While we still see headlines about bank robberies or ATMs being blown up, these events are less frequent than they used to be. Instead, criminals are turning to online payment fraud, where they face less risk of getting caught.
This article, which first appeared on the blog of the Swiss University Hochschule Luzern, is written by Dr Felix Buschor and it looks at how well Swiss fintech NetGuardians uses artificial intelligence to fight against online payment fraud.
The National Cyber Security Center (NCSC) is the Swiss federal government's center of excellence for cybersecurity and, as such, is the national focal point for cyber incidents among the business community and the general public. It reported 5,526 fraud attempts in the first half of 2021, up almost 90 percent on the first half of 2020, when 2,938 incidents were recorded.
The significant increase in cyber fraud can be partly explained by the fact that NCSC has improved its reporting process. But social trends have made and continue to make fraud attempts more frequent. The pre-existing trend toward digital communication tools and payment methods has been fueled by the ongoing pandemic, during which digital tools are increasingly applied to new areas of everyday life. Looking ahead, this trend is expected to accelerate further. As more people have turned to and continue to turn to digital communications and payment methods, so there are more opportunities for fraudsters to attack. The move toward instant payment networks will further exacerbate the threat situation, significantly reducing the reaction time available to prevent fraud attempts. Furthermore, open banking, in which banks authorize third parties to execute payments with the consent of their customers, also opens up new opportunities for criminals. Overall, it is likely that banks and their clientele will become even more frequent targets of fraud attempts.
Artificial intelligence in the fight against payment fraud
Payment fraud attempts fall into two categories, according to who is responsible for initiating the fake payment. Such payments can be initiated either by an authorized party or by an unauthorized one. In the case of fraud attempts by authorized parties, payments are usually initiated by account holders. In such cases, the fraudsters will have tried to build or exploit trust by means of various scams. Examples include CEO fraud or fake calls from a bank service center. Within this category, investment fraud is currently widespread, exploiting the boom in cryptocurrencies with their promise of high returns.
Fraud attempts by unauthorized parties include those initiated by bank employees who have privileged access rights to banking systems or by external third parties. Unauthorized parties can gain bank account access data using various forms of phishing, but also via malware, most often introduced with spam emails, or via a SIM-card swap, which leverages SMS as a second factor to authenticate digital access to the bank account.
When it comes to protecting assets and combating fraud attempts, it is useful to draw on methodologies of prevention, detection and escalation used in the information-security business. Most fraud attempts start with an individual bank customer, which limits the possibility to take preventative action. For this reason, banks focus on early detection of fraud attempts so they can block (escalate) counterfeit payments before any money leaves the account. To do this, most banks rely on rule-based systems, where conditions are predefined. When a rule is violated, an assumption of fraud is made and an alert raised, halting the payment. These conditions can be unusual amounts or payments to a first-time recipient, for example.
Due to the high number of false positives this rules-based system throws up, many banks have incorporated a scoring system into their detection and escalation processes. The rules are weighted and combined to give a score for each payment. If the score exceeds a certain threshold, the payment is blocked. Such fraud-detection systems have two disadvantages. First, they usually come with high false-positive rates. Second, they only recognize pre-defined fraud patterns and therefore lag behind changes in the behavior of both bank customers and fraudsters.
Against this background, the idea was born to find a solution using artificial intelligence to identify patterns of fraudulent payments. But the imbalance between good and bad payments in the overall pool was too great – there were not enough frauds from which the models could learn. Based on this finding, Swiss FinTech NetGuardians developed an alternative approach to fraud detection using artificial intelligence. Founded in 2007, NetGuardians is the first start-up to emerge from the incubator Y-Park in Yverdon-les-Bains. Its approach was not to filter out patterns of attempted fraud from payment data, but conversely to use machine learning to filter out patterns of unusual behavior by banking customers. The resulting profiles of the payment parties are compared against payments and checked for anomalies. This results in a risk value for payments, which is compared against a threshold value. Payment is blocked in the event of a violation. Blocked payments are then manually investigated to see if they are in fact fraudulent. If necessary, the profile of the payment parties is adjusted based on the manual payment check. This means the NetGuardians fraud-detection system learns and adapts to changing behaviors.
As research by NetGuardians shows, using artificial intelligence in this way can reduce the proportion of payments incorrectly blocked by 85 percent and the processing effort by 75 percent. The use of artificial intelligence can thus significantly improve the clarification effort and successful identification rate of fraud attempts. Banks achieve a better customer experience because fewer correct payments are blocked and customers are better protected from fraudsters. Further optimization can be achieved through cross-bank collaboration. NetGuardians, for example, intends to use its Fraud Intelligence Service, a new initiative, to collect fraud attempts among its customers and make them available to the community. This allows trends to be identified at an early stage and general fraud knowledge to be increased. Another form of cross-bank collaboration involves sharing statistical information between banks about the trustworthiness of beneficiary accounts. NetGuardians calls this collective artificial intelligence. If a payment order benefits an account that is unknown to the bank, the experience of another bank that knows the beneficiary account can be helpful in assessing the payment.
There is every indication that payment fraud will continue to grow rapidly. The rules-based systems currently used by banks will increasingly be overwhelmed. The use of artificial intelligence as developed by NetGuardians, with a focus on detecting anomalies in payment behavior, has many advantages. Not only does it reduce the number of payments falsely identified as fraudulent, but the mechanism can also dynamically adapt to new behaviors of bank customers as well as fraudsters. Such a learning process also requires anomalies to be assessed by humans and the result fed back into the system. For such collaboration between humans and machines, it is important that users can understand why the computer classifies a payment as an anomaly. Artificial intelligence must be transparent and explainable. The idea of collective artificial intelligence, as pursued by NetGuardians, is also promising. The exchange of information between banks offers opportunities, especially in fraud detection. However, the limitations due to data protection must be carefully analyzed beforehand. The idea of NetGuardians using its new Fraud Intelligence Service to build up its own collection of fraud cases is also interesting. The benefit would be timely local, national and international knowledge of the latest fraud types.
My thanks to my interviewees: Sandy Lavorel and Alexandre Badet, "Fraud Fighters" at NetGuardians.
Dr Felix Buschor is Lecturer and Project Leader at HSLU Hochschule Luzern
 In some cases, the bank is also the direct point of attack. This is the case, for example, in "massive payment fraud," in which bank systems are attacked by means of ATP (advanced persistent threat).