Using Machine Learning to Combat Third-Party Fraud

My last post addressed the issues surrounding first party fraud, including fraudsters’ increasingly common tactic of creating synthetic identities. Third-party fraud remains a major concern as well, however, particularly given the epidemic of identity theft fueled by a continuing parade of data breaches.

Financial institutions have an inherent need to combat such intrusions. Beyond direct financial losses incurred by the FI and its account holders, there’s the very real risk that customers could lose trust in their bank, a far more dire consequence than potentially missing current-quarter profits. This in turn could lead to market share loss and an inability to attract deposits- a recipe for a downward spiral.

It would be easy enough to clamp down on fraud by taking ample time to scrutinize every transaction before allowing it to proceed. That’s an even surer recipe for irrelevance, however, given customers’ expectations for convenience. Fortunately, advances in machine learning offer the potential to address both of these needs simultaneously.

Other People’s Money

Let’s define transaction fraud as an unauthorized draw against value. This can take one of several forms:

• Drawing against a line of credit without an intention to pay it back- This is usually considered first party fraud; it also requires a distinction, at times a judgment call, between those unable to pay (which should be classified as a typical credit loss) versus those who never intended to satisfy a debt.
• Drawing against uncollected funds- This typically involves check kiting or bad deposits, and is normally a sign of first party fraud. An American Banker Association study places such losses at $2.2 billion, growing at 16% annually.
• Drawing against someone else’s value- This is the third party fraudsters’ playground, whether looking to exploit the credentials directly or sell them to others via the dark web or by other old school means. Javelin Research found a 16% rise in reported identity theft in 2017, impacting 15.4 million Americans- over 6% of US consumers- to the tune of $16 billion in fraud losses, mostly via Card Not Present charges.

Fraudsters are savvy enough to exploit customer expectations to their advantage. Large-dollar misappropriation of funds via ACH, wire and bank transfers can and do occur, and cause significant consternation for all parties. The bad guys channel most of their energy into smaller dollar but higher frequency card payments, however, knowing that the sheer volume of transactions combined with the expectation for real-time decisioning makes it virtually impossible for FIs to analyze every request.

Welcome to the Machine

This is where the emerging fields of data analytics and machine learning (ML) can play valuable roles. ML is very useful for predictive purposes, inferring non-linear relationships across massive data sets that escape the notice of the human eye. It also approaches analyses without any preconceived assumptions, and crunches data in the background without slowing the front-line process.

This is a perfect fit for fraud analysis, where there is no shortage of available data and a critical need for ongoing learning to stay a step ahead of fraudsters. It is not without challenges, however. Banking regulators require clear audit trails to ensure decisions are not based on inappropriate data. For this reason, trained risk experts will always have a role in the equation, applying heuristics to demystify and validate the “black boxes” proposed by ML routines.

A primary objective should be the mitigation of fraud without aggravating customers by derailing legitimate transactions. In a future post I’ll dig into ways to implement ML while satisfying regulatory constraints. The takeaway for now is that ML is not an excuse to abdicate decision making to a faceless algorithm, but rather a vehicle to focus analysts and compliance officers on the areas of highest value.   

For more information, read our  white paper on "Stopping Fraud With Predictive Analytics."