People worry about fraud in the electronic world but they don’t realize what they are doing in the physical world that is making them even more vulnerable, such as handing a credit card to a waiter who disappears with it for several minutes, suggests Tom Wolfe, senior vice-president of e-business for RBC Financial Group. He argues that weak links occur where people are involved and that their finances are “a lot safer electronically with encryptions in place.”
Clearly Wolfe has in mind the Enterprise Fraud Detection System created by the RBCFG Fraud Detection Systems group in Toronto. The system tracks all four million transactions made daily through the bank’s electronic delivery channels, including ATMs, telephone and Internet facilities, and debit card point-of-sale terminals.
“The unique aspect is that while a lot (of other fraud detection) is done after the fact, this is real-time,” says Wolfe. “It takes action on unusual activity within one second and will make a call right away.”
The Royal Bank estimates the system has reduced their fraud losses by about $40 million a year. It has also enabled the bank to create a centralized fraud detection group to replace a fragmented fraud management structure in which analysts would monitor paper-based reports generated throughout the bank and take up to three days to act on a suspicious transaction.
The bank offers its more than 10 million customers in North America services ranging from simple savings accounts to loans, mortgages, credit and debit cards and insurance. Customers conduct many of these transactions remotely using computers, telephones, ATMs and card terminals. It is beyond the capability of the bank’s 54,000 employees to develop a personal relationship with each customer, let alone alert security personnel about suspicious transactions.
Five years ago when the bank looked for systems to detect fraudulent transactions, it found separate packages to monitor debit card transactions, cheque processing and other areas of the banking industry. “The systems seemed to assume that people would commit fraud only in one of these areas,” says Nubar Mangoyan, Group Manager, Enterprise Fraud Detection Systems, for RBC Financial Group. “But in our experience, fraudsters want to maximize their returns.”
The typical rip-off artist, he adds, will use phony identification to open a bank account, for example, then obtain a loan, a debit card and a credit card under the false identity, withdraw money against a line of credit, deposit a phony cheque through an ATM into his account, then withdraw the entire sum, all within an hour.
“We decided to build an enterprise-wide system, so that we could check transactions involving all the bank’s operations,” says Mangoyan. Basically, they inputted fraud rules on top of a rules-based engine built with fuzzy logic where ranges of values are considered rather than yes/no or all-or-nothing logic.
“All transactions are analyzed against customer and terminal profiles using rules and an inference engine to detect suspicious incidents,” explains Mangoyan. “Each transaction also goes through a progressive scoring engine that indicates the probability of fraud using fuzzy-logic algorithms.”
The system automatically updates the customer and terminal profiles stored in the bank’s database and transmits suspicious transactions to a fraud analyst’s workstation for further action. This entire process takes less than a second. The architecture is flexible and scalable to keep pace with advances in the technology-based services that the bank may develop in the future.
Wolfe cites as an example of suspicious transactions an 80-year-old woman buying 20 kegs of beer. The system is monitored constantly so they don’t have a lot of false positives but still catch fraud. Wolfe admits one needs a balance between stopping criminals and not inconveniencing customers. “You have to reduce fraud with minimal customer impact.” He says getting the balance right takes volume and activity.
The technology that has made it easier for customers to conduct a banking transaction has to be managed so it doesn’t also make it easier for a criminal to steal from those customers. Concludes Mangoyan: “technology makes banking easier, faster and cheaper, but it also provides an equal opportunity to commit fraud.”