Professional Documents
Culture Documents
BuyersGuide For Fraud Detection in Banking - Guide - For - FR - 756888 - NDX
BuyersGuide For Fraud Detection in Banking - Guide - For - FR - 756888 - NDX
BuyersGuide For Fraud Detection in Banking - Guide - For - FR - 756888 - NDX
Additional Perspectives
■ Security and Risk Management Leaders’ Guide to Online Fraud Detection and
Identity Proofing
■ Most banks have multiple fraud detection platforms, typically deployed at the
banking product level (e.g., debit cards, wire transfers, digital banking channels),
resulting in gaps between silos open to exploitation by fraudsters.
■ Many banks regard on-premises deployments as the only option for fraud-detection-
focused transaction monitoring, discounting the possibility of cloud or vendor-
hosted deployment models without adequate consideration.
■ RFPs for fraud detection solutions often fail to reveal sufficient differentiation
between vendors because they focus on too narrow a set of capabilities and
features. Proof of concept (POC) projects are relatively common when assessing
new fraud detection vendors. However, each of the different approaches to a POC
comes with significant challenges.
Recommendations
Security and risk management (SRM) leaders responsible for fraud detection must:
■ Gain the buy-in of stakeholders by clearly identifying and communicating the drivers
behind utilizing a new fraud detection solution and the business benefits of doing
so.
■ Evaluate all deployment models with an open mind by assessing which aligns most
strongly with organizational infrastructure strategy and which is best-placed to
deliver cost-effective business benefits.
■ Create an effective RFP by focusing on the fullest range of transaction and event
monitoring capabilities to differentiate among vendors. Decide whether doing a POC
project is worthwhile or feasible by understanding the scope, limitations and
constraints of the various POC approaches.
By 2025, the number of new deployments of transaction and event fraud detection
monitoring platforms for banking that are vendor-hosted and managed will double to
more than 70%, reducing operational costs and complexity.
Introduction
Monitoring financial transactions and events for fraud in real time across a variety of
products and channels is a critical requirement that all banks must fulfill. This task is
challenging for many banks as they have multiple solutions from multiple vendors
deployed at the banking product or channel level. For example, they offer one solution for
screening card authorizations, another solution for wire transfers, yet another for digital
banking and so on. The majority of these solutions were deployed on-premises many
years ago and may now be behind in the upgrade cycle, and difficult to migrate away
from.
This use of multiple fraud detection platforms hampers the ability of banks to detect
cross-channel fraud activity that targets accounts by exploiting a customer’s many
different contact points with the bank. As fraud attack vectors have evolved in parallel
with increasing expectations of minimal friction for customers, alongside industry
changes such as faster payments, banks are finding that their long-standing deployed
solutions often no longer meet their requirements. At a time when many banks work to
execute on digital transformation programs and migration to cloud environments, the
future of these multiple legacy on-premises deployments must be addressed.
So how can SRM leaders in banking choose a modern solution for transaction- and event-
based fraud detection that supports a more cost-effective and efficient customer-centric
approach that is product- and channel-agnostic? They should follow the steps outlined in
this research, in conjunction with using Tool: RFP Questionnaire Template for Fraud
Detection in Banking, to (see Figure 1):
Note: This research is about transaction and event monitoring with a fraud detection
focus. It is not about transaction monitoring in the context of anti-money-laundering
(AML), often also referred to as “financial crime.” While many vendors in this market offer
capabilities to address both use cases, the sole focus here is fraud detection.
Analysis
Identify Drivers to Make a Solid Business Case
All banks will have one or more fraud detection solutions of sorts in place for monitoring
transactions and events across their credit and debit card portfolios, wire transfers, digital
banking channels, and other product lines for fraud. The decision to move to a new
solution is not a trivial one. Implementing a new fraud detection solution for transaction
and event monitoring is a project that can typically cost more than $250,000 in
implementation costs and take significant time and resources to execute. Gartner
observes that many such exploratory projects to seek replacement products never come to
fruition due to weak business cases that fail to identify the key benefits and drivers for
upgrading transaction and event monitoring capabilities. As a result, investment is not
forthcoming to replace the status quo that banks often convince themselves is “good
enough.”
■ Reduce fraud
Action: SRM leaders must seek to evolve their bank’s approach to detecting fraudulent
transactions and events by moving from a channel-level and product-level approach to a
customer-level approach. By using a single platform to monitor for fraud across a
customer’s account activity with the bank, fraudsters cannot take advantage of a siloed
detection strategy.
In the same way that banks seek to have a single view of the customer from a
relationship perspective, SRM leaders should implement a transaction and event
monitoring solution that enables a single view of the fraudster.
SRM leaders must define requirements for any transaction and event monitoring solution
to be able to support or orchestrate fraud detection across the breadth of the bank’s
products and channels, including the contact center. These different types of transactions
(for example, a wire transfer versus a credit card transaction) will have markedly different
attributes and characteristics. As such, a fraud detection solution may require the use of
different ML models to screen these various transaction types. Vendors should be asked
to demonstrate how their solutions can assess the risk of any given transaction or event
by taking into account the previous activity seen for that customer across transaction
types and, hence, across different ML models within the solution.
■ Many solutions were deployed 10+ years ago when on-premises was the only
available option to meet data security and response time requirements.
■ Banks have historically been averse to sending their transaction data outside of their
networks.
The benefits of moving applications to the cloud that are relevant in any industry, such as
lower total cost of ownership (TCO), ease of scalability, more efficient maintenance and
upgrades, and speed of deployment, are equally relevant to banking. 1 The majority of
banks now have cloud migration projects underway, although migration of core banking
and payment applications to the cloud are unlikely to be at the top of the list until
confidence is built up (see Top Trends in the Cloud Heat Map for Banking and Investment
Services for 2021). 2
Vendors were asked to rank these deployment options across different criteria, with the
results below consistent across the majority of vendors:
■ Fees for implementation: On-premises was most expensive, with private cloud and
public cloud in next place with equivalent fees, and the vendor-hosted model being
the least expensive to deploy.
Vendors were also asked to give figures reflecting the percentage of their client
deployments that fall within each category — first across all their deployments ever, and
second just for deployments made in the last two years. The results are summarized in
Figure 2. Note that none of the vendors revealed the absolute number of client
deployments for reasons of confidentiality.
The results indicate a marked drop in the number of on-premises deployments in the last
two years versus historical deployments. This is offset by a significant increase in the
number of public cloud deployments in the last two years, and a moderate increase in the
number of vendor-hosted deployments. While on-premises just about remains the
dominant deployment model, over one-third of deployments in the last two years are
vendor-hosted and managed.
Action: SRM leaders should have an open mind and explore the breadth of deployment
options available rather than simply assuming that on-premises is the only viable option.
Most vendors now offer a range of deployment modes that can align with a bank’s
infrastructure and application deployment strategy. Assess each of these deployment
models on the basis of performance, scalability, implementation costs, ongoing vendor
fees, operational burden and TCO. Seek references from other clients that have deployed
as you wish to, understanding any challenges faced and the benefits that were realized.
The foundation of assessing any vendors is, of course, focused on core aspects such as:
■ Client base — size, geographic spread, profile of clients, win rate, attrition rate
Differentiating at the product level itself is a more challenging task for many banks that
may lack the domain expertise to understand what is available in the market. Table 2 lists
the broad set of product features and capabilities that should be considered when
assessing any vendor.
Action: SRM leaders must differentiate between vendors for fraud detection in the RFP
process by asking questions that align with the fullest set of capabilities as described in
Table 1. SRM leaders should leverage Tool: RFP Questionnaire Template for Fraud
Detection in Banking to view detailed questions to ask vendors in each of the areas listed
in Table 1. The tool also provides context as to the reason for and value of asking each
question. Questions that are deemed appropriate for your focus and requirements can be
leveraged in your relevant organizational RFP templates.
The business drivers discussed earlier should be clearly explained right at the beginning
of the RFP so that vendors have a clear understanding of what they need to deliver.
Finally, as much detail as possible about the events, products and channels that will be
within the purview of the fraud detection solution should be included.
The manner in which these POC projects were conducted also varied greatly. The most
common approach was for a bank to provide a batch file of historical data for the vendor
to analyze — in a bid to seek evidence that the vendor could identify fraudulent
transactions within the dataset. While this approach is relatively low effort for the bank,
many vendors were keen to point out that such an approach offers negligible value in
practice. In production deployments, most vendors would be building custom ML models
for the bank. In these batch file POCs, off-the-shelf, existing ML models typically need to
be used which lack specificity to the data in question. Vendors also pointed out that none
of their solutions would perform at optimal levels from the outset, but would typically
improve over time as models matured — another aspect lost in the batch file POC
approach. Additionally, capabilities of some vendors, such as device intelligence,
behavioral biometrics and behavior risk assessment for digital channels, cannot be
assessed with historical batch data. Such POC projects were cited as taking two to four
weeks.
Action: SRM leaders must consider whether they are willing to invest the time and effort in
a POC project, or whether relying on RFP responses and appropriate client references is
sufficient. Where a batch file POC project is undertaken, SRM leaders must seek clarity
from vendors beforehand about the inevitable caveats that will be made around the
results. SRM leaders must ensure that internal stakeholders are aware of such limitations.
Upon understanding these, a pragmatic decision can be made as to whether the POC
genuinely offers value or is actually a tickbox exercise that can be skipped. Where a POC
project is being carried out that involves a live production integration, SRM leaders should
set expectations with business stakeholders about the length of time involved to gain
meaningful insights.
Evidence
1
Challenges and Opportunities in Banks’ Cloud Migration, Accenture blog.
2
On the Road to Cloud, Banks Still Have Far to Go, Forbes.
3
Fourteen representative vendors within the banking fraud detection market were
surveyed regarding deployment models and POC projects. The surveyed vendors were ACI,
AI Corporation, BAE Systems, Bottomline, DataVisor, Featurespace, Feedzai, FICO,
Fraud.net, IBM, NICE, SAS, Tencent and XTN Cognitive Security. The vendors included in
this survey do not constitute an exhaustive list of all vendors within this market. Inclusion
in this survey of representative vendors is not an endorsement, nor is omission an implied
criticism. Gartner thanks the listed vendors for supporting this research.
4
Based on analysis of over 1,150 client inquiries taken by Gartner analysts Akif Khan and
Jonathan Care during 2021.
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of
Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form
without Gartner's prior written permission. It consists of the opinions of Gartner's research
organization, which should not be construed as statements of fact. While the information contained in
this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties
as to the accuracy, completeness or adequacy of such information. Although Gartner research may
address legal and financial issues, Gartner does not provide legal or investment advice and its research
should not be construed or used as such. Your access and use of this publication are governed by
Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its
research is produced independently by its research organization without input or influence from any
third party. For further information, see "Guiding Principles on Independence and Objectivity."
■ Reduce silos between multiple fraud platforms ■ Improve explainability into machine learning ■ Reduce number of platforms across the
(ML) decisions business
■ Reduce case management workload
■ Improve ML performance predictions ■ Reduce burden of on-premises management
■ Reduce investigation costs
■ Improve ML promotion controls ■ Improve efficiency of ML model maintenance
■ Reduce false positives
■ Address bias in ML models
■ Reduce fraud
Capability Description
Data Ingestion and Responses Supported methods for sending transaction, event and interaction data for
monitoring and receiving responses
Products, Channels and Events Supported Breadth of support for banking products (e.g., cards, wire transfers),
channels (e.g., online, contact center) and events (e.g., payment, login,
account update, password reset)
Rules or Policy Engine Approach to enabling creation and management of rules and policies for
fraud detection
Governance, Bias and Explainability Approach to ensuring that ML capabilities are subject to oversight and
control
Consortium Data Sharing of data between a vendor’s banking clients for mutual benefit
Authentication Support Whether native authentication tools are offered on the platform or can be
orchestrated via risk-based assessment
Digital Risk/Trust Signals Support Whether native tools to detect risk in digital channels are offered on the
platform