catch them in the act
play

Catch them in the Act Fraud Detection in Real-time Seshika Fernando - PowerPoint PPT Presentation

Apr 22, 2023 •517 likes •781 views

Catch them in the Act Fraud Detection in Real-time Seshika Fernando Technical Lead Fraud: A Trillion Dollar Problem Survey results $ 3.5 4 Trillion in Global Losses per year (5% of Global GDP) Payment Fraud Only Merchants are

  1. Catch them in the Act Fraud Detection in Real-time Seshika Fernando Technical Lead

  2. Fraud: A Trillion Dollar Problem Survey results ๏ $ 3.5 – 4 Trillion in Global Losses per year (5% of Global GDP) Payment Fraud Only ๏ Merchants are losing around $ 250B globally ๏ Cost of Fraud is around 0.68% of Revenue for Retailers (2014) ๏ Steep rise in Fraud in eCommerce (0.85% of Revenue) and mCommerce (1.36% of Revenue) with a movement of payments to newer channels

  3. Why WSO2 Analytics Platform? Fraud Detection Toolkit Batch Real-time Analytics Analytics Domain Knowledge Predictive Interactive Analytics Analytics 3

  4. Solution: Many Ways Fraud = Anomaly We provide many methods of Anomaly Detection in order to capture known and unknown types of fraudulent behavior ๏ Generic Rules ๏ Fraud Scoring ๏ Advanced Techniques Capturing anomalous behavior using mathematical modelling

  5. Capturing Domain Expertise An example from Payment Fraud Domain Fraudsters… ๏ Use stolen cards ๏ Buy Expensive stuff ๏ In Large Quantities CEP Queries ๏ Very quickly ๏ At odd hours ๏ Ship to many places ๏ Provide weird email addresses 5

  6. Generic Rules Convert all pre-existing knowledge about Fraudulent Behavior within a domain to Generic Rules ๏ Blacklists/Whitelists ๏ Moving Averages ๏ Known Patterns ๏ Outliers

  7. Queries for Expensive Purchases define table PremiumProducts (itemNo string); from TransactionStream[(itemNo== PremiumProducts.itemNo) in PremiumProducts ] select * insert into FraudStream; 7

  8. Queries for Large Quantities define table QuantityAverages (itemNo string, avgQty int, stdevQty int); from TransactionStream [(itemNo== av.itemNo and qty > (av.avgQty + 3 * av.stdevQty)) in QuantityAverages as av] select * insert into FraudStream; 8

  9. Queries for Large Quantities (Learning) define table QuantityAverages (itemNo string, avgQty int, stdevQty int); from TransactionStream#window.time(8 hours) select itemNo, avg(qty) as avg, stdev(qty) as stdev group by itemNo update QuantityAverages as av on itemNo == av.itemNo; from TransactionStream [(itemNo== av.itemNo and qty > (av.avgQty + 3 * av.stdevQty)) in QuantityAverages as av] select * insert into FraudStream; 9

  10. Queries for Transaction Velocity from e1 = TransactionStream -> e2 = TransactionStream[e1.cardNo == e2.cardNo] <3:> within 5 min select e1.cardNo, e1.txnID, e2[0].txnID, e2[1].txnID, e2[2].txnID insert into FraudStream; 10 2:20

  11. The False Positive Trap ๏ So what if I buy Expensive stuff Rich guy ๏ And why can’t I buy a lot Gift giver ๏ Very Quickly Busy man ๏ At odd hours Night owl ๏ Ship to many places Many girlfriends? Blocking genuine customers could be counter productive and costly 11

  12. Fraud Scoring ๏ Use combinations of rules ๏ Give weights to each rule ๏ Derive a single number that reflects many fraud indicators ๏ Use a threshold to reject transactions ๏ You just bought a Diamond Ring? ๏ You bought 20 Diamond Rings, in 15 minutes at 3am from a blacklisted IP address? 12

  13. Fraud Scoring Score = 0.001 * itemPrice + 0.1 * itemQuantity + 2.5 * isFreeEmail + 5 * riskyCountry + 8 * suspicousIPRange + 5 * suspicousUsername + 3 * highTransactionVelocity 13 2:27

  14. Learn from Data Utilize Machine Learning Techniques to identify ‘ unknown ’ point anomalies K-means Clustering

  15. Markov Models for Fraud Detection Use Markov Models to discover fraudulent behavior through rare activity sequences Markov Models are stochastic models used to model randomly changing systems 15

  16. Markov Modelling: Process Update Compare Alerts Classify Events Probability Incoming Events Matrix Sequences Probability Matrix 16

  17. Markov Model: Classification Example : Each transaction is classified under the following three qualities and expressed as a 3 letter token, e.g., HNN ๏ Amount spent: L ow, N ormal and H igh ๏ Whether the transaction includes high price ticket item: N ormal and H igh ๏ Time elapsed since the last transaction: L arge, N ormal and S mall 17

  18. Markov Models: Probability Matrix ๏ Create a State Transition Probability Matrix LNL LNH LNS LHL HHL HHS HNS LNL 0.976788 0.542152 0.20706 0.095459 0.007166 0.569172 0.335481 LNH 0.806876 0.609425 0.188628 0.651126 0.113801 0.630711 0.099825 LNS 0.07419 0.83973 0.951471 0.156532 0.12045 0.201713 0.970792 LHL 0.452885 0.634071 0.328956 0.786087 0.676753 0.063064 0.225353 HHL 0.386206 0.255719 0.451524 0.469597 0.810013 0.444638 0.612242 HHS 0.204606 0.832722 0.043194 0.459342 0.960486 0.796382 0.34544 HNS 0.757737 0.371359 0.326846 0.970243 0.771326 0.015835 0.574333 18

  19. Markov Models: Probability Comparison ๏ Compare the probabilities of incoming transaction sequences with thresholds and flag fraud as appropriate ๏ Can use direct probabilities or more complex metrics ๏ Miss Rate Metric ๏ Miss Probability Metric ๏ Entropy Reduction Metric ๏ Update Markov Probability table with incoming transactions 19 2:35

  20. Dig Deeper Access historical data using ๏ expressive querying ๏ easy filtering ๏ useful visualizations to isolate incidents and unearth connections

  21. Usecase: Payment Fraud Transactions Batch Real-time Analytics Analytics Transactions Payment Dashboard Alerts System Transactions Predictive Interactive Analytics Analytics Transactions 21

  22. Usecase: Anti Money Laundering Bank Txns Batch Real-time Analytics Analytics Core Bank Txns Dashboard Alerts Banking System Bank Txns Predictive Interactive Analytics Analytics Bank Txns 22

  23. Usecase: Identity Fraud Batch Real-time Analytics Analytics Events Dashboard Alerts Events Predictive Interactive Analytics Analytics 23 2:40

  24. References WSO2 Whitepaper on Fraud Detection: http://wso2.com/whitepapers/fraud- o detection-and-prevention-a-data-analytics-approach/ True Cost of Fraud 2014 http://www.lexisnexis.com/risk/downloads/assets/true-cost- o fraud-2014.pdf Stop Billions in Fraud Losses using Machine Learning o https://www.forrester.com/Stop+Billions+In+Fraud+Losses+With+Machine+Learning/fullte xt/-/E-res120912 Big Data In Fraud Management: Variety Leads To Value And Improved Customer o Experience https://www.forrester.com/Big+Data+In+Fraud+Management+Variety+Leads+To+Value+A nd+Improved+Customer+Experience/fulltext/-/E-RES103841 Predictions 2015: Identity Management, Fraud Management, And Cybersecurity o Converge https://www.forrester.com/Predictions+2015+Identity+Management+Fraud+Management +And+Cybersecurity+Converge/fulltext/-/E-RES120014 Markov Modelling for Fraud Detection o https://pkghosh.wordpress.com/2013/10/21/real-time-fraud-detection-with- sequence-mining/

  25. Contact us !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BY CATCH MANAGEMENT BY CATCH IN NORWAY. HOW IT WORKS? Discard ban in Norway : All catches that

BY CATCH MANAGEMENT BY CATCH IN NORWAY. HOW IT WORKS? Discard ban in Norway : All catches that

BY CATCH MANAGEMENT BY CATCH IN NORWAY. HOW IT WORKS? Discard ban in Norway : All catches that are dead or dying viable fish can be released back to the sea.(except snow crabs) List of species under the landing obligation.

276 views • 16 slides
Compare by-catch numbers against threshold value Photo: Australian Fisheries Management

Compare by-catch numbers against threshold value Photo: Australian Fisheries Management

By- catch Fishing rate effort High risk areas Compare by-catch numbers against threshold value Photo: Australian Fisheries Management Authority, graph: Kindt-Larsen et al. 2016, artwork: Jaqueline Rothschies By- catch Fishing

276 views • 8 slides
Catch the Cham eleon - transcript of presentation video Nick: So, this is team Catch the Chameleon.

Catch the Cham eleon - transcript of presentation video Nick: So, this is team Catch the Chameleon.

Catch the Cham eleon - transcript of presentation video Nick: So, this is team Catch the Chameleon. Thank you. Linky: Good afternoon everybody, my name is Linky De Villiers, and Im presenting Catch the Chameleon to you today. So, right before I

302 views • 3 slides
Do early birds catch the w orm s ? Do early birds catch the w orm s ? CYCLI CAL STOCKS SEMI

Do early birds catch the w orm s ? Do early birds catch the w orm s ? CYCLI CAL STOCKS SEMI

Do early birds catch the w orm s ? Do early birds catch the w orm s ? CYCLI CAL STOCKS SEMI NAR Banca Akros, Milan July 1 5 th, 2 0 0 9 AGENDA Prima Industrie Group: Overview of the industrial story Products portfolio Industrial

404 views • 26 slides
WP1 By-catch High-risk areas and evaluation of measures to reduce by-catch Co-funded by the

WP1 By-catch High-risk areas and evaluation of measures to reduce by-catch Co-funded by the

WP1 By-catch High-risk areas and evaluation of measures to reduce by-catch Co-funded by the European Union Co-funded by the European Union WP 1 Lead Lotte Kindt-Larsen &amp; Casper Willestofte Berg DTU Aqua Denmark Sara Kningson SLU

348 views • 8 slides
Neil Mitchell Catch: Project Overview Catch checks that a Haskell program wont raise a

Neil Mitchell Catch: Project Overview Catch checks that a Haskell program wont raise a

Haskell With Go Faster Stripes Neil Mitchell Catch: Project Overview Catch checks that a Haskell program wont raise a pattern match error head [] = error no elements in list Infer preconditions, postconditions Lots

690 views • 29 slides
Gulf of Maine Cod Example Catch Levels 2012 2014 Groundfish Plan Development Team Science and

Gulf of Maine Cod Example Catch Levels 2012 2014 Groundfish Plan Development Team Science and

Gulf of Maine Cod Example Catch Levels 2012 2014 Groundfish Plan Development Team Science and Statistical Committee Meeting January 25, 2012 Catch Scenarios Based On Calendar Year 1) F=0 2) 75% of FMSY 3) FMSY 4) Constant catch that ends

572 views • 13 slides
Working title for activity: CA CATCH CH Th The Cr Cryosp spere an and AT ATmosperhic CH

Working title for activity: CA CATCH CH Th The Cr Cryosp spere an and AT ATmosperhic CH

IGAC &amp; SOLAS emerging activity Working title for activity: CA CATCH CH Th The Cr Cryosp spere an and AT ATmosperhic CH CHemi mistry Scientists engaged in helping to plan CATCH to date include: Jennie L. Thomas, France Jennifer

368 views • 18 slides
CATCH Technical Specialists Work as Individuals Who are? or As part of a team

CATCH Technical Specialists Work as Individuals Who are? or As part of a team

CATCH Technical Specialists Work as Individuals Who are? or As part of a team CATCH Technical Diverse Experience Tailored Why choose? Training Excellence Consistent Reliable 4

464 views • 22 slides
Robots Playing Catch Brandon Tolsch Brandon Tolsch Robots Playing Catch Two robots throwing

Robots Playing Catch Brandon Tolsch Brandon Tolsch Robots Playing Catch Two robots throwing

Robots Playing Catch Brandon Tolsch Brandon Tolsch Robots Playing Catch Two robots throwing a ball through the air Free to move around on the ground Pass back and forth forever Never drop the ball 2/9 Brandon Tolsch Robots

636 views • 9 slides
NOA Bridging Project Maths This work is going to your next school. Gotta catch em all!!

NOA Bridging Project Maths This work is going to your next school. Gotta catch em all!!

NOA Bridging Project Maths This work is going to your next school. Gotta catch em all!! Theres been an outbreak of Pokemon in Norfolk. You have persuaded your parents to take you around Norfolk in their car so you can catch some of them!

520 views • 12 slides
Carteret Catch Carteret Catch Promoting local seafood through community and business

Carteret Catch Carteret Catch Promoting local seafood through community and business

Carteret Catch Carteret Catch Promoting local seafood through community and business Promoting local seafood through community and business partnerships partnerships NC Joint Legislative Commission on Seafood &amp; Aquaculture January

256 views • 14 slides
SCRS Report Panel 2 ALB N Fishery indicators The preliminary total reported catch in 2017 was

SCRS Report Panel 2 ALB N Fishery indicators The preliminary total reported catch in 2017 was

11/12/2018 SCRS Report Panel 2 ALB N Fishery indicators The preliminary total reported catch in 2017 was 28,310 t (above the TAC of 28,000 t), and the catch in the last five years has remained about 27,000 t, above the historical minimum of

185 views • 14 slides
Development of catch control devices Results from: Industral project (FHF) &quot;

Development of catch control devices Results from: Industral project (FHF) &quot;

Eduardo Grimaldo / Manu Sistiaga Development of catch control devices Results from: Industral project (FHF) &quot; Development of a selection system for mid-water trawls&quot; SINTEF project &quot;Catch controls for trawls&quot;

432 views • 11 slides
Photo Credit: WSDOT Catch Basin Effectiveness Study Jene Colton, King County Stormwater Work

Photo Credit: WSDOT Catch Basin Effectiveness Study Jene Colton, King County Stormwater Work

Photo Credit: WSDOT Catch Basin Effectiveness Study Jene Colton, King County Stormwater Work Group meeting November 14, 2018 How can we use WW catch basin I&amp;M records to inform inspection frequency needs? Steps Compile Info Analysis

1.25k views • 35 slides
CATCH/iMATCH is there a link between independent mobility

CATCH/iMATCH is there a link between independent mobility

Stepping Out with Ci.zen Kid workshop August 14, 2013 CATCH/iMATCH is there a link between independent mobility and ac.ve ci.zenship? (photo

372 views • 20 slides
Experimental Comparison of Complex Event Processing Systems in the Maritime Domain A.

Experimental Comparison of Complex Event Processing Systems in the Maritime Domain A.

Experimental Comparison of Complex Event Processing Systems in the Maritime Domain A. Troupiotis-Kapeliaris 1 , K. Chatzikokolakis 2 , D. Zissis 2 , 3 and E. Alevizos 1 , 4 1 NCSR Demokritos, Greece 2 MarineTraffic, Greece 3 University of the

381 views • 11 slides
Commission on Evidence- Based Policymaking LUCAS HITT DEPUTY EXECUTIVE DIRECTOR N C V H S M E E

Commission on Evidence- Based Policymaking LUCAS HITT DEPUTY EXECUTIVE DIRECTOR N C V H S M E E

Commission on Evidence- Based Policymaking LUCAS HITT DEPUTY EXECUTIVE DIRECTOR N C V H S M E E T I N G F E B 2 2 , 2 0 1 7 www.CEP.gov What is the Commission? The Commission is the result of discussions between Congress and the

587 views • 11 slides
Enabling Knowledge-Based Complex Event Processing Kia Teymourian Research Assistant at Free

Enabling Knowledge-Based Complex Event Processing Kia Teymourian Research Assistant at Free

Enabling Knowledge-Based Complex Event Processing Kia Teymourian Research Assistant at Free University Berlin http://www.teymourian.de VLDB 2011, Ph.D Workshop 29 Aug - Sep 3, 2011, Seattle AG Corporate Semantic Web Freie Universitt

560 views • 26 slides
CEP Part 2: Eliminating School Meal Applications Wednesday, March 26, 2014 Todays Moderator

CEP Part 2: Eliminating School Meal Applications Wednesday, March 26, 2014 Todays Moderator

CEP Part 2: Eliminating School Meal Applications Wednesday, March 26, 2014 Todays Moderator Paula Zdanowicz, MPH Senior Program Manager School Nutrition Foundation Todays Topics Participants will: Hear about alternatives to school

585 views • 31 slides
Toward Understanding Heterogeneity in Computing Arnold L. Rosenberg Ron C. Chiang Department of

Toward Understanding Heterogeneity in Computing Arnold L. Rosenberg Ron C. Chiang Department of

Toward Understanding Heterogeneity in Computing Arnold L. Rosenberg Ron C. Chiang Department of Electrical and Computer Engineering Colorado State University Fort Collins, CO, USA {rsnbrg, ron.chiang@colostate.edu} Motivation Goal

665 views • 65 slides
Continuous Intelligence Through Computation Sharing With Arcon Paris Carbone Senior Researcher @

Continuous Intelligence Through Computation Sharing With Arcon Paris Carbone Senior Researcher @

Continuous Intelligence Through Computation Sharing With Arcon Paris Carbone Senior Researcher @ RISE Committer @ Apache Flink &lt;paris.carbone@ri.se&gt; Castor Software Days E n Data g i n Science e e r i n g Tech Business A

545 views • 33 slides
Supplemental Slides First Quarter 2020 Earnings May 6, 2020 Forward-Looking Statements T his

Supplemental Slides First Quarter 2020 Earnings May 6, 2020 Forward-Looking Statements T his

Supplemental Slides First Quarter 2020 Earnings May 6, 2020 Forward-Looking Statements T his presentation contains forward-looking statements within the meaning of federal securities laws. Investors and prospective investors should

406 views • 23 slides
Ma March ch 2012 12 To join the audio, please dial: 800-749-9945 Passcode: 558 1963# This

Ma March ch 2012 12 To join the audio, please dial: 800-749-9945 Passcode: 558 1963# This

NA NACEP CEP Accreditat ccreditation ion Appl plication ication Webina binar Ma March ch 2012 12 To join the audio, please dial: 800-749-9945 Passcode: 558 1963# This Call is Being Recorded Becky Carter, Accreditation Committee

711 views • 36 slides

More recommend