Credit Card Information are spread everywhere and understanding where data is flowing, where it’s stored and understanding what kind of data needs to be protected is a key for safer payments. The cloud added an extra burden, no one is in charge of protecting data in the cloud and it’s not always clear where the RSA private SSL keys are stored. Cloud changed the way we manage and use IT, who owns and manages the encryption keys stored in AWS or Google cloud and how do we know that there is a dedicated HSM allocated for my authentication and encryption keys. In this article, I will draft the Fraud detection architecture I have in mind and then will talk about automating the onboarding process, profiling and reporting to fulfill the needs of mobile Anti-Money laundering and Financial.
Initially we need to define the authentication framework and the different possible types of fraud such as first party fraud (Ex. Customer opening accounts with different synthetic identities, using different phones, etc).
Starting by onboarding customers, I don’t think that there is an urgent need to speeding up the process of onboarding to the minutes level. Instead we’d need to make this process as accurate as possible by introducing and transforming the Customer Due Diligence process. We need to improve customer experience but without compromising the accuracy and security of Transactions.
Second – Profiling and being able to perform real time transaction blocking using Dynamic profiling, by understanding the behavior of customers on real time and scoring accurately every transaction. And if the transaction is not legitimate, transfer it to the fraud management platform as depicted in the below architecture. Identifying the legitimate behavior such as Unusual amounts, abnormal frequency of trades, suspicious location, transaction not seen before, etc and being able to request additional authentication or block the transaction is a key for detecting fraud in real time.
Third is reporting for suspicious transactions. If the transaction is blocked, the platform will automatically generate, within less than 2 seconds, a message to the risk management platform.
AML is next, the use of graph database for finding fraud networks and analyse relationships and being able to identify and visualise AML rings. The use of graph database is a key for the new fraud detection architecture. With Graph databases, relationships take first priority and that makes the analysis of connections easier and faster.
Finally, using behavioral and predictive analytics such as Random Forest techniques and regression analysis will help to a certain extent in identifying high risk transactions. Data such as Location of Users, Behavioral profile, device profile, risk score for the transaction will be fed to the risk engine and to the SIU “Special Investigation Unit”.