.J. has held a variety of technical and management roles in the fields of analytics, fraud and risk management, and decision management at industry leading companies such as HNC Software and SAS. T.J. holds a B.S. in computer science and a M.S. in statistics, both from the University of South Carolina.
He blogs at http://bankinganalyticsblog.fico.com/tjhoran.html.