How Banks Can Detect Sleeper Fraud the Moment It Wakes Up

“A victimless crime” that costs billions

If only we could read a consumer’s intentions, we’d know whether the person opening an account has this secret goal in mind: to wait for time to pass, then commit fraud. One person will make a purchase using a line of credit, never pay it back, and disappear. Another person will build good credit history, open several new accounts, and then suddenly stop making payments.

In first-party fraud (FPF), criminals opening accounts in bad faith will use their own identities or create fictitious ones. This makes FPF stand out from fraud based on identity theft, when a real person’s information is stolen. Since FPF doesn’t affect consumers, it’s often referred to as a victimless crime.

But there is one big victim of FPF, and that’s the bank. A report from LexisNexis projected $28 billion in FPF losses globally for the year 2016.

FPF is a broad category that includes many different kinds of fraud, but the hardest kind of FPF to detect is known as sleeper fraud. In sleeper fraud, an account can look normal for a long period of time before the account owner begins committing fraud. At Feedzai, we see sleeper fraud happening after many months, and even one or two years.

Many of these “sleepers” act independently, but often they’re part of a larger sophisticated network, feeding illicit organizations that threaten global safety. Stopping sleeper fraud in its tracks is critical to fortify our digital economy.

Detecting sleepers

Our machine learning models have discovered how to catch these criminals. The key to identifying sleeper fraud is to identify normal behavior at the most granular level. Fraudsters will try to simulate normal profiles for a while to fool the normal fraud detection systems. Then comes the point in time when they change their behavior and start committing fraud.

How does Feedzai detect these moments where the sleeper fraud “wakes up”? There are two kinds of profiles we create. First, we capture historical hypergranular profiles for all accounts (i.e. what they normally do in the past weeks and months). Second, we capture real-time hypergranular profiles for all accounts (i.e. what they are doing in the last minutes/hours/days).

By comparing historical profiles with real-time profiles, Feedzai can detect new fraud patterns as soon as they emerge. As our models recognize increasing numbers of fraudsters who “lay low” before turning fraudulent, Feedzai’s detection of sleeper fraud gets reinforced, and our detection rates only improve.

Filling in gaps with enrichers

But what about instances when an organization cannot provide historical data for data application? This is a classic problem of fraud detection for account opening applications – the so-called “thin-file” problem – and it does not represent a problem for Feedzai.

The solution for filling a gap of historical data is to enrich the account opening data. For example, we can integrate with multiple vendors for data related to IP, device, email, phone, and others. We can also integrate with internal data from the financial institution, including non-monetary information about products, personal information, or the consumer’s other accounts.

We also enrich account opening data with browser navigation information, such as click and navigation speed, browser type, language, and more. Finally, Feedzai performs link analysis and correlation with other accounts, devices, names, emails, IPs, and locations being opened in the same hour or same day.

At Feedzai we also encounter those rare instances where there is no historical data whatsoever for all accounts. For example, a new financial institution may be starting a new service or product and has no historical information, because there are no accounts yet. In these cases, there are several ways to bridge the gap.

Our approach here starts by designing rules to prevent odd events and expected attacks, based on patterns known from other similar clients. Then we would quickly train a model after a few days or weeks when there is enough data. We’ve already employed this approach in emerging markets or brand new financial institutions or services with great success.

At Feedzai, our flexibility comes from machine learning models, but also from the ingenuity of our clients’ teams and our data scientists working together to bridge any gaps. We defeat fraud by combining the human + the machine, and by leveraging the best of both.