Fraud is everywhere. It’s bigger than it was yesterday. More dangerous than the day before and more devastating than you could ever imagine. Fraudsters are countering anti-fraud measures through technology and advanced statistical models. On the converse, overprotective fraud solutions are driving customers away. Businesses are stuck in a catch-22. Finding the right level of fraud prevention is more an art than a science. This ‘art’ is domain specific, complex and evolving. As data ‘scientists’ our duty is not to master the art, but to enable our customers to draw this fine line in a simple yet effective manner.
This session will take you through a journey of:
Using Complex Event Processing to Detect Fraud in Real time,
Different approaches for Real time Fraud Detection using Event Processing - How to encode domain knowledge into Fraud Detection Rules, How to use Markov Chains to detect rare activity sequences and hence detect Fraud, How to export Fraud Detection models built in R to PMML and use it within a Complex Event Processor, Combining multiple methods via Scoring functions,
Once a probable Fraud is detected, how to enable business users to drill down and evaluate those transactions by linking other related data and visualizations.
If you stick around till the end, you will be able to download and setup a Fraud Detection System and start fine tuning it according to your customer's business needs in no time.
IMCSummit 2015 - Day 2 Developer Track - Catch Them in the Act - Fraud Detection in Real-time
1. Catch
them
in
the
Act
Fraud
Detec+on
in
Real-‐+me
Seshika
Fernando
Technical
Lead
WSO2
Catch
them
in
the
Act
Fraud
Detec+on
in
Real-‐+me
Seshika
Fernando
Technical
Lead,
WSO2
seshika@wso2.com
2. $4 Trillion in Global Fraud Losses
That’s
5%
of
Global
GDP
4. Complex
Event
Processing
No#fy
if
there
is
a
10%
increase
in
overall
trading
ac#vity
AND
the
average
price
of
commodi#es
has
fallen
2%
in
the
last
4
hours
7. Typical
Credit
Card
Fraudster
• Use
stolen
cards
• Buy
Expensive
stuff
• In
Large
Quan++es
• Very
quickly
• At
odd
hours
• Ship
to
many
places
• Get
rejected
oXen
CEP
Queries
8. Moving
Averages
from
Transac+onStream#window.+me(60
min)
select
itemNo,
avg(qty)
as
avg,
stdev(qty)
as
stdev
group
by
itemNo
update
AvgTbl
as
a
on
itemNo
==
a.itemNo;
from
Transac+onStream
[itemNo==
a.itemNo
and
qty
>
(a.avg
+
2*a.stdev)
in
AvgTbl
as
a]
select
*
insert
into
FraudStream;
9. from
e1
=
Transac+onStream
-‐>
e2
=
Transac+onStream[e1.cardNo
==
e2.cardNo]
<2:>
within
5
min
select
e1.cardNo,
e1.txnID,
e2[0].txnID,
e2[1].txnID
insert
into
FraudStream
Transac=on
Velocity
10. The
False
Posi=ve
Trap
๏ So
what
if
I
buy
Expensive
stuff
๏ And
why
can’t
I
buy
a
lot
๏ Very
Quickly
๏ At
odd
hours
๏ Ship
to
many
places
Blocking
genuine
customers
could
be
counter
produc=ve
and
costly
Rich
guy
GiX
giver
Impulse
Shopper
Night
owl
Many
girlfriends?
11. How
to
avoid
False
Posi=ves
• Use
combina+ons
of
rules
• Give
weights
to
each
rule
• Single
number
that
reflects
many
fraud
indicators
• Use
a
threshold
to
reject
transac+ons
• You
just
bought
a
Diamond
Ring?
• You
bought
20
Diamond
Rings,
in
15
minutes
at
3am
from
an
IP
address
in
Nigeria?
14. Markov
Models
• Model
randomly
changing
systems
• Detect
rare
ac+vity
sequences
using
• Classifica+on
• Probability
Calcula+on
• Metric
Calcula+on
15. 15
Each
transac+on
is
classified
under
the
following
three
quali+es
and
expressed
as
a
3
leper
token,
e.g.,
HNN
• Amount
spent:
Low,
Normal
and
High
• Whether
the
transac#on
includes
high
price
#cket
item:
Normal
and
High
• Time
elapsed
since
the
last
transac#on:
Large,
Normal
and
Small
Markov
Models:
Classifica=on
17. 17
• Compare
the
probabili+es
of
incoming
transac+on
sequences
with
thresholds
and
flag
fraud
as
appropriate
• Can
use
direct
probabili+es
or
more
complex
metrics
– Miss
Rate
Metric
– Miss
Probability
Metric
– Entropy
Reduc+on
Metric
• Update
Markov
Probability
table
with
incoming
transac+ons
Markov
Models:
Probability
Comparison
19. Learn
from
Data
• Apply
Predic=ve
Analysis
on
Batch
Data
and
provide
Classifiers
to
Streaming
Analy+cs
20. Dig
Deeper
using
Big
Data
• Provide
access
to
historical
data
to
dig
deeper
• Make
querying
and
filtering
easy
and
intui+ve
• Provide
useful
visualiza+ons
to
isolate
incidents
and
unearth
connec+ons