People make transactions using their credit/debit cards, bank accounts online, on call and in stores. In these transactions many entities are involved like merchants, financial institutions etc. When fraudsters commit these transactions these companies lose lot of money.
InsightLake fraud decision solution combines ML/Deep Learning models with business rules to detect fraud in real time (milliseconds). Solution allows fraud ops team to provision business rules on different segments. Provision new or customize existing ML models using an intuitive UI.
For new authorization score determination happens in parallel using tiered scoring/decisioning process. Each determination unit/workflow can contain many parallel rules/models. Multiple units/workflows can run in parallel utilizing power of Kafka & Big Data environment. One unit could be the main and others could be experimental. After monitoring the outcome, if an experimental unit performs better then it could be promoted as main unit.
During a transaction many entities are involved. InsightLake creates and maintains profiles for these entities, including their reputation, scores, risk and usage. Some of the entities are listed below.
Location - (IP Address, Gateway IP in calls, Country, State, City, Zip) Reputation - InsightLake tracks the reputation of location based on past incidents or through black lists. In case of online transactions because IP addresses can be spoofed scoring weights are assigned accordingly. Anomaly - Location anomalies are detected by using ML models and rules. Current user location, past locations in time bound windows are checked along with user transaction patterns of known locations. Device - (Computer, Mobile, POS, Caller IDs) Reputation - Like location device reputation is maintained along with black lists. MAC address, device ids, caller ids, serial numbers/IDs are used in device profile and reputation scores are created and maintained. Device reputation scoring is done using variety of attributes like EMV Chip, Trusted Carrier, Known patterns etc. Anomaly - Device anomalies are detected using ML models and user's device usage patterns. Channel - (Call, SMS, Website, Store) Reputation - Channel profile/reputation is maintained and updated regularly to detect any hacking or fraudulent behavior. In case of website hacking, agent committing crime or other known fraud scenarios channels can be temporarily blacklisted to avoid further damage. Anomaly - User's past patterns in using channels are checked to see any deviation. Agent/Station Reputation - Like location device reputation is maintained along with black lists. MAC address, device ids, caller ids, serial numbers/IDs are used in device profile and reputation scores are created and maintained. Device reputation scoring is done using variety of attributes like EMV Chip, Trusted Carrier, Known patterns etc. Anomaly - ML models are used to track agent/station's past patterns with given customer. Merchant Reputation - Merchant profile is maintained with information like number of seasonal transactions, transactions with given customer, disputes, types of security provisioned etc. Anomaly - ML models detect a given customers shopping pattern at the merchant taking seasonality in account. Customer Account Profile - customer account profile enables how risky the customer is, their past behaviors, fraud incidents on account etc. Behavior Anomaly - Customer purchase patterns along with behavior models are utilize to determine if customer's transaction is genuine. Utilizing Customer 360 and Life events InsightLake allows finer determination of appropriate transaction cycle connected to past purchases. Transaction Thresholds - Thresholds enable pre-defined business checks like similar items purchased many times in a given window, which are some of known fraud patterns. Anomaly - Seasonal anomaly detection is performed and mapped with past 6 month transaction trend.
For a given execution unit SLA must be defined. In case of rule/model taking much time final decision unit needs to skip that output and use pre-provisioned outcome/action.
Rules are models are part of execution unit. InsightLake enables monitoring of execution units and its components. Ops team can check rule/model performance, their execution timing and when they are missing the SLA. This helps in optimizing models/rules or complete execution unit.