Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
I will reveal a terrible secret. The losses of banks from card fraud are extremely small compared to, for example, unpaid loans. However, for the population, any information about card fraud is like a red flag for a bull. And therefore, such situations greatly affect the image of the bank.
It is not surprising, because here money is lost by the population, not the banks. Not repaying a loan for many people is, well, if not a sacred cause, then somewhere in the depths of the soul it seems to be fair. But when money disappears from the worker's card, it is very painful.
Generally speaking, in all these stories of fraud, the proportion of “technical” crimes is very, very small. Well, when the card data is really stealthily stolen and used. There are much more cases when a person is lured out of all the necessary information or directly prompted to take some action. We will talk about this some other time, but today we will touch on the issue of "technical" fraud, or, more precisely, how the automatic fraud detection system works.
The Fraud Detection and Prevention System itself is rarely monolithic. Because in this case, you need to perform several actions that are different in meaning. More precisely, I would like one and only action - just somehow cut off suspicious transactions and that's it. But in reality, it just doesn't work out that way.
Therefore, there are usually two parts of the system.
The quick but imprecise part
This is not some kind of separate program, it is usually a part of the front office, the program that "accepts" transactions from the outside world, and then serves them. Authorizes them there, or sends them for authorization to the payment system. And one of the parts of the front office is engaged in fraud detection.This part performs some simple calculations "on the fly", and can immediately reject the suspicious transaction. The key property here is the speed of calculations.
Why is that? It's just that the timeout for processing a card transaction is about 40 seconds. And during this time, a transaction can cover half of the globe. Those. in these 40 seconds, you need to have time to transfer the transaction request to the bank, that transmits to the payment system, that transmits the issuing bank. Here the bank performs authorization (performs a lot of checks), and sends a response along the same long path. And for everything about everything - about 40 seconds!
Fraud checks just don't have the right to take a long time.
The second reason is this. As you can see, you need to process one transaction very quickly. And in real systems, there can be up to several thousand such transactions. Per second!! Large banks. For small ones - after all, within a few dozen, but this is also a lot.
In other words, such systems are initially designed as high-load and speed-oriented. Everything in them is optimized down to the last byte, because a non-optimal section can ultimately have a very strong effect on overall performance.
This means that no complex and heavy algorithms can be placed here. Therefore, most often there is a series of some simple calculations, without deep statistical analysis.
Plus, as an option, each element of the transaction can have its own risk assessment. For example, a street ATM on the outskirts is a much more risky source of transactions than an ATM inside a bank branch. And the marginal Couch Warrior Akaki is more prone to suspicious actions than the pompous Hipster Feoktist. This means that Akaki's cards have a higher riskiness.
And then we take into account the total risk from this particular ATM and this particular user.
In general, all algorithms here are as fast as possible, but often not very "thoughtful". Therefore, you have to have another, separate system:
Accurate but time consuming system
If you do not shackle yourself with forty seconds, then you can conduct in-depth analysis with statistics, comparisons, reference models of behavior, and so on. All this requires a lot of data, lengthy calculations, etc. And all this cannot be done while the transaction is being processed. But why then these calculations, if the transaction has already been completed?And there are several schemes.
Locking objects
Based on the results of the analysis, it can be understood that this particular card is involved in very suspicious transactions. So, when it became clear, it can be blocked. Yes, previously committed transactions cannot be returned, but we will not allow new frauds to be made.Or maybe the POS terminal is behaving suspiciously. It's much easier here, we block the terminal, and then we deal with its owner. The owner, if anything, is already easy to find
Because we know a lot about him, and we have an acquiring agreement with him.Etc. In this version, some actions still take place after the "crime", but something can still be done.
Change in risk assessment
This is when we understand that an object (card, terminal, user, merchant, etc.) is behaving very suspiciously, but so far there has not been something completely criminal. Or it was, but then everything was unblocked and we are watching closely. In this case, the risk assessment of the object is usually increased. And this is needed for the first system, which is fast but imprecise. She can make decisions "on the fly" based on just such estimates, and then both systems work great together.Still work "on the fly" (online)
This is one of the possible use cases for all modern systems of this kind.In this case, after all, a rather heavy analysis is performed on the fly, based on some optimized mathematical models and optimized statistical analysis. And then our verdict is sent to the front office in response to his question.
If we have time. If not, then let the front office sort it out somehow, without waiting for our answer
Why is it still possible to work online, although we said that it is very difficult? Because the fraud detection system is a separate program that is specially optimized for its narrow detection tasks and usually has a separate database (and this is a bottleneck).
The front office has a lot of completely different tasks, different optimizations are used there, for other actions. Also, usually not every transaction is sent here for analysis.
Reverse a transaction
In some cases, you can quickly reverse the transaction. For example, we realized that one of the past transactions turned out to be fraudulent. And then we can have time to "jump" into the runaway train and form a reverse transaction, i.e. rollback transaction.It means that after the write-off, you will be credited back. If everything is within the limits of one bank, then there is freedom, the main thing is that the money from the destination account does not have time to go somewhere else. And in the case of the payment system, there are fewer opportunities, but still there.
Here, too, there are strict time limits, but they are slightly more than the same 40 seconds, and therefore the chances of meeting this timeout are higher.
Risk officer workplace
Most of these systems (be it one integrated solution, or a separate precise but time-consuming system) have a dedicated risk officier workplace. All suspicious objects are included here. Some of them are processed automatically (for example, the card is blocked), some of them require manual processing by an officer.At this workplace, the officer can view the transaction history for each object, the results of the implementation of different detection rules, and decide what to do with this garbage. There are usually not many options. Block, call the client and clarify ... Something like that.
In the general case, all these rules for detecting risks are created by the forces of the corresponding service in the bank. Systems usually allow banks to create a wide variety of algorithms. Some of these algorithms may already be supplied with the program.
In general, in addition to their own ideas on how to create these detector algorithms, banks are still guided by the instructions of both payment systems and the central bank.
This means that there are a number of rules that must be implemented without fail. For example, Visa has a rule that the amount of foreign card transactions should not exceed $ 10,000 per month. And as soon as it has exceeded, new transactions must be rejected by the bank.
Or, for example, the card cannot participate in transactions that are generated in different countries for a couple of hours (with the exception of transactions at airports).
Anti-fraud in non-card systems
Not really our topic, but why not touch on.The main countermeasure (also besides any algorithms and manual processing) is ... Processing delay
Yes Yes. In a scam, it's critical to get things done quickly before the victim realizes. Therefore, many different systems could easily work much faster. But they have rather lengthy regulations. And partly - precisely in order to make scams unattractive. Especially in systems like SWIFT it is common. Again, they have a lot of manual checks, and the number of transactions per unit of time is much less than in card systems (the amounts, respectively, are much larger).
It is very important for me to understand that you are interested in my texts. Therefore, if you like it, do not skimp on likes and reposts
So I will understand that I need to continue.