Antifraud: what is it and what is it ... eaten with?

[Teacher]

Mikhail Apostolov, head of the SOC Softline product line, and Mikhail Avsenev, head of the infrastructure support department of Infosecurity, which is part of Softline Group, spoke about systems for automated detection of fraudulent actions and interesting facts related to their use or absence.

Softline direct: Tell us an interesting story about anti-fraud and protection against fraud. There is an opinion that only banks need antifraud ...
Mikhail Avsenev: There is an opinion. But I'll tell you a story about, attention, a network of gas stations! At first glance, what kind of connection could there be? But most of these businesses have a loyalty program or so-called cashback. In a large network of gas stations, the name of which I, for obvious reasons, do not mention, at one of the gas stations the operator made all payments through his personal card with a cashback. That is, she physically took money from clients and ran it through her account, receiving cashback. The scheme was calculated in this way: in a day we looked at all the operations and it turned out that practically a whole tank of gasoline was filled on this one card. In such situations, an anti-fraud is needed, which will show or even freeze such transactions.
Or here's another example: cheating schemes on various game servers. For example, as was the case with CCP, the developer of the space multiplayer strategy EVE Online. The player obtained some not very expensive resource, an artifact, let's call it a "twig", then went out to trade on the gaming exchange, where he artificially raised prices for it, received space profits in the literal and figurative sense, and brought down the entire gaming economy. As a result, the service was almost on the verge of shutting down.
Mikhail Apostolov: Antifraud is needed not only by banks, but even by gas stations and online game developers. It is relevant in any place where online trade relations arise and money transfer transactions take place.
Mikhail Avsenev: By the way, about banks! Financial scammers come up with very interesting schemes. For example, the so-called "white plastic" is produced. This is when clones are created on legal cards, which begin to quickly purchase goods in online stores, as a rule, created by the same scammers. Do you often watch SMS messages from the bank with information on transactions and account? And many SMS-informing is not even connected. In such cases, the client will not be able to block the card on time and will very quickly lose all the money.
We live in the age of information technology, so information that someone has succeeded is spreading very quickly. Some weak faction creates a fraudulent scheme, then sells this scheme to a stronger faction that has more resources. Therefore, the risks can be from 1000 rubles. up to several million, which can be lost literally within a few hours.
Mikhail Apostolov: In such cases, losses invariably amount to large sums that cannot be compared with the cost of antifraud such as the Fraud Detection System of Infosecurity.

Softline direct: Could you tell us from what topical threats can the Fraud Detection System service save you?
Mikhail Avsenev: Last year, targeted attacks were the most popular. Not some typical viruses, but a pre-prepared penetration into the network. In such attacks, cybercriminals find out infrastructure issues, information exchange protocols for several months, and then proceed to attack. Even with these types of penetration, fraudsters have been on the network for a long time, so they can prepare automation tools and quickly withdraw money. Our antifraud detects these threats very quickly and automatically. A human operator may miss something, not pay attention to suspicious transactions, or fail to react in time.
Thanks to the built-in profiling mechanisms, the Fraud Detection System allows you to automatically detect such attacks, money withdrawals, and atypical user behavior. For example, a person made transactions mainly from Moscow and then suddenly ended up in Vladivostok, and then again in Moscow. Identifying such anomalies will allow the operator to see suspicious transactions and prevent the withdrawal of money. The attack may take place, but the money will not be lost.
Scammers also direct their attacks to payment gateways. Specially prepared documents are formed and sent to the payment system. Our anti-fraud allows you to control the legitimacy of the payment.

Softline direct: What nodes within the bank are favorite targets for fraudsters? What do hackers most often choose?
Mikhail Avsenev: Hackers are mainly interested in those network nodes that contain information about payments, customers, or directly in access to the payment gateways themselves. First of all, this is the AWS KBR. Then there are Cyberplay payment systems, Cyberpay with RAPIDA and other ABS payment systems, information about customers and their accounts, everything that can be of value. It also includes personal and passport data, information about contracts, materials that can be used for competitive intelligence.
Mikhail Apostolov: I would like to note that among the services of the "Infosecurity" company there is a monitoring of the information space, which helps to identify possible potential or already implemented "leaks" of such information.

Softline direct: Now I would like to talk about the fight against fraud in retail and insurance. How exactly will antifraud be useful in this area?
Mikhail Avsenev: In retail, our Fraud Detection System is useful for detecting abuse in loyalty programs. At the very beginning of this interview, I already talked about fraud in the gas station network, but any additional points for the purchase of goods can also be of interest to unreliable persons.
Insurance is another interesting topic as it has a lot of fraudulent schemes. For example, an insurance agent takes several policies and does not register them in the accounting system. Then he tells the client about the super discount and sells the policy for less. If a client has an insured event, he will first inform the insurance agent about it. He will register the corresponding policy retroactively, and the rest will not be the same, in the end he will get a huge real benefit.
Mikhail Apostolov: To summarize this block, where there are any transactions, there is potentially a threat of fraud, so organizations that value their name and system fault tolerance need anti-fraud.

Softline direct: How does the Fraud Detection System work?
Mikhail Avsenev: The basic element of antifraud is a transaction that enters the processing system. This system includes several filters.
The first filter is black and white lists. Whitelisting contains information on transactions that the system accepts without fail. In black - information about fraudsters, their accounts, as well as signs that allow you to identify fraudulent transactions.
After the black and white lists have worked, the transaction enters the rules system, which reveals uncharacteristic parameters. Let me give you an example: a person always paid a certain amount for utilities, and suddenly the payment increased tenfold. Our system will detect this thanks to the built-in rules engine. Another example of uncharacteristic behavior is that a person starts withdrawing money very abruptly. If his usual limit was, say, 70 thousand rubles a month, and at one point he cashes out one and a half million, this is a reason to contact him and find out if he is withdrawing money from his account.
Another example, when one account leaves payments to several places with the same amount at once. The transfer of small amounts of money to many different accounts can also be a sign of fraud. Such operations raise suspicions in the anti-fraud system. They are recorded, processed and transmitted to the operator, who receives data on who conducts transactions, to which accounts and what the purpose of the payment is. This helps in making a decision.
If the transaction went through white and black lists, as well as the rules mechanism, and at the same time the system could not decide that the transaction was legitimate, then such a controversial issue is forwarded to the operator. The operator begins to find out whether the transaction is really legitimate, whether it can be passed.

Softline direct: Who writes the rules you link to? Where do they come from?
Mikhail Avsenev: Thetraining of the solution is based on historical data. We load the system with information about transactions that were carried out in a year or six months, and begin to train it to identify fraudulent activities. This allows you to unload the operator and provide the smallest number of transaction reviews in manual mode (about 1%).
Fraud Detection System integrates with almost any database system, including noSQL (no SQL).

Softline direct: Fraud Detection System is it a cloud solution or does it need to be installed locally?
Mikhail Avsenev: There are both options. If a client wants to use a cloud architecture, then we place at the customer only a connector to an anti-fraud, which will be connected to its internal structure and will transmit data for investigation. All the work, rules and computing power that is needed for an anti-fraud will be located on our site. For the client, this means a reduction in the cost of detecting fraud. But if the client wishes, we can place the entire infrastructure with him. In those cases, for example, when the customer does not want to send us his data, we can implement all the necessary infrastructure on his site. Of course, information is sent to our cloud via a secure channel: SSL encryption via VPN. The client can be sure that the data will not leak anywhere.

Softline direct: If the customer wants to host everything, how will the antifraud work?
Mikhail Avsenev: If a customer hosts a solution at home, he receives an anti-fraud core along with rules, black and white lists, a web interface for operators who will confirm or deny transactions and a communication channel through which we will monitor our system and send updates.

Softline direct: Finishing the conversation, let's summarize what are the key features of the Fraud Detection System? How is it different from other anti-fraud solutions?
Mikhail Avsenev: First, there are two modes of operation. We can work in a gap, in which the anti-fraud system itself automatically blocks transactions, or in parallel. In the latter case, the anti-fraud detects suspicious transactions and informs the operator about it, but the transaction is still performed with the ability to recall it later, which will not disrupt the functioning of the business.
Our second feature is a large number of sources from which we collect data. These are Microsoft SQL Server, Postgres SQL, MySQL, Oracle, DB2, MQ, REST API.
In addition, we have, let's call it, the "gentleman's set" of rules. The client receives this set by default when installing the solution. Then we will adapt the system to the nuances of a particular customer. The rules are subject to flexible configuration, which allows you to reduce the number of false positives. As a result, the burden on operators is reduced, and they can pay more attention to the really important things.
It should also be noted the possibility of training to reduce the number of false positives. Thanks to this, our clients receive a system that automatically analyzes more than 98% of transactions. Only a little more than 1% remains for manual processing.
Mikhail Apostolov: The company "Infosecurity" has been on the market for a sufficient amount of time. Fraud Detection System is used in IT systems of very large clients. We can confidently assert that the main and key feature of the solution is the fast processing of a large number of transactions.

Softline direct: How is the solution developing now?
Mikhail Avsenev: Product development is moving towards non-relational databases (noSQL), since we use such databases not only in antifraud solution, but also in our SOC. This allows you to execute multiple transactions in parallel, further increases the speed of the anti-fraud and its fault tolerance. A distributed database is a much more reliable solution than a single server solution.

softline.ru