- Email: [email protected]
Using anti-fraud technology to improve the customer experience
Feature
Using anti-fraud technology to improve the customer experience
Scott Zoldi
Scott Zoldi, FICO With large data breaches making headlines, consumers in the UK and other countries have a heightened sensitivity to fraud. And the numbers show that they’re right to be vigilant. In the UK, ‘card not present’ fraud reached a high of £624m in 2014, an increase of £153m over 2013. Action Fraud, the national fraud reporting helpline, recorded 225,000 fraud offences in the UK for 2014, which is up 11% on 2013, and these numbers don’t include online fraud.1,2 This represents a volume increase of 211% compared with 2008/09, and is equivalent to four recorded offences for every 1,000 people – more than four times the rate of robbery. At the same time, financial service providers are continuously under pressure to keep the amount of ‘false positive’ fraud detections low while still maintaining a high level of fraud protection. It is extremely challenging to detect fraud faster and more accurately without increasing the number of customers cards that are blocked for simple behavioural changes, rather than a fraudulent transaction. Establishing a quality customer experience is the new priority in the war against fraud. While customer experience has always been part of the equation, it has become an imperative in recent years as consumers frustrated with their banks re-evaluate their financial options. As the battle for market share shifts from product-based advantages to superior branded customer experiences, fraud management services are now at the forefront of customer loyalty.
Triangulating the customer Fraud detection technology has always focused on ways to identify potential fraud transactions efficiently, but now data scientists are equally concerned with how to identity common non-fraud 18
Computer Fraud & Security
among consumer transactions. The main goal is to reduce the ‘false positive’ rate – the number of genuine transactions erroneously caught in the fraud net – to ensure that fewer consumers have their cards blocked. Customers expect that repeated or typical transaction patterns are understood by banks in order to reduce false positives, particularly on transactions that could be made clearer by the customer’s transaction history. An increasingly popular use of fraud technology is to select out-of-band data. The most modern fraud systems use proximity services to identify whether the credit or debit card being used in a transaction is in the same place as the cardholder’s mobile phone. If so, the odds are that the transaction is genuine, particularly if the transaction was flagged as unusual because it took place in a foreign country. This is a relatively simple use of fraud detection technology that leverages phone carriers’ contractual ability to track the location of mobile phones. In trials of the service with UK card accounts, the ability to perform this proximity matching reduced the number of false positives on international transactions by as much as 70%. Essentially, at the heart of card fraud detection is the ability to recognise a
transaction that – alone or in context with other transactions and transaction histories – is atypical or typical of the cardholder. The latest advances in machine learning techniques for fraud detection takes this ability one step further, providing a more detailed view of customers that adapts over time.
Recognising a customer’s routine Consumers are creatures of habit. We have favourite ATMs close to work or home, regularly visit the same petrol stations along a daily commute, shop at preferred supermarkets and online stores. More often than not, we have a popular cash withdrawal amount, preferred times/days to do our banking and even favourite travel destinations. Being able to establish the difference between a simple change in a customer’s behaviour and a fraudulent activity can sometimes be the maker-or-breaker in keeping customers happy. For example, during a recent business trip to London, Tom had his credit card declined when he tried to buy a set of golf clubs at a high-end sporting goods store. The card issuer lost out on the transaction fee when Tom quickly replaced the declined card with a competitor’s card to make his purchase, and subsequently gave a second thought using his preferred payment card for further transactions throughout the day. This genuine customer interaction underlines exactly what’s at stake during July 2015
Feature these split-second points of contact. This transaction in London would flag as a change in behaviour, since Tom lives in Manchester and normally shops there. If this change was fraud, traditional detection analytics would be likely to pick it up: there’s the out-of-town point of sale being used, and the transaction velocity and spending amounts on a compromised card may look unusual compared to Tom’s historical spending patterns. Cardholder profiles in traditional fraud analytics would know how much Tom typically spends in the general category of travel and entertainment, but a new analytic technology – which we call behaviour-sorted lists – can reveal even finer-grained insights: Tom frequently makes sporting goods purchases in amounts within the range of the current purchase, and has made transactions at country clubs in the past. In light of these behaviour patterns, the current transaction would look less suspicious. With behaviour-sorted lists, an advanced algorithm identifies these favourites in real-time as the customer’s transactional patterns emerge and change over a number of transactions. With each transaction, it updates the lists. The more frequent entries are ranked at the top of the list, while less frequent ones eventually fall away and are replaced with new transactions. Behaviour-sorted lists add power to traditional cardholder profiles by providing a more granular view into the typical transactional patterns of individuals. These lists improve a fraud system’s ability to rapidly distinguish between normal and suspicious transaction activity. Alternatively, if Tom had never been on a golf course and didn’t frequent sporting goods stores in his home town, then another new analytic technique – known
as collaborative profiles – would still help the bank protect his customer experience. Collaborative profiles would reveal that Tom’s transactional behaviour, though a change for him, was nevertheless highly probable. Collaborative profiles determine the probability of a certain transaction being unusual enough to create a red flag based on the behaviour patterns of other cardholders with similar characteristics, using collaborative filtering techniques. By harnessing the transaction patterns from cardholders with similar archetypes, a collaborative profile solution ensures that any common or likely behaviour shared by customers of similar archetypes is not flagged as fraudulent, which improves the customer experience as this new behaviour for a customer is deemed typical for customers that share that mix of archetypes.
Global archetypes Collaborative profiles track archetype loadings of customers to provide an even more complete and textured view of customer behaviour. These improve understanding of customers and enable financial service providers to anticipate new behaviours, by looking at individuals through a global lens. This streaming version of collaborative filtering provides a dynamic view of who the customer is. It maps actual individuals to multiple behavioural archetypes in real-time, and updates the mapping with each new transaction. These archetypes are not conceptual, hand-built categories. Rather they are machine-learned by an algorithm that analyses historical transactional data, which can come from multiple sources, in any form.
This diverse data is combined into a single document, which the algorithm examines as a whole, to find similarities in customer behaviour that support the discovery of archetypes. This document is unstructured – data can be added to it without the need to know what predictive characteristics the various data sources contain, or specify relationships between them, as this is learned by collaborative filtering. In other words, no data model is required. An advantage of this approach is flexibility to work with whatever transactional data elements become available. These unstructured data analytics can be performed in real-time fraud environments. In production, the algorithm analyses data streaming from ongoing transactions to map actual customers against the archetypes. A customer’s mapping consists of a distribution (percentage match) across multiple archetypes. This distribution is updated continuously, as each transaction takes place. As new transactional data comes in, the algorithm compares the cardholder’s current archetypal distribution with what it would be if the pending transaction went through. It measures the difference between those distributions, which is a distance metric the fraud detection system can take into account when scoring the transaction. The size of the distance metric indicates how risky the transaction is. Larger distances are inconsistent with current archetype distributions so raise fraud scores as they are more risky. Smaller distances are consistent with current archetype distributions have lower scores or are left unaffected as they are less risky. A key strength of collaborative profiles is anticipatory insights. For example, Continued on page 20...
A SUBSCRIPTION INCLUDES: • Online access for 5 users • An archive of back issues
8 July 2015
www.computerfraudandsecurity.com
Computer Fraud & Security
19
feature/CALENDAR ...Continued from page 19 let’s suppose a customer, Casey, tries to purchase surround sound stereo equipment from an online retailer. Casey has never purchased stereo equipment on this account before, nor has he been a big online spender. However, Casey’s archetypal distribution shows a strong allocation to a ‘home improver’ archetype, which has a high tendency to spend on consumer electronics. Thus this spending behaviour, though never before seen on Casey’s account, is highly probable for consumers that share his behaviours. These unusual transactions are, therefore, less likely to be indicators of fraud than simply instances of new, and anticipated, behaviour by legitimate customers.
Improving the customer experience The new analytic technologies described in this article have the potential to deliver even greater benefits when used in conjunction with one another. Combining the different types of realtime insights they provide can help companies distinguish between contextual change, such as travel, and more far-reaching demographic and lifestyle shifts. These adaptations to fraud detection technology will ensure customers are not blocked from using their card unless there is a clear sign of fraud, which ultimately keeps customers happy. Nevertheless, it is not just fraud detection technology that has changed – the way we assess the customer experience has also altered. The metrics for calculating customer loyalty are expanding beyond the traditional tracking of revenue, usage and attrition rates. Many financial service providers pay careful attention to their Net Promoter Scores as they work to improve fraud strategies – they analyse fraud data against customer satisfaction surveys to establish customer habits and demands. One of the most important ways that financial institutions are improving the customer experience is through fraud alerts 20
Computer Fraud & Security
that contact the cardholder using their preferred channel – voice, email or SMS. For instance, when a suspicious transaction is taking place, an interactive SMS can allow a cardholder to approve it in real time.
The future The analytics discussed here represent a new breed of machine learning – potentially applicable to a wide range of customer interactions – that is dramatically improving the ability to make complex, high-stakes decisions in real-time. As the quantity and variety of data being captured continues to expand, one of the most important things analytics can do for financial service providers is to rapidly understand and anticipate change. Knowing what is changing and whether it’s important is the key to creating vitality and value in customer relationships. The best way to constantly improve the customer fraud experience is to have an integrated analytical approach to antifraud technology. Today, customers opt for financial service providers that combine security and convenience in standout ways. Organisations that understand this imperative and establish ways to both protect and please consumers will become the strongest contenders in this battle to retain and grow loyal customers.
About the author Scott Zoldi is a vice president of transaction analytics at FICO. He is responsible for the analytic development of FICO’s transaction analytics products and solutions, including the FICO Falcon Fraud Manager product which protects about two thirds of the world’s payment card transactions from fraud. He blogs at www.fico.com/blog.
References 1. Action Fraud, home page. Accessed Jun 2015. www.actionfraud.police.uk. 2. ‘Crime in England and Wales, year ending December 2014’. Office for National Statistics, Statistical Bulletin. Accessed Jun 2015. www.ons.gov.uk/ ons/dcp171778_401896.pdf.
EVENTS 1–6 August 2015 Black Hat USA Las Vegas, US www.blackhat.com
6–9 August 2015 DefCon 23
Las Vegas, US www.defcon.org
12–14 August 2015
24th USENIX Security Symposium Washington, DC, US https://www.usenix.org/conference/ usenixsecurity15
8–10 September 2015
International Conference on Information Security and Digital Forensics Kuala Lumpur, Malaysia http://sdiwc.net/conferences/isdf2015/
13–18 September 2015 Hacker Halted USA Atlanta, Georgia www.hackerhalted.com
14–15 September 2015
Gartner Security & Risk Management Summit London, UK www.gartner.com/technology/summits/ emea/security/
22–25 September 2015 OWASP AppSec USA
San Francisco, US https://2015.appsecusa.org/c/
28 September–1 October 2015 (ISC)2 Security Congress Anaheim, CA, US https://congress.isc2.org/
28–30 September 2015
Cyber Intelligence Europe Bucharest, Romania www.intelligence-sec.com/events/cyberintelligence-europe-2015
July 2015
Using anti-fraud technology to improve the customer experience
Scott Zoldi
Scott Zoldi, FICO With large data breaches making headlines, consumers in the UK and other countries have a heightened sensitivity to fraud. And the numbers show that they’re right to be vigilant. In the UK, ‘card not present’ fraud reached a high of £624m in 2014, an increase of £153m over 2013. Action Fraud, the national fraud reporting helpline, recorded 225,000 fraud offences in the UK for 2014, which is up 11% on 2013, and these numbers don’t include online fraud.1,2 This represents a volume increase of 211% compared with 2008/09, and is equivalent to four recorded offences for every 1,000 people – more than four times the rate of robbery. At the same time, financial service providers are continuously under pressure to keep the amount of ‘false positive’ fraud detections low while still maintaining a high level of fraud protection. It is extremely challenging to detect fraud faster and more accurately without increasing the number of customers cards that are blocked for simple behavioural changes, rather than a fraudulent transaction. Establishing a quality customer experience is the new priority in the war against fraud. While customer experience has always been part of the equation, it has become an imperative in recent years as consumers frustrated with their banks re-evaluate their financial options. As the battle for market share shifts from product-based advantages to superior branded customer experiences, fraud management services are now at the forefront of customer loyalty.
Triangulating the customer Fraud detection technology has always focused on ways to identify potential fraud transactions efficiently, but now data scientists are equally concerned with how to identity common non-fraud 18
Computer Fraud & Security
among consumer transactions. The main goal is to reduce the ‘false positive’ rate – the number of genuine transactions erroneously caught in the fraud net – to ensure that fewer consumers have their cards blocked. Customers expect that repeated or typical transaction patterns are understood by banks in order to reduce false positives, particularly on transactions that could be made clearer by the customer’s transaction history. An increasingly popular use of fraud technology is to select out-of-band data. The most modern fraud systems use proximity services to identify whether the credit or debit card being used in a transaction is in the same place as the cardholder’s mobile phone. If so, the odds are that the transaction is genuine, particularly if the transaction was flagged as unusual because it took place in a foreign country. This is a relatively simple use of fraud detection technology that leverages phone carriers’ contractual ability to track the location of mobile phones. In trials of the service with UK card accounts, the ability to perform this proximity matching reduced the number of false positives on international transactions by as much as 70%. Essentially, at the heart of card fraud detection is the ability to recognise a
transaction that – alone or in context with other transactions and transaction histories – is atypical or typical of the cardholder. The latest advances in machine learning techniques for fraud detection takes this ability one step further, providing a more detailed view of customers that adapts over time.
Recognising a customer’s routine Consumers are creatures of habit. We have favourite ATMs close to work or home, regularly visit the same petrol stations along a daily commute, shop at preferred supermarkets and online stores. More often than not, we have a popular cash withdrawal amount, preferred times/days to do our banking and even favourite travel destinations. Being able to establish the difference between a simple change in a customer’s behaviour and a fraudulent activity can sometimes be the maker-or-breaker in keeping customers happy. For example, during a recent business trip to London, Tom had his credit card declined when he tried to buy a set of golf clubs at a high-end sporting goods store. The card issuer lost out on the transaction fee when Tom quickly replaced the declined card with a competitor’s card to make his purchase, and subsequently gave a second thought using his preferred payment card for further transactions throughout the day. This genuine customer interaction underlines exactly what’s at stake during July 2015
Feature these split-second points of contact. This transaction in London would flag as a change in behaviour, since Tom lives in Manchester and normally shops there. If this change was fraud, traditional detection analytics would be likely to pick it up: there’s the out-of-town point of sale being used, and the transaction velocity and spending amounts on a compromised card may look unusual compared to Tom’s historical spending patterns. Cardholder profiles in traditional fraud analytics would know how much Tom typically spends in the general category of travel and entertainment, but a new analytic technology – which we call behaviour-sorted lists – can reveal even finer-grained insights: Tom frequently makes sporting goods purchases in amounts within the range of the current purchase, and has made transactions at country clubs in the past. In light of these behaviour patterns, the current transaction would look less suspicious. With behaviour-sorted lists, an advanced algorithm identifies these favourites in real-time as the customer’s transactional patterns emerge and change over a number of transactions. With each transaction, it updates the lists. The more frequent entries are ranked at the top of the list, while less frequent ones eventually fall away and are replaced with new transactions. Behaviour-sorted lists add power to traditional cardholder profiles by providing a more granular view into the typical transactional patterns of individuals. These lists improve a fraud system’s ability to rapidly distinguish between normal and suspicious transaction activity. Alternatively, if Tom had never been on a golf course and didn’t frequent sporting goods stores in his home town, then another new analytic technique – known
as collaborative profiles – would still help the bank protect his customer experience. Collaborative profiles would reveal that Tom’s transactional behaviour, though a change for him, was nevertheless highly probable. Collaborative profiles determine the probability of a certain transaction being unusual enough to create a red flag based on the behaviour patterns of other cardholders with similar characteristics, using collaborative filtering techniques. By harnessing the transaction patterns from cardholders with similar archetypes, a collaborative profile solution ensures that any common or likely behaviour shared by customers of similar archetypes is not flagged as fraudulent, which improves the customer experience as this new behaviour for a customer is deemed typical for customers that share that mix of archetypes.
Global archetypes Collaborative profiles track archetype loadings of customers to provide an even more complete and textured view of customer behaviour. These improve understanding of customers and enable financial service providers to anticipate new behaviours, by looking at individuals through a global lens. This streaming version of collaborative filtering provides a dynamic view of who the customer is. It maps actual individuals to multiple behavioural archetypes in real-time, and updates the mapping with each new transaction. These archetypes are not conceptual, hand-built categories. Rather they are machine-learned by an algorithm that analyses historical transactional data, which can come from multiple sources, in any form.
This diverse data is combined into a single document, which the algorithm examines as a whole, to find similarities in customer behaviour that support the discovery of archetypes. This document is unstructured – data can be added to it without the need to know what predictive characteristics the various data sources contain, or specify relationships between them, as this is learned by collaborative filtering. In other words, no data model is required. An advantage of this approach is flexibility to work with whatever transactional data elements become available. These unstructured data analytics can be performed in real-time fraud environments. In production, the algorithm analyses data streaming from ongoing transactions to map actual customers against the archetypes. A customer’s mapping consists of a distribution (percentage match) across multiple archetypes. This distribution is updated continuously, as each transaction takes place. As new transactional data comes in, the algorithm compares the cardholder’s current archetypal distribution with what it would be if the pending transaction went through. It measures the difference between those distributions, which is a distance metric the fraud detection system can take into account when scoring the transaction. The size of the distance metric indicates how risky the transaction is. Larger distances are inconsistent with current archetype distributions so raise fraud scores as they are more risky. Smaller distances are consistent with current archetype distributions have lower scores or are left unaffected as they are less risky. A key strength of collaborative profiles is anticipatory insights. For example, Continued on page 20...
A SUBSCRIPTION INCLUDES: • Online access for 5 users • An archive of back issues
8 July 2015
www.computerfraudandsecurity.com
Computer Fraud & Security
19
feature/CALENDAR ...Continued from page 19 let’s suppose a customer, Casey, tries to purchase surround sound stereo equipment from an online retailer. Casey has never purchased stereo equipment on this account before, nor has he been a big online spender. However, Casey’s archetypal distribution shows a strong allocation to a ‘home improver’ archetype, which has a high tendency to spend on consumer electronics. Thus this spending behaviour, though never before seen on Casey’s account, is highly probable for consumers that share his behaviours. These unusual transactions are, therefore, less likely to be indicators of fraud than simply instances of new, and anticipated, behaviour by legitimate customers.
Improving the customer experience The new analytic technologies described in this article have the potential to deliver even greater benefits when used in conjunction with one another. Combining the different types of realtime insights they provide can help companies distinguish between contextual change, such as travel, and more far-reaching demographic and lifestyle shifts. These adaptations to fraud detection technology will ensure customers are not blocked from using their card unless there is a clear sign of fraud, which ultimately keeps customers happy. Nevertheless, it is not just fraud detection technology that has changed – the way we assess the customer experience has also altered. The metrics for calculating customer loyalty are expanding beyond the traditional tracking of revenue, usage and attrition rates. Many financial service providers pay careful attention to their Net Promoter Scores as they work to improve fraud strategies – they analyse fraud data against customer satisfaction surveys to establish customer habits and demands. One of the most important ways that financial institutions are improving the customer experience is through fraud alerts 20
Computer Fraud & Security
that contact the cardholder using their preferred channel – voice, email or SMS. For instance, when a suspicious transaction is taking place, an interactive SMS can allow a cardholder to approve it in real time.
The future The analytics discussed here represent a new breed of machine learning – potentially applicable to a wide range of customer interactions – that is dramatically improving the ability to make complex, high-stakes decisions in real-time. As the quantity and variety of data being captured continues to expand, one of the most important things analytics can do for financial service providers is to rapidly understand and anticipate change. Knowing what is changing and whether it’s important is the key to creating vitality and value in customer relationships. The best way to constantly improve the customer fraud experience is to have an integrated analytical approach to antifraud technology. Today, customers opt for financial service providers that combine security and convenience in standout ways. Organisations that understand this imperative and establish ways to both protect and please consumers will become the strongest contenders in this battle to retain and grow loyal customers.
About the author Scott Zoldi is a vice president of transaction analytics at FICO. He is responsible for the analytic development of FICO’s transaction analytics products and solutions, including the FICO Falcon Fraud Manager product which protects about two thirds of the world’s payment card transactions from fraud. He blogs at www.fico.com/blog.
References 1. Action Fraud, home page. Accessed Jun 2015. www.actionfraud.police.uk. 2. ‘Crime in England and Wales, year ending December 2014’. Office for National Statistics, Statistical Bulletin. Accessed Jun 2015. www.ons.gov.uk/ ons/dcp171778_401896.pdf.
EVENTS 1–6 August 2015 Black Hat USA Las Vegas, US www.blackhat.com
6–9 August 2015 DefCon 23
Las Vegas, US www.defcon.org
12–14 August 2015
24th USENIX Security Symposium Washington, DC, US https://www.usenix.org/conference/ usenixsecurity15
8–10 September 2015
International Conference on Information Security and Digital Forensics Kuala Lumpur, Malaysia http://sdiwc.net/conferences/isdf2015/
13–18 September 2015 Hacker Halted USA Atlanta, Georgia www.hackerhalted.com
14–15 September 2015
Gartner Security & Risk Management Summit London, UK www.gartner.com/technology/summits/ emea/security/
22–25 September 2015 OWASP AppSec USA
San Francisco, US https://2015.appsecusa.org/c/
28 September–1 October 2015 (ISC)2 Security Congress Anaheim, CA, US https://congress.isc2.org/
28–30 September 2015
Cyber Intelligence Europe Bucharest, Romania www.intelligence-sec.com/events/cyberintelligence-europe-2015
July 2015