Same-day ACH payment fraud prevention with artificial intelligence & machine learning

Three phased approach to same-day ACH

In September 2016, the National Automated Clearing House Association (NACHA) began implementing their vision of faster ACH payments by starting Phase I of the Same Day ACH: the Moving Payments Faster Rule, with the eventual goal of making virtually all types of ACH payments eligible for same-day processing by March 2018. Eligible transactions account for approximately 99 percent of current ACH Network volume. Only international transactions and high-value transactions above $25,000 would not be eligible.

The rule brings several benefits to all entities using the ACH Network, including:

• Providing consumers, businesses, government entities, and financial institutions the ability to move money between bank accounts quickly
• Allowing same-day payrolls, which enables employees to have faster access to their pay, as well as employers to instantly provide final paychecks for terminated employees
• Reducing the time for an originator to fail, go bankrupt, or have funds frozen

With faster processing, what is the impact to risk management and prevention?

With same-day processing, banks and financial institutions will need to review thousands of additional transactions per day. With this influx of additional transaction volume comes a potential increase in fraudulent activity. In addition to the increase in volume, several other risks exist. Fraudsters are notorious for targeting new services, which typically do not yet have vetted security protocols and seasoned risk mitigation tactics, (for example the early exploits following the launch of Apple Pay in 2014). Also, as payment speed accelerates, many risk experts anticipate criminals will further exploit stolen account information to move funds quickly out of the system. Once the funds are sent, it is nearly impossible to retrieve them, an additional benefit to fraudsters. With this increase in risk, the question businesses are now asking is: “how do we efficiently and effectively eliminate fraud in real-time?”

Traditional fraud prevention tools alone have failed to reduce fraud

In spite of the myriad companies espousing new fraud prevention techniques, fraud losses have consistently hovered around $0.06 per $100 for the last twenty years. Why? Because fraudsters adapt and evolve their techniques, while the legacy technologies used to fight fraud are incapable of adapting to these continuously changing behaviors. Legacy systems will have difficulty detecting same-day ACH for these same reasons. While these technologies provide some benefits, they also suffer from several important limitations in the face of today’s ever evolving fraud schemes:

1. Popular legacy approaches, including business rules, data mining and neural networks, all use historical fraud data to train models and write rules. Using only data from the past limits one’s ability to identify and stop new fraud schemes. As a result, models and rules are outdated as soon as they are implemented, requiring expensive tuning and model refreshes.

2. These approaches apply the same logic to every entity (card holder, device, merchant, etc.), although the spending behavior of each entity differs. In the case of business rules, gaining insight into individual spending behaviors would require an unimaginable set of rules. Neural Networks and Data Mining try to extract macroscopic behavioral patterns from historical data. Solely relying on these approaches results in low detection and high false positive rates.

3. Modern fraudsters are exploiting the proliferation of payment technologies and methods. Financial institutions’ inherent structural rigidity can often also be a fraudster’s best friend, as silo structures and delivery channels lead to stove-pipe, myopic anti-fraud strategies that fail to share intelligence across relevant channels. This is especially important in today’s connected world, where commerce occurs via a myriad of channels and devices.

Characteristics of an effective real-time fraud prevention solution

Because same-day ACH processing brings with it a multitude of potential new risks, next generation technologies and methods must be used to automatically identify and stop the fraud before it occurs. The quick turnaround times and increase in volume of transactions within a given day mean that manual investigation alone is no longer sufficient. A real-time, intelligent solution will be required to prevent ACH fraud. Effective real-time fraud prevention will require technologies characterized by several key features. It should:

Not rely on predefined rules. Effective fraud prevention solutions cannot rely exclusively on predefined rules, patterns learned from historical data, or structured queries that try to anticipate every possible scenario as fraud is constantly evolving. Same-day ACH will introduce with it new behavioral fraud patterns which predefined rules will not be able to predict.

Be data agnostic. The proliferation of payment types and methods requires technologies that are flexible and can manage data in any format (structured and unstructured) and volume.

Automatically discover important features and associations, create new fields, enrich the data and automatically build and test millions of artificial intelligence and machine learning models in parallel. These models should then be automatically merged together to create accurate and robust production ready models.

Prevent rather than detect. Solutions that do not provide real real-time capabilities (before authorization) are inefficient, as they can not proactively prevent fraud losses. When transactions must be processed in real-time (within the same day), the ability to proactively prevent fraud is crucial. This becomes increasingly important in the world of ACH where transferred funds can be virtually impossible to retrieve.

Analyze behavior on a 1-to-1 basis. Every entity’s behavior is different. Effectively reducing fraud requires understanding this behavior at an individual level.

Offer multiple layers of protection. To efficiently prevent fraud, a solution must provide protection at the following layers:
• Endpoint and Navigation, using advanced device ID and clickstream analytics. Being able to prevent account take over, falsifying of credentials, etc. is essential in same-day processing because it stops the fraudsters before they even start
• User and Account, for providing real-time cross-channel behavioral analysis (specific to each individual cardholder and merchant outlet)
• Merchant and Business, for analysis of the relationships among internal and external entities to detect organized or collusive criminal activities or misuse

Adaptively learn over time. Once individual behavior is characterized, the technology should continuously update these individual profiles to learn behavior over time.

The benefits of Smart Agent technology to stop ACH fraud in Real-time

Brighterion’s patented Smart Agents are the only technology with the ability to overcome the limits of the legacy machine learning technologies to allow personalization, adaptability and self-learning. Smart Agents do not rely on pre-programmed rules and do not try to anticipate every possible scenario, instead,  Smart Agents create profiles specific to each entity (merchant, company, bank, device, etc.) and adaptively learn from their individual activities. Each Smart Agent behaves according to its goals, observations, acquired knowledge and interactions with other Smart Agents.

Each Smart Agent pulls all relevant data across multiple channels, irrespective of data type, to produce robust virtual profiles. Each profile is automatically updated in real time, and the resulting intelligence can be shared across all relevant business lines (ACH, card present, card not present, wire, etc.).

Smart Agents enable best-in-class performance with minimal operational and capital resource requirements, as they focus on extracting only relevant intelligence from data. This enables firms who incorporate Smart Agent technology to operate efficiently at scale, without the need for expensive databases or high-end hardware.

Additionally, Smart Agents can represent any entity and work with any data. As a result, a single Smart Agent deployment can provide fraud protection at multiple layers, from endpoints like mobile devices to POS terminals at merchant outlets.

A complete fraud prevention solution should combine the benefits of existing artificial intelligence and machine learning techniques (such as data mining, neural networks, and case-based reasoning), with the unique capabilities of Smart Agent technology. The result is a comprehensive approach that is flexible and adapts to everchanging fraud schemes, making it the ideal choice to combat ACH fraud in real time.