This results in huge losses to individuals and organizations. In 2019, the US Federal Bureau of Investigation’s Internet Crime Complaint Center received over 467,000 complaints relating to online crimes and scams including payment frauds – an average of nearly 1,300 every day - carried out by criminals who had gained access to personal and corporate email accounts. Total losses in these cases were put at almost $3.5bn. Figures from UK Finance, the British financial-services trade body, show that in 2019 its members reported losses of £456m ($549m) as a result of so-called “authorized push payment fraud” is up from £246m in 2018.
Frauds that the customer authorizes
A major reason why this type of fraud is growing so quickly is that such fraudulent payments involve everyday transactions that would not normally arouse suspicion. Because they have been directly authorized by the customer, they are extremely difficult for banks to spot. Moreover, because these frauds are low-tech deceptions that typically require no special expertise, large numbers of criminals are attempting payment fraud type scams.
Payment frauds frequently involve an element of “social engineering”. Using this approach, fraudsters harvest the information they need to make a bill or payment request appear genuine from freely available sources such as the organization’s website or the individual’s social media accounts.
Here are some common examples of payment fraud from our white paper:
Because these fraudulent payments have been directly authorized by the victims, customers are often held responsible for the losses and therefore receive no compensation. However, pressure is mounting on banks to protect customers from payment fraud and compensate them for their losses.
Banks need better anti-fraud tools
Banks, therefore, need far more effective tools to combat these low-tech, hard-to-spot frauds.
Today’s rules-based anti-fraud systems cannot detect or block payment frauds because they are too rigid: customers now have so much flexibility and choice in how to transact that everyone’s payment behavior is effectively unique. No rules-based system can accommodate this much variety.
The problem with mainstream AI
Many newer software systems that try to use Artificial Intelligence (AI) to identify and block fraudulent payments in real time also have drawbacks. An individual bank’s data sets are just not big enough to allow the effective training of AI algorithms. This leads to “overfitting”, where systems are trained using a limited number of fraud examples and as a result can detect only the limited range of frauds with which they are familiar.
To address this problem, at NetGuardians we use a technique called Managed Learning. This combines several supervised and unsupervised Machine Learning approaches within a consistent scoring model and employs two phases of analytics. The first phase searches for anomalous transactions by building a dynamic profile of each customer’s banking behavior as it evolves through time and flags anomalous transactions. In the second phase, the system is trained to recognize which of these anomalies are fraudulent transactions (and to disregard the legitimate ones) by learning from the feedback it receives. A key strength of Managed Learning is that it does this without unbalancing the scoring models in a way that would lead to overfitting.
Managed Learning doubles detection rate
The results are compelling: the fraud detection rate of our software is more than double that of a rules-based system, and the number of false positives is reduced by more than 80 percent. As a result, the time spent by fraud teams investigating suspicious payments declines by more than 90 percent, delivering major operational gains as well as a better banking experience for customers.