The economy relies on secure and safe transactions. Maintaining a stable and efficient business depends on effective security. In particular, eliminating fraud is fundamental to the ongoing viability of many businesses, especially those buying and selling on the Internet. The question businesses are asking is, “how do we efficiently eliminate fraud in real-time?”
Traditional fraud prevention tools alone have failed to reduce fraud
In spite of the myriad companies espousing new fraud prevention techniques, fraud losses have consistently hovered around $0.06 per $100 for the last twenty years. Why? Because fraudsters adapt and evolve their techniques while the legacy technologies used to fight fraud are incapable of adapting to continuously changing behaviors. While these technologies provide some benefits, they also suffer from several important limitations in the face of today’s ever evolving fraud schemes:
1. Popular legacy approaches, including Business Rules, Data Mining and Neural Networks, all use historical fraud data to train models and write rules. Using only data from the past limits one’s ability to identify and stop new fraud schemes. As a result, models and rules are outdated as soon as they are implemented, requiring expensive tuning and model refreshes.
2. These approaches apply the same logic to every entity (card holder, device, merchant, etc.), although the spending behavior of each entity differs. In the case of business rules, gaining insight into individual spending behaviors would require an unimaginable set of rules. Neural Networks and Data Mining try to extract macroscopic behavioral patterns from historical data. Solely relying on these approaches results in low detection and high false positive rates.
3. Modern fraudsters are exploiting the proliferation of payment technologies and methods. Financial institutions’ inherent structural rigidity can often also be a fraudster’s best friend, as silo structures and delivery channels lead to stove-pipe, myopic anti-fraud strategies that fail to share intelligence across relevant channels. This is especially important in today’s connected world, where commerce occurs via a myriad of channels and devices.
The limitations of legacy technologies
Effective fraud prevention solutions must not rely exclusively on predefined rules or structured queries to anticipate every possible scenario. This is also true of programs based on Data Mining, Bayesian Networks, Neural Networks, object-oriented languages, etc. In the case of:
• Business Rules, you must predict these possibilities by writing all of the possible rules (obviously impossible).
• Data Mining, you must generate a decision tree that takes into account all possible cases (obviously impossible).
• Neural Networks, you need to have access and train your system with all the possible patterns (obviously impossible).
• Object-oriented languages, you must foresee, know and program all possible methods (obviously impossible).
Characteristics of an effective real-time fraud prevention solution
Effective real-time fraud prevention will require technologies characterized by several key features.
1. It should not rely exclusively on predefined rules, patterns learned from historical data, or structured queries that try to anticipate every possible scenario.
2. It should be data agnostic. The proliferation of payment types and methods requires technologies that are flexible and can manage data in any format (structured and unstructured) and volume.
3. It should prevent rather than detect. Solutions that do not provide real real-time capabilities (before authorization) are inefficient as they do not proactively prevent fraud losses from occurring.
4. It should profile behavior on a 1-to-1 basis. Every individual’s spending behavior is different. Effectively reducing fraud requires understanding this behavior at an individual level.
5. It should offer multiple layers of protection. To efficiently prevent fraud, a solution must provide protection at the following layers:
· Endpoint and Navigation, using advanced device ID and clickstream analytics.
· User and Account, for providing real-time cross-channel behavioral analysis (specific to each individual cardholder and merchant outlet).
· Merchant and Business, for analysis of the relationships among internal and external entities to detect organized or collusive criminal activities or misuse.
6. It should adaptively learn over time. Once individual behavior is characterized, the technology should continuously update these individual profiles to learn behavior over time.
Additionally, a comprehensive solution should be able to identify data breaches within hours of the first fraudulent transactions occurring. A solution must manage two real-time behavioral profiling engines: a card profiling engine (CPE) and a merchant profiling engine (MPE). The card profiling engine continuously updates the behavioral profiles to learn the behavioral characteristics unique to each cardholder. The CPE uses these profiles to evaluate every transaction in real-time and assign risk scores. These scores are passed to the MPE, where they are grouped across multiple dimensions (e.g. specific merchant, branch, location). Within and across each group, shared behavioral intelligence enables comprehensive profiling of all card behavior for every merchant. Once suspected merchant breach location(s) are identified, the MPE updates the behavioral profiles for all cards visiting these locations and raises the corresponding risk scores. This approach will enable the discovery of breaches faster (as soon as the first fraudulent transactions occur).
The benefits of Smart Agent technology
As mentioned earlier, Current A.I. and machine learning technologies suffer from various limits. Most importantly, they lack the capacity for:
Personalization: To successfully protect and serve customers, employees, and audiences we must know them by their unique and individual behavior over time and not by static, generic categorization.
Adaptability: Relying on models based only on historical data or expert rules are inefficient as new trends and behaviors arise daily.
Self-learning: An intelligent system should learn overtime from every activity associated to each specific entity.
To further illustrate the limits, we will use the challenges of two important business fields: network security and fraud prevention. Fraud and intrusion are perpetually changing and never remain static. Fraudsters and hackers are criminals who continuously adjust and adapt their techniques. Controlling fraud and intrusion within a network environment requires a dynamic and continuously evolving process. Therefore, a static set of rules or a machine learning model developed by learning from historical data have only short-term value.
In network security, we know every day dozens of new malware programs with ever more sophisticated methods of embedding and disguising themselves appear on the internet. In most cases after vulnerabilities are discovered, a patch is released to address the vulnerability. The problem is it is often easy for hackers to reverse engineer the patch and therefore another defect is found and exploited within hours of the release of the given patch. Many well-known malware (Conficker is an example) exploit vulnerabilities for which there is a known patch. They use the fact that, for a variety of reasons, the patch is not deployed on vulnerable systems, or is not deployed in a timely manner leaving open targets. The attack in the fall of 2009 against Google and several other companies originating in China, called Aurora, was an example of exploitable dangling pointers in a Microsoft browser, which had previously not been discovered.
Tools that autonomously detect new attacks against specific targets, networks or individual computers are needed. It must be able to change its parameters to thrive in new environments, learn from each individual activity, respond to various situations in different ways, and track and adapt to the specific situation/behavior of every entity of interest over time. This continuous, one-to-one behavioral analysis, provides real-time actionable insights. In addition to the self-learning capability, another key concept for the next generation of A.I. and ML systems is being reflective. Imagine a plumbing system that autonomously notifies the plumber when it finds water dripping out of a hole in a pipe and detects incipient leaks.
Smart-Agents is the only technology that has the ability to overcome the limits of the legacy machine learning technologies allowing personalization, adaptability and self-learning.
Smart-Agents technology is a personalization technology that creates a virtual representation of every entity and learns/builds a profile from the entity’s actions and activities. In the payment industry, for example, a smart-agent is associated with each individual cardholder, merchant, or terminal. The smart agents associated to an entity (such as a card or merchant) learns in real-time from every transaction made and builds their specific and unique behaviors overtime. There are as many smart agents as active entities in the system. For example, if there are 200 million cards transacting, there will be 200 million smart agents instantiated to analyze and learn the behavior of each. Decision-making is thus specific to each cardholder and no longer relies on logic that is universally applied to all cardholders, regardless of their individual characteristics. The smart agents are self-learning and adaptive since they continuously update their individual profiles from each activity and action performed by the entity.
Let’s use some examples to highlight how the Smart-Agents technology differs from legacy machine learning technologies.
In an email ﬁltering system, smart agents learn to prioritize, delete, forward, and email messages on behalf of a user. They work by analyzing the actions taken by the user and by learning from each. Smart agents constantly make internal predictions about the actions a user will take on an email. If these predictions prove incorrect, the smart agents update their behavior accordingly.
In a ﬁnancial portfolio management system, a multi-agent system consist of smart agents that cooperatively monitor and track stock quotes, ﬁnancial news, and company earnings reports to continuously monitor and make suggestions to the portfolio manager.
Smart agents do not rely on pre-programmed rules and do not try to anticipate every possible scenario. Instead, smart agents create profiles specific to each entity and behave according to their goals, observations, and the knowledge that they continuously acquire through their interactions with other smart agents. Each Smart agent pulls all relevant data across multiple channels, irrespectively to the type or format and source of the data, to produce robust virtual profiles. Each profile is automatically updated in real-time and the resulting intelligence is shared across the smart agents. This one-to-one behavioral profiling provides unprecedented, omni-channel visibility into the behavior of an entity.
Smart agents can represent any entity and enable best-in-class performance with minimal operational and capital resource requirements. Smart agents automatically validate the coherence of the data, perform the features learning, data enrichment as well as one-to-one profiles creation. Since they focus on updating the profile based on the actions and activities of the entity, they store only the relevant information and intelligence rather than storing the raw incoming data they are analyzing, which achieves enormous compression in storage.
Legacy technologies in machine learning generally relies on databases. A database uses tables to store structured data. Tables cannot store knowledge or behaviors. Artificial intelligence and machine learning systems requires storing knowledge and behaviors. Smart-Agents bring a powerful, distributed file system specifically designed to store knowledge and behaviors. This distributed architecture allows lightning speed response times (below 1 millisecond) on entry level servers as well as end-to-end encryption and traceability. The distributed architecture allows for unlimited scalability and resilience to disruption as it has no single point of failure.
A complete fraud prevention solution should combine the benefits of existing Artificial Intelligence and Machine Learning techniques (such as Data Mining, Neural Networks, and Case-based Reasoning), with the unique capabilities of Smart Agent technology. The result is a comprehensive approach that is intelligent, self-learning and adapts to ever-changing fraud schemes.