The UK’s National Crime Agency recently warned that businesses and law enforcement agencies are losing the ‘cyber arms race.” One of the key threats was found to be fraud, with 700,000 cases contributing to the 2.46 million ‘cyber incidents’ of 2015.
Of real concern was the NCA finding that cyber criminals remain one step ahead in terms of technical capabilities – but that is beginning to change. The UK government has pledged to spend £1.9 billion on cyber defences over the next five years, with businesses and law enforcement setting up networks and shared threat intelligence in order to fight evolving and increasing cyber threats. There is also a renewed focus on the technologies used to fight cyber crime, with one company deploying machine learning and behavioural analytics in the fight against fraud.
British company Featurespace uses adaptive behavioural analytics and real-time machine learning in order to detect fraud in the financial services sector. Looking at how this technology can deal with the dynamic crime that is fraud, CBR caught up with CEO Martina King.
Recently named one of the Top 40 powerful women in tech by Silicon Republic, King boasts an extensive career in media technology, including leadership roles at Yahoo! Europe and Capital Radio. Prior to Featurespace, King was Managing Director of augmented reality company Aurasma, and is currently a non-executive director of Cineworld and Debenhams.
Drawing upon her career in technology, CBR asked King about how fraud has evolved and how machine learning can level the playing field with cyber criminals.
EB: Fraudsters are utilising new technology to launch more complex attacks – how have fraud attacks evolved and created new challenges in recent times?
MK: As companies and consumers have moved their businesses and lives online, criminals have becoming increasingly digitally savvy. Whether it’s credit card theft, identify theft or money laundering, it is increasingly complex for companies to know how to outwit this new breed of criminal and stay one step ahead.
A traditional, and largely effective approach, has been to use fraud prevention systems based on the use of rules. The rules are effective once a known attack has been identified – it is possible to block the same type of attack once the loophole has been closed. However, this retrospective approach doesn’t help identify new attacks and leaves companies consistently one step behind.
A good example of the shift in risk took place last year in the US when Chip-and-Signature card payments were introduced. It was anticipated, as a result of what we witnessed in the UK and Europe in the 2000s, that the ‘easier’ fraud pickings of stolen or counterfeit cards would be largely stopped, and would move fraud attacks online. We’re already seeing the knock-on impact of a spike in online fraud – a huge 215% rise in the last 12 months, according to the Global Fraud Index. We have seen some predictions of customer-not-present fraud in the US reaching $7 billion by 2020.
EB: Do attackers tailor attacks to specific industries – financial services vs gaming for example?
MK: Absolutely. Our systems have picked up numerous types of fraud and financial crime, including transactional monitoring, anti-money laundering, online fraud, account takeovers, in-session online account activity, and bots, to name a few.
In the gaming sector, we have witnessed collusion in poker games, and in financial services identity theft is very common. We also witness similar attempts or patterns move across sectors. As one sector works hard to protect themselves, the attackers move into less well-protected areas. The criminals are constantly looking for weaknesses in systems, testing them with small amounts of theft and then making a larger hit, which can take place over very long periods of time or within seconds.
There are several known types of fraud, some of which are more prevalent in certain industries:
- Third-party fraud: as well as preventing more fraud, the biggest benefit we bring to clients tackling third-party fraud is reducing their false positives to accept more genuine transactions. This improves customer experience and maximises revenue.
- First-party fraud: we recently helped an Insurance client who challenged Featurespace to identify more fraud at the early application stage. Using Adaptive Behavioural Analytics, we were able to spot 5 x more fraud at this stage, enabling the insurer to correctly underwrite their books.
- Small and large attacks: we recently helped a Financial Services client identify two attacks on their merchants. Our approach spotted the attack from day one – by detecting the small ‘tester’ attacks, before the main attack event happened a few days later. By spotting anomalies, we were able to identify the small changes that indicated a fraudster attempting to expose a vulnerability. This meant the system was prepared when the main attack hit, catching fraud and preventing damage.
- Organised fraud: for an Insurance fraud client, we were challenged to compare our results to their existing system in spotting an organised fraud ring, who were committing motor insurance fraud on a large scale. Our Adaptive Behavioural Analytics approach caught 70% of the fraud at the early application stage. The existing system had not spotted the fraud at that early stage.
- Bots: in the Gaming sector, we’ve been challenged to identify fraudulent activity from bots on online betting platforms. Our real-time system is able to understand typical patterns of human behaviour. The system detects when this behaviour is anomalous – for example, the faster, more repetitive patterns of bots. It can then calculate the likelihood of this being fraudulent bot activity.
EB: Are you seeing a shift from consumer fraud, such as identity fraud, to large scale attacks on businesses?
MK: We witness fraud across the board, from vulnerable older people being conned out of their savings – by being persuaded to shift their funds into fake accounts – to large scale attacks on organisations across industries. It’s a big and increasing issue.
EB: How are you utilising machine learning in the fight against fraud?
MK: Our ARIC system is a combination of mathematical statistical profiling, utilising Bayesian statistics and advanced computer science developed at Cambridge University by our Co-Founders. When Featurespace’s ARIC engine detects an anomaly, it provides a risk score based on the known behaviour of the individual customer. The anomaly is flagged for investigation, which leads to our customers being able to spot new fraud attacks as soon as they occur. The system can be taught to look out for that type of attack in future. This self-learning mechanism means that the models never degrade and our customers can automatically adapt to new fraud types – as criminals evolve, so does the system.
EB: How does the platform separate the genuine customer, from the fraudster? How does it work?
MK: The ARIC engine is monitoring every interaction and transaction across thousands of events, in real-time. The ARIC SYSTEM learns each ‘normal’ pattern of behaviour at such a granular level that it is impossible for a criminal to mimic the behaviour we are monitoring. Anomaly detection enables us to spot a change the moment it occurs and send an alert or warning.
A widely accepted rule of thumb is that for every one blocked fraud attack, numerous good customers are declined. For existing fraud systems, a relatively ‘good’ rate of customers blocked is 10 per 1 fraud attack, although in online fraud we’re seeing as many as 34 customers blocked for every fraud attack caught. We are dramatically reducing these numbers.
Featurespace’s ARIC engine uses Adaptive Behavioural Analytics to build up profiles of ‘normal’ individual behaviour in real-time, so that it can quickly and easily spot the moment that changes occur, while understanding the context of the change. The benefit of the high accuracy level of Adaptive Behavioural Analytics is that a genuine customer’s behaviour is easy to recognise, enabling companies to accept more business – typically over 70% – while reducing customer friction.
EB: The platform can detect subtle changes in customer behaviour – how does the platform deal with managing such big data sets?
MK: Founded on applications of Bayesian inference, Featurespace’s solution allows uncertainties to be included in the algorithm calculations to identify the significance of every anomaly detected. One of the biggest challenges to spotting anomalies in data is understanding the significance of an event or change against a backdrop of constantly changing and varied customer behaviour, particularly when dealing with large data sets.
This is where advanced deep machine learning and adaptive behavioural analytics comes in, delivering detailed business insights to make reliably informed decisions related to each client’s business needs.
A machine learning algorithm is a computer program that teaches computers how to program themselves so that humans don’t have to explicitly describe how to perform the task we want to achieve. In this way, machine learning allows computers to learn how to perform complex tasks, building models so the system can effectively predict future outcomes. Computers are capable of iterating these models at very high speeds: thousands of times per second, compared to every one or two human tasks completed.
Big data has become a buzzword to describe vast volumes of data. In reality, many organisations are dealing with ‘wide’ data from many distinct sources, arriving at different times. The breakthrough with deep machine learning is being able to analyse at high speed across these different sources – more efficiently and accurately than we humans are able to analyse data in vast volumes.
EB: How important is it to have real-time capability when fighting fraud?
MK: Essential. We have seen how our system is saving our customers from fraud attacks in real-time. This is protecting their customers and their revenue lines. In one case, our ARIC system paid for itself the first weekend it was live. We have calculated that we can save the payments industry $12 billion per year.
The other consequence of rules systems is that they block genuine customer transactions. Our calculations in the payments industry show that $14.2bn is lost. However, because our ARIC engine builds a profile of the customer, it is not only more accurate at spotting fraud, but also reduces this problem of declining genuine transactions – typically by over 70%.
EB: Have you identified previously unseen fraud attacks with the ARIC engine?
MK: Yes – our ARIC engine is specifically designed to identify new and unknown fraud types, and to enable the system to update automatically for our customers when it does so. This means that, if a fraudster has found a new way to attack a consumer online, ARIC will recognise the behaviour as unusual and create a risk alert. It will then automatically recognise the fraud type in future attacks. This means that fraud attacks do not remain unknown for very long – the holy grail in fighting fraud.