Online fraud costs the global economy more than $400 billion, with more than 800 million personal records stolen in 2013 alone. Increasingly, fraud has diversified to different digital channels, including mobile and online payments, creating new challenges as innovative fraud patterns emerge.
One technique organizations use to detect and prevent electronic fraud is outlier or anomaly detection. In fact, it is the core of one of our fraud protection layers, called DetectTA (the TA stands for transaction anomaly). Through anomaly detection, companies are able to differentiate between normal and abnormal customer account behavior by using statistical analysis. Patterns can be used to identify potentially fraudulent transactions, such as a spending spree on expensive luxury items. If not typical for an account these would be considered outlier transactions, which by definition, deviate from normal behavioral patterns.
Standard methods for statistical outlier detection observe how two variables typically interact to determine normal behavior. For example, the following graph shows the interaction between transaction amount and the time between the last transactions for each card holder.
The objective is to identify transactions that do not behave in a normal way. To do that, an outlier detection algorithm, such a density-based model, can help to identify obvious anomalies. Below, in the same graph, transactions identified as anomalies are marked with a red star.
These outliers may indicate that high value transactions are occurring on inactive accounts, and could be a warning of fraudulent activity. Nevertheless, it has been noted in the literature that these algorithms are tested when small groups of anomalies are present. This is something that happens in fraud detection, because when a thief finds a strategy that works, he/she is going to use the same strategy until it doesn’t work anymore.
In order to detect these types of anomalies, methods such as the Local Outlier Factor (LOF) have been developed in recent years. This method is used to locally estimate the density using only the nearest neighbors. Transactions that have substantially lower density than their neighbors are considered to be outliers. In the following plot, the outliers identified by the LOF method are marked with red triangles.
These new results make sense, as it is expected that fraudulent transactions with high amounts would be made in a very short period of time. The fraudster is attempting to maximize his/her profit as fast as possible, probably by using newly opened accounts with stolen identities.
Detecting fraud is by no means an easy task. We should include in our analysis the best tools available and understand very well the shortcoming and limitations of the methods we use. In this post, I attempted to highlight the benefits of using advanced outlier detection methods such as LOF. With this method, we can improve our detections rates and react faster to new fraudulent strategies.
DetectTA is part of the Easy Solutions’ Total Fraud Protection platform, a multilayered approach to fight back Omni-channel transactional fraud. DetectTA is designed to give financial institutions the ability to defeat fraud along the lifecycle of the fraud.