EDA Goes Head-to-Head With Fraud and Money Laundering, Detecting and Preventing in Real-Time
As new payment methods increase on almost a daily basis, detecting fraudulent transactions is not enough
- |
- Written by Banking Exchange staff
In the financial industry, security is of utmost importance — and as new payment methods increase on almost a daily basis, detecting fraudulent transactions is not enough. Financial services institutions now must go beyond and look to preventative measures to keep customers, and their reputations safe.
For Mathew Hobbis — Chief Architect FSI, at Solace, the route to safer payment transactions in real-time, will rest in a completely new approach to IT infrastructures. It’s Event-Driven Architecture (EDA), and it can take payment modernization to a whole new level.
The payment landscape has experienced a dramatic overhaul in recent years — not only has the number of payment channels rapidly increase, but the time to settle a transaction now only takes minutes, or seconds — as apposed to days. The traditional channels still hold their own in the payment space, think direct debits, check deposits, and BACS, but financial institutions have had to make way for up to five times more payment channels. But as more channels come into play, so do the number of fraudsters and criminals looking for exposed vulnerabilities in the system.
Currently, financial institutions face two major threats — “skyrocketing levels of payment fraud” found by McKinsey research, and money laundering. Let’s put the issue into perspective. Financial organizations have a responsibility to tackle criminal activity, for the sake of the safety of their consumers and for their reputations — and must do so without alarming their customers, or causing distrust in their services.
It's where EDA will become a vital part of the toolkit, to effectively manage additional checks across systems that often encompasses legacy, on-premises deployments, and modern container deployments such as public cloud for AI and ML — all in real-time, as they happen.
Threats increase as more channels are introduced to the mix
McKinsey states that “Skyrocketing levels of fraud, enabled by the accelerated adoption of digital commerce and the ever-increasing sophistication of fraudsters, have overwhelmed traditional controls in recent years. This surge has led to increased fraud losses and damaged customers’ experience and trust.”
For retail banks, payments fraud impacts both consumers and their bottom line. The Association for Financial Professionals® latest Payments Fraud and Control Survey, underwritten by J.P. Morgan, found 71% of financial professionals report their organizations were victims of payments fraud. Not only do fraudulent payments negatively impact banking customer experience and confidence, the cumulative cost is also large — one recent study by Juniper Research warns online payment fraud losses alone will globally reach $343 billion between 2023 and 2027.
Could Anti-money laundering (ALM) just be the gateway for more serious crimes?
Money laundering is a major threat for banks because it usually goes hand in hand with serious organized crimes — including drug or people trafficking, weapons dealing or even terrorism.
The estimated amount of money laundered globally is between 2 and 5% of global GDP — and the reputational damage of undetected money laundering can be catastrophic. The Bank for International Settlements also explains “spotting different money laundering patterns is complex, requiring different data points and data sources as well as the ability to connect them across different systems in order to better identify suspicious flows and patterns.”
Three tech challenges that only tech can resolve
There are three key areas where technology and event-driven architecture (EDA) can help address these growing threats:
- The tech to help you detect: Banking and payments organizations must be able to quickly identify and action these fraudulent or criminal transactions, across all channels. Many are turning to data modeling and Artificial Intelligence (AI) and Machine Learning (ML) that can learn to recognize questionable transactions. But this can be further enhanced with EDA to manage fraudulent and money laundering transactions at scale.
- Act in real-time, or you’re too late: The challenge for organizations is feeding transaction data, in real-time, to the AI / ML processes which often live in the public cloud. This is where EDA provides the real-time integration allowing legacy core-banking/mainframe systems to communicate with modern micro-service payment frameworks and cloud-based AI/ML for fraud and anti-money laundering (AML).
- Keep one step ahead: EDA and the Event Mesh allows flexibility inhow software components are wired together and flexibility in where they are located. This allows the platform to ‘evolve’, to react quickly and effectively to changes in the financial landscape. Flexibility, or ‘re-wiring’, and platform evolution needs to be a ‘business as usual’ activity as fraud and fraud detection is a constantly evolving game where financial institutions are pitted against the criminals. Who can act the fastest wins.
Begin with identifying activities and triggers — and go from there
The sort of activities that go into building a fraud prevention or anti-money laundering model with setting trigger points would include: type of transaction vs. is this consistent with a customer’s previous transaction history? Is it in an expected geography? If they travel a lot, then is the time and travel distance between their last transaction and this transaction reasonable? All this data must be fed into the model and assigned a score.
The score also depends on authentication requests. So typically, if you can identify a user together with their mobile phone, banks may pass the transaction because they are comfortable they know who the user is. But if a similar scenario occurs where the user has reached the same score, but there is no biometric data or mobile authentication, then this would be highly likely to trigger a different reaction — blocking or flagging the questionable transaction for escalation.
Introducing AI and ML takes detection to new heights
When a bank has built a database of models, new transactions can then then be checked against the models, and given an accumulated score, AI and machine learning then step up to the plate. These technologies, aided by EDA, can make rapid decisions and enable companies to flag abnormal transactions in real-time across all channels.
Layering these data models with AI/ML offers an opportunity for banks to get out in front and gain ground on fraudsters and money launderers. McKinsey research sees “Recent enhancements in machine learning are helping banks to improve their anti-money-laundering programs significantly, including, and most immediately, the transaction monitoring element of these programs.”
To be fully effective, AI/ML needs a big data set. They can only make decisions based on access to historic datasets. So, the first thing a bank has to do is to ‘train’ the model by buying data or scraping from its own historical datasets. And then the model runs through several fraudulent transactions, so it is now ‘trained’ on what a fraudulent transaction looks like. The objective is to build an understanding so the AI/ML can pick out the right (fraudulent) activities.
EDA: The solution to real-time activity flow
Ideally banks should build one model set for fraud and one model set for money laundering — then implement both models across all transactions and payment channels. And this is where event-driven architecture (EDA) enables them to leverage their fraud and money laundering data models and use AI/ML technology in truly real-time across an ever-expanding number of payment channels.
EDA allows banks to build an enterprise IT architecture that lets information flow between applications, microservices, and connected devices in a real-time manner as events occur throughout the business.
Now get to know your event broker — the one who makes it all possible
EDA works with a middleman known as an event broker, which enables what’s called loose coupling of applications. This is essential because it means applications and devices don’t need to know where they are sending information, or where information they’re consuming comes from. But the event broker does.
So, in the event-driven world, a bank just has to make sure a payments channel just sends the right event to communicate with the fraud detection or the anti-money laundering system and receive the same events to get the “yes or no” back.
It’s now or never
It's a much easier integration than trying to do this via standard REST APIs — which becomes a lot more challenging and will need to be built differently for every different channel a bank has now, plus any new channels. This means banks may have to change models based on not only changes in user behavior, but changes driven by new products and services, or to counter new types of fraud of money laundering.
With standard REST APIs — every time a bank adds a new channel, it has to change the way anti-money laundering and fraud systems work, because they have to know about this other channel. In the event-driven world they don't know, don’t need to know — and they don't care!
Banks can accurately support a high volume of transactions in the quickest response time, balance transaction authentication and authorization with fraud detection without decreasing customer satisfaction, and route events securely across the whole payments ecosystem with efficiency.
Make way for new channels and put technical debt in the past
EDA also provides a platform for the future — allowing banks to innovate outside of just countering fraud and money laundering. PwC highlights EDA will help traditional banks compete in the new world: “banks need to deliver products and services faster in order to compete. A large bank, with its legacy systems, can now compete against an online mortgage lender — and deliver a broader portfolio of products to customers with more speed.”
Yes, newer fintech market entrants have significantly less technical debt than traditional financial institutions. Imagine a new FX rate provider that can provide payments to every country and give customers the best FX rates. Everything is built on a modern infrastructure anyway — there is no legacy core banking app, everything is microservice, everything is in the cloud.
But EDA as an approach to enterprise IT architecture can help traditional banks introduce new services and link applications quickly and at scale, ensuring they can match these agile competitors and provide customers with the instant kind of feedback they seek from their banking services, while not being held back by large volumes of existing technical debt.
EDA — solving tomorrow's issues with todays readily available technology
Payment modernization is the order of the day — as more and more payment channels are integrated within society, organizations are under pressure to ensure they have the correct technology in place to make it a smooth but safe success. EDA gives organizations the facilities to make it possible, and reduce the risks of fraudulent activity and money laundering.
Tagged under Risk Management, Technology, Security, Cyberfraud/ID Theft, AML & Fraud, BSA/AML, Feature3, Feature,