Computing: How fraud-detection systems combine dozens of clues to spot
suspicious patterns in mountains of transactions
THE pleasure of reading a classic detective story comes from the way that the
sleuth puts together several clues to arrive at a surprising conclusion. What
is enjoyable is not so much finding out who the villain is, but hearing the
detectives explain their reasoning. Today, not all detectives are human. At
insurance companies, banks and telecoms firms, fraud-detection software is used
to comb through millions of transactions, looking for patterns and spotting
fraudulent activity far more quickly and accurately than any human could. But
like human detectives, these software sleuths follow logical rules and combine
disparate pieces of data-and there is something curiously fascinating about the
way they work.
Consider car insurance. Every Monday morning, telephone operators at insurance
firms listen to stories of the weekend's motoring mishaps, typing the answers
to several dozen standard questions into their computers. Once, each claim form
then passed to a loss adjuster for approval; now software is increasingly used
instead. The Monday-morning insurance claims, it turns out, are slightly more
likely to be fraudulent than Tuesday claims, since weekends make it easier for
policyholders who stage accidents to assemble friends as false witnesses. A
single rule like that is straightforward enough for a human loss adjuster to
take into account. But fraud-detection software can consider dozens of other
If a claimant was nearly injured (because of an impact near the driver's seat,
for example), the accident is less likely to have been staged and the claim
less likely to be fraudulent, even if it is being filed on a Monday. Drivers of
cars with low resale values are proportionately more likely to file fraudulent
claims. But that factor is less important if the claimant also owns a luxury
car, which suggests affluence. And if the insurance on the luxury car has
expired, the likelihood of foul play drops further, since this increases the
likelihood a person will drive a cheaper but properly insured car. And so on.
The staggering number of combinations, each an indication of fraud or
legitimacy, underscores the limitations of human analysis. Fraud-detection
software, however, can evaluate a vast number of permutations and deliver a
fraud-probability score. And such programs are getting better as new claims
provide extra statistics that can help tune the computational recipes, or
algorithms, used to detect fraud.
German insurers, for example, recently noticed that claimants who call back
shortly after filing, angrily demanding speedy settlement, are
disproportionately more likely to be cheaters, says Jörg Schiller, an insurance
expert at the Otto Beisheim School of Management in Vallendar, Germany.
Evidently fraudsters consider themselves good actors. But when pugnacious
policyholders call after the 20th of the month, the probability that they are
acting decreases slightly, since funds from the previous month's paycheque may
be dwindling. Mr Schiller says most car insurers in rich countries now use
fraud-detection software, and those in developing countries are adopting it
Play your cards right
With an estimated $250m in annual sales, and yearly growth topping 25%, the
largest and fastest-growing category of fraud-detection software is that used
to spot fraudulent credit-card transactions. According to the Association for
Payment Clearing Services, based in London, such software is largely
responsible for reducing losses from credit-card fraud in Britain alone from
£505m ($925m) in 2004 to £439m ($799m) in 2005. Merchants implementing
anti-fraud software for the first time commonly see losses from fraud reduced
by half. Such software evaluates many parameters associated with each
credit-card transaction, including specific details of the items being
purchased (derived from their bar codes), to evaluate the likelihood of foul
play in the form of a numerical risk score. Any transactions that score above a
certain pre-defined threshold are then denied or challenged.
Buying petrol seems innocent enough. If no attendant is present, however, the
risk score goes up, because fraudsters prefer to avoid face-to-face purchases.
Buying a diamond ring soon after buying petrol results in an even higher risk
score: thieves often test a card's validity with a small purchase before buying
something much bigger. A $100 purchase at a shop that sells hard liquor is more
likely to be fraudulent than a more expensive shopping spree at a wine shop,
because whisky is easier to fence. A purchase of sports shoes is risky because
trainers appeal to a demographic with less money than, say, buyers of golf
clubs. Buying two pairs of trainers increases the risk, as this may indicate
plans to resell them. Shoes in teenage sizes bump up the score further, since
pre-teens are less likely to buy stolen goods. Sales in London, New York or
Miami, all cities with vibrant black markets for shoes, push scores higher, as
do purchases made during school holidays. The fraud history of individual shops
can also be taken into account.
Seasoned criminals can, of course, figure out such rules and change their
behaviour in an attempt to avoid detection. Some types of purchases are less
likely to be fraudulent. A shopping spree in a linen shop, however, does not
have much appeal to most criminals. However, says Mike Davis, a fraud expert at
Butler Group, a consultancy, the "vast majority" of fraudsters are low-level
opportunists fairly easily foiled by today's fraud-detection software. The
situation, he says, is "spectacularly better" than it was just a few years ago.
But the technology trips up cleverer fraudsters too, using a variety of tricks.
The software can, for example, assign a customised scoring algorithm to each
credit card, depending on its normal usage patterns. That algorithm can then be
fine-tuned after each transaction. If a card belonging to a Berliner has never
been used to purchase a plane ticket or buy goods outside Germany, the system
may block an attempt to book a Moscow-Tokyo flight leaving in three hours. An
attempt to charge a moped to an elderly woman's card may fail. Cards are often
blocked when the volume of transactions for which they are used abruptly spikes.
E-businesses using anti-fraud software now block about 8% of all transactions.
Some aborted orders, of course, are not fraudulent. Each "false positive"
reduces profits and angers an honest shopper. To limit such damage, risk
managers (employed by the software developers or the merchants themselves)
study sales data compiled before the anti-fraud software was implemented. This
analysis helps retailers find the optimal score threshold to determine which
orders they accept.
Online fraudsters have tricks of their own, of course. Carl Clump, the boss of
Retail Decisions, a fraud-detection firm based near London with clients
including Wal-Mart, Sears and Bloomingdale's, offers an example. Not long ago,
American scammers began buying CDs of classical music with their purchases of
expensive items, apparently in an effort to deceive anti-fraud systems (since
such music is generally assumed not to appeal to young, tech-savvy criminals).
Retail Decisions' software, called PRISM, detected the trend. Now, purchases
that combine classical or opera CDs with expensive goods receive a higher score
than purchases of high-cost items alone.
By reading a computer's internet-protocol address, anti-fraud systems can
"geolocate" online buyers, and raise or lower scores depending on where they
are. Most systems penalise customers in places such as Eastern Europe, China,
Thailand and Vietnam. More dramatically, many merchants block all transactions
from certain countries. As this practice becomes more widespread, many
countries, mostly in West Africa, are being completely shut out of
international e-commerce. SN Brussels Airlines, for example, uses software
developed by Ogone, a Belgian firm that protects more than 6,400 European
merchants, to shut out all computers in Liberia and Congo. Without it, says
Bruno Brusselmans, director of online sales, "I don't even want to think about
what would happen."
Telecoms firms have always suffered heavily from fraud, which is thought to
reduce industry revenues by around 5%. But new software that identifies
fraudulent callers on mobile networks is helping some operators slash their
losses. Telecom Italia's 140 anti-fraud engineers trimmed losses this year to
less than 1% by freezing about 30,000 phones a month, says anti-fraud director
Such spectacular drops in fraud are more commonplace in the developing world,
where mobile operators now investing in the technology. David Ronen, of ECtel,
a firm based in Rosh Ha'ayin, Israel, with more than 100 telecoms clients and
galloping growth in poor countries, says his firm's software establishes the
normal calling patterns of individuals in order to detect tell-tale "weird
situations". For example, if a mobile account opened in Shanghai, and sparingly
used for local calls, begins making numerous calls from Beijing to a few
numbers in a distant western province, then it is likely that a phone thief is
calling friends back home.
Fair Isaac, a large fraud-detection firm based in Minneapolis, operates a
system so fast that it can block dialled calls before they are even connected.
The software, called Falcon, is widely used, since laws prevent many telecoms
firms from terminating non-prepaid calls once they are connected. Wily
criminals are increasingly operating black-market phoning businesses based in
parks and on street corners. "You may see 30 people with cell phones on one
corner and one guy is dialling all the numbers for them," says Ted Crooks of
Fair Isaac. The calls, often to expensive destinations in poor countries,
sometimes last days, Mr Crooks says, because cheats use forwarding systems to
serve many customers with a single call. Technology that can pinpoint handsets'
locations, however, allows calls in "hot" areas renowned for such illicit
operations to be blocked.
It is all a far cry from piecing together clues in a country house, or the
drudgery of real-life detective work. But the result is the same. Life gets
harder for the bad guys, and the honest citizens, who ultimately pick up the
bill for fraud, are protected. The digital detectives, like those in mystery
novels, arrive at their conclusions by combining apparently trivial morsels of
information. But as Sherlock Holmes put it, "I am glad of all details, whether
they seem to you to be relevant or not."
"Let me know, that at least, she will try
Then she'll be a true love of mine"
[Non-text portions of this message have been removed]
Sageata Albastra e cea mai mare tzeapa a transportului public!
Yahoo! Groups Links
<*> To visit your group on the web, go to:
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to: