The war waged between financial institutions and thieves began long ago. It started with metal bars on bank teller windows, three-foot thick doors, and steel-reinforced walls to protect vaults. Then, as money and transactions turned digital, cyber warfare called for the weaponizing of mathematics by creating complex algorithms. What’s next in the fight against fraud?
Tamsin Crossland is an architect for a fintech called Icon Solutions. In 2020, Crossland gave insights into the history of fraud management in an interview with InfoQ. She explained how fraud protection has transformed over the years and exactly how new fraud management solutions based on machine learning seek out hackers and prevent fraud before it occurs. We share her insights and ask what the next technological wave will bring in the war against fraud.
From Branches to Binary
Throughout most of the twentieth century, from 1901 to 2001, you had to visit a brick-and-mortar bank branch if you wanted any kind of banking service. Let’s say you wanted to open an account to safekeep your cash or you wanted to cash a check, you had to go to the big brick building in the middle of the high street. And that went for merchants too.
Similarly, if someone wanted to steal from a bank, they also had to go to the big brick building in the high street, only this time armed with a mastermind plan and a bandanna.
In the 1960s, financial institutions became a little more sophisticated as giant computers emerged that could do much of the manual accounting work. These systems were still secure. One of the earliest computers was the IBM 360 series, which used a closed network system. The data it held were contained in its mainframe and could only be accessed by bank employees, so fraud was minimal.
The Need for Speed
Things changed for the worse when the Internet arrived. Closed networks were suddenly open, and connected networks left data vulnerable and ripe for the picking. Even more complex technology, such as cloud computing and mobile payments, catapulted customer data into the digital stratosphere where wily hackers waited, ready to pounce and grab any opportunity to do their work.
Digital payments need to be protected, but scanning networks for malware or identifying patterns that could indicate a fraudulent transaction takes time, which is the crux of the matter. Customers want everything quicker with the minimal amount of hassle, and merchants want to provide a seamless payment process so that customers keep coming back.
Instant payments are expected to occur, well, instantly. Let’s say John wants to pay Peter an instant payment, John’s bank has to make sure he has sufficient funds in his account, that he’s not on any sanctions list, verify that the transaction doesn’t look dodgy, and the information given is all correct — and all within five seconds. That’s not much time to do the painstaking work required to check for fraud.
Another dangerous space in the ever-more crowded digital metaverse is the dark web, where fraudsters collaborate and cook up their magic malware to access stolen data. When one criminal finds a certain fraud technique that works, they share it with others and apply it to different banks. The problem we have now is that of time, and the need for speed is why the emergence of machine learning has been so successful.
For more on payments, read “Cartis and Infor: The Smarter Way to Deliver Payments for Stronger Business Performance”
In the 1980s, before machine-learning algorithms, rule-based systems were the first rendition of artificial intelligence. The technology took the knowledge of fraud experts and made rules. For example, if a random credit card transaction was ten times larger than the average for a certain customer, the rules would determine that transaction as an anomaly and issue an alert. In turn, the alert would initiate a check for fraud, probably by a human.
Rules-based systems designed by experts died out because they were difficult to design, and the systems were time-consuming. It was hard to ask an expert to put all that they had learned during their careers into a set of rules because anomalies are where the fraud can occur. Unless you address every anomaly, most of which haven’t happened, the system will be faulty. Add the collusion that occurs on the dark web, and the inconsistencies that can occur are close to infinitesimal. According to Crossland, rules-based legacy systems have to apply around 300 different rules before they can approve a transaction.
In 1943, McCulloch and Pitts came up with the idea of neural networks. The principle of neural networks is that neurons connect with other neurons in a network to encapsulate knowledge. Neural networks create interconnected nodes with inputs and outputs, similar to the human brain. Neural networks can be trained to recognize things, and Crossland explains how.
Each node has a numeric value that changes as you train a network. For example, if someone wants to train a neural network to recognize a cat or a dog, they can start with labeled images and weights that are applied to the nodes based on the image. Each image will say, this is a cat or this is a dog, and that information is loaded as input so that the output will say this is a cat or this is a dog. Some math will adjust all the different weights between the nodes so that the system can discern whether an image is a dog or a cat.
How does this apply to fraud? Banks have databanks full of all the different transactions that they’ve performed over time and, hopefully, they’ve marked the fraudulent ones. If that data are loaded together with their labels that indicate whether they are fraudulent or not, then the bank can adjust the weights and train the neural network.
Crossland illustrates the value of neural networks using a case produced by NetGuardians. NetGuardians collected 10 million payments over a 12-month period. They then trained a neural network on those transactions. Previously, using a rule-based system, NetGuardians could only look at around a third of their payments. Using the neural network, they could look at 100% of all payments. Not only that, but there was a 93% reduction in fraud investigation time. Neural networks were so much more efficient than the rules-based systems. Neural networks caught 100% of fraud cases not caught by the rules-based system and another 18% on top of that.
Crossland does not suggest that rule-based systems should be rejected outright in favor of neural networks and machine learning. In fact, the best systems use a combination of machine learning, rules-based systems, and human intervention. Machine learning can detect patterns, but sometimes only humans can accurately assess a scenario.
For more on machine learning, read “Machine Learning 101—What Merchants Need to Know About Fraud Protection”
Quantum Computing—The Next Era of Fraud Management
Even though machine learning has taken fraud management to the next level, fraudsters are working just as hard to beat new machine-learning algorithms. The technology arms race is raging, and the stakes are higher than ever before.
A recent study by PwC reported that fraud cost businesses around $42 billion dollars in 2020. The losses weren’t just to the bottom line; the damage to companies’ reputations can be permanent and greatly increases the cost of fraud protection. But there’s another technological leap about to occur.
The next arsenal to be used by both sides is quantum computing. Quantum computers can increase the speed of complex calculations exponentially. For example, in 2019, Google’s 54-qubit quantum processor, known as Sycamore, performed a calculation in 200 seconds that would have taken 10,000 years for the fastest supercomputer.
It’s not just speed that quantum computers bring to the table, they also reduce the problem of false positives. False positives occur when classical computers incorrectly block a transaction because it is mistakenly identified as fraudulent. False positives ruin the customer experience, negatively affecting merchants and card issuers. But quantum computers have much greater predictive analytical power, which can greatly reduce the risk of false positives.
How Long Until Merchants Can Integrate Quantum Computing Into Payments Infrastructure?
The biggest tech companies are experimenting with quantum computers, including Alibaba, Amazon, Google, IBM, Intel, Lockheed Martin, and Microsoft.
While it may take a little while for quantum computing to feature in merchants’ payments systems—several years away according to IBM projections—it’s comforting to know that new advanced methods to fight fraud are on the horizon.
For more on payment integration and technology, read “It All Starts with Playing in the Sandbox – A Developer’s Guide to Integrating Payment Processing”
According to Walt Manning, CEO of the Techno-Crime Institute, “Quantum computing could be a game changer for fraud detection and prevention. We are already using artificial intelligence for cybersecurity and fraud detection, and that will become even more essential in the future.”
You don’t need expensive steel or digital walls to protect your payments. To find the best fraud management tools with easy integration into your payments infrastructure, contact Cartis and get ready for the next wave in digital fraud protection.