How AI spots fraud quicker than people

With increasing volumes of online financial transactions, businesses are turning to artificial intelligence to catch fraudsters in the act

Identity fraud, in which a slice of your identity ranging from new credit cards to entire bank accounts is taken over by criminals, rose by 49 per cent in 2015 on the previous year. That totalled almost 170,000 cases, according to data collected by Cifas, the financial industry’s non-profit fraud advisory service.

The reason for the rise is that more and more we use the internet for financial transactions, but have very few ways to verify our identity without cumbersome systems involving human interaction, which are also vulnerable to fraud.

Cifas’ 2015 Fraudscape report shows that 86 per cent of identity fraud happened online, with bank accounts and credit or debit cards most targeted, closely followed by loans and communications, typically mobile phone accounts.

Businesses looking to tackle fraud are turning to artificial intelligence and deploying neural networks because the systems learn in a manner like the brain’s own neurons to try to bust fraud

Traditionally, companies dealing with such problems have acted after the fact, trying to unravel complex or opportunistic frauds by working back through audit trails. But the speed of online commerce can make it difficult to keep up.

Increasingly, businesses looking to tackle fraud are turning to artificial intelligence (AI), also known as machine-learning, and deploying neural networks because the systems learn in a manner like the brain’s own neurons to try to bust fraud.

It is because the AI’s view of what is happening is both real time and nuanced that fraudulent transactions and patterns of transactions “look” different from honest ones. Credit card theft is often detected when the stolen card details are used to make a small purchase in the thief’s location; if that succeeds, the thief follows it with a much larger one.

The bigger the business, the more applicable such systems will be because they generate more data and machine-learning thrives more on the volume of data than the pure quality of the algorithms they deploy.

Quality data

Leonard Austin of Ravelin, a London-based startup which applies AI technology to fraud detection for online payments, says: “Given the choice between better algorithms and more data, I’d always rather have the data because algorithms are commoditised already – there are so many of them to choose from. The better quality data and the more data you have, the more you can predict.”

Machine-learning improves with more data because this lets it pick out the differences and similarities between different behaviours. Once told which transactions are genuine and which are fraudulent, the systems can work through them and begin to pick out those which fit either bucket and predict them in the future when fresh transactions are made. The one risk is if there is undetected fraud in the training data; in effect, that trains the system to ignore that type of fraud in future.

One group with rich sources of data, but also struggling against fraud, is phone carriers or providers, who collectively lose between $30 billion and $40 billion to caller fraud every year, according to Cataleya, a Silicon Valley-based startup which is used by a number of carriers around the world.

International calls, which have high costs and involve international money transfer, complicating recovery of fraudulent transactions, are a particular target, with multiple different fraud methods with exotic names such as false answer supervision, wangiri (one ring and cut off) fraud and bypass fraud.

We could have taken a rule-based approach to detect each kind of fraud,” says Jay Jayasimha, Cataleya’s chief executive. “But what we have are algorithms that detect abnormalities; they’re not looking for fraud as such.” That makes them more flexible, but also more useful as new forms of fraud will be unusual, but usually pass undetected by an inflexible rule-based system. Their abnormality, though, will make them stand out, says Mr Jayasimha.

The advantage in using real-time detection is that it catches fraud before it happens and so before billing, he notes. “Traditionally, carriers would have to look at their billing records after the call had completed, which could be one to ten minutes after the call was completed and flagged as suspicious. Then it would have to go to the fraud detection system, which would have to go over the billing records.”

Instead, Cataleya’s system can recognise fraudulent calls through patterns in the connections of the voice and system data, and even provide the option to disconnect calls recognised as fraudulent.

But detecting card fraud is one of the most important spaces where speed and accuracy matter most. “Any business that sells goods or services online is vulnerable to attack by fraudsters,” says Gerry Carr, chief marketing officer at Ravelin. In the UK it’s the most common crime, with 2.47 million offences recorded in 2015-16.

most common cyber security deployed by UK companies

Traditional systems are expensive

Traditional systems use rules and business logic to determine whether an attempted transaction is fraudulent. This works, but it’s expensive, says Mr Carr, because it is a top-down, expert-led approach, which makes little allowance for variation over time and tends to lead to many manual reviews by humans of transactions flagged as suspicious. That’s slow, time-consuming, expensive and also tends not to lead to rules being updated quickly enough to deal both with new fraud patterns and innocent transactions wrongly flagged as fraud.

Ravelin’s systems, which are deployed to spot fraud, can be trained with datasets from each customer; even better, they carry some transferability, for example between e-commerce sites. “For businesses where speed, scale and efficiency are paramount, we have to move past manual review,” Mr Carr says.

Companies in the food delivery, transport and taxi app, and ticketing sectors have all been quick to adapt to machine-learning-based fraud detection, both our own and rivals. They need to process a lot of transactions and they need to do it very quickly, so traditional approaches don’t work as there is a very limited, or no, room for manual review.”

Ravelin reckons it can drive both speed and accuracy. “With all our customers, we look to drive the fraud rate down towards 0.1 per cent,” says Mr Carr. “We’ve seen fraud rates of 3 per cent and driven it down to 0.9 per cent with a full-blown [machine-learning], rules-based system in place. So there is a multiple factor in terms of accuracy. But accuracy and detection are only interesting in the context of being able to work at the right scale and speed.”

He notes how much the modern landscape has changed, in a world where we hail taxis from smartphones anywhere and no physical money changes hands to pay for the journey, opening up the possibility both of fraud and false positives in detection methods.
“If you can’t approve a transaction in milliseconds, then it doesn’t matter much how accurate you are,” he concludes. With the velocity of commerce increasing all the time, the need for quicker, better recognition of fraud and non-fraud is becoming not just important, but essential for business survival.