Using Big Data to Prevent Fraud

Why More Institutions Will Turn to Analytics in 2014
Using Big Data to Prevent Fraud

The financial services industry will begin making significant strides in 2014 toward using data analytics to fight fraud, experts predict. The value of using big data to help prevent or detect fraud is becoming clearer, helping institutions make a business case for data analytics.

See Also: 2016 Social Engineering Report

But right now, only a handful of banking institutions throughout the world are adequately using big data to enhance security, says Anton Chuvakin, security expert and analyst for the consulting firm Gartner. That could change in 2014, but it's going to take a lot of work, he adds.

Institutions need to start by asking more questions about the data they currently have, not the data they want, Chuvakin says. "Let's go into our data and see what is up, then create new analytic approaches to detect and investigate it," Chuvakin suggests.

Because it's easy to get overwhelmed by big data projects, some experts advise those just jumping into the game to start off small (see Big Data Analytics: Starting Small).

Making Use of Analytics

The use of data analytics helps banking institutions understand activity patterns among their own customers and the broader industry. This is why the sharing of data, especially about emerging attack vectors and threats, is so critical, Chuvakin says.

Banking institutions are increasingly relying on data to predict attacks, based on trends that are targeting the industry. They also are enhancing their abilities to detect cross-channel schemes by reviewing data across numerous banking platforms rather than just monitoring them in isolation.

Big data also supports what's known as continuous or behavioral authentication, which can help prevent fraud, says Avivah Litan, a financial fraud expert at Gartner.

Using big data to track such factors as how often a user typically accesses an account from a mobile device or PC, how quickly the user types in a username and password, and the geographic location from which the user most often accesses an account can substantially improve fraud detection, Litan says.

A Deeper Data Dive

Mike Urban, director of financial crime management for core banking processor Fiserv, predicts more community and mid-tier banking institutions next year will begin using big data and analytics to get to know more about their customers. And that deeper-dive knowledge also will enhance fraud detection.

"It's definitely an evolution for smaller institutions, and that's a trend we see globally," Urban says. "Small banks don't have to have a huge analytics strategy, but when they are looking for a specific outcome [such as fraud prevention], analytics plays a key role."

Increasingly, smaller institutions are turning to third parties, including core processors, to help them analyze customer data to enhance fraud prevention, Urban says.

But the vendors that will succeed in this arena will be those that offer big data analytics along with other services, Litan says. "It's critical to have someone who can look at this data make sense of it, and most banks don't have that," she says.

A New View of Big Data

To be effective, banking institutions have to change the way they view big data, Gartner's Chuvakin explains.

"It's not which algorithm works better, but the willingness to try algorithms on the data we have," he says. Chuvakin blogged earlier this month about what he calls the "data analytics mindset."

Instead of getting focusing on a desired outcome, such as a way to reduce card fraud through big data, Chuvakin argues that organizations need to accept the overall picture big data offers, even if it is not what they anticipated. "Learn to be data-centric and data-driven and then solve problems that call for bigger data," Chuvakin writes in his blog. "Such culture change has to happen for the big data approaches to become pervasive across the industry. And yes, this includes willingness to explore, follow leads, and occasionally arrive at dead ends and algorithms that don't work."

Utah-based Zions Bank is one of the leaders in using big data to help detect fraud, Chuvakin notes. "Not many organizations approach big data like Zions Bank," he says. "It stems from trying different things for a nearly a decade, and that's the kind of experimentation most organizations don't want to invest in."

The bank is using data analytics to detect cross-channel anomalies that could suggest fraud, explains Aaron Caldiero, one of the bank's data scientists. "Cross-channel fraud is a very complex problem - and a problem that's well-suited for big data," he says. "There are a lot of commercial products in this space that don't really truly perform on full cross-channel analytics. They just aggregate fraud alerts together from several channels, and our desire is to perform a little bit better than those in bringing together all the different disparate data sources. [It] has given us the ability to put all those puzzle pieces together in a way that makes sense and a way that can be impactful to the business."

Michael Fowkes, who oversees Zions' security data warehouse, offers insights based on the bank's experience. "It's very hard to predict what your data needs are going to be in the future," he stresses." There's a tendency, which is probably a carry-over from the days of building traditional data warehouses, to summarize data where possible and to remove data that's not relevant to the problems or questions you're trying to find answers to right now."

But that approach is dangerous, he says, because relevant data could be inadvertently removed. "Biases can impede our ability to understand new attack methods and trends."

Protecting the Data

Integrating and protecting the data is the biggest challenge most organizations face right now, Litan says. "It's called data cleansing, and that's where the vendors can help," she says.

Vendors also can help with data-loss prevention, privacy and security, Litan adds.

When it comes to data that will be analyzed and managed by outside parties, organizations need to develop policies and procedures around the data they plan to share to determine how those parties will protect the data once it is shared, says Tom Zeno, a former federal prosecutor who now has a data privacy practice at the Washington-based law firm Squire Sanders.

"Data storage is huge, and not everyone needs access to all the data," he says. "This is a whole growing area as far as lawsuits."


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network