Brian Schawe, Fraud Product Risk Management
Rapid digitization of every aspect of our lives means greater immediacy and convenience for customers and increased opportunities for businesses. Unfortunately, it also provides new opportunities for cybercriminals, making digital fraud a constant threat for businesses. A 2017 study by cyber security research firm CyberSecurity Ventures predicted that global losses from digital fraud will surpass $6 trillion, annually, by 2021. Further research suggests that middle market companies often bear the brunt of fraud attacks. Not only are such companies more likely to be attacked than their smaller counterparts, they often have fewer resources for responding to fraud attacks than larger companies. These limitations and the increased sophistication of digital fraudsters are leading some businesses to consider using artificial intelligence (AI) and machine learning to shore up their anti-fraud programs. But despite the buzz around this topic, separating hype from facts can be difficult. How exactly does machine learning work to combat fraud? What are the benefits? And what are the possible downsides?
Understanding Machine Learning
Despite widespread use, the terms ‘AI’ and ‘machine learning’ are still somewhat misunderstood. Among experts, there is still considerable debate about nuances and specifics of these technologies, but at a high level, AI refers to the ability of machines to complete tasks (e.g., driving a car). Machine learning is defined as a specific application of AI, where machines are taught to recognize behavioral patterns by processing large volumes of data.
Machines can be trained on clean – or clearly labeled – data that allows them to easily identify behavioral patterns (for instance, transaction data). This is currently the most commonly used type of machine learning. Machines can also be trained through processing of raw data (like the unstructured questions one might submit to a chatbot on an ecommerce site). In both instances, the ability of machines to process large amounts of data in minutes is key to detecting and preventing fraud. By feeding transactional data to machine learning systems, security teams can teach them to distinguish between normal and suspicious customer behaviors.
Altexsoft, a travel and hospitality consulting firm, describes the value of machine learning as an anti-fraud tool this way: “Machine learning allows for creating algorithms that process large datasets with many variables and help find...hidden correlations between user behavior and the likelihood of fraudulent actions.”
How to Apply Machine Learning
Machine learning solutions differ from traditional rules-based fraud detection in which transactions are checked against preset rules, flagged if they are deemed suspicious and then sent through additional layers of verification (think of the alerts you get if your bank spots an unusually large transaction on your account). While rules-based systems are effective, they can miss human behaviors that correlate with fraudulent activity.
For instance, an ecommerce business might use machine learning to analyze customers’ purchase behavior and history and spot when cybercriminals attempt to take over and use customer accounts for fraudulent purposes.
Machine learning solutions can also support better customer service by reducing false positives and declined transactions. Because machine learning can train computer systems to conduct analysis of transactions based on factors other than amount and location, the number of false positives can be reduced, enhancing overall customer experience. Anyone who has had a transaction declined while on vacation will understand the value of this.
An effective machine learning solution should also work at the speed of digital fraud, something cybersecurity vendors are building into the products they develop. According to cybersecurity firm Shape Security, its machine learning models are trained by giving them “access to data that resembles real-world attackers and their ability to retool.” The ability of machine learning systems to update their models in real-time can help a business identify and stop fraud attacks before they become critical.
Why Businesses are Approaching Machine Learning Cautiously
While there are clear benefits to using machine learning as an anti-fraud tool, companies are still approaching this technology with caution. The Association of Certified Fraud Examiners (ACFE)’s 2019 Anti-Fraud Technology Benchmarking Report found that only 13 percent of companies are using machine learning in their anti-fraud efforts. Yatia Hopkins, VP, Global Sales Engineering at cybersecurity firm, eSentire, sees this trend reflected in her own work.
“Based on the conversations I am having with companies in the mid to upper-mid market, AI and machine learning are being heavily evaluated and considered, but I am not yet seeing a very widespread adoption of them,” she says. "There is a lot of uncertainty as to whether or not the risk would be worth the reward.”
Such reticence is understandable given the considerable challenges involved in deploying AI and machine learning solutions. Costly IT upgrades, increased training for staff, and lack of access to clean data are just a few of the barriers to entry for businesses looking to implement machine learning in the fight against fraud. However, as digital fraudsters continue to adapt their tactics to circumvent traditional anti-fraud mechanisms, the need grows for new approaches to address fraud. “The need to have, smarter, faster, more efficient tools that leverage machine learning is being driven by the ever evolving, ever advancing, threat landscape,” Hopkins says.
As a result, many companies pursuing machine learning to combat fraud have chosen to work with outside vendors that provide already built solutions. Hopkins notes, “Companies definitely see the value of AI and machine learning, but I think purchasing a tool or solution with the capabilities feels a lot less intimidating than building and managing it internally.”
Looking to Pursue a Machine Learning Solution?
Hopkins advises businesses thinking of using machine learning technology for anti-fraud programs to approach the process thoughtfully. “As with any tool or service being introduced into an organization it is important to perform the proper research and build the business case as to why the need exists and the problem the business is trying to solve,” she says.
To that end, companies can take the following steps to determine if a machine learning solution would be an appropriate addition to their anti-fraud toolkits.
- Do your due diligence. Carefully evaluate machine learning solutions to ensure which is right for your organization, and consider your organization’s readiness to implement such a solution. Says Hopkins, “Investigate the implications of leveraging AI and machine learning in your organization: What are the benefits? How much support of the system will be required? What does the initial deployment look like? How much tuning is necessary?”
- Know your data. Clean, readily available data is key to the quality of a machine learning system’s analysis and outputs (Remember the old phrase, “garbage in, garbage out”?) If you’re looking to implement a machine learning solution as part of your anti-fraud initiatives, identify what datasets will be used to train machine learning systems, and evaluate the quality of that data. Doing so will enhance the accuracy of the system’s analysis.
- Evolve your security teams. Contrary to fears of AI and machine learning replacing workers, humans are still needed to provide context that machines cannot discern, no matter how much data they analyze. Says Hopkins, “Machines are binary; things are on or off, black or white. Sometimes a bit of context is required that is not available to a machine, so some level of human interaction is still necessary.” With that in mind, make sure your security teams are properly trained in working with machine learning solutions and making decisions based on them.
- Beware of overreliance on machine learning. While AI and machine learning can help companies battle fraud, they’re no panacea. Writing in the MIT Technology Review, San Francisco bureau chief, Martin Giles, stated that companies must guard against overreliance on these solutions lest it lead to a false sense of security. For this reason, he notes, “it’s really important for security companies—and their customers—to monitor and minimize the risks associated with algorithmic models” such as poor data quality, and rushing solutions into implementation before they have been appropriately vetted.
While there are clear benefits to using AI and machine learning-based solutions to detect and prevent fraud, companies should approach implementation of these technologies carefully, weighing the risks and benefits, and gaining consensus on the business case for such solutions.