Behavioral analytics and machine learning can combine to root out fraud that is getting ever faster and harder to detect — even as payments go global and, of course, are ever faster. Guardian Analytics’ CEO, Laurent Pacalin, took PYMNTS’ Karen Webster through the ways subtle actions can tip a fraudster’s hand.
In an interview with PYMNTS’ Karen Webster, Laurent Pacalin, CEO of Guardian Analytics, discussed the ways technology can help uncover and stop fraud incidents while they are still being attempted.
“Fraudsters can steal your identity, but they cannot steal your behavior,” said Pacalin, who noted that this is the premise behind behavioral analytics as it is applied to fraud detection.
There are two aspects to fraud, he continued, noting that there is the “method of the compromise,” which hinges on just how fraudsters get into a system to commit fraud, via manual processes, social engineering or phishing. Then there’s the aspect of the point of compromise, said Pacalin, whether online or mobile or even through a call center.
The company has developed advanced risk models that capture and process a significant amount of activity and transaction data, he continued, ranging from browsers to device-focused information and payment transaction details, with a focus on catching anomalies in customer behavior.
So, when a bank or enterprise (through its risk models) sees that transactions are tried twice by the same user, once in Boston and then, immediately, once from San Francisco, “we know that is not possible.”
For Pacalin, the big difference between Guardian Analytics and legacy fraud detection systems is that his firm does not predicate its assessment on rules that can only catch known patterns and is the technology used by other security-focused firms, such as the size of the transaction or identity verification, honing in, rather, “on the pattern of the behavior.”
Guardian Analytics, he continued, has proven processes in place that have lowered fraud incidences between a quarter and a third. “That means the accuracy of our model is much greater [than peers],” he stated.
In the U.S. alone, the company has insight into transactions undertaken by 50 million account holders, totaling over five billion transactions of all sizes on a yearly basis. This adds up to a huge amount of data, said Pacalin, which allows for richer, powerful risk models and significantly better fraud detection rates than might be seen in other systems.
All of this takes place against a backdrop where there is tension between the user experience, especially in financial services — “that you would want [to] have a frictionless customer experience” — and the ever-present concern about security. Part of that is due to cumbersome authentication hurdles that must be tackled by the consumer — everything from passwords to questions tied to the consumer’s mother’s maiden name and so on. Guardian Analytics does not require such authentication, he said, enabling that balance between frictionless experience and strong security to be achieved.
There is a lot of change taking place in payments, said the executive, who made note of ACH and wire transactions, the latter of which he termed “the number one vehicle of fraudsters” to leverage in their efforts. Fraudsters benefit from the accelerating pace of payments “driven by the overall global digital transformation movement in financial services,” said Pacalin, which puts pressure on financial institutions, as they do not have the time to look at transactions one by one and determine whether they are legitimate.
Guardian looks at several data points for wire transfers, among them who is receiving the requests for the wire, the originator information (geolocation and timing), the account number and, of course, the amount. The most common fraud attempts occur when businesses’ email systems are compromised — for example, when someone poses as the CEO or executive of a company and directs a finance department employee to conduct a money transfer. The average loss via wire fraud for a consumer is about $6,000, and at the corporate level, it goes up to more than $100,000, which are meaningful amounts to each of those types of victims.
Subtleties can emerge that can signal malfeasance, such as slight changes to account data, changes in the frequencies of transactions and changes in the amounts sent, where once such details had been standard. Human beings would not be able to track this flow effectively, said Pacalin, so the way his firm does it is by automating alerts (with attendant risk scores), helping to stop fraud attempts effectively in real time. This is especially important where faster payments have given rise to technology-driven fraud attempts, said Pacalin, that have besieged financial institutions and infiltrated B2B transactions — in short, the bad guys go where the money is.
Delving a bit deeper into what is top of mind, and important, for financial institutions: When it comes to protecting data and mitigating risk, there are different stakeholders within firms, Pacalin stated. The stakeholders can range from executives overseeing security to those who are tasked with developing financial products, who want, for example, to increase the number of transactions (and thus revenues). They depend on Guardian Analytics to enhance the system that is in place so that they can focus on business growth.