Hello! Mikhail Apostolov, Head of the SOC Softline Product Division, and Mikhail Avsenev, Head of the Infrastructure Support Department of Infosecurity, a part of Softline Group of Companies, told the Softline direct project about automated fraud detection systems and interesting facts related to their use or absence.
Softline direct: Tell us an interesting story about antifraud and fraud protection. There is an opinion that only banks need antifraud…
Mikhail Avsenev: There is an opinion. But I will tell you a story about, attention, a network of gas stations! At first glance, what can be the connection? But most of these businesses have a loyalty program or so-called cashback. In a large network of gas stations, the name of which I, for obvious reasons, do not mention, at one of the gas stations, the operator made all payments through her personal card with cashback. That is, she physically took money from clients and sent it through her account, receiving cashback. The scheme was calculated in this way: we looked at all the operations during the day and it turned out that almost an entire tank of gasoline was filled with this one card. It is in such situations that you need an anti-fraud tool that will show or even freeze such transactions.
Or here's another example: fraud schemes on various game servers. For example, as was the case with CCP, the developer of the space multiplayer strategy EVE Online. The player got some not very expensive resource, an artifact, let's call it a "twig", then went out to trade on the game exchange, where he artificially raised prices for it, received a cosmic profit in the literal and figurative sense, and brought down the entire game economy. As a result, the service was almost on the verge of closing.
Mikhail Apostolov: Antifraud is necessary not only for banks, but even for gas stations and online game developers. It is relevant in any place where online commodity exchange relations arise and money transfer transactions take place.
Mikhail Avsenev: By the way, about banks! Fraudsters in the financial sector come up with very interesting schemes. For example, they produce so-called "white plastic". This is when clones are created for legal cards, which are quickly purchased in online stores, usually created by the same scammers. Do you often see SMS messages from the bank with information about transactions and account details? And many people don't even have SMS notification enabled. In such cases, the client will not be able to block the card on time and will lose all their money very quickly.
We live in the age of information technology, so information that someone has succeeded in something spreads very quickly. Some weak group creates a fraud scheme, then sells this scheme to a stronger group that has more resources. Therefore, the risks can range from 1,000 rubles to several million rubles, which can be lost literally within a few hours.
Mikhail Apostolov: In such cases, losses invariably amount to large amounts that are not comparable to the cost of anti-fraud, such as the Fraud Detection System of Infosecurity.
Softline direct: Tell us what current threats can the Fraud Detection System service save you from?
Mikhail Avsenev: Last year, targeted attacks were the most popular. Not some typical viruses, but a pre-prepared penetration into the network. In such attacks, attackers spend several months figuring out infrastructure issues and information exchange protocols, and then proceed to attack. Even with such types of penetration, scammers are online for a long time, so they can prepare automation tools and quickly withdraw money. Our anti-fraud service allows you to detect these threats very quickly and automatically. A human operator may miss something, fail to pay attention to suspicious transactions, or fail to react in time.
Thanks to the built-in profiling mechanisms, the Fraud Detection System allows you to automatically detect such attacks, money withdrawals, and atypical user behavior. For example, a person made transactions mainly from Moscow and then suddenly found himself in Vladivostok, and then again in Moscow. Identifying such anomalies will allow the operator to see suspicious transactions and prevent money withdrawal. The attack may take place, but the money will not be lost.
Fraudsters also target payment gateways with their attacks. Specially prepared documents are generated and sent to the payment system. Our anti-fraud service allows you to control the legitimacy of a payment.
Softline direct: Which nodes inside the bank are the favorite targets for fraudsters? What do hackers choose most often?
Mikhail Avsenev: Hackers are mainly interested in those network nodes that contain information about payments, customers, or direct access to the payment gateways themselves. First of all, this is the CBD APM. Then there are the payment systems Cyberplay, Cyberpay with RAPIDA and other ABS payment systems, information about customers and their accounts, everything that can be of value. It also includes personal and passport data, information about contracts, and materials that can be used for competitive intelligence.
Mikhail Apostolov: I would like to note that among the services of Infosecurity there is monitoring of the information space, which helps to identify possible potential or already implemented "leaks" of such information.
Softline direct: Now I would like to talk about the fight against fraud in retail and insurance. How exactly will antifraud be useful in this area?
Mikhail Avsenev: In retail, our Fraud Detection System is useful for detecting abuse in loyalty programs. At the very beginning of this interview, I already talked about fraud in the gas station network, but any additional points for buying goods can also be the subject of interest of unreliable persons.
Insurance is another interesting topic, as it has a lot of fraud schemes. For example, an insurance agent takes several policies and does not register them in the accounting system. Then he tells the client about the super discount and sells the policy cheaper. If a customer has an insured event, they will first report it to the insurance agent. He will register the corresponding policy retroactively, but the rest of the same ones will not, as a result, he will get a huge real benefit.
Mikhail Apostolov: To sum up this block, where there are any transactions, there is potentially a threat of fraud, so organizations that value their name and system resiliency need anti-fraud.
Softline direct: Please tell us how the Fraud Detection System works.
Mikhail Avsenev: The basic element of anti-fraud is a transaction that enters the processing system. This system includes several filters.
The first filter is black and white lists. Whitelists contain information about transactions that the system accepts without fail. The black list contains information about scammers, their accounts, and signs that allow you to detect fraud in transactions.
After the black and white lists are completed, the transaction enters the rules system, which detects uncharacteristic parameters. Here's an example: a person always paid a certain amount for utilities, and suddenly the payment increased tenfold. Our system will detect this thanks to the built-in rule engine. Another example of uncharacteristic behavior is when a person starts withdrawing money very abruptly. If his usual limit was, say, 70 thousand rubles a month, and at one point he cashes out one and a half million — this is a reason to contact him and find out if he is accurately withdrawing money from his account.
Another example is when payments to several locations with the same amount are sent from the same account at once. A sign of fraud can also be the transfer of small amounts of money to many different accounts. Such operations arouse suspicion in the anti-fraud system. They are recorded, processed, and transmitted to the operator, which receives data about who conducts transactions, which accounts, and what the purpose of the payment is. This helps in making a decision.
If a transaction has passed through whitelists, blacklists, and the rules mechanism, and the system has not been able to make a decision that the transaction is legitimate, then such a controversial issue is forwarded to the operator. The operator begins to find out whether the transaction is really legitimate, whether it can be skipped.
Softline direct: Who writes the rules you refer to? Where do they come from?
Mikhail Avsenev: The solution is trained on the basis of historical data. We upload information about transactions that were made over a year or six months to the system and start training it to detect fraudulent activities. This allows you to unload the operator and ensure the least number of transaction reviews in manual mode (about 1%).
Fraud Detection System integrates with almost any database system, including NoSQL (without SQL).
Softline direct: Fraud Detection System is a cloud-based solution or does it need to be installed locally?
Mikhail Avsenev: There are both options. If the client wants to use the cloud architecture, then we only place an antifraud connector with the customer, which will be connected to its internal structure and will transmit data for investigation. All the work, rules, and computing power that is needed for anti-fraud will be located on our site. For the client, this means reducing the cost of detecting fraud. But if the client wants, we can host the entire infrastructure with them. In cases, for example, when the customer does not want to send us their data, we can implement all the necessary infrastructure on their site. Of course, information is sent to our cloud via a secure channel: SSL encryption via VPN. The client can be sure that the data will not leak anywhere.
Softline direct: If the customer wants to host everything, how will antifraud work?
Mikhail Avsenev: If a customer hosts a solution, they receive an anti-fraud core along with rules, black and white lists, a web interface for operators who will confirm or deny transactions, and a communication channel through which we will monitor our system and send updates.
Softline direct: Finishing the conversation, let's summarize what key features can be identified in the Fraud Detection System? How does it differ from other anti-fraud solutions?
Mikhail Avsenev: First of all, there are two modes of operation. We can work in a mode where the anti-fraud system itself automatically blocks transactions, or in parallel mode. In the latter case, antifraud detects suspicious transactions and informs the operator about it, but the transaction is still made with the possibility to withdraw it later, which will not disrupt the functioning of the business.
Our second feature is the large number of sources from which we collect data. This includes Microsoft SQL Server, Postgres SQL, MySQL, Oracle, DB2, MQ, and the REST API.
In addition, we have, let's call it that, a "gentleman's set" of rules. The client receives this set by default when installing the solution. Then we will adapt the system to the nuances of a particular customer. The rules are subject to flexible configuration, which reduces the number of false positives. As a result, the load on operators is reduced, and they can pay more attention to the really important things.
You should also note the possibility of training to reduce the number of false positives. Thanks to this, our clients get a system that automatically analyzes more than 98% of transactions. Only a little more than 1% is left for manual processing.
Softline direct: Tell us an interesting story about antifraud and fraud protection. There is an opinion that only banks need antifraud…
Mikhail Avsenev: There is an opinion. But I will tell you a story about, attention, a network of gas stations! At first glance, what can be the connection? But most of these businesses have a loyalty program or so-called cashback. In a large network of gas stations, the name of which I, for obvious reasons, do not mention, at one of the gas stations, the operator made all payments through her personal card with cashback. That is, she physically took money from clients and sent it through her account, receiving cashback. The scheme was calculated in this way: we looked at all the operations during the day and it turned out that almost an entire tank of gasoline was filled with this one card. It is in such situations that you need an anti-fraud tool that will show or even freeze such transactions.
Or here's another example: fraud schemes on various game servers. For example, as was the case with CCP, the developer of the space multiplayer strategy EVE Online. The player got some not very expensive resource, an artifact, let's call it a "twig", then went out to trade on the game exchange, where he artificially raised prices for it, received a cosmic profit in the literal and figurative sense, and brought down the entire game economy. As a result, the service was almost on the verge of closing.
Mikhail Apostolov: Antifraud is necessary not only for banks, but even for gas stations and online game developers. It is relevant in any place where online commodity exchange relations arise and money transfer transactions take place.
Mikhail Avsenev: By the way, about banks! Fraudsters in the financial sector come up with very interesting schemes. For example, they produce so-called "white plastic". This is when clones are created for legal cards, which are quickly purchased in online stores, usually created by the same scammers. Do you often see SMS messages from the bank with information about transactions and account details? And many people don't even have SMS notification enabled. In such cases, the client will not be able to block the card on time and will lose all their money very quickly.
We live in the age of information technology, so information that someone has succeeded in something spreads very quickly. Some weak group creates a fraud scheme, then sells this scheme to a stronger group that has more resources. Therefore, the risks can range from 1,000 rubles to several million rubles, which can be lost literally within a few hours.
Mikhail Apostolov: In such cases, losses invariably amount to large amounts that are not comparable to the cost of anti-fraud, such as the Fraud Detection System of Infosecurity.
Softline direct: Tell us what current threats can the Fraud Detection System service save you from?
Mikhail Avsenev: Last year, targeted attacks were the most popular. Not some typical viruses, but a pre-prepared penetration into the network. In such attacks, attackers spend several months figuring out infrastructure issues and information exchange protocols, and then proceed to attack. Even with such types of penetration, scammers are online for a long time, so they can prepare automation tools and quickly withdraw money. Our anti-fraud service allows you to detect these threats very quickly and automatically. A human operator may miss something, fail to pay attention to suspicious transactions, or fail to react in time.
Thanks to the built-in profiling mechanisms, the Fraud Detection System allows you to automatically detect such attacks, money withdrawals, and atypical user behavior. For example, a person made transactions mainly from Moscow and then suddenly found himself in Vladivostok, and then again in Moscow. Identifying such anomalies will allow the operator to see suspicious transactions and prevent money withdrawal. The attack may take place, but the money will not be lost.
Fraudsters also target payment gateways with their attacks. Specially prepared documents are generated and sent to the payment system. Our anti-fraud service allows you to control the legitimacy of a payment.
Softline direct: Which nodes inside the bank are the favorite targets for fraudsters? What do hackers choose most often?
Mikhail Avsenev: Hackers are mainly interested in those network nodes that contain information about payments, customers, or direct access to the payment gateways themselves. First of all, this is the CBD APM. Then there are the payment systems Cyberplay, Cyberpay with RAPIDA and other ABS payment systems, information about customers and their accounts, everything that can be of value. It also includes personal and passport data, information about contracts, and materials that can be used for competitive intelligence.
Mikhail Apostolov: I would like to note that among the services of Infosecurity there is monitoring of the information space, which helps to identify possible potential or already implemented "leaks" of such information.
Softline direct: Now I would like to talk about the fight against fraud in retail and insurance. How exactly will antifraud be useful in this area?
Mikhail Avsenev: In retail, our Fraud Detection System is useful for detecting abuse in loyalty programs. At the very beginning of this interview, I already talked about fraud in the gas station network, but any additional points for buying goods can also be the subject of interest of unreliable persons.
Insurance is another interesting topic, as it has a lot of fraud schemes. For example, an insurance agent takes several policies and does not register them in the accounting system. Then he tells the client about the super discount and sells the policy cheaper. If a customer has an insured event, they will first report it to the insurance agent. He will register the corresponding policy retroactively, but the rest of the same ones will not, as a result, he will get a huge real benefit.
Mikhail Apostolov: To sum up this block, where there are any transactions, there is potentially a threat of fraud, so organizations that value their name and system resiliency need anti-fraud.
Softline direct: Please tell us how the Fraud Detection System works.
Mikhail Avsenev: The basic element of anti-fraud is a transaction that enters the processing system. This system includes several filters.
The first filter is black and white lists. Whitelists contain information about transactions that the system accepts without fail. The black list contains information about scammers, their accounts, and signs that allow you to detect fraud in transactions.
After the black and white lists are completed, the transaction enters the rules system, which detects uncharacteristic parameters. Here's an example: a person always paid a certain amount for utilities, and suddenly the payment increased tenfold. Our system will detect this thanks to the built-in rule engine. Another example of uncharacteristic behavior is when a person starts withdrawing money very abruptly. If his usual limit was, say, 70 thousand rubles a month, and at one point he cashes out one and a half million — this is a reason to contact him and find out if he is accurately withdrawing money from his account.
Another example is when payments to several locations with the same amount are sent from the same account at once. A sign of fraud can also be the transfer of small amounts of money to many different accounts. Such operations arouse suspicion in the anti-fraud system. They are recorded, processed, and transmitted to the operator, which receives data about who conducts transactions, which accounts, and what the purpose of the payment is. This helps in making a decision.
If a transaction has passed through whitelists, blacklists, and the rules mechanism, and the system has not been able to make a decision that the transaction is legitimate, then such a controversial issue is forwarded to the operator. The operator begins to find out whether the transaction is really legitimate, whether it can be skipped.
Softline direct: Who writes the rules you refer to? Where do they come from?
Mikhail Avsenev: The solution is trained on the basis of historical data. We upload information about transactions that were made over a year or six months to the system and start training it to detect fraudulent activities. This allows you to unload the operator and ensure the least number of transaction reviews in manual mode (about 1%).
Fraud Detection System integrates with almost any database system, including NoSQL (without SQL).
Softline direct: Fraud Detection System is a cloud-based solution or does it need to be installed locally?
Mikhail Avsenev: There are both options. If the client wants to use the cloud architecture, then we only place an antifraud connector with the customer, which will be connected to its internal structure and will transmit data for investigation. All the work, rules, and computing power that is needed for anti-fraud will be located on our site. For the client, this means reducing the cost of detecting fraud. But if the client wants, we can host the entire infrastructure with them. In cases, for example, when the customer does not want to send us their data, we can implement all the necessary infrastructure on their site. Of course, information is sent to our cloud via a secure channel: SSL encryption via VPN. The client can be sure that the data will not leak anywhere.
Softline direct: If the customer wants to host everything, how will antifraud work?
Mikhail Avsenev: If a customer hosts a solution, they receive an anti-fraud core along with rules, black and white lists, a web interface for operators who will confirm or deny transactions, and a communication channel through which we will monitor our system and send updates.
Softline direct: Finishing the conversation, let's summarize what key features can be identified in the Fraud Detection System? How does it differ from other anti-fraud solutions?
Mikhail Avsenev: First of all, there are two modes of operation. We can work in a mode where the anti-fraud system itself automatically blocks transactions, or in parallel mode. In the latter case, antifraud detects suspicious transactions and informs the operator about it, but the transaction is still made with the possibility to withdraw it later, which will not disrupt the functioning of the business.
Our second feature is the large number of sources from which we collect data. This includes Microsoft SQL Server, Postgres SQL, MySQL, Oracle, DB2, MQ, and the REST API.
In addition, we have, let's call it that, a "gentleman's set" of rules. The client receives this set by default when installing the solution. Then we will adapt the system to the nuances of a particular customer. The rules are subject to flexible configuration, which reduces the number of false positives. As a result, the load on operators is reduced, and they can pay more attention to the really important things.
You should also note the possibility of training to reduce the number of false positives. Thanks to this, our clients get a system that automatically analyzes more than 98% of transactions. Only a little more than 1% is left for manual processing.
