Bank Carding How banks use fraud detection systems (Anti Fraud Systems)


xanix

Advanced
Joined
20.10.20
Messages
110
Reaction score
892
Points
93
Imagine that: you see a great offer on the Internet and try to use it immediately by paying for the purchase with a Bank card, but suddenly you find that your card has been blocked by the bank without warning.

Or you suddenly receive a text message about debiting a significant amount: Oh, horror! the card is used by unknown scoundrels who stole your data…

I will tell you how banks and companies use fraud detection systems (antifraud) and protect our money (sometimes from ourselves).

What is a fraud?


Fraud in the General sense is fraud, actions aimed at taking possession of someone else's property (goods or money) through deception.
This concept includes actions ranging from taking out a loan based on forged documents to abusing the terms of returning goods in the store.
In fact, fraud can be defined as actions that pose a financial risk to an individual or organization, but do not include open robbery using aggressive methods.
According to statistics, most cases of fraud are caused by card fraud.

Where are the risks hidden? Weak links in the online shopping chain


To understand the features of the antifraud system, first let's schematically consider the chain of events that make up any purchase on the Internet.

Each arrow indicates an interaction that requires data transfer. If the first link in the chain is a fraudster, then all the next links will suffer in one way or another:

  • The buyer in this scheme is the real owner of the card or a fraudster who has become the owner of its data.
  • Merchant enterprise (TA, in terms of electronic payments: merchant) – for example, an online store.
  • An electronic payment system (for example, PayPal – a service that accepts payments via the Internet
  • Acquiring Bank – a bank that provides card payment processing services to the merchant
  • Payment system (for example, Visa, Master Card) – responsible for settlements between banks
  • Issuing Bank - the bank that issued the card used by the buyer to pay for the product.
Fraud becomes possible due to the use of a bona fide customer's data by fraudsters, as a result of their theft through phishing, skimming, or direct data leakage.

For the buyer, an online purchase seems to be a single transaction with real-time calculations, but calculations between organizations further down the chain take place within a few days. If the fraud was not discovered immediately, it will be difficult to investigate it.

Who suffers more from fraud?

No matter how much we sympathize with the citizens whose data is stolen, it is still worth considering the difficulties that arise from other parties to the transaction. If the store, Bank, or payment system did not have time to respond, you, as the affected party, can ask the Bank for a refund of the amount debited without your knowledge. The Bank, as a rule, will try to meet you halfway and initiates a so-called chargeback.

However, a store that allows payment using stolen data will be forced to reimburse the purchase price out of their own pocket.

If 1% or more of the total number of fraudulent transactions is found among all the store's transactions, then international payment systems can issue a fine to both the acquiring Bank and the store. This harms the wallet and reputation of the retail outlet and Bank, and worsens the possibility of their further cooperation with other organizations.

To avoid such difficulties, anti-fraud systems that work on the side of a Bank, payment system, or online store come into play.

What is antifraud?

In the modern sense, an anti-fraud tool is an analytical system and a set of measures for evaluating financial transactions (including on the Internet) for the likelihood of fraud.

Anti-fraud systems try to detect fraudulent activities based on the characteristics of the transaction and the client.

Recognizing unusual behavior and applying built-in filters, the anti-fraud solution evaluates the risk of a transaction and applies certain measures, prohibiting or allowing it to be carried out, or recommending further processing of the event by the Bank's employees (fraud analysts).

There are many similar solutions on the market with their own architecture and functionality, but their operating principles are similar.

How does the antifraud system work?

When making a purchase in an online store, you add products to your shopping cart, place an order, and go to the payment page. The minimum data that you provide further is the card number, the name of its owner, and the CVC code.

But the actual data transmitted is much larger: this includes information about the runtime environment (browser, OS, and device), IP address, cookies that include the http session ID, and so on.

When making a purchase, the user performs an action in the browser or mobile application, the transaction is sent (omit the details) to the Bank's backend server and then to the internal banking information systems for making payments.

Let's look at the general principles of how the anti-fraud system works on the bank's side.

Backend
- the bank's server sends information about the transaction to the anti-fraud system and waits for permission to "conduct" the payment and fix it in automated banking systems.

An anti-fraud system (and sometimes a fraud analyst) - analyzes information to make a decision about the legitimacy of this transaction.

Anti-fraud - the system processes incoming events (payments), evaluates their risk, initiates other services (such as additional client authentication) if required, and sends back the solution.

As a result, the user's payment is confirmed or rejected.

What exactly is going on inside the anti-fraud system?

First stage of control: Stop lists


These are" hard " filters: if the transaction description contains information related to the stop list, any further checks are stopped and the transaction is rejected. Usually, the card number, IP address, point of sale, and country are checked.

Anti-fraud-the system checks whether the card number is not in the list of numbers used by criminals or "leaked" on the black market, whether the store is marked as suspicious.

Often, large online stores do not accept cards issued in certain countries in Asia, Latin America and Africa, as international statistics indicate a large number of fraudulent transactions with Bank cards from these regions.

Risk assessment

If the transaction is not immediately blocked based on stop lists, the anti-fraud system applies a number of rules to assess the degree of risk.

First of all, information about the transaction is supplemented with information about the client, their card, and settlement history, which is "pulled up" from numerous Bank systems and other sources (for example, the user's movement speed can be estimated from geolocation data from their mobile device).

A transaction is assigned a certain score: from "safe" (green) to "requiring additional verification" (yellow) or "extremely suspicious" (red).

How does the anti-fraud system identify suspicious transactions?

The anti-fraud system rules set limits on transactions based on factors such as:

  • The number of purchases made by one customer or by one card over a certain period of time
  • The amount of one purchase by card (or by one customer) for a period of time
  • The number of cards used by one customer over a certain period of time
  • Number of users who make purchases using the same card
  • Transaction history of this store client / cardholder (especially purchases and withdrawals)
  • Profile of the average customer of the store where the online purchase is made

The main trigger (signal) that marks an event as suspicious is data heterogeneity or an event that is not specific to this client or the profile (group) of clients to which it belongs.

Anti-fraud systems store and process large amounts of data using complex mathematical methods and can detect connections that are not obvious even to an attentive employee and new unusual patterns that are not yet described by existing scenarios in the system.

However, you can give examples of situations that the anti-fraud system is very likely to assess as carrying a high risk.

Typical suspicious transactions for online purchases include:

  • Payment by one card from different devices with different IP addresses
  • Payment from the same device and IP address using different cards
  • Repeated failed attempts to confirm a transaction
  • Using the same card to pay for orders from different accounts in the same online store
  • Differences in the name of the online store buyer's account and the cardholder who paid for the order
  • Different countries of the buyer, merchant, and card issuing Bank

Antifraud solution

Conditional points indicating the degree of risk of a transaction (scoring) determine whether it will be recognized as harmless and approved, requiring additional confirmation of the client's identity (authentication) and/or review by the analyst, or immediately classified as fraudulent and rejected.

How does the system recognize and authenticate the user?

If the anti-fraud system has assigned a transaction a risk level that requires additional authentication, then after entering your card details, you can receive an email asking you to confirm the purchase, an SMS with a code word, or a push notification in the mobile app.

In addition, the Bank may block a small amount on your card and then ask you to enter its exact value to make sure that the card really belongs to you. For large transaction amounts, a Bank employee can call you to confirm the payment.

After successful authentication, the anti-fraud system gives a "green light": the transaction can be successfully completed.

Working as a fraud analyst

With manual monitoring, the fraud analyst considers an event ("incident"), classifying it into categories ranging from exactly fraudulent to exactly legitimate. The final status of a transaction's legitimacy may depend not on the decision of an individual employee, but on the combined assessment of several analysts working independently of each other.

Let's turn from bank customers into anti-fraud analysts for a few minutes and go through the operation analysis step using the example of one of the most famous anti-fraud systems SAS AML (SAS AntiMoney Laundering - the name speaks for itself).

A system of this kind consists of the following functional parts:

  1. Data storage
  2. Triggers and alerts ("alerts»)
  3. Investigation
  4. Built-in Analytics
  5. Administration of the antifraud system
  6. Data storage
  7. Without going into the technical details, we note that the antifraud system has: information about clients and their transactions, technical information about the data structure, custom rules and stop lists, a history of all notifications about suspicious transactions generated by the system, as well as a history of all decisions made on these notifications by employees of the Bank's anti-fraud division.
  8. Data storage
  9. Without going into the technical details, we note that the antifraud system has: information about clients and their transactions, technical information about the data structure, custom rules and stop lists, a history of all notifications about suspicious transactions generated by the system, as well as a history of all decisions made on these notifications by employees of the Bank's anti-fraud division. The system allows you to set up rules based on which the client's internal scoring score changes (conditionally, this is a figure indicating the degree of their "suspicion"), constantly improving the accuracy of the response. You can also configure exceptions (events that the system should not respond to) and rules for allocating cases ("incidents") to Bank employees for further careful "manual" control.
  10. Investigation
  11. Operations that are marked as suspicious by the system are not always automatically blocked. There is another layer of control – a manual investigation conducted by Bank employees.Usually, events that are automatically marked as suspicious are sent to certain employees or groups for review (for example, a Bank may have a special Department responsible for monitoring cross-border transactions of legal entities).

Upon closer inspection, the Department's employees will see something like this screen::


-MVhiu2JgOs.jpg




fK9mwClRKc8.jpg



View information about an individual Bank client: at the top – notifications about individual transactions, at the bottom-information about all transactions.

By clicking on a separate notification, the fraud analyst will see information about a specific fraud case.


jZvdApdeGo8.jpg



Viewing a single case (group of events)

The screen shows a text description of the situation (a number of criminals found selling illegal drugs had accounts in the same Bank), information about the scenario category (cash transactions), and so on.


-odTEH6YAPo.jpg




tS_CLk5I2qU.jpg



If the notification was triggered in vain, the employee can mark the trigger as false, which will be recorded by the system logic.

In the future, this stored information will be used to Refine the rules for triggering scenarios.
The system rebuilds the logic of triggering scenarios, filters, and rules, saving information about false alerts and decisions made by bank employees.
Most likely, the general monitoring of events is carried out by some kind of "on-duty" analyst, whose duties include assigning complex cases for consideration to colleagues specializing in this or that type of operations.

Therefore, the next step in the investigation will be to select an employee who will be assigned to the cases presented on the screen.


z1XaVtT3FFs.jpg



The list at the bottom right shows the names of employee users that can be assigned to this case for consideration.

When routing an incident, many departments and employees may be involved – for example, some cases may be sent to the technical service. If the technical failure is not confirmed, then it is sent to the security service.

4. Built-in Analytics

This is both the "brain" and "soul" of anti-fraud systems, hidden from the average user, but very important for work.
Big data-based engines can detect fraud schemes that are not described by any currently existing fixed scenario. Antifraud systems use not only numerical methods, but also natural language analysis.
Data visualization solutions allow you to visualize the overall picture.

SAS Anti Money Laundering. The graph clearly shows the volume of transactions and connections between different clients.


m5PkJ8ADZhc.jpg



Well, the decision on how to interpret this beautiful picture is still mainly left to the bank.

5. System Administration

This is the most boring part, which includes support, maintenance, and additional configuration of the anti-fraud system.
For example, the case routing scheme for Bank divisions can be configured in this window:
Example of setting up a notification routing scheme for investigation.

So, now you have a General idea of how antifraud systems work using the example of the SAS AML solution.

What does the antifraud system expect in the near future?

In recent years, banks and regulators have been working together to develop anti-fraud recommendations.

Integrated data exchange between financial institutions is implemented, and machine learning and big data technologies allow you to analyze a huge amount of data on the fly and make decisions almost in real time.

It seems that this is already beginning to bear fruit: according to the nbki, the number of loans with signs of fraud in the first half of 2021 decreased by 15%.

Antifraud systems for small and medium-sized businesses are actively developing, including thanks to various low-cost cloud antifraud solutions for online stores.

There is reason to expect that the methods of detecting fraudsters will become more accurate, and false positives of systems will be less and less.

What do anti-fraud systems have to do with you personally?

If you want to avoid accidental blocking of your bank card, do not perform actions that may look suspicious from the point of view of the anti-fraud system (we have listed them above). Inform your Bank in advance about your planned trips if you are going to pay with a bank card.

To protect yourself from fraudsters and keep your card details safe:

  • Avoid using ATMs in suspicious locations (try to use ATMs located in Bank buildings).
  • Do not hand the card over to retail employees or waiters.
  • Be careful when using public WIFI networks (do not use an online Bank or make online purchases using the free Internet in cafes, metro stations, or on city streets).
  • Do not provide your full card details if you make a purchase or sale from a private individual online.
I hope that my article will help you not only add to your knowledge base, but also make using bank cards more convenient and secure.
 
Top Bottom