Advanced Analytics for Anti-Fraud and AML Systems

Detecting potentially fraudulent customers and transactions and projecting compelling visual insights have traditionally been a rule-based model plus BI game zone. In this era of high-velocity and voluminous data, we have gradually adopted machine learning and advanced analytics in this space. Sanjukta Dhar of Tata Consultancy Services deep dives into the 15 most prominent analytical tools and techniques that are becoming the optimal choices within financial crime and compliance technology.

Why Analytics?

Statistical models and techniques have long been used to predict anomalous transactions and fraudulent customers or to detect anomalous relationships within a financial system. With the gradual uptrend in the 4 Vs of big data (volume, veracity, variety and velocity), real-time fraud detection has been the need of the hour. In the area of financial crime and compliance, advanced analytics is widely used for the following well-defined purposes.

If we have to list the business objectives of today’s analytical systems, then the following should top the list:

• analyzing huge volumes of data in real time
• generating meaningful insights
• visualizing intricate networks of entities and attributes and generating a graphical interface for it

Sample Financial Crime Use Case Candidates for Analytics

Payment fraud, identity theft, credit card fraud, money laundering transactions, insurance claim fraud, insider trading, terrorist financing, invoice fraud or trade-based money laundering

Let’s talk about some advanced analytical tools and techniques that can give our fraud detection or money-laundering detection systems a boost in terms of performance, accuracy and speed.

1. Technique: One-class support vector machine

Purpose: supervised approach, segregating outliers

Description: One-class support vector machine tries to segregate a majority of customer data or transactional data by maximizing the distance between the separator hyperplane and most of the data points. The rest of the data points remaining between the hyperplane and the origin are the outliers.

2. Technique: Binary logistic regression

Purpose: supervised approach, classifying transactions into fraudulent or nonfraudulent categories

Description: Logistic regression is based on the maximum likelihood premise. A logarithm of the odds ratio is plotted to derive the dependent variable, which is bounded between 0 and 1; hence, the target variable is binary, showing the likelihood of fraudulent transaction, with 0 depicting least and 1 depicting maximum likelihood.

3. Technique: Neural network

Purpose: supervised approach, classifying customers into fraudulent or nonfraudulent categories

Description: Neural network is a complex supervised learning technique capable of handling a large amount of noise. It takes various customer behavior/demographic/transaction profile data as input, extracts features, assigns weight in the hidden layer and generates a continuous variable as target score. Often referred to as a “black box” lacking substantial transparency and interpretability, this approach is very fast, but requires substantial training data.

4. Technique: Association rule analysis

Purpose: exploring the relationship between transaction/customer attributes for greater insight

Description: Association rule or affinity analysis seeks to establish implicit relationships between a few apparently unrelated parameters (e.g., transactions, customer attributes, external entities) in the form of “if antecedent, then consequent with minimum x% support and y% confidence.”

5. Technique: K means clustering

Purpose: unsupervised approach, grouping similar types of transactions/customers based on how similar their features are

Description: Clustering payment transaction data based on homogeneity in certain attributes. For example, data can be grouped together based on similarity of recency (time elapsed since last transaction), frequency (number of transactions per day/week/month) and monetary (average amount/max amount/min amount/median amount per customer ID per account) parameters, and also segregating dissimilar transaction data based on the same attributes.

6. Technique: Self-organizing maps (SOM)

Purpose: unsupervised approach, visualizing and clustering data based on unseen features

Description: SOM is a neural-network-based data visualizing technique capable of projecting high dimensional data on visualizations like U-matrix or a component plane to enable implicit relationship discovery.

7. Technique: Social network analytics

Purpose: visualizing related data

Description: Social network analytics explores complex, evolving, atypical networks to extract useful statistics within a network of connected entities using graph theory. By visualizing a network of connected entities where prior fraudulent entities are marked, the entity with highest probability of fraudulent actions can be identified.

8. Tool: Bloom filter

Purpose: optimized prediction and false positive reduction where dataset is huge (e.g., an enormous KYC alert management database)

Description: A Bloom filter is a memory efficient and faster way to predict if an entity is part of a set of entities. The beauty of this probabilistic data structure is that it will produce fewer false positives and it will predict 100 percent of the time if the element does not really exist in the set (i.e., 0 percent false negative).

9. Tool: Graph database

Purpose: Data visualization

Description: Graph databases enable real-time identification of fraud rings, provide correlation mining between linked entities and beneficial owners and offer a comprehensive visualization.

10. Technique: Behavioral analytics

Purpose: Predictive analytical technique

Description: Predict customer intent from subtle behavioral features (e.g., click speed, time spent in a webpage, IP address, products purchased online, surfing behavior, etc.).

11. Technique: Optical character recognition (OCR)

Purpose: predict anomalies in optical/scanned images

Description: Detect suspicious invoices/claims by learning from a series of PDF/scanned data sets and learning their features. There are a number of trainable machine learning libraries (e.g., Google tesseract, OpenCV, etc.) that offer built-in capabilities for feature extraction.

12. Technique: Benford’s law

Purpose: data exploration technique useful for identifying potentially fraudulent transaction data

Description: Hypothetical frequency distribution in five various orders that can be compared with any real-life frequency distribution to uncover potential sources of anomalies for farther investigation. May be suitable for accounting fraud.

13. Technique: Integrated device data surveillance

Purpose: data exploration technique useful for identifying potentially fraudulent transaction data

Description: Exploring unstructured device data collected from multiple customer access channels such as audio recording (from mobile phones), video footage (from CCTV, trader cameras), browser cookies, IP address, (from user machine) and carrier ID (network provider) for profiling the device used by a customer and performing subsequent anomaly detection.

14. Tool: Translytical database

Purpose: a new-age, big-data-enabled, real-time data storage analysis technique

Description: An amalgamated transactional storage and analytical database solution facilitating real-time storage, early warning indicators/insights and 360⁰ view.

15. Technique: News Analytics

Purpose: Proactive customer screening and negative news search and insight generation

Description: News analytics is an NLP/text-mining-based approach where public newsfeed data is ethically scraped and early insights about fraudulent/risky/anomalous customers are generated by extracting features from news data and running a segmentation/classification model on top of it. It is another sophisticated early warning alert mechanism for operations.

The Way Forward

While a number of modelling and data mining techniques are abundantly available in the market, we have to consider a number of factors, such as data imbalance (proportion of fraudulent vs. nonfraudulent data in the set), proportion of noise/outliers, model performance, model explainability, ensemble of supervised plus unsupervised models to enhance performance, availability of consolidated view of data (transactional plus analytical plus unstructured plus third party) while deploying them for the business case. Also, while rule-based systems are passé, there will still be scenarios where deploying a combination of rule-based systems, machine learning models and judgment-based approach will be the right choice. The solution lies in the right balance of choice and the availability of the right infrastructure.