Large financial institutions continuously deal with fraud. As a result, they tend to have well-tested processes and well-staffed anti-fraud departments, including data scientists running algorithms that analyze patterns in previous incidents to help predict future ones. These institutions capitalize on their exposure to fraud by learning from it.
In our experience, such practices are rare. We estimate that less than 15% of Canadian organizations carry out 'predictive and prescriptive' analytics using machine learning, a subset of artificial intelligence, that trains algorithms using dozens of variables on past incidents to help identify where fraud might occur in the future.
Many other organizations use detection methods that rely solely on past experience and can become obsolete. Our team worked with a large retailer that manually reviewed online orders based on fraud detection rules it had set five years previously, such as whether a customer account was newly created. These rules generated a 99% false positive rate – just one flagged order per 100 turned out to be fraudulent, meaning the other 99 customers had their orders delayed for no reason. There were also a significant number of false negatives – actual cases of fraud that their system didn't catch.
With machine learning algorithms, we identified specific variables associated with actual fraudulent orders to help the organization create more sophisticated rules. We found that customers using a subset of free email providers had a higher associated risk for fraud than those ordering from corporate email addresses. In addition, customers wanting to pick up an order in a store were almost never fraudulent, while those buying gift cards online were more likely to be. Introducing these algorithms helped the organization design a fraud prevention program that reduced both false positives and false negatives.
To build an effective fraud detection algorithm you typically need a lot of data, which is hard to do with few identified fraudulent transactions. One option is to use an auto-encoder, a neural network that can generate thousands of synthetic examples based on a few real ones. Neural networks are a concept at the heart of artificial intelligence that simulate the way brains work and, among other things, they are capable of using a few records to generate many similar ones. In this case, a large set of artificial fraud cases based on a few actual ones can serve as training data for fraud-prevention algorithms.
Starting your fraud fightback
Many organizations start their fraud assessment by looking at money going out the door. Procurement fraud is common, whether through fictitious vendors or overcharges. For retailers, credit card fraud can also be highly significant as they often have to absorb the resulting losses. In these cases, any fraud prevented saves money, providing a strong return on investment.
It may sound counterintuitive, but it is crucial to understand how much fraud you are willing to allow. Organizations need to consider the operating costs of an anti-fraud department (including employing expensive data scientists) and how much it costs to prevent each case. Unless other action is taken, there is typically a trade-off between false positives and false negatives: an organization that decides it wants to eliminate all cases of fraud will increase false alarms as a result. This can cause its own problems, such as a retailer delaying 99 genuine orders to catch one fraudulent one, and will need to be balanced with the impact on customer experience. However, it is worth considering that false positives have a benefit – they provide valuable training data for algorithms on transactions that may look fraudulent but aren't, and the algorithms will be adjusted to reduce false positive rates in future.
Continuously learning from fraudster and customer behaviour is vital, as both will evolve over time. This has been clear during the COVID-19 pandemic, with research finding that 62% of Canadians were using less cash and 42% were avoiding shopping at places that did not accept contactless payments.[i] As shopping habits change, sophisticated fraudsters will adjust their tactics to avoid detection. In fraud prevention, you can't just set it and forget it.
Jack Martin is a Partner and National Leader of Forensic Data Analytics at KPMG in Canada.
Ramy Hammam is a Senior Consultant in Forensic Data Analytics at KPMG in Canada.
As organizations continue to move online, they must do so in a way that stays one step ahead by investing in the people, technologies, and best-practice strategies that will drive safe and secure digital transactions.
KPMG can help your organization apply complex analytics to take its anti-fraud program to the next level, or act as a technical sounding board for work that has already been developed by your data scientists.
Contact us to learn more about fraud prevention strategies or to discuss a fraud risk assessment for your organization.