Fraud may be as old as business itself, but the business of fraud is brimming with fresh vigor. Now a profession worth £3tn a year, fraud is one of the most complex, cost-intensive aspects of running a business today.
Worse still, for a chief risk officer (CRO) or any team tasked with combatting fraud and compliance, the true cost is not as simple as what the human eye – and the balance sheet – can see. More than ever, the compliance and fraud costs these teams know and budget for are accompanied by what’s lurking beneath – the ‘hidden unknowns.’ So how should organizations be assessing these risks and the associated costs, and how can technology help join the dots?
Orienting Decisions Around Data
When it comes to fraud, some change has been constant and predictable: more fraud, more complexity and more attack vectors. What’s changing is how technology can support those defenses – more specifically, how data can be used to support those defenses. The new gospel that ‘data is the new oil’ woefully undersells its value – this is not just a finite commodity. Instead, it’s an ever-expanding, scalable, multi-dimensional prism through which commercial situations can be understood, risks can be assessed and decisions made.
So what does that mean for the risk managers and technologists equipping these organizations to be safe and secure? Data orchestration – the ability to efficiently, effortlessly orchestrate the use of all this data through one layer – is already shifting from an aspirational concept to a ‘must have’. Traditional manual batch-feeds of siloed data between systems are already being replaced by connected datasets that speak to each other and create smarter answers in real-time, without a customer, or potential fraudster, ever even knowing.
This data orchestration approach will improve safety and security in almost every aspect of an organization’s relationship with prospective customers. At onboarding, for example, it means not just taking information given at face value but pre-emptively using additional data sources, to verify identity and crosscheck whether this person or entity has committed fraud elsewhere.
This will bring more context and accuracy to fraud detection and prevention efforts – even in established, heavily regulated industries already familiar with orienting decisions around data. While banks already cross-check with third parties such as Cifas, what other types of data could they be benefitting from? If rich device data, to take another example, could highlight when an individual’s mobile number on an account application has recently swapped over the SIM card, this could indicate potential identity hijacking. Being able to spot and act on these instances, based on groups of connected data, is hugely valuable to both the bank and the customer.
Using Analytics and AI to Create a Robust Threat-Detection Model
In this new data-centric approach to fraud, the application of various forms of Artificial Intelligence (AI) and AI-powered predictive analytics, will play an increasingly important role in the detection and prevention of fraud. This is especially true for transactional industries like banking, retail and telecommunications, where there may be hundreds of transactions taking place per second – meaning the volume of fraud instances is high, and the value of saving a fraction of a second is amplified at scale.
Combined with a number of statistical processes and techniques, predictive analytics can help correctly classify fraudulent and non-fraudulent transactions in real-time, without the need for human subjective analysis. The application of Machine Learning (ML) could also play a role - with neural networks learning in real-time and improving the way teams test hypotheses and apply new rules. Combined with data orchestration capabilities and a single view of fraud data, ML will drastically reduce instances of ‘false positives’ – in turn, increasing the accuracy and efficiency of fraud investigation efforts by organizations.
Fraudsters change their methods on a daily basis, so the challenge here is to develop a robust, AI-enabled detection model that has a view of old, existing and new threat types. For example, if you’re ‘learning’ from data that only spans the last six months, your threat-detection model will be limited to specific or recent activity and won’t account for threats that took place over a longer period of time. A certain amount of historical data is therefore required to build an accurate view of your threat landscape.
We’re now firmly in the era of a data-centric approach to threat detection and prevention, where organizations are innovating hard and fast to find that ‘silver bullet.’ Promising progress is being made. For any industry, it will be down to the successful application of such bullets to determine if they truly become the new normal. Will we ever get ahead? For perpetrators whose fraud and laundering is in the billions, I wonder what their innovation budget is.