From Bank Fraud. Full book available for purchase here. - PDF

Please download to get full document.

View again

of 19
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report



Views: 6 | Pages: 19

Extension: PDF | Download: 0

Related documents
From Bank Fraud. Full book available for purchase here. Contents Preface xi Acknowledgments xiii About the Author xvii Chapter 1 Bank Fraud: Then and Now 1 The Evolution of Fraud 2 The Evolution of Fraud
From Bank Fraud. Full book available for purchase here. Contents Preface xi Acknowledgments xiii About the Author xvii Chapter 1 Bank Fraud: Then and Now 1 The Evolution of Fraud 2 The Evolution of Fraud Analysis 8 Summary 14 Chapter 2 Quantifying Fraud: Whose Loss Is It Anyway? 15 Fraud in the Credit Card Industry 22 The Advent of Behavioral Models 30 Fraud Management: An Evolving Challenge 31 Fraud Detection across Domains 33 Using Fraud Detection Effectively 35 Summary 37 Chapter 3 In God We Trust. The Rest Bring Data! 39 Data Analysis and Causal Relationships 40 Behavioral Modeling in Financial Institutions 42 Setting Up a Data Environment 47 Understanding Text Data 58 Summary 60 Chapter 4 Tackling Fraud: The Ten Commandments Data: Garbage In; Garbage Out No Documentation? No Change! Key Employees Are Not a Substitute for Good Documentation Rules: More Doesn t Mean Better Score: Never Rest on Your Laurels Score + Rules = Winning Strategy Fraud: It Is Everyone s Problem 85 ix x CONTENTS 8. Continual Assessment Is the Key Fraud Control Systems: If They Rest, They Rust Continual Improvement: The Cycle Never Ends 88 Summary 88 Chapter 5 It Is Not Real Progress Until It Is Operational 89 The Importance of Presenting a Solid Picture 90 Building an Effective Model 92 Summary 105 Chapter 6 The Chain Is Only as Strong as Its Weakest Link 109 Distinct Stages of a Data-Driven Fraud Management System 110 The Essentials of Building a Good Fraud Model 112 A Good Fraud Management System Begins with the Right Attitude 117 Summary 119 Chapter 7 Fraud Analytics: We Are Just Scratching the Surface 121 A Note about the Data 125 Data 126 Regression Logistic Regression Models Should Be as Simple as Possible, But Not Simpler 149 Summary 151 Chapter 8 The Proof of the Pudding May Not Be in the Eating 153 Understanding Production Fraud Model Performance 154 The Science of Quality Control 155 False Positive Ratios 156 Measurement of Fraud Detection against Account False Positive Ratio 156 Unsupervised and Semisupervised Modeling Methodologies 158 Summary 159 Chapter 9 The End: It Is Really the Beginning! 161 Notes 165 Index 167 From Bank Fraud: Using Technology to Combat Losses by Revathi Subramanian. Copyright 2014, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED. Preface I was introduced to the fascinating world of data-driven risk management back in the mid-1990s. Since then, I have come across repeated situations where the lack of planning of simple things resulted in a significant drop in the quality of the achievable, desired results. I felt that a book that detailed the steps of designing and implementing a data-driven risk management system and how interconnected everything is would really help practitioners of risk management achieve their goals. This book is aimed at helping business and IT users define their data and analysis environments correctly from the beginning so that the best possible results can be achieved by their risk (specifically fraud) management systems. This book is not meant as a primer to convert the reader into a data scientist (that requires significant academic and practical training). Rather, it was written to help the reader become a power user of datadriven systems by covering in detail the ingredients necessary to build and maintain a healthy fraud management environment. Without the right data environment (and attitude of all the personnel involved), even the best, most advanced data-driven solutions cannot yield optimal results. Bank Fraud: Using Technology to Combat Losses aims to help define such an environment. xi From Bank Fraud. Full book available for purchase here. C HAPTER 1 Bank Fraud: Then and Now Perhaps the earliest recorded case of fraud in the Western world was that of Hegestratos and Xenothemis in 300 B.C. 1 The story goes that Hegestratos took out an insurance policy on a boat for a large sum, with the deliberate intention of sinking it. At this time, ships were going down at a very high frequency, so this was not necessarily a bad idea (from the point of view of the fraudster), provided one managed to pull it off. Hegestratos was supposed to carry a large amount of grain from Syracuse to Athens on his boat. His idea was to not carry any grain but sink the boat halfway through the voyage and collect the insurance money. He would get the price of the boat reimbursed, and since there was no grain on the boat, he wouldn t incur the loss of the value of the grain. What ended up happening was something else altogether. The people on the boat got wind of Hegestratos s plan to drown them and confronted him. Unable to face the opposition, Hegestratos jumped overboard and drowned himself. His partner, Xenothemis, had to sail the boat to the port, and things didn t go well for him either. A legal battle followed between the buyer, Protos, who was waiting in Athens, and Xenothemis, when Protos, who thought he was getting grain, found out that there was no grain on the boat. 1 2 BANK FRAU D: THEN AND NOW Even though the exact details of the verdict in this legal battle are lost to history, we know that Hegestratos and Xenothemis were unable to carry out their plan, and things ended badly for both of them. While this is surely not the oldest case of fraud in history, it is one of the oldest recordedd cases of fraud. This chapter traces a rough history of fraud and compares the times we are in with historic times and looks at how complicated the world of fraud management has become. In order to begin laying the groundwork to understand how complex fraud detection systems have become a necessity in the last few decades, it is important to be aware of this history. THE EVOLUTION OF FRAUD If we look to the East, many stories of fraud exist in Hindu mythology and in the folklore of various parts of Asia. Fraud is probably as old as money itself, and we could go a step further and say that fraud has probably existed in this world for as long as human beings have inhabited it. One might ask, What is different about the times we live in? In historic times, unlike today, fraud was a rather sporadic phenomenon. There was also considerable stigma associated with fraud as most of it was discovered sooner rather than later, which served as a deterrent to its widespread use. Written over 2,500 years ago, the Thirukkural 2 is a masterpiece by the poet Thiruvalluvar composed of 1,330 couplets in the South Indian language Tamil (which happens to be my mother tongue). The 284th couplet says that the unbridled desire to defraud others, when fruitful, will produce endless pain and sorrow. This indicates that fraud existed many thousands of years ago, and most often it resulted in the fraudster reaping considerable notoriety and sorrow. Not only was this the case in the East but also in the Western world, as evidenced in the Hegestratos and Xenothemis story. Fraud in the Present Day Fast forward to our times. Not only has fraud become much more prevalent now compared to historic times, but the frequency and the ubiquitous nature of today s fraud means that fraudsters don t necessarily meet THE EVO L U TIO N O F FRAU D 3 the end they deserve. Financial institutions are forced to fight fraud all the time. If fraud is not fought effectively, fraud losses can threaten to derail entire institutions. Some of this is because there are so many more human beings inhabiting the world today, and this results in interactions with institutions becoming more and more impersonal, thus opening up a rich environment for committing fraud. Fraudsters have become so sophisticated that they don t need to be present and make personal sacrifices like Hegestratos to carry out their plans. Fraud can be completely impersonal as far as the fraudsters are concerned. Banks are especially vulnerable to fraud. Why are they so vulnerable? I am reminded of a conversation alleged to have occurred between Willie Sutton, a legendary and prolific bank robber, and a reporter, Mitch Ohnstad. Sutton is said to have robbed more than $2 million and spent over half of his adult life in prison. The reporter Ohnstad asked Sutton, Why do you repeatedly rob banks? to which Sutton replied, Well, that is where the money is. 3 That statement pretty much sums up why banks are so popular with fraudsters. In most cases of fraud that banks experience, the fraudsters are never caught. All that the banks are able to do is to stop the bleeding by stopping fraud as soon as they can ; they have little hope of recouping the money lost. In the good old days, when there were fewer customers and banks were for the most part local, they had the luxury of having face-to-face relationships with customers. In the last 40 or 50 years, this has been changing. Not only are there more and more (too many) customers to keep up with, but there also are many customers simply not available for face-to-face interactions. As banks got bigger and the pressure to get bigger and more profitable grew, they were forced to innovate in terms of customer acquisition as well as ways in which customers transact with the bank. As interactions with banks became more and more impersonal, the resulting anonymity also helped the fraudsters to exploit the system. Risk and Reward As we all know, lending money has been the business of banks almost from when they started. However, the amount of risk a bank is willing to take to lend money has changed dramatically in the last 50 years. 4 BANK FRAU D: THEN AND NOW Gone are the days when customers had to appear personally at the banker s office and show the assets on which a loan is requested. In those days, not only were assets showing the customer s ability to pay back the loan needed, but there was also the need to have third parties assure the bank that the money would be paid back if the borrowing customer was unable to repay the loan. Fast forward to 10 or 20 years ago: Pretty much anyone who had an account with the bank and the semblance of a job could walk in and get a loan not secured, but an unsecured loan like a credit card and/or other types. Even though it seems to be a pretty risky path for banks to take, as long as they could manage the risk/reward equation by exercising decent control on the risk side, it became a very lucrative path for the banks. The reward portion of the equation is generally dictated by the volume of business a bank can generate. Most of the time, the volume of business is proportional to the number of customers. The same volume also helped fraudsters. The higher the number of customers, the more impersonal the relationships become. You can see how the continuum operates. Secured Lending versus Unsecured Lending Even with a rapidly growing customer base, it is possible to keep a decent amount of control on secured lending. In secured lending, there is an asset that the bank has control over that can be used to recoup losses it might incur, especially if the perpetrator is the customer. However, unsecured lending is a totally different beast. Unsecured lending is based on intangibles such as the behavior history of the customer and so on. In addition, since the customer does not have skin in the game, unsecured lending becomes a burden mostly on the bank. Unsecured lending pretty much opened the floodgates in terms of fraud. To a number of customers, it seemed like free money... almost. The biggest proliferation of unsecured lending happened in the area of credit cards. The concept of being able to get money using a small plastic card was not only an amazing idea, but also one that caused a lot of crooks to start thinking about how they could exploit this little plastic card to get the free flow of money going. Due to high interest rates for credit cards, in spite of the fraud losses, running credit card THE EVO L U TIO N O F FRAU D 5 portfolios was and continues to be a very lucrative business for banks. However, if there was a way to control losses, credit card portfolios would be even more attractive for banks. This meant that issuers had to figure out a way to keep fraud losses in check. Various authentication methods such as signature matching were used in the beginning to keep fraud rates under control. Not surprisingly, fraudsters found easy ways around these authentication methods. This is when the realization came that studying the cardholders behavior and looking for deviations would be a much more effective method of keeping fraud in check than using authentication methods, which the crooks could find ways around. Statistical models started do a better job of understanding the nuances of cardholder behavior and what is normal for a customer, so the automation of the process of detecting fraud as well as improved accuracy became a huge asset to managing fraud. These days, interestingly, even authentication methods are expected to have some understanding of the customer beyond simply matching a password to the recorded password of the customer. We live in a complex world where customer expectations have grown, and as customers have become more sophisticated, there has been an inherent expectation that the banks should almost magically know the behavior of the customer based on past history. In unsecured lending, a lot more diligence is needed in combating fraud because fraud directly affects the bottom line of banks, as there is no way to recover losses from the customers. About 15 years ago, the banks started to turn to systems based on technology. Some of these systems could see what the human eye could not. The human eye can see two dimensions and, with some help from the brain, can understand the third dimension. When we start thinking about higher dimensions and interactions, the human eye is simply incapable of seeing odd behavior. If you include the human intellect, it is possible to look a little further. However, no system is going to be as efficient and adept at finding fraudulent patterns that do not fit as statistical models. Technology had helped spearhead the phenomenon of interactions becoming more and more impersonal. Now the same technology (involving behavioral modeling) came to the rescue to address the problem it was partially responsible for creating. 6 BANK FRAU D: THEN AND NOW Statistical Models and the Problem of Prediction Yogi Berra, the legendary American baseball catcher and manager, once said, It is hard to make predictions, especially about the future (the predecessor to this statement was made by physicist Neils Bohr). 4 This very funny but very insightful quip applies to any prediction problem, and from one point of view, there is a lot of truth to this statement. As Nassim Nicholas Taleb, the author of the book Black Swan, says, it is true that vast portions of the future lie beyond our abilities to predict. 5 The same argument tends to get used quite a bit against statistical models as well. Since a significant portion of this book is aimed at detailing the evolution of data analysis and statistical modeling and how much both have helped in combating fraud, let me address this at the very beginning. From certain points of view, it might seem that statistical models are not adequate to accurately predict the future. However, from my point of view, statistical models for the most part do a great job of making good predictions about the future even when the predicted situation is not exactly the same as what was observed earlier. Statistical models are very good at limiting the exposure (or fraud risk) and giving us a decent handle on the future. Statistical models have a tremendous ability to understand complex patterns and extrapolate to a decent-sized region not only in but around the values that the models were trained on. To put it in real terms, let s say that cash deposits of $10,000 or more followed by multiple withdrawals are risky. If a rule or a mathematical algorithm is written to monitor for cash deposits of $10,000 or more, it is simply incapable of seeing risk when a deposit of $9,000 is made followed by withdrawals. However, a statistical model can observe a $9,000 deposit followed by multiple withdrawals and flag the activity as risky even though the model has never seen the exact same type of activity in the data presented to it. The key here is the proximity of the dollar figure to the original number, and it gets a lot more complex and hard to do as we move away from the number. Statistical models, though, afford us the ability to extrapolate and learn in regions previously unknown, as long as the regions are reasonably close to what has been observed earlier. In a way, this is the way the human race has managed to grow knowledge in any scientific field, isn t it? If you look to the field of medicine, THE EVO L U TIO N O F FRAU D 7 the development of antibiotics was based on repeated scientific experiments where each scientific experiment relied on the previous one and slightly expanded the knowledge space. We learn from the accumulation of knowledge, experiment a bit, observe new results, gain knowledge, extrapolate slightly beyond our previous region of knowledge, and so on. Statistical modeling is no different. While there are certain areas in which the ability of statistical models is more limited than in others, today it is true that without risk management largely driven by statistical models with behavioral input, banks would not survive. This is a hard fact that stares at everyone whether or not one has affinity for statistical models. There are many examples that have been provided almost since statistical models came into existence on how wrong these models can be. There are any number of jokes on confidence intervals and how little they mean. There is of course the famous (but often overused) statement, There are three kinds of lies: lies; damned lies; and statistics, by British Prime Minister Benjamin Disraeli, which was popularized by Mark Twain. 6 As much of a lover of statistics that I am, I would go one step further and say that the one thing you can be sure of with any statistical prediction is that it is not precise. When I say that a transaction s fraud score is 930 (meaning a probability of fraud of 0.93), the one thing we know for sure is that it is not correct. The transaction is either fraudulent or not, which should lead to a score of 0 or 1,000, translating to a probability of 0 or 1 if we simply want to be precise. But most fraud scoring systems do not use the score 0 or 1,000. Does this mean that fraud scoring systems are not useful? Absolutely not! When it comes to statistics, it is important to focus on how useful the output of a model is rather than whether the exact prediction is right or wrong. A score prediction is expected to be right in a large enough set of transactions with the same score, not for an individual transaction. Life is never about the extremes. It is always about the shades of gray that we need to understand more clearly. So, while there have been countless number of writers before me and I am sure there will be countless number of writers after me who readily talk about the imprecise nature of statistical models, the benefits a statistical model provides are not as much in its precision and accuracy as it is in the rank ordering it provides. As long as a score of 8 BANK FRAU D: THEN AND NOW 930 has a much higher probability of fraud compared to a score of 850, a ton of value can be gained from the score, especially in high-volume areas where there is a need to separate the goods from the bads very quickly. In an environment where thousands of transactions are queuing up every second for a decision, it is important to quickly categorize transactions into groups with various false positive rates so that analysts time can be well spent on identifying fraud. To this end, statistical models work wonders. Also, it is important to understand that while the individual score of 930 may not be precise for a s
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks