Why Do We Work on Fraud?
Transaction fraud is a big business. Credit card numbers, calls and
stolen accounts can be sold on the street for substantial profit, and fraudsters
subscribe to services without intending to pay. Fraudsters apply "social
engineering" to trick an unsuspecting customer or company representative
into unknowingly participating in fraud. Large profits have attracted a
well-organized and well-informed community of fraudsters who are clever
and mobile. Telecom and Network Security Review (April 1997) estimates
that losses to fraud in the U.S. telecommunications industry alone amount
to between 4% and 6% of revenue. Internationally, the figures for telecommunications
related fraud are generally worse, with several new service providers reporting
losses over 20%. Our goal has been to develop a statistically principled
approach to detecting fraud.
What Does Fraud Look Like?
The plots show one example of fraud. The top plot shows the transaction history (calls in this case) for one account hit by fraud. The fraud started around 3/27 and (using a standard fraud detection method) was not detected and cut off until 4/08. By then, the fraud was obvious and losses were high. Our goal is to detect fraud much more quickly and hence minimize the loss incurred. Detecting the first fraudulent call on this account and then prohibiting further activity on the account would not be reasonable, however, because one call alone that is not unduly unusual is not sufficient evidence for such drastic action, especially given the keen competition for customers. But, the re-occurrence of suspicious calls should have been sufficient to trigger an alarm long before 4/08. The bottom plot shows our cumulative fraud score for this account. The account score is updated whenever a transaction is placed on the account using a statistical model to track legitimate behavior on account and another model for fraudulent activity. The account score is unchanged if the new call is not suspicious, and it is increased by an amount that depends on the suspiciousness of the call otherwise. The line is green before 3/27 because none of the calls was worrisome before that (even though some were perhaps a bit unusual for the account.) Part way through 3/27, though, the line for the account's score becomes orange, which warns that there may be some cause for concern. By 3/28, the line has turned red, alerting the service provider to strong evidence of fraudulent activity. The account score then continues to grow as fraud activity continues.
Detecting fraud is hard, so it is not surprising that many algorithms and systems for detecting fraud have serious limitations. Different systems may be needed to detect different kinds of fraud even within the same industry (calling card fraud, wireless fraud, wireline fraud, and subscription fraud in the telecommunications industry, for example). Each system usually has different procedures, different parameters to tune, different database interfaces, different case management tools and different quirks and features to be learned. Many systems have high false alarm rates, especially when fraud is only a small percentage of all traffic, so the chance of annoying a legitimate customer with a false alarm may be much higher than the chance of detecting fraud. Or, systems may respond too slowly to fraud. Many systems are good at catching naive fraudsters who make outrageous transactions, but are not able to catch the more damaging fraudsters who are sophisticated enough to avoid triggering threshold based systems. Elaborate systems, such as those based on hidden Markov models, promise better performance, but they are too computationally expensive to be useful in practice, especially when the goal is to catch fraud in real-time, not at the end of a fixed period. Finally, fraud and legitimate behavior constantly change, so systems must be able to "learn" automatically or else they become outdated. Thus, there is a need for accurate, fast algorithms that can detect fraud quickly, scale up or down, and adapt to the changing behavior of both legitimate customers and fraudsters.
Our work has led to new algorithms for detecting fraud. These algorithms
have been implemented on a new transaction processing platform from the
Database Principles center
at Bell Labs, and are at the heart of Signature
FMS, a fraud management system that is being marketed by Lucent Technologies.
Back to: [Projects][Statistics Homepage]