Professional Documents
Culture Documents
62 Future of Banking Fraud Management 2896WP PDF
62 Future of Banking Fraud Management 2896WP PDF
Enterprise fraud management (EFM) began as a compelling vision. Today, finding a better way
to combat fraud across the enterprise has become an urgent need, propelled by technological
advances and economic pressures changing retail banking markets all over the world. The same
forces are dramatically shifting the way the banking industry is thinking about and undertaking EFM.
With banks racing to bring new services to market, the idea of a single centralized EFM solution is
being replaced by a more agile, less costly approach. Banks can now rapidly deploy fraud solutions
focused on specific customer interaction channels or customer asset classes, then link them as
needed for higher-level customer protection. And because today’s capital and margin pressures
often make it impractical to replace proven channel-specific defenses, the new approach provides
the means to connect these systems with new capabilities and with each other.
By embracing this more flexible approach, banks start experiencing the rewards of enterprise
fraud management—like better detection of cross-channel fraud and less impact on valuable
customers—sooner. They gain agility to protect new services, shore up weak channels and adapt to
changing fraud patterns. They’re able to recoup past investments and adjust to organizational and IT
infrastructure changes as they occur, while always moving toward greater integration and benefits.
This white paper explores the future of banking fraud management, including:
»» insights
»» The Growing Fraud represents a bigger threat to banks today than ever before. Many companies are
Fraud Threat dangerously exposed, and not only to the risk of rising fraud losses.
The potential for losses is certainly considerable. As always, fraudsters are shifting their attentions
from more defended to less defended targets, and today there are plenty of fresh opportunities.
New online and mobile services open up vulnerabilities fraudsters are quick to exploit. Under
time-to-market pressure, banks may launch without adequate defenses. Indeed, the newness of
the services, and the unknowns about how fraudulent and legitimate users will behave, make it
difficult to extend protection with traditional fraud detection methods alone.
These new ways to engage customers are also multiplying potential entry points for schemes
that reach across banking channels, accounts and products to increase the “take” of customer
information and funds. Traditional siloed fraud defenses are largely blind to such maneuvers,
which is why they’re on the rise.
»» Need for a New Way The banking industry has been talking about enterprise fraud management for a decade. Over
to Expand Fraud the past half decade, as some banks have started working toward this vision, EFM objectives have
evolved and crystallized in response to changing market realities.
Defenses
The initial vision of a monolithic system performing integrated fraud management across all
channels, products and lines of business may be impractical from today’s vantage point. Few
banks are in a position in today’s business environment to make the investment it would require,
especially in markets where capital has become a scarce resource and lean operating budgets
are the norm. Also, many banks are unwilling to abandon their current investments in existing
fraud solutions that have delivered proven value. And monolithic solutions don’t fit the plans
of many bank IT organizations, which are trending toward more flexible architectures with
standardized components and service-based functionality.
For a few years, some in the industry thought a simpler approach, of performing just case
management at the enterprise level, might be the answer. That concept too has been outgrown.
Understanding what all the alerts mean in a timely enough manner to intercept sophisticated
fraud schemes turns out to be extremely complex.
www.fico.com page 2
What Is the Future of Banking Fraud Management?
»» insights
That’s not to say that alert aggregation isn’t part of the answer. Banks can create fraud defense
strategies, for instance, that incorporate alerts from multiple channels and products to make better
fraud management decisions in a specific channel or product.
However, banks need the ability to share more than just alerts. By sharing fraud scores and
dispositions, for example, across multiple detection areas, it may be possible to improve case
management in all areas. With the ability to overlay this “global” information onto their local
strategies, analysts would gain a more holistic view of the customer. They’d be able to make a better
determination of whether an account is subject to fraud, thereby reducing false positives—a major
Application
Money Fraud Paymentcause of customer dissatisfaction.
Laundering Card
Fraud
In many situations, banks will also want to make raw data and/or data-derived variables or profiles
Mobile Acquiring
Payments available
Risk across channels and products. This broader view enables analytic models to examine
Fraud raud Pro Fraud
er F t wide-ranging customer and fraudster behavior patterns to quickly distinguish usual from suspicious
m
ec
to
behavior. It enables them to recognize emerging fraud schemes at the earliest possible moment,
tion
Cus
Corporate Mortgage
Fraud Enterprise understand
Fraud what a multitude of alerts really means and greatly reduce false positive rates.
Overall, the need is for the flexibility to deploy a mix of solutions suited to specific fraud challenges,
Auto
Electronic
Payments
andLoan
to leverage common elements wherever and however it makes sense.
Fraud Fraud
Retail Internal
Banking First Fraud
Fraud Party
Figure 1: New approach to fraud management Fraud
Application Application
Money Fraud Payment Money Fraud Payment
Laundering Card Laundering Card
Fraud Fraud
tion
Cus
»» Monolithic system performing integrated fraud management »» Combination of existing and new analytics-based systems that
across all channels, products and lines of business. address specific fraud management needs, linked as needed to
provide centralized insight and control.
Application
»» All case management at the enterprise level. »» Case managementMoney and other Fraud
fraud management
Payment functions
Card
performed at theLaundering
level where they are mostFraud effective. Ability to share
relevant alerts, scores, strategies, decisions and case dispositions
Mobile Acquiring
across channels,
Paymentsproducts and lines of business as needed.
Risk
Fraud Fraud
»» Conform organization and technology infrastructure to »» Conform EFM concept to organization and technology
EFM concept. infrastructure.
Corporate Enterprise Mortgage
Fraud Fraud
Electronic Auto
www.fico.com page 3
Loan Payments
Fraud Fraud
Retail Internal
Banking Fraud
First
What Is the Future of Banking Fraud Management?
»» insights
Today, banking leaders are embracing a new approach to fraud management—one that’s
»» A Real-World, as comprehensive as the original EFM vision, but can be implemented in stages that deliver
Right-Now Approach faster rewards. The goal is still to integrate fraud defenses across channels and products
in ways that improve both fraud detection and customer service. But this goal is achieved
using a combination of existing and new analytics-based systems that address specific fraud
management needs, linking and potentially replacing legacy systems as needed to provide
centralized insight and control.
This new approach combines agility for accomplishing what needs to be done right now to
solve a diverse range of fraud problems, with continuity for building in a structured, incremental
way toward larger objectives. Our clients tell us they want:
3 Quickly shore up the defenses of weak channels that could be exploited
by fraudsters seeking out points of vulnerability.
3 Flexibly address a diverse range of fraud management needs in the ways
that make the most sense for each purpose: build own solution with
sourced components and tools; implement fully sourced on-site solution;
access hosted solution; extend existing solution.
Continuity to 3 Leverage existing systems that have proven successful and increase
returns from these investments.
3 Establish centers of excellence that enable shared learning and propagate
best practices across the enterprise.
www.fico.com page 4
What Is the Future of Banking Fraud Management?
»» insights
»» Every Bank Will Because of the flexibility inherent in this new approach to banking fraud management, there
Move Forward in is no single route to achieving it. Unlike how EFM was previously defined, banks don’t have
to think about how to conform their organizations and technology infrastructure to a given
Its Own Way
concept. Instead, they can define fraud management in their own terms, with the concept
conforming to their requirements and evolving with their priorities.
Even so, there are commonalities among the early-adopter banks making strides toward higher
performance. Here are seven essential steps they’re taking and fundamental capabilities they’re
bringing together into fraud management solutions.
Historically, banks have managed fraud exposure within different products, services and
customer lifecycle stages, developing dedicated fraud systems that align with these functions.
Typically, fraud mangement teams have operated within each business unit, where fraud losses
are accounted for and written off under the unit’s product or channel profit-and-loss statements.
Many banks today, however, are in the process of consolidating into a smaller number of fraud
functions, centralizing responsibility as much as possible within the constraints of the larger
banking organization.
Some banks are going as far as to forge a single fraud management organization responsible
to their executive team, board of directors or even to a “customer protection czar.” They have
been able to take fraud management out from under the ownership of individual business
units and create a center of excellence (CoE), where all financial crime-related activities,
including fraud, compliance, security and operational risk, are interconnected with overlapping
spheres of influence.
The design of such CoEs reflects the way fraud management thinking has evolved, as well as
the increasing pressures within banks to improve the customer experience. For instance, it’s
generally understood that the CoE should be governed by the bank’s determination of its risk
appetite for specific asset classes, as well as overall for the customer relationship, balanced by
the correct level of aggressiveness in countermeasures for managing customer impact. Thus, the
www.fico.com page 5
What Is the Future of Banking Fraud Management?
»» insights
CoE allows for the agile deployment of fraud department resources based on each type of risk
(first-party, third-party, internal) and helps the bank deliver a consistent customer experience
across products and channels.
Other banks are adopting a hybrid approach, merging some functions, focusing where the
benefits are greatest. Some are keeping fraud management organizationally, procedurally and
systemically separate while sharing common processes, data and systems. They’re developing
interfaces to connect fraud systems through common APIs that will enable scores and
information from multiple channels to be aggregated into customer profiles, which can be used
to affect subsequent transaction decisions at both the customer and channel level.
Even where fraud organizations remain largely federated, banks can improve coordination by
aligning everybody’s priorities and incentives around common higher-level goals. The online
banking fraud management group, for example, can be rewarded not only for reducing fraud in
its channel, but for the role it plays in reducing overall deposit account fraud as well.
Banks should start with current fraud pain points and/or where they anticipate greater pain in
the near future. One FICO banking client making notable progress in EFM has not experienced a
lot of cross-channel fraud yet. Garanti Bank has gone ahead with cross-channel fraud detection
anyway to stay ahead of the criminals. “The time to invest is before the fire,” explains Beyhan
Kolay, the bank’s senior vice president.
www.fico.com page 6
What Is the Future of Banking Fraud Management?
»» insights
From the chosen starting place(s), banks build their roadmap out with a combination of short- and
long-term initiatives. What needs to happen when will depend on bank business objectives and
priorities, capital position and emerging technology directions.
One of the most important things banks can do to prepare for more integrated and effective fraud
management is to start moving toward using common data definitions. At minimum, there needs
to be a common data field that identifies a wide variety of transactions—ATM withdrawal, mobile
payment, online banking deposit, credit card purchase—as being made by the same customer.
By identifying areas like this where different fraud groups find common ground, banks begin to
lower the silo walls and leverage cross-channel information and customer information in decisions
within their traditional silos. In addition, common policies can at some point be turned into shared
business rules. Banks could consider creating a loose link between incompatible legacy systems, for
example, by enabling them all to call the same external rules-driven decision service for a customer
contact recommendation.
Also, banks should look at ways that sharing fraud scores and other decisioning data can create
mutually beneficial fraud management improvements. For example, a score indicating suspicious
online account activity would be very useful to other areas of the bank making wire transfer or deposit
hold decisions. (For more about integration, see section 7 on page 9.)
Banks today need the flexibility to apply a variety of analytic techniques for different fraud
management needs.
www.fico.com page 7
What Is the Future of Banking Fraud Management?
»» insights
For instance, at originations, custom application fraud models can be trained to detect first-party
fraud—recognizing behavioral patterns of applicants who do not intend to honor the credit
“Fusty old retail obligations they are attempting to assume. They can be used in conjunction with third-party
banking faces its application fraud models that incorporate identity checks. Link analysis can be used to find
relationships between the application data and suspicious entities—the same phone number, for
biggest shake-up in example, as another individual whose previous application scored high for fraud.
200 years”
For transactional fraud detection, where sufficient historical data is available for analytic development,
training and validation, neural network models provide superior fraud detection. Used with dynamic
“...an upheaval is coming, profiles, which compress historical behavioral data into carefully selected and highly predictive
driven by technological characteristics, neural network models can detect abnormal account behavior in a fraction of a second.
changes—the growth This profiling technique can be extended to detect abnormal behavior in other entities involved in
of internet usage on banking transactions, such as ATMs, point-of-sale terminals and mobile phones. In one case recently,
smartphones, the rise when extended profiling was added to an existing neural network protecting the PIN ATM segment of
a bank’s debit card portfolio, fraud detection improved by an additional 30%.
of ‘big data’ computer
processing and the 6. Incorporate the capacity for innovation.
increasing willingness With retail banking continuing to undergo change in technologies, customer behaviors and
of customers to do competitive business models, banks need a capacity to innovate. Whether through internal resources
complicated things or through partnering with an analytics leader, they need access to the latest fraud detection and
decisioning techniques.
online.”
For instance, the self-learning outlier model is an innovative analytic technique for protecting new
channels, products and markets. Where the historical data needed to build traditional supervised
—“Counter Revolution”
models is lacking, banks can nevertheless use this new technique to provide an increasing degree of
The Economist
fraud protection from launch, to early adoption and onward to mass adoption.
May 19, 2012
As depicted in Figure 2, self-learning outlier models quickly recognize typical behavior patterns for
“peer groups” of customers with similar characteristics and adjust to how those behavior patterns
change over time. They infer the values of normal and abnormal activity from the transactions they are
processing by dynamically scaling variable values (converting them to a common unit for comparison
across peer groups) using anomaly detection and other statistical techniques.
Fraud detection for new channels, products and markets must adjust to how What constitues an “outlier”—behavior outside the range of what is typical for
behavior patterns change as consumers grow accustomed to using the service the peer group—changes. This is represented by the changing shape of the
and fraudster schemes emerge. high-risk portion of the curve.
% Population
% Population
Profile variables
Transactional data dynamically updated Dynamic variable scaling Analytic model Dynamic variable scaling Dynamic variable scaling
www.fico.com page 8
What Is the Future of Banking Fraud Management?
»» insights
Because the characteristics being compared among peers can include cross-channel and cross-
product variables, self-learning outlier models are also quite effective against the increasing number
of broad-reaching fraud schemes that siloed fraud detection misses. The technique also simplifies
customer-level fraud management, since what is typical behavior for the peer group and what is an
“outlier” is determined by the self-calibrating distributions of values—represented in Figure 2 by the
changing shape of the red “high risk” area. This eliminates the need for supervised model training
based on historical fraud dispositions (which could become very complex where banks have a
multitude of diverse fraud reporting requirements across channels and products).
One example of an integrated solution is linking application fraud management with ongoing
transactional fraud management. A bank might have an originations solution that uses rules and a
custom application first-party fraud model to decision new accounts. When applications are rejected
because of high fraud scores, the application data, score and decision can be shared with other
product areas to determine if the fraudster has any linkages, such as common phone numbers or
addresses, with accounts already on the bank’s books.
www.fico.com page 9
What Is the Future of Banking Fraud Management?
»» insights
Another area where the advantages of integrating fraud management are quite clear is across different
types of transacting accounts. For instance, banks can do a better job of protecting deposit accounts if
they have an integrated view of all the channels (e.g., debit cards, online banking, ACH payments) and
products (e.g., checking accounts, savings accounts, overdraft credit lines) providing access to them.
This enables analytics to look at how the customer interacts with the account and how funds come in
and out of it. Real-time transactional models can thereby detect changes in payment velocity, payee
distribution and other dynamics that provide early indications of rising fraud risk.
One of the best ways to achieve this kind of integration is with a system that can apply dynamic
profiling techniques at the channel, product and customer levels. As shown in Figure 4, all
transaction records carry the same customer ID, associating the transactions with the individual
Channel variables
ACH
Channel variables
www.fico.com page 10
What Is the Future of Banking Fraud Management?
»» insights
customer making the transactions. Every transaction updates dynamic profiles—at the channel,
account and customer levels—which compress vast amounts of historical behavior data into an
efficient set of variables for real-time analysis. Fraud detection systems can therefore analyze the
current transaction in the context of this rich, multilevel view of what is normal or suspicious for
this individual. This broader view improves fraud detection while helping banks take actions that
have less impact on legitimate customers.
However, that doesn’t mean all fraud detection, case management and treatments—or even any
of it, initially—has to occur at the customer level. Analytics-based integration should provide banks
with the flexibility to generate and use profiles at multiple levels, to perform fraud scoring at one
or more levels simultaneously, and to take actions where they will be most effective. For example,
channel-level scoring can use profiles from anywhere in the hierarchy. Conversely, customer-level
scoring can use channel profiles to analyze channel-specific customer behaviors.
»» Conclusion Enterprise fraud management is finally in reach for many banks—but it’s taking a far different
shape for some than originally expected. Rather than a monolithic solution for all fraud problems,
today’s approach provides flexible ways to address a variety of fraud management needs.
Instead of mandating top-down centralization, it gives banks the means to move toward greater
integration when and where it makes sense for their business.
Learn more:
• D
ownload Insights white papers, which regularly cover analytic innovations and best
practices in fraud.
• S ubscribe to the FICO™ Banking Analytics Blog for the latest on enterprise fraud
management and other fraud topics.
• Get an overview of FICO’s approach to fighting fraud across the enterprise.