How banks analyze risks

[Mutt]

Banks use sophisticated risk analysis systems to prevent fraud, including unauthorized transactions using protocols like 3D-Secure. These systems combine technology, data, and algorithms to assess the likelihood of fraud in real time. Here’s how it works:

1. Data collection​

Banks collect a wide range of transaction and user data:

• Transaction details: amount, currency, time, location (online/offline), store category (e.g. electronics, travel).
• Customer data: transaction history, purchase frequency, typical behavior (e.g. average check, purchase geography).
• Device context: IP address, device type (smartphone, PC), operating system, browser, geolocation.
• External factors: store reputation, regional risk level, data on recent leaks.
• Biometric and behavioral data: text input speed, mouse movements, familiar authentication methods (if 3D-Secure 2.0 is used).

For example, in 3D-Secure 2.0, a bank can collect up to 100 parameters, such as the time spent on a store’s website or the type of connection (Wi-Fi or mobile Internet).

2. Risk assessment using algorithms​

Banks use risk management systems (Fraud Detection Systems) that use the following approaches:

• Machine Learning (ML):
  • ML algorithms analyze the customer's historical data and compare it with the current transaction. For example, if you usually buy in Moscow for $10, and a transaction for $5,000 comes from another country, this raises suspicion.
  • Models such as neural networks, decision trees, or ensemble methods (e.g. Random Forest) are used to detect anomalies.
• Rules and heuristics:
  • Banks set fixed rules, such as "block transactions over $1,000 unless the customer is traveling abroad."
  • Blacklists of stores, IP addresses or devices associated with fraud are checked.
• Real-time analysis:
  • Systems assess risks in milliseconds using databases and cloud computing.
  • For example, if the IP address matches a known fraudulent server, the transaction is rejected or requires additional verification.

3. Risk assessment and categorization​

Each transaction is assigned a "risk score" based on the analysis. Possible categories are:

• Low risk: The transaction goes through without any additional verification (in 3D-Secure 2.0 this is "frictionless flow"). For example, a purchase in a familiar store from your device.
• Medium risk: Additional information is requested, such as verification via 3D-Secure with OTP or biometrics.
• High Risk: Transaction is declined or requires manual review (eg. call from bank).

4. Key factors influencing the assessment​

• Behavioural deviance: Buying at an unusual time, in a new category or from a new device increases risk.
• Geographic anomalies: A transaction from a region where the customer has not been before, or rapid movements (e.g. purchases in two countries in an hour).
• Store reputation: If the store is associated with frequent chargebacks, the risk is higher.
• Technical indicators: Using VPN, TOR, outdated browser or suspicious IP address.
• Transaction Speed: Multiple payment attempts in a short period of time may indicate testing of stolen cards.

5. Technologies and tools​

• Big Data: Banks analyze millions of transactions to identify fraud patterns.
• Artificial Intelligence: AI models adapt to new types of attacks by learning from current data.
• FDS (Fraud Detection Systems): Examples are FICO Falcon, SAS Fraud Management, which integrate with 3D-Secure.
• Collaboration: Banks share fraud data through consortiums (such as Visa Advanced Authorization) to identify threats faster.

6. Example of a script​

You buy a ticket for $100 in a familiar store from a phone that you use regularly. The system sees that the IP address matches your home address, and the purchase history confirms that you often buy tickets. The transaction goes through without verification (low risk). But if you try to buy equipment for $1,000 from a new device in another country, the bank asks for OTP or biometrics (high risk).

7. Limitations and Challenges​

• False Positives: Overly strict algorithms can reject legitimate transactions, annoying customers.
• Scammer adaptation: Carders use proxies, stolen devices, or social engineering to bypass systems.
• Balancing security and convenience: Banks seek to minimize checks for low-risk transactions to avoid losing customers.

If you want to dive deeper into a specific aspect (for example, how ML models detect anomalies or how to protect against attacks on risk analysis systems), ask and I'll explain in more detail!