The Future of Risk: Beyond One-Dimensional Machine Learning
The world of fraud is ever-changing. As modern fraudsters become more creative and sophisticated in their attack methods, modern enterprises have to be responsive and holistic in their approach to detecting and preventing fraud in their systems.
Prakash Santhana is the Managing Director for Payments Integrity and Cyber Risk at Deloitte Advisory. At the recent RealMachine Summit hosted by Feedzai and Money 20/20, Santhana talked about the potential for AI and the future of risk in a hosted interview session.
You can watch the full interview here:
Santhana’s key message was simple: the way organizations are implementing machine learning and analytics for fraud detection and prevention tends to be one-dimensional, often focused on transactions. But modern fraudsters have moved way beyond tactics that can be detected this way, and are, more and more, devising vectors of attack that are multi-dimensional.
To deal with this, companies should be thinking about looking across functional silos and correlating more kinds of data to counteract these increasingly sophisticated fraud tactics. This is not a prediction for the future. It’s a current need, relevant right now.
As an example of the quickly-evolving nature of the fraud world, consider that in 2014 mag-stripe fraud was at the top of discussion; but today, EMV technology is largely addressing this problem. That’s good news.
What’s not so good, of course, is that fraudsters haven’t given up; they’re just changing their tactics. They’re very much aware of the fraud models and risk management systems that modern enterprises employ. So they just work harder to find ways to get around them, looking for open spaces where systems can’t yet detect what they’re doing.
As an example, in 2012 there was a big ATM heist involving 40 million dollars at two Middle Eastern banks. The fraudsters were able to withdraw twelve million dollars on six accounts using prepaid debit cards. They did this by changing the withdrawal rules on the debit cards so the upward limit was infinity.
Here’s another way it could work. If a fraudster can come up with many different use cases that would throw out a lot of false positives over a short period of time, the risk manager is going to stop and say, “Hey, we need to investigate.” That’s the time an attack can happen, because there’s a wide open space. The need is to correlate attacks across different channels and functions.
AI can help, but organizations need to think about using it more broadly. Companies that use machine learning to detect transactional fraud, application fraud, wire transfer fraud, etc., need to be able to correlate these, and look at what’s happening all across the organization.
Santhana’s company recommends that organizations move toward coordinating fraud mitigation and IT functions. Since IT uses a lot of tech to monitor network activity, they have lots of logs, weblogs, database logs, and application logs, etc. This data typically isn’t fed into the machine learning systems, and this is where there are opportunities to detect some of the new, more sophisticated fraud vectors.
“At the end of the day,” Santhana concluded, “machine learning models…can really do their job if you feed them more data, other dimensional data.”
Companies need to remember that fraud is changing and doing so fast. Whatever is happening now will evolve, and your AI system need to be responsive to keep up with it. Using machine learning to correlate multi-dimensional data from across your enterprise can help.