It will come as no surprise to hear that fraud is an increasing problem across all financial institutions, but it is not only plaguing larger banks but also smaller financial institutions. Statistics show that charges of debit card fraud have grown over 400% in only three years.
A case in point is Orrstown Bank, a community bank located in Pennsylvania and Maryland. Orrstown wanted a way of tackling fraud in an ongoing way, but within the context of their budget and technology constraints. Fraudulent credit card scammers have developed more abilities to work around the majority of safeguards that banks have in place.
For Orrstown, analyzing the patterns of activity from transactions where a card is present used to be much simpler. Historically, the bank could either search for charges made outside of their region or rely on customers to flag fraudulent activity on their statements. However, identifying fraud today has become much more complex. For example, there has been an increasing number of cases where criminals are selling cards back into the local area from which they were stolen—thus making tracking by locality more difficult. As a result, Orrstown explored more advanced forms of data analysis that could do a better job of identifying these types of transactions.
Identifying a Solution
The behavior of customers who rely on smaller institutions can be very different from users of large global banks. As such, the fraud models associated with the robust, one-size-fits-all solutions aren’t always the most appropriate. What smaller banks and financial institutions need is an effective solution that can also be customized to embed expert information within a detection model about the way fraud is typically represented among a bank’s customers.
For Orrstown, what this meant was the need to consolidate operational and security analytics into a single platform - the decision was made to use Splunk as the big data platform and the Prelert analysis and detection solution to identify anomalous activity.
So. What does the joint Splunk/Prelert solution do for Orrstown? On an automated (i.e. unsupervised) operational model, Orrstown derives the following:
- A baseline of normal behavior for each bank card using metrics and categorical data.
- Identification of anomalies across multiple dimensions by looking at attributes such as the value of the transaction, when it occurred and where - both geographically and at which merchant.
- Extension of traditional anomaly detection to leverage expert insight on factors like known fraud patterns and confirmed customer travel plans, which community banks know first-hand.
- Assignment of a severity score (0-100) to rate the likelihood of fraud based on the analysis, enabling banks to prioritize response.
Importantly for a smaller organization, this is all achieved without the need for a data scientist, which would be expensive and, for this size of organization, likely unobtainable.
Benefit/Results
By extending the core big-data capabilities of the Splunk platform with Prelert, Orrstown Bank was able to stop a reported 250 fraudulent transactions in three months—reducing losses by approximately $75,000.
Moving forward, Orrstown’s next identified challenge is to grow and expand its behavioral analysis capabilities to detect fraudulent activity for transactions where a card is not physically present - something they see increasing over the next few years. This introduces a level of complexity into the data analysis because one of the values that are often relied upon to identify anomalous activity - location of the transaction - is irrelevant.
Interestingly, in terms of helping similar small financial organizations gain some of the benefits that they've enjoyed, Prelert and Orrstown have also proposed developing a consortium of community banks. With access to shared data, smaller banks will have an opportunity to develop more powerful models to detecting fraud based on shared knowledge.
It's still early days, but the initial results from this collaboration look good. Of course, one could draw the conclusion that Splunk itself should focus on these vertical opportunities - perhaps in the future Splunk will develop the sort of solution that Prelert offers (or, more likely, just acquire Prelert outright). For the moment, however, it is interesting to see a successful case study showcasing the democratization of big data analytics.