By any measure, 2020 was a year of change. Combining the shift in working from home with an all-digital commerce model, businesses needed to quickly adjust to a new reality as a means of survival. Increasingly clear is that many of the changes might become a permanent part of our lives. This combinational shift has also been a time where cyber crime has accelerated, with the growing sophistication of opportunists leading many in the payments industry to invest in new technology to better detect and ultimately prevent financial crime in this new environment.
Too much of a good thing can be a bad thing
In retrospect, the payments industry was on track to process up to one trillion payment transactions globally by the end of 2020. Displaying remarkable resiliency, it has continued to prosper even in the face of a global public health and economic crisis—with the movement to non-cash based payments accelerating, and no indication of subsiding for the foreseeable future.
The sheer volume of transactions flowing through the global infrastructure presents a tempting target to criminals attempting to exploit and evade in-place controls. Existing surveillance approaches were strained prior to the pandemic, and continue to face challenges as criminals relentlessly maneuver to find new ways in avoiding detection.
With threat of both reputational and sanction risk, how do organizations fortify defenses against these nefarious activities in an economically sustainable way?
The limits of traditional banking automation
Existing payments automation techniques focused on intelligent routing and better presentation for review by fraud investigators, with a goal to make the process more efficient and transparent when suspicious payment instructions were encountered. By making the relevant information readily available, it enabled decisions to be made more quickly—and growing volumes didn’t necessitate an increase in the number of people performing review.
These optimizations, while efficient under prior scenarios, have increasingly approached their sustainable limits, with volumes exceeding the manageable work queue capacity of investigators and their ability to support a thorough and actionable decision-making process. Increasing the number of investigators could certainly provide a short-term fix, but is not a scalable or practical solution.
Simply stated: investigators need better tools that leverage technological elements as cyber criminals increase the number of attempts and sophistication in concealing their crimes.
Adding the AI "co-pilot" for payments automation
The application of artificial intelligence (AI) in the transaction screening process is a useful addition in combating transactional anomalies. As criminals become more adept at concealing their activity, the bank requires the ability to detect seemingly unrelated transactions beyond which might be possible through human examination and interpretation alone. These emergent scenarios are perfectly suited for tools that can learn and adapt to hard-to-detect patterns of concealment.
However, it would be unwise for investigators to rely solely on a transaction score, because to maximize the immediate and long-term effectiveness of the AI implementation, visibility into how the AI elements reached their end conclusion is needed.
With the ability to see how the intelligence was applied to the transaction, the investigator can be more accurate in their determination of fraudulent activity. Additionally, feedback from the investigator can potentially be used to train and tune AI detection efforts moving forward, increasing their effectiveness and efficiency, and mitigating shortages in staffing resources.
Using better payment data to improve detection with AI
One of the challenges in uncovering transactional crime is the availability of up-to-date, robust, and accurate information. With a portion of processes not occuring in real time—whether through sheer volume of transactions, or because of reliance on batch processing—the opportunity to use these inherent delays (and the presence of outdated data) can be exploited as a criminal advantage.
Additionally, to provide maximal effectiveness, there is a need to capture multiple attributes of the transactional data to be able to present a more complete set of data points for the AI to analyze and highlight discrepancies in out-of-norm instances. Without them, the AI will be limited in its determination and ability to present insights. These conditional existences—data delay and reduced capture of data attributes—can circumvent even the most sophisticated artificial intelligence tools.
Open infrastructure components allow increased flexibility and adaptability
Traditional infrastructure and connectivity have been historic obstacles to banks seeking to implement preventative and responsive measures to criminal activity. Delays in adjusting infrastructure, tweaking machine learning models, or updating/implementing integrations not only contribute to frustrations in the financial institution’s potential to adapt, they also present the very real risk of leaving vulnerabilities in-place against increasingly nimble foes. Data needs to be more fluid, systems more malleable, and human resources more flexible with differentiated skill sets.
Cloud technology coupled with enterprise open source infrastructure that is engineered to access modern methodologies and innovations can make it easier to adapt and respond, leaving hard-to-change legacy configurations in the past. Banks will need to examine how they organize infrastructure elements, including cloud-native microservices and/or container architectures to fully unlock the value of cloud technology and reduce potential threats inherent in legacy platforms.
AI and the need for a community
The utility and effectiveness of any AI effort is entirely dependent upon the breadth and depth of the data that is available to train it. As noted earlier, within an individual system, multiple instances of data points strengthen the AI’s ability to form cross analysis and interpretation. Looking ahead, we see an increased number of banks utilizing algorithmic techniques from data supplied across industries and communities—all of which aids in the end goal to better identify patterns in seemingly unconnected data. In the spirit of cooperation and desire for shared learnings, there are now multiple open source communities to select from that make this type of information available. In the never-ending struggle to stay ahead of criminal activity, it is a necessity for banks to use externally sourced data—especially from a cross-industry community—to refine AI effectiveness and detect deviant patterns.
Looking ahead - 2021 and beyond
It seems without question that the increase in volume of digital transactions will continue unabated in 2021. The rise of real-time domestic payments in markets including the United States, Mexico, Brazil, and India will undoubtedly put pressure on existing systems and processes for detecting financial crime—spurring infrastructure activity and investment.
Enabling the transition from batch to real-time processing is one strategy organizations can make use of, but in light of the sheer volumes of transactions involved and scalability obstacles, they will also have to bring artificial intelligence closer to those processes. Preventing financial crime will be increasingly defined by how well automation incorporates artificial intelligence and the cloud technology that supports it. Learn more about Red Hat's process automation offerings on our Process Automation page.
About the author
Eric Marts is a financial services leader at Red Hat. Prior to joining Red Hat, Eric shaped solutions globally in the Retail Banking and Wealth Management business at HSBC. He has more than 20 years of professional experience across both startups and incumbents. He is particularly interested in unlocking new market opportunities and making financial services simpler and more inclusive for customers with cloud technology.