Artificial intelligence for banking fraud prevention in the digital era
by Jerome Kehrli
Posted on Wednesday Jul 04, 2018 at 09:34PM in Banking
The digitalization with its changes of means and behaviours and the induced society and industrial evolution is putting increasingly more pressure on banks.
Just as if regulatory pressure and financial crisis weren't enough, banking institutions have realized that they need to transform the way they run their business to attract new customers and retain their existing ones.
I detailed already this very topic in a former article on this blog: The Digitalization - Challenge and opportunities for financial institutions.
In this regards, Artificial Intelligence provides tremendous opportunities and very interesting initiatives start to emerge in the big banking institutions.
In this article I intend to present these three ways along with a few examples and detail what we do at NetGuardians in this regards.
Since 10 years, since the first Iphone, the banking business is under intensive transformation, like the whole society. The iphone, then all the next generations of smartphones, has allowed the always and everywhere interconnection of everyone, 4 billion people today, more tomorrow. But even more than this interconnection, the real revolution was the user experience offered by these new devices, providing access to vital services at one finger touch away.
The current generations, millennials, and the rising Z generation, these young people born with a smartphone, do not share the values than their ancestors. These new generations are characterized by their need of absolute, of immediacy, everything and immediately, of individualization, all about me, myself and I, and of universal service, where I want, when I want and especially how I want.
As a result, banks, if they want to retain their customers, or seduce these young active people who are coming on the market, must adapt, transform, and digitalize their businesses. This topic is far from new, and the amazing slap given to the banks by the emergence of the fintechs and their cannibalization of the banking business was way enough to create the sense of urgency required to trigger the transformation of banks.
Today all banks are adapting, developing more personalized and massively online services, meeting the new active force on its privileged channels, mobile first, but also social networks, youtube, etc
One might want to read my previous article on this very topic: The Digitalization - Challenge and opportunities for financial institutions
In this race for digital, made vital by the crumbling margins, new technologies are both the source of the challenges and their solution. In this perspective, Artificial Intelligence and advanced algorithms are the next step, the way to scale and have the potential to make banks more innovative and smarter. To meet the challenges of digital and the demands of this population with new behaviors and uses, but also to take advantage of opportunities related to digitalization, AI proves to be a panacea.
At every level, from financial research to fraud prevention, AI can do better, faster, farther, stronger.
Today an lot of highly innovative initiatives, taking advantage of the latest advances in artificial intelligence, emerge in the big banks, the most able to consent to the investments needed for the transformation.
These initiatives are mainly around 3 axes:
1. The customer experience
The physical presence vanishes, the contact with a human also and is replaced advantageously, at least for these digital generations, by a computer system: chatbot, personal banking assistant, voice assistant, etc.
Bank of America, for instance, has deployed a virtual assistant, Erica, that interacts with her customers by voice chat or chat and is responsible for answering customers' questions, but who is also able to provide financial advices, recommendations of investment, or to carry out the simplest banking operations such as payments, fund transfers, etc. These new banking channels are available constantly, everywhere and in various forms, "When I want, where I want and especially as I want."
2. Advanced analytics, operational efficiency and service customization
New technologies and machine learning techniques are able to substitute to humans on many analytical tasks in an advantageous way, be it financial research, investment optimization or customer profiling for the personalization of advisory.
UBS, for instance, has developed virtual research agents able to performing investment research tasks, from analyzing market data to company valuation at a level comparable to human analysts but much faster.
RBS has implemented a robot for the loan evaluation process able to approve a credit in 45 minutes, instead of several days as previously required.
3. Prevention of bank ingfraud and anti-money-laundering
The new channels to which banks must subscribe, the new usages of customers and the acceleration of business cause an increase of the attack surface of banks. These uses especially, and the behaviors of these digital generations, share everything with everyone, all about myself, my life online, social networks where everything is shared, facilitate all forms of attacks, from social engineering to theft of eBanking session.
Finally, the new technologies, on one side, since they offer new means to cyber-criminals, and the economic context on the other side, which makes the criminal enterprise attractive to a number of engineers and other qualified computer scientists, cause an explosion of fraud cases, increasingly external.
AI against banking fraud, a bit of history
In the early 2000s, the detection of banking fraud relies mostly on internal control and auditing. The effectiveness of these approaches is pretty low because of their inherent limitations. Working by sampling, internal control and audit leave a lot of frauds pass through the cracks. Some additional securities are implemented within the bank's operational information system, but here too their efficiency is quite relative.
At that time, the subprime crisis and the southern european countries sovereign debt crisis have not yet occurred, the margins are wide, people trust the banks and overall, they feel safe. The fight against fraud is not perceived as a priority.
In the second half of the 2000s, the maturity of cyber-criminals, their organization and the complexity of their attacks explode, multiplying the losses associated with fraud.
Banks react by massively deploying specific analytical systems aimed at detecting fraud. At that time, these systems are rule engines seeking behavioral patterns or pre-established and well-determined conditions or patterns in audit trails of the information system.
Today, the complexity of attacks and the means of cyber-criminals are such that these rule engines are defeated. We can mention the computer crash of the central bank of Bangladesh, where cyber-criminals, safe and untraceable, managed to steal $81 million or the Retefe worm, which despite the means deployed still manages to divert about fifty ebanking sessions every day, today, in Switzerland.
The rule engines are outdated for various reasons, including changes in usage, their multiplication and the complexity of bank customer behavior. How can the same set of rules effectively protect customers with different uses and behaviors, for example a simple saver on one side and an institutional account used to pay the suppliers of a company on another side?
Today, banks no longer have any choice and deploy large-scale AI techniques to protect their Assets Under Management and their customers.
Return of Experience, our approach at NetGuardians
In the first half of the current decade, we started at NetGuardians to develop our first AI approaches, leveraging the analytics capabilities of our Big Data platform. These approaches consist in analyzing in real time all the bank transactions, with a depth of analysis of several years, to let the machine learn the transactional behavior of both the bank's customers (external fraud) and its employees (internal fraud). With this in-depth understanding of the habits, behaviors and practices of these two populations, the machine can qualify each and every transaction as legitimate or potentially fraudulent, and, if necessary, block it before the funds have left the bank.
We then introduced other machine learning algorithms to dynamically build customers peer-groups with similar behavior, allowing us to compare an individual transaction not only with the profile of a specific customer but also with its peer group, and reducing thus the irrelevant alerts, these false-positives which must nonetheless be analyzed. Later, we focused on broadening the vision of AI by trying to make it understand all patterns of interaction between humans, employees or customers, and the information system of the bank, by analyzing not only transactions but also all other types of interaction.
Today we are able to effectively block each suspicious transaction or activity, while drastically reducing the number of cases to be analyzed, these infamous false positives, and also the time required for the investigation of a case by the teams of the bank.All of this is explained in details in yet another article on this blog: Artificial Intelligence for Banking Fraud Prevention
Customer experience, the machine in contact with customers
The next step consists in putting the IA directly in touch with the bank's customers. When a suspicious transaction is detected, instead of mandating a bank anti-fraud employee to analyze the situation, which investigation usually ends up with a call to the customer for re-confirmation, the future is to let the machine contact the customer itself, by means of an application installed on the mobile of the customer, or by means of a voice chatbot able to contact him and speak to him to obtain directly the confirmation required for the validation of the transaction.
The benefits are numerous. For the customers of the banks it is a question of bringing this "callback" as close as possible to the input of the transaction, from a few hours today to a few seconds in the future. For the banks it is a question of reducing the costs of intervention while eliminating the frauds by systematically delegating the re-confirmation of the suspicious transactions to the customer.
In the end, the bank protects its reputation, its Asset Under Management, the data of its customers, but also meets them - meet the challenges of the digital - while reducing its operational costs - benefit from its opportunities.