Computer Crime Research Center


How banks are detecting credit fraud

Date: July 30, 2008
By: Lindsay Clark

You don't need a gun to rob a bank any more. Now a bank robber's most powerful weapon is a computer and an internet connection. As internet trading increases, so does the threat of organised and automated fraud. No longer does the fraudster need to be present or make a phone call to commit a crime.

To reduce the risks, banks themselves are using more sophisticated technologies. The Royal Bank of Scotland (RBS), for example, has signed up to a new peer-to-peer fraud-reduction network from Ethoca.

Ethoca collects customer details from online merchants and banks, such as card details, IP addresses and email addresses. Merchants and banks cannot see details of each other's customers, but can assess the level of risk in their transactions, say, if a credit card fraudster is continually using the same IP address.

Banks can automate uploading data to Ethoca in real time, using Soap and XML, from their own transaction systems. Smaller banks and merchant can upload in batches, or ad hoc, by hand.

RBS will offer Ethoca's data-sharing service to its global list of e-commerce customers. Merchants already using PaymentTrust for payment or fraud management-related services will have access to the service through their existing integration. By expanding its fraud-management offering, RBS expects to attract more merchants to its growing customer base.

Andre Edelbrock, Ethoca's president and chief executive, says that as well as reducing fraud, the network is intended to reduce the number of transactions abandoned needlessly because of suspicion of fraud, and to reduce the cost of fraud management.

While Ethoca and its partners create an inter-bank and merchant network to combat fraud, the core of fraud management is still an internal process. For example, global bank HSBC has worked with analytics software firm SAS to create SAS Fraud Management, a real-time, card fraud detection system.

Now implemented to monitor the use of 30 million cards in the US, the system will be rolled out in the UK before the end of the year. It is also being used by the Halifax Bank of Scotland (HBOS).

Using SAS Fraud Management in the US, HSBC has improved fraud detection, false positive rates and fraud case handling efficiencies. Benefits include an 87% increase in the number of data items processed, including card transactions and customer information, with a corresponding reduction of 12% in the mainframe processing overhead. This has resulted in a 53% decrease in mainframe processing cost per data item, says HSBC.

Bart Patrick, head of risk at SAS, says the processing power required for fraud checks has usually meant only about 25% of transactions are checked. But with a new mathematical model employed by SAS, 100% of transactions can be checked, he adds. The system uses algorithms to model normal card usage per customer and spot anomalous behaviour, helping to prevent fraud.

Derek Wylde, head of group fraud risk at HSBC, says, "Our success with this partnership and with SAS Fraud Management helps us keep ahead of the criminals."

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo