Payment card fraud detection – Can Artificial Intelligence help?

By G.K. Kulatilleke 

Payment cards, which include credit and debit cards, play an increasingly important role in modern economies. Thanks to them, today we are able to leave home with a wallet devoid of cash and come back home in a trishaw loaded with groceries after watching a movie with the kids. 

In order to make this easier and generate more economic activity (i.e.: spending), payment cards come with contactless options that does not require a pin or signature while most mobile phones are equipped with NFC which allows paying for goods and services from a linked debit or credit card.

The cost of fraud

Unfortunately, the volume, popularity and common availability of payment cards has created a fertile ground for fraud. Financial Fraud Action UK reported that of the £904 billion purchases (from 19 billion transactions, a 10% increase) on UK issued card in 2016, £618.0 million were fraud, a 9% increase from the previous year and the fifth consecutive year of increase. 

Credit card fraud result in financial losses to all stakeholders, but ultimately hits the general public, who has to bear the higher bank charges and fees to compensate for the expenses and losses of the sellers and financial institutions. Fraud also incurs additional costs such as card replacements, merchandise replacements, chargebacks and administration and staff overheads. 

As reported by US based LexisNexis Group for each 1$ of fraud, the true loss on a merchant for remedial action was $2.40 in 2016, and 8% increase from the previous year. Overall, fraud create reputation losses and instability for companies, mistrust and reluctance in the minds of customers and eventually friction in the payment systems of a country and lead to economic slowdown and depression. 

Given human nature, fraud cannot be eradicated. Therefore, early detection is the generally accepted means to minimise the damage.

Why is it hard to detect?

Given the large volume of card payments (per second), all of these cannot be tested individually and verified. In practice, financial institutions flag a (typically smaller set of) suspicious transactions for investigation by a human team.

Suspicious transactions are deviations from the normal spending patterns. A thief with a stolen card has different motive and hence different spending pattern from the rightful owner. If these can be identified, or deviations from the normal spending patterns can be spotted these can be flagged as suspicious and investigated, sometimes while the card is put on hold. 

The more accurate the determination and flagging process, the smaller the investigative team needs to be and hence lower the cost.  Any missed fraud means that the organisation incurs the cost of the fraud. Therefore, the aim is to accurately flag fraud and not to inaccurately flag and block the good transactions.

Unfortunately, today’s fraudsters are nothing if not innovative and adaptive. They evolve new fraud patterns as well as create novel and far more complex approaches and strategies. Given the global and electronic nature and speed of digital payments, fraud profiles can change at an alarming rapidity and a traditional system cannot keep up or cope with the influx of change or volume. 

A clever modern day professional fraud would not have significant deviations from a normal user behaviour. Making matters worse, unlike in a traditional theft where an unauthorised user is involved, payment card fraud also needs to detect illegal activity even from the authorised user. In real life, fraud is scattered with normal transactions and simple pattern matching is insufficient for detection.

All of these makes the fraud and normal boundary less clear cut, resulting in more flagged items, which are costly to investigate and leads to a very unsatisfactory customer experience. 

Enter AI – the potential

AI or (artificial) machine intelligence, is the simulation of human intelligence possessed by machines, especially computer systems. It involves learning (the acquisition of information and ways of using the information), problem solving (reasoning, logic or means of reaching conclusions) and the ability to evolve (ability to self-correct and perform better the next time). Today we find AI is everywhere and evolving.

The first working AI program was a checkers (draughts) game in 1952 which was able to beat moderate players. However, by 1955 the game was able to self-learn. Expert systems, a type of AI developed in 1980s were able to simulate the knowledge and analytical skills of human experts. 

Deep Blue, an AI system by IBM, defeated the human world chess champion in 1997. Google’s AlphaGo AI defeated the 3-time European Go champion Fan Hui by 5 games to 0 in 2015 proving that today’s AI can beat humans at even strategy. Presently, AI can control self-driving cars, while the US state of Nevada has already legalised the operation of autonomous vehicles on public roads.

Application of AI in fraud detection

Therefore, it is no surprise that AI can clearly distinguish normal and fraud behaviours while adapting to new, previously unseen fraud tactics over time and is able to perform the thousands of computations accurately in milliseconds to handle the increasing transaction numbers. Because of the availability of large volumes of historical customer data to learn from, AI can be used to effectively identify payment card behaviour patterns that are irregular for each individual customer.  While new fraud patterns emerge, AI is able to learn these are apply the knowledge to its entire customer base, instantaneously. In order to do this, it will be able to look at all historical information and transactions of all the customers.

AI is also able to handle complexity far greater than the best of the human investigators and detect patterns that are seemingly uncorrelated. This means that lesser transactions are flagged as suspicious because the AI is more capable of an accurate prediction. It results in less cost to the financial institution due to missed fraud. It also increases customer satisfaction by limiting the blocked transactions and reduces the operational overheads of the financial institution, by preventing unnecessary interactions with such customers.

AI is also unbiased and can be trusted with personal information. No special provisions, legally or morally, needs to be taken, for the processing of information, unlike when this information is made available to a human team. 

Future

In today’s context, fraud detection is not an option, but a core competency of a financial institution. Customers will automatically prefer someone with a known advanced fraud detection system rather than take a risk with their monies even at a premium.

Investing in an AI-based system will lower overall costs and improve reputation with customers, who are most likely to reward the financial institution with loyalty. Lower fraud costs can result in savings in the long run, in the form of lower transaction fees or reduced interest rates which benefits the existing customers and attract potential customers. AI would thus create a win-win for both the financial institution and all its stakeholders and be a leading component in the fight against fraud. 

Interestingly, it is refreshing to see a few Sri Lankan tech startups that are already providing AI based payment card fraud detection services to local financial institutions. This is an area that the skilled local IT professionals can focus on and a promising challenge for startups and entrepreneurs. With cloud-based AI and machine learning platforms and products, experimentation and professional services of this nature is within easy grasp of the Sri Lankan IT community.

[G.K. Kulatilleke, BSc Eng.(Computer), MSc. (Networking), MSc. (Data Science), ACMA, CGMA. The views and opinions expressed in this article are those of the writer and do not necessarily reflect the official policy or position of any institution.]