Jérôme Kehrli explains 3D AI and the three pillars of supervised, unsupervised and ADAPTIVE learning that lie behind the award-winning software’s market-beating performance when it comes to defeating the fraudsters
Whenever our software is run head-to-head in a pitch situation against that of our rivals, we always come out top. We always find more fraud with a lower number of alerts. For some, this is a surprise – after all, we are one of the youngest companies in our field and one of the smallest. To us, it is no surprise. It is testament to our superior analytics.
A focus on customer behavior
We began working in fraud prevention in 2013 and quickly realized the futility of rules engines in this endless game of cat-and-mouse with the fraudsters. The criminals will always tweak and reinvent their scams; those trying to stop the fraud with rules engines will always be left desperately working as fast as possible to identify and incorporate the latest scams into their surveillance. Far better to focus on what we know changes very little – customer behavior.
If a bank knows how a customer spends money, it can spot when something is awry by looking for anomalies in transaction data. However meticulous the fraudster is at trying to hide, every fraudulent transaction will have anomalous characteristics. People’s lives are constantly changing – they buy from new suppliers, they move house, go on holiday and their children grow up – all of which will affect their spending and transaction data. Every change will throw up false alerts that will undermine the customer experience unless you train your models correctly.
The three pillars of 3D AI
We train our models using what we call our 3D AI approach. This enables them to assess the risk associated with any transaction with extraordinary accuracy, even if it involves new behavior by the customer. This also keeps false alerts to the minimum.
Developed by us at NetGuardians, this approach has three pillars, each of which uses artificial intelligence (AI) to constantly update and hone the models.
The pillars are: anomaly detection, fraud-recognition training analytics and adaptive feedback. Together, they give our software a very real advantage by not only spotting fraud and helping banks stop fraudulent payments before any money has left the account, but also by minimizing friction and giving the best possible customer experience. This is what differentiates our software in head-to-head pitches.
The first pillar is anomaly detection, which is mostly unsupervised learning. At this stage, we are looking for anomalies and working out the level of risk associated with them. This involves examining a set of parameters such as time of transaction, counterparty, location, amount and currency. As seen above, on their own, these parameters aren’t enough to prevent an unacceptable level of false alerts. By including peer-group behavior, we begin to reduce the number of false alerts. For example, people don’t buy a car often and when they do, they don’t want their bank to block and query the transaction because of its rarity. But if you place the customer among peers, the size of the transaction can trigger associations that bring its risk level down. This, along with other techniques including Poisson Law help us understand the timing and regularity of the transaction, resulting in a highly nuanced picture of risk.
The second pillar is fraud-recognition training analytics, mostly relying on supervised learning techniques. Typically, a T2 or T3 bank might see a dozen of frauds a year out of 10 million transactions.
This level of fraud is insufficiently high to train a complex algorithm. So we have developed models using anonymized bank data that can be overlaid on a bank’s own data. The models cover different situations, regions, size of bank and type of customer, which allow us to create analytics that look at the context of the data. Our software is even capable of deciding which model is best for the analysis.
For a T1 bank, it takes just a few hours to train the algorithms, with perhaps some manual intervention to confirm the final choice of models. Smaller banks take one to two hours and the process is fully automated.
The final element is adaptive feedback using active learning. This is absolutely crucial to reduce false alerts to the lowest possible level while minimizing the risk of missing a fraud. Our adaptive feedback technology monitors, controls, challenges and supervises feedback from the alert investigators – the bank’s back- and middle-office employees who review alerts and decide when to call the customer – to ensure that it is of sufficient quality before re-injecting it into the machine learning models. As this is unique to the NetGuardians approach, it’s worth going into a little more detail.
Fine-tuning and machine learning
All alerts raised by the NetGuardians software come up on a dashboard and have to be reviewed manually. If the alert turns out not to be a fraud, we ask the bank to classify the risk of transaction.
- High = not a fraud but confirmed as high-risk, so continue to block similar transactions
- Medium = not a fraud but can see why NetGuardians software thought it would be. Proceed with care
- Low = not a fraud and unclear why the software thought it was. Never block similar again
This feedback retrains unsupervised and supervised learning and is key to the precision of our solution. Further tuning comes from the ability of our software to query feedback to ensure it is high quality.
For example, someone has been working in fraud investigation for many years. They have “learnt” that usually just two parameters reveal suspicious behavior – let’s say the amount and the beneficiary – and use only those two to decide the level of risk. When applied over and over again, a model would learn to look at just those two features, undermining its ability to see and learn from the whole picture – a form of “overfitting”. This reduces its accuracy. But our software does something very clever. If it believes something is anomalous, it will ask the investigator a direct question about another parameter, forcing them to re-examine the transaction. It then uses this additional feedback to learn more about the customer, the bank and the transactions.
Taken together, these three pillars of AI are responsible for our market-beating performance. Only NetGuardians uses these three together. And only NetGuardians is able to find all the fraud a bank knows about in historic data as well as up to nearly one-fifth more. Our software doesn’t need to be taught new fraud types because it isn’t looking for them. And it doesn’t add customer friction – in fact it reduces false alerts by as much as 83 percent. This is because it is always learning and refining its models across the broadest possible perspective, resulting in our analytics supremacy.