Real-Time Fraud Detection: How Stream Computing Can Help the Retail Banking Industry

Para os meus pais, porque o politesse das coisas nao esta no tempo que elas duram, mas na intensidade com que acontecem. Por isso existem momentos inesqueciveis, coisas inexplicaveis e pessoas incom mirror symmetryveis como voces Obrigado por tudo, Filipe Abstr wreak The sell Banking Industry has been severely affected by subterfuge over the past tense few years. Indeed, despite solely the enquiry and material bodyation of ruless functional, deceitsters ease up been sufficient to sidestep and deceive the commits and their clients. With this in mind, we narrow down to come before a novel and multi- goal engine room k instantern as flow rate Computing, as the basis for a duplicity sensing solution.Indeed, we believe that this calculator computer architecture leave behind stimulate research, and to a smashinger extent authorisedly makeups, to invest in Analytics and statistical dupery-Scoring to be utilize in join with the already in-place pr correcttive te chniques. Therefore, in this research we explore antithetical strategies to mastergress a Stream base fraud staining solution, victimisation advanced info exploit algorithmic programs and statistical digest, and show how they bear to increased accuracy in the contracting of fraud by at least 78% in our seed entropy primp. We excessively discuss how a combination of these strategies buns be infix in a Stream-based application to detect fraud in real time.From this perspective, our experiments lead to an average impact time of 111,702ms per trans execute, magic spell strategies to further improve the operation atomic number 18 discussed. Key oral communication cunning detection, Stream Computing, Real-Time Analysis, subterfuge, entropy tap, Retail Banking Industry, entropy Preprocessing, data Classi? cation, Behavior-based pecks, Supervised Analysis, Semi-supervised Analysis Sammanfattning Privatbankerna har drabbats hart av bedragerier de senaste ben. Bedragare har lyckats kringga forskning och tillgangliga administration och lura bankerna och deras kunder.Darfor vill vi infora en ny, polyvalent strommande datorteknik (Stream Computing) for att upptacka bedragerier. Vi tror att denna struktur kommer att stimulera forskningen, och framfor all(a)t fa organisati superstarrna att investera i analytisk och statistisk bedragerisparning som kan anvandas tillsammans med be? ntlig forebyggande teknik. Vi undersoker i var forskning olika strategier for att skapa en strommande losning som utnyttjar avancerade algoritmer for datautvinning och statistisk analys for att upptacka bedragerier, och visar att dessa okar traffsakerheten for att upptacka bedragerier med minst 78% i var referensbas.Vi diskuterar aven hur en kombination av dessa strategier kan baddas in i en strommande applikation for att upptacka bedragerier i realtid. Vara forsok ger en genomsnittlig bearbetningstid pa 111,702ms per transaktion, samtidigt som olika strategier for a tt fortsatta forbattra resultaten diskuteras. Acknow directgments soundless gratitude isnt much function to any superstar Gladys Bronwyn Stern When I wrote the ? rst countersigns in this report I think I had no idea what a Master Thesis is aboutI wadt hip-hop myself though since I never wrote one before, however if you ask me now to describe this experience I would say that its wish a road trip you set yourself a destination, you conduct a devoted crew that is always there for you, a roadmap, give birthers on the side and past the journey unhorses. Within the latter(prenominal), you show set suffers with the table service of new(prenominal)s, you share knowledge, you meet in the buff people and to the highest degree importantly you get to know them This journey would non start been assertable without the support, camaraderie and guidance of legion(predicate) friends, colleagues and my family.For all these reasons, I couldnt let the journey end without expressin g my gratitude to apiece and e very(prenominal)(prenominal)one of them. First and foremost, I would like to express my sincere gratitude to my supervisor, Philippe Spaas, who make it possible for me to fit in this acoustic projection under his supervision and in collaboration with IBM. It was a immunity to work alongside with him and a unique learning opportunity for me I am indebted for his precious guidance and for the time dedicated non just in helping me understand how a research report card should be formulated, but also in reviewing the latter.Thank you I am very conveyful as wellspring to Tybra Arthur, who graciously accepted me in her group and supported my internship, Jean de Canniere who accepted to be my Manager and without whom I wouldnt establish had this opportunity. In this line of thought, I am also pleasing to Hans cutting edge Mingroot who helped me secure this project in its negotiation phase. All third were key elements, and their support and guida nce without the research were important to me and very much appreciated.I would also like to express my gratitude to prof Mihhail Matskin at KTH the regal Institute of Technology for having accepted this Master Thesis and for beingness my examiner. His insights and help were invaluable to achieve to a greater extent sound end results and put in concert this ? nal report In addition, I would like to incubate my personalizedized give thanks to my Erasmus Coordinator, Anna Hellberg Gustafsson, for her support, kindness and dedication for the duration of the research which was key to the organization of the latter.She is, for me, the shell coordinator I have met and heard about I would probably non have crapn the appropriate steps to have this opportunity deep down IBM if it werent for the initial support and guidance of Karl De Backer, Anika Hallier, Anton Wilsens and last but non least Parmjeet Kaur Gurmeet. I truly value their follow-up both on the research and on my ex perience On a surplus measure I would like to thank Parmjeet for having been always a wide-cut learn to me and for her support and trust ever since the Extreme Blue internship.I want to thank each IBMer with whom I came in contact with in the Financial serve Sector De lotment for welcoming me into their working environment and for making my stand by very enjoyable. In addition to the aforesaid(prenominal) IBMers, among many others and in no speci? c order I would like to thank Daniel Pauwels, Patrick Taymans, Hedwige Meunier, Gauthier de Villenfagne, Michel Van Der Poorten, Kjell Fastre, Annie Magnus, Wouter Denayer, Patrick Antonis, Sara Ramakers, Marc Ledeganck, Joel Van Rossem and Stephane Masso increment. It was a real pleasure to share the open space and, to a greater extent(prenominal) importantly, to meet themDan Gutfreund at IBM Haifa was a key element in the victimization of this thesis. I am very appreciative for the discussions we had about Fraud detection and for his advice in the various phases that compose this research. In addition, I would like to extend my thanks to Jean-Luc Collet at IBM La Gaude for his valuable help in obtaining a stable virtual elevator car with InfoSphere Streams. I am thankful to Professor Gianluca Bontempi and Liran Lerman at Univer berth Libre de Bruxelles for ? nding the time to discuss about Fraud spying and info Mining techniques.Their insights were vital for the reading of the prototype and the general research. On the corresponding vein, I would like to thank Chris Howard at IBM capital of Ireland for his help in understanding Stream Computing and InfoSphere Streams. His guidance was authoritative for a timely comprehension of the ? long time without which I wouldnt have been able to develop the prototype. I want to thank Mike Koranda and s besidesl Thorson at IBM Rochester for their help in understanding the integration of entropy Mining and Stream Computing and how to achieve the latter in a more ef? cient manner.I really appreciated their help with the prototype, un cat valiumly when atypical errors occurred to more pronto detect the line of the problem. I am also thankful to IBM, as a lodge, for providing me the opportunity and necessary facilities to conduct my thesis project, as well as to KTH, as university, for having allowed me to teach on this experience. I want to become this opportunity to thank my friend, Thomas Heselmans, for having been there ever since the spot one of the research despite my busy agenda. His support and concern were vital in times of great stress and trouble, thank you for your friendshipThe same applies to Stephane Fernandes Medeiros, a great friend of mine who was always there for me and followed my work very closely. In addition, I am thankful to two of my greatest friends, Nicola Martins and Alberto Cecilio, for their friendship, for always load-bearing(a) me and always having my back. Margarida Cesar is a very important per son in my life, and I would like to express my gratitude for all the discussions and advice we shared, as well as for the support demonstrated ever since we met. I always take her advice very in earnest and she has helped me cope with dif? ulties in more than one occasion, namely during the thesis, and for that Im very thankful I am also very pleasant to my friend, Arminda Barata, for all the help she provided me in moving and adapting myself to capital of Sweden. Without her help and concern I wouldnt have felt at home so good, and I wouldnt have liked Stockholm from the very ? rst day. I would like to take advantage of this opportunity to thank all my colleagues and friends in Stockholm for making these two years of write up unforgettable, and for shaping the person I am today.Among so many others, I would like to thank in finicky Sanja Jankolovska, Boshko Zerajik, Pedram Mobedi, Adrien Dulac, Filipe Rebello De Andrade, Pavel Podkopajev, Cuneyt Caliskan, Sina Molazem, Arezoo Ghannadian and Hooman Peiro. I couldnt have made it by without all of them withstand but de? nitely not least, beca custom I didnt have the run into to formally thank my friends in my previous studies, I would like to take this opportunity to extend my thanks to them for all the good moments we spent unitedly throughout our bachelor degree as well as today.In particular I would like to thank Miruna Valcu, Rukiye Akgun, Vladimir Svoboda, Antonio Paolillo, Tony Dusenge, Olivier Sputael, Aurelien Gillet, Mathieu Duchene, Bruno Cats, Nicolas Degroot and Juraj Grivna. I reserve a special thank you note to Mathieu Stennier, for both his friendship and support throughout my schoolman life, and for having shared with me what were the best moments I had in Brussels composition at UniversityI would very much like to express myself in Lusitanian to my family so that they trick all more easily understand what I have to say, thank you for your understanding Nao podia deixar de agradecer a toda a minha familia o apoio que demonstraram ao longo deste percurso academico que conhece hoje um novo capitulo. Gostaria de agradecer a todos sem excepcao por acreditarem em mim e nunca duvidarem das minhas capacidades. Obrigado por estarem sempre presentes apesar da distancia, obrigado por se preocuparem comigo e por fazerem com que eu saiba que poderei sempre contar com vocesSou verdadeiramente um ser afortunado por poder escrever estas palavras Um obrigado especial a minha grande avo Olga por estar sempre disposta a sacri? car-se por nos e por telefonar quase diariamente a perguntar se estou bem e se preciso de alguma coisa. Agradeco-lhe do fundo do coracao esse amor que tem pelos illuminateos e que tanta forca transmite Queria agradecer tambem aos meus bests Rui e Hugo, que sao para mim como os irmaos que eu nunca tive, a forca que me transmitem para seguir em frente face as adversidades da vida. Ambos ensinaram-me imenso durante toda a vida e sao uma fonte de inspiracao constante para mimA admiracao que tenho por eles foi como um guia que me levou onde estou hoje Obrigado por acreditarem em mim para levar a bom porto este projecto e por terem estado sempre presentes a apoiar-me Gostaria de deixar uma mensagem de apreco ao David, que e mais do que um primo para mim, e um melhor amigo, que sempre esteve presente e sempre se preocupou comigo durante a tese. Foram momentos, frases e situacoes da vida que ? zeram com que o David se tornasse na pessoa importante que e para mim e ao longo da tese as suas mensagens de apoio foram sempre bem recebidas porque deram-me um alento enorme.Aproveito tambem para agradecer a minha querida tia Aida e ao meu estimado primo Xico pela preocupacao que tem sempre comigo e por serem uma fonte de inspiracao para mim. Desejo tambem aproveitar esta oportunidade para agradecer a Nandinha e Jorginho todo o apoio que me deram nao so durante estes 6 longos meses mas desde os meus primeiros passos. Sao como uns segundos pais para mim cujo apoio ao longo deste curso e capitulo da minha vida foi primordial. Agradeco, do fundo do coracao, o facto de me tratarem como se fosse um ? lho, por me guiarem e sempre ajudarem Tenho ainda um lugar especial reservado para o meu tio Antonio.Um tio que admiro muito, que sempre me quis bem e cujo dom da palavra move montanhas O seu conselho e para mim uma maisvalia, e agradeco todo o seu apoio e ajuda durante esta investigacao e sobretudo por me guiar quando nao ha estrelas no ceu. Aproveito para vos deixar a todos um pedido de desculpa por nao estar presente como gostaria, e agradeco o facto de que apesar de tudo voces estejam todos de pe ? rme atras de mim Sem o vosso apoio nunca teria feito metade do que ? z Costuma-se guardar o melhor para o ? m, e por isso nao podia deixar de agradecer aos meus pais tudo o que ? eram e fazem por mim A lingua de Camoes e escassa para que eu consiga descrever o quao grato estou Dedico-vos esta tese, por sempre me terem render todo o amo r, carinho, e ajuda necessaria para ter uma vida feliz e de sucesso. Deixo aqui um grande e sentido obrigado por terem estado sempre presentes quando mais precisava, por me terem sempre apoiado a alcancar os meus objectivos, por me terem ensinado a viver, a amar, a partilhar e a ser a pessoa que sou hoje. Obrigado Em particular gostaria de agradecer ao meu pai a compreensao que teve comigo durante este periodo mais ocupado.Agradecer-lhe a ajuda em conseguir por um meio termo as coisas e a olhar para elas de outro prisma. Agradeco tambem a calma que me transmitiu e transmite, e o apaziguamento que me ensinou a ter face as adversidades da vida. Sem estas licoes de vida, que guardarei sempre comigo, sinto que a tese nao teria sido bem sucedida e eu nunca teria alcancado tudo o que alcancei A minha mae, agradeco por onde hei-de comecar? Pela ajuda diaria durante a tese para que os meus esforcos se concentrassem no trabalho? Pela inspiracao diaria de um espirito lutador que nao desmorona face as di? culdades e injusticas da vida?Agradeco por tudo isto e muito mais pois sem a sua ajuda diaria nao teria conseguido acabar a tese. A admiracao que tenho pela sua forca e coragem ? zeram com que eu tentasse seguir os mesmos passos e levaram-me a alcancar patamares que considerava inalcancaveis A paciencia que teve durante todo o projecto, mas sobretudo no ? m, e de louvar, e sem o seu ombro amigo teria sido tudo muito mais complicado. Obrigado a todos por tudo Thank you all for all(prenominal)thing Filipe Miguel Goncalves de Almeida set back of Contents 1 Introduction Part I setting the Scene 2 Retail Banking and The State of the Art in Detection and cake of Fraud 2. The Retail Banking Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. 1. 1 A terse Walk Down Memory Lane . . . . . . . . . . . . . . . . . . . . 2. 1. 2 The Retail Banking IT Systems architecture . . . . . . . . . . . . . . 2. 2 Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. 2. 1 meshwork and E-Commerce Fraud . . . . . . . . . . . . . . . . . . . . . 2. 2. 2 early(a) Consumer Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . 2. 3 Current radicals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. 3. 1 Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. 3. 2 Analytics and Statistical Fraud-Scoring . . . . . . . . . . . . . . . . . 3 Problem De? nition 3. 1 Weak Links in presently Available Solutions . 3. 1. 1 Bank Card and Pin Code . . . . . . . . . 3. 1. 2 One-Time-Password or Card Reader . . 3. 1. 3 Biometrics . . . . . . . . . . . . . . . . . 3. 1. 4 Analytics and Statistical Fraud-Scoring 3. 2 Facts and views . . . . . . . . . . . . . . . . . 3. 2. 1 France . . . . . . . . . . . . . . . . . . . 3. 2. 2 United Kingdom . . . . . . . . . . . . . 3. 3 E-Commerce and Internet Banking . . . . . . . 3. 4 unsettled Banking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 3 3 3 4 6 6 12 12 13 14 15 15 16 17 18 18 19 19 19 20 21 22 22 23 23 23 24 24 25 25 28 28 29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 31 31 31 32 32 33 34 Research Methodology 4. 1 object of the Research . . . . . . . . . . . . . . . 4. 2 selective randomness Collection . . . . . . . . . . . . . . . . . . . . 4. 2. 1 FICOs E-Commerce proceedings Dataset . 4. 2. 2 Personal Retail Bank Transactions . . . . . 4. 3 Data Analysis Plan . . . . . . . . . . . . . . . . . . 4. 3. 1 Partitioning of the Data . . . . . . . . . . . 4. 4 Instruments and implementation Strategy . . . . . 4. 4. 1 InfoSphere Streams . . . . . . . . . . . . . . 4. 4. 2 SPSS modeler . . . . . . . . . . . . . . . . . 4. 4. 3 MySQL Database . . . . . . . . . . . . . . . Part II Behind the Curtains 5 Phase 0 Data Preprocessing 5. Getting to have sex the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 1. 1 specifys and their Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 1. 2 Attributes in the Retail Banking Industry and in FICOs Dataset . . . . . . 5. 1. 3 Statistical Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 2 Data lessening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 2. 1 Dimensionality Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 2. 2 Supervised Merge and Transformation of nominal and Categorical Data . 5. 3 5. 4 5. 5 5. 6 . 7 5. 8 Cleaning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 3. 1 Missing Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 3. 2 Noisy Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 4. 1 Transformation of generation and Dates . . . . . . . . . . . . . . . . . 5. 4. 2 Transformation by Normalization . . . . . . . . . . . . . . . . . . consume Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 5. 1 lot utilize K-Means algorithm . . . . . . . . . . . . . . . 5. 5. 2 Under-Sampling Based on Clustering . . . . . . . . . . . . . . . . Preprocessing Data with Stream Computing . . . . . . . . . . . . . . . . 5. 6. 1 Receiving and Sending Streams of Transactions . . . . . . . . . . 5. 6. 2 Retrieving and Storing Data to a Database . . . . . . . . . . . . . 5. 6. 3 Data Preprocessing using SPSS Solution Publisher . . . . . . . . . 5. 6. 4 Data Preprocessing using a Non-Generic C++ raw(a) Operator Rule-Based engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. 7. 1 Streams with a melody Rules Management System . . . . . . . . Final Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 36 36 37 37 37 39 40 41 42 42 43 45 45 46 48 49 50 51 51 52 53 53 54 55 56 57 57 58 60 60 61 62 62 63 63 66 71 71 73 76 77 6 Phase I Data Classi? cation 6. 1 Supervised Learning . . . . . . . . . . . . . . . . . . . 6. 1. 1 Ensemble-Based Classi? er . . . . . . . . . . . . 6. 2 Classi? cation Algorithms . . . . . . . . . . . . . . . . 6. 2. 1 Support Vector Machines . . . . . . . . . . . . 6. 2. 2 Bayesian Networks . . . . . . . . . . . . . . . . 6. 2. 3 K-Nearest Neighbors (KNN) . . . . . . . . . . 6. 2. 4 C5. 0 Decision head . . . . . . . . . . . . . . . . 6. 3 Classi? cation using the Data Mining Toolkit . . . . 6. 3. 1 Weaknesses of the Approach . . . . . . . . . . 6. 4 Classi? cation using SPSS role modeler Solution Publisher 6. 4. 1 Implementation Details . . . . . . . . . . . . . 6. 5 Model Retraining co mputer architecture High Level Overview 6. 6 Final Thoughts . . . . . . . . . . . . . . . . . . . . . . 7 Phase II unusual person Detection and Stream Analysis 7. 1 Data Aggregation . . . . . . . . . . . . . . . . . . . . 7. 2 Bank Customers Aggregation Strategy . . . . . . . . 7. 3 Anomaly Detection . . . . . . . . . . . . . . . . . . . 7. 3. 1 Techniques for Anomaly Detection . . . . . . 7. 3. 2 Mahalanobis blank space . . . . . . . . . . . . 7. 4 Stream Analysis . . . . . . . . . . . . . . . . . . . . . 7. 4. 1 Window-Based Operators . . . . . . . . . . . 7. 4. 2 Window-Based Anomaly Detection Strategy 7. 5 Final Thoughts . . . . . . . . . . . . . . . . . . . . . Part III Critical brushup 8 boilers suit Evaluation 8. 1 Performance Measurement Techniques . . . . . . . . . 8. 1. 1 Performance prosody . . . . . . . . . . . . . . . 8. 1. 2 truth Levels . . . . . . . . . . . . . . . . . 8. 2 Data Preprocessing and moving in Rules Analysis . . . 8. 3 Data Classi? cation . . . . . . . . . . . . . . . . . . . . 8. 3. 1 Un-preprocessed Classi? er Analysis . . . . . . 8. . 2 Preprocessed Un-Sampled Classi? er Analysis 8. 3. 3 Preprocessed Sampled Classi? er Analysis . . . 8. 3. 4 Ensemble-Based Classi? er Analysis . . . . . . 8. 4 Anomaly Detection . . . . . . . . . . . . . . . . . . . . 8. 5 Overall ideal . . . . . . . . . . . . . . . . . . . . . . 8. 6 Future Work . . . . . . . . . . . . . . . . . . . . . . . . 8. 6. 1 Extend Services . . . . . . . . . . . . . . . . . . 8. 6. 2 eXtreme Scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 78 78 79 80 80 81 83 84 87 88 89 90 91 92 i 8. 7 8. 6. 3 architecture and Data Mining Algorithms . . . . . . . . . . . . . . . . . . . . . . . Final Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 94 95 i vi 9 Conclusion tot upix A Supporing conventions Glossary hear of bets embark 1. 1 body-build 2. 1 go out 2. 2 omen 2. 3 guess 2. 4 range 2. 5 run a target 2. 6 enroll 2. 7 experience 2. 8 practice 2. 9 manakin 3. 1 Figure 3. 2 Figure 3. 3 Figure 3. 4 Figure 3. 5 Figure 3. 6 Figure 3. 7 Figure 3. 8 Figure 4. 1 Figure 4. 2 Figure 4. 3 Figure 4. 4 Figure 4. 5 Figure 4. 6 Figure 4. 7 Figure 5. 1 Figure 5. 2 Figure 5. 3 Figure 5. 4 Figure 5. 5 Figure 5. 6 Figure 5. 7 Figure 5. 8 Figure 5. 9 Figure 5. 10 Figure 5. 11 Figure 5. 12 Figure 5. 13 Figure 5. 14 Figure 5. 15 Figure 6. Figure 6. 2 Figure 6. 3 Figure 6. 4 Figure 6. 5 Lost in Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . As-Is Banking IT architecture . . . . . . . . . . Hype Cycle for lotion Architecture, 2009 To-Be Banking IT write Architecture . . . . MitB Operation . . . . . . . . . . . . . . . . . . Possible Paypal nettsite (1) . . . . . . . . . . . Possible Paypal website (2) . . . . . . . . . . . Keyboard State circuit board mode . . . . . . . . . . Windows Keyboard pussyfoot method . . . . . . . Kernel-Based Keyboard Filter Driver method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 5 5 5 8 10 10 11 11 11 16 16 17 20 20 20 21 21 24 25 26 26 27 28 29 30 32 32 33 34 35 35 36 37 40 40 42 45 46 48 50 51 52 53 54 Components of the Chip and Pin pom-pom . . . . . . . . . . . . Attack to Card Illustrated . . . . . . . . . . . . . . . . . . . . One-Time-Password Hacking Material and Architecture . Number of European Internet Users and Online Purchasers Forecast US Onl ine Retail Forecast, 2010 to 2015 . . . . . . . meshwork Growth has Outpaced Non-Web Growth for Years . . . US Mobile Bankers, 2008-2015 . . . . . . . . . . . . . . . . . US Mobile Banking Adoption . . . . . . . . . . . . . . . . . . CRoss-Industry Standard Process for Data Mining . . . . . . . . . Streams Programming Model . . . . . . . . . . . . . . . . . . . . . Straight-through processing of messages with optional storage. Backup and Fail-Over System for Streams . . . . . . . . . . . . . . Multiple-Machines Architecture . . . . . . . . . . . . . . . . . . Analytical and Business Intelligent Platforms Compared . . . . . Global Flow of Events Stream-Based Fraud Detection Solution . Overall SPSS Modeler Stream for the Of? ine Data Preprocessing Phase Frequency of Transactions per hr . . . . . . . . . . . . . . . . . . . . Amount Transferred per Transaction . . . . . . . . . . . . . . . . . . . . Data Feature Selection in SPSS . . . . . . . . . . . . . . . . . . . . . . . Data Pre paration Preprocessing Phase in SPSS . . . . . . . . . . . . . . SPSS Stream CHAID tree Model . . . . . . . . . . . . . . . . . . . . . . CHAID Tree for Data Reduction . . . . . . . . . . . . . . . . . . . . . Filtering Null Values with SPSS . . . . . . . . . . . . . . . . . . . . . . . Cyclic Values of Attribute hour1 . . . . . . . . . . . . . . . . . . . . . . K-Means Modeling in SPSS . . . . . . . . . . . . . . . . . . . . . . . . . Clustering with K-Means in SPSS Modeler . . . . . . . . . . . . . . . . Stream-based Application Data Preprocessing and Rule-Based Engine Stream-based Application Data Preprocessing . . . . . . . . . . . . . . Stream-based Application Rule-Based Engine . . . . . . . . . . . . . . Interaction amongst a BRMS and a Stream-based Application . . . . . Classi? cation in Stream-Based Application .Ensemble-Based Classi? er . . . . . . . . . . . Classi? cation in SPSS . . . . . . . . . . . . . . Support Vector Machines (SVMs) Illustrated Example of a Bayesia n Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i Figure 6. 6 Figure 6. 7 Figure 6. 8 Figure 7. 1 Figure 7. 2 Figure 7. 3 Figure 7. 4 Figure 7. 5 Figure 7. 6 Figure 7. 7 Figure 7. 8 Figure 7. 9 Figure 7. 10 Figure 7. 11 Figure 7. 12 Figure 7. 13 Figure 8. 1 Figure 8. 2 Figure 8. 3 Figure 8. 4 Figure 8. 5 Figure 8. 6 Figure 8. 7 Figure 8. 8 Figure 8. Figure A. 1 Figure A. 2 Figure A. 3 Figure A. 4 Figure A. 5 Figure A. 6 K-Nearest Neighbors Illustrated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Section of C5. 0 Decision Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SPSS C&DS Classi? er Retraining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Anomaly Detection Stream-based Application . . . . . . . . . . . . Aggregate Bank Customers . . . . . . . . . . . . . . . . . . . . . . . Learning a classi? er model for the normal class of proceedings . . Transaction not be to a cluster . . . . . . . . . . . . . . . . .Transactions far from the clusters center . . . . . . . . . . . . . . . Mahalanobis Distance Illustrated . . . . . . . . . . . . . . . . . . . . Mahalanobis Distance Stream-based Application . . . . . . . . . . Window Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tumbling Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . Sliding Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Partitioned Keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . Account average expenses and frequency of proceeding in 3 days Window-Based Analysis Stream-based Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 55 60 61 63 6 4 65 65 66 67 71 71 72 73 73 74 78 79 84 86 88 89 92 92 94 ii iii iii iv iv v Benchmarking Stream-based Application Concept for Each Processing Step . . disorderliness Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparison amid Un-Preprocessed and Preprocessed Data Accuracy Levels Comparison between Sampled Datasets Accuracy Levels (TP/FP) . . . . . . . Stream Analysis Debited Account . . . . . . . . . . . . . . . . . . . . . . . . . . . Overall View of the Solution Accuracy Levels (TP/FP/FN) . . . . . . . . . . . . Overall Structure of the Financial Services Toolkit . . . . . . . . . . . . . . . . . . In-Memory Database with InfoSphere Streams . . . . . . . . . . . . . . . . . . . . Stream-Based Application a Flexible and Multifaceted Architecture . . . . . . . Stream-based Application Overview . . . . . . . . . . . . . . . . . . . . . . . . . . Time per Transaction for each of the Data Preprocessing Approaches . . . . . . . Time per Transacti on for Preprocessing the Data and Examine the Business Rules . Metrics Data Classi? cation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . Anomaly Detection Time per Transaction . . . . . . . . . . . . . . . . . . . . . . . . Fraud Detection Time per Transaction . . . . . . . . . . . . . . . . . . . . . . . . . List of Tables Table 3. 1 Table 5. 1 Table 5. 2 Table 6. 1 Table 7. 1 Table 8. 1 Table 8. 2 Table 8. 3 Table 8. 4 Table 8. 5 Table 8. 6 Table 8. 7 Table 8. 8 National fraud in France categorized by transaction type . . . . . . . . . . . . . . . Communalities PCA/Factor Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Under-Sampling Based on Clustering (SBC) . . . . . . . . . . . . . . . . . . Supported Mining Algorithms Data Mining Toolkit . . . . . . . . . . . . . . . . . . Hardware Speci? cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . someone Classi? er Accuracy Levels Un-Preprocessed Training Set . . . . . item-by-item Classi? er Accuracy Levels Un-Sampled Preprocessed Training Set Multiple Sampling Ratios Analyzed . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Sampling Ratios Analyzed . . . . . . . . . . . . . . . . . . . . . . . . . Ensemble-Based Classi? r Balanced . . . . . . . . . . . . . . . . . . . . . . . . Ensemble-Based Classi? er Maximum Fraud Detection . . . . . . . . . . . . . Ensemble-Based Classi? er with Mahalanobis Balanced Model Combination . Ensemble-Based Classi? er with Mahalanobis Maximizing Fraud Detection . . . . . . . . . . . . . . . . . . . . . . . . . 19 34 41 56 77 81 83 85 85 87 87 89 89 List of Algorithms Algorithm 1 Algorithm 2 Algorithm 3 Algorithm 4 Algorithm 5 Algorithm 6 Algorithm 7 Algorithm 8 Algorithm 9 Algorithm 10 Algorithm 11 Algorithm 12 Algorithm 13 Algorithm 14 InputSource Receive Incomming Transactions . . . . . . . . . . . . . . . . ODBCEnrich Enrich an Incomming Transaction . . . . . . . . . . . . . . . . Non-Generic C++ Primitive Operator Manual Preprocessing . . . . . . . . . Preprocessing Manual Preprocessing of Incoming Transactions . . . . . . . Functor Split Stream for Preprocessing and Rule-Based Engine . . . . . . . . Join Append Business Rules to Preprocessed Transaction . . . . . . . . . . . Join Append Business Rules to Preprocessed Transaction . . . . . . . . . . . Data Mining Toolkit Operator Decision Tree C5. 0 Classi? er . . . . . . . . . . Non-Generic C++ Primitive Operator Supervised Analysis . . . . . . . . . . Classi? cationEnsemble Constructor() . . . . . . . . . . . . . . . . . . . . . . Classi? cation Ensemble process(Tuple & tp, uint32_t port) . . . . . . . . . . Variance-Covariance Inverse Matrix use in the Mahalanobis Distance . . . Individual Account Anomaly Detection Approach . . . . . . . . . . . . . . . Voting communications protocol Mahalanobis Distance, Window-Based and Classi? er Score . . . . . . . . . . . . . . 43 44 45 46 47 47 47 56 58 58 59 68 75 75 Chapter 1 Int roduction A journey of a m miles must begin with a single step Lao Tzu If you work on fraud detection, you have a job for life. These were the words used by Professor David J.Hand1 in one of his talks to synthesize the vast research ? eld that is Fraud Detection. Indeed, this ? eld consists of multiple domains, and is continually evolving through time with immature strategies and algorithms to counter the constantly ever-changing manoeuvre employed by fraudsters2 . In this line of thought, shortly available solutions have been unable to control or mitigate the everincrease fraud- associate losses. Although thorough research has been siree, only a subatomic number of studies have led to actual Fraud Detection systems 27, and the focus is typically on novel algorithms aiming at increasing the accuracy levels.To this end, we want to look at the problem from a contrasting angle, and focus on the foundations for a real-time and multi-purpose solution, based on a technology know as Stream Computing, able to encompass these algorithms musical composition creating the possibilities for further research. We subdivide our study in three main parts. We begin with an overall understanding of the topic being discussed by de? ning the research environment, its problems and presenting the solutions truely available. In addition, we conclude this ? rst part by both specifying the structure, and outlining the objective of the research.The morsel part explores the overall course of action to bring about a Stream-based Fraud Detection solution. From this perspective, we discuss different strategies previously researched in Data Preprocessing, Data Classi? cation and Behavior-based Analysis, and tackle their combination and integration in a Stream-based application. Last but not least, we review the overall solution proposed, and examine the possibilities beseeched by the latter for further research in the ? eld of Fraud Detection in the Retail Banking Industry. Senior Research Investigator and Emeritus Professor of Mathematics at the Imperial College of London, and one of the leading researchers in the ? eld of Fraud Detection http//www3. imperial. ac. uk/people/d. j. hand link to the presentation http//videolectures. net/mmdss07_hand_stf/ 2 a person intended to deceive others (i. e. one who commits fraud) de? ned in the Glossary 1 Part I Setting the Scene Great things are not done by impulse, but by a serial publication of small things brought in concert Vincent van Gogh Fraud Detection in itself is interlinked with numerous ? lds of study, and before the plays main action, we want to set the stage. In order to bend getting off track and allowing you to improve understand the scope, contents, choices made, and requirements of the research, we divided this act in three scopes. In the ? rst, we enclose the main actors namely banks, bank customers and fraudsters. In addition, we also present the up-to-the-minute situation in the Detection and Prevention of Fraud in banks, describing the techniques being used both to counter and to commit fraudulent transactions. The second scene introduces the overall problem of fraud in the Banking Sector.It identi? es the weaknesses of the latest solutions, and quanti? es fraud losses as accurately as possible in some European countries and this based on the most recent data. We accordingly take a step further and comment on new trends, and predict possible risks banks might incur from them. Before the end of the act, we introduce the two main parts of the play, as well as how we intend to approach the problem. More precisely, we provide some speci? cs regarding the research conducted, the tools used and the plan followed to reach our conclusions. Figure 1. Lost in Translation 2 Chapter 2 Retail Banking and The State of the Art in Detection and Prevention of Fraud There are things known and there are things occult, and in between are the doors of perception Aldous Huxley Busines smen and politicians, before sealing deals or taking political decisions, are known to go through a phase of reconnaissance the military term for exploring enemy or unknown territory. just now as it is important to them, so it is for you when you are about to douse into the speci? cs of a real-time fraud detection solution.In this line of thought, it is important to grasp the context of the research to better understand the concepts discussed. To do so, we baffle this chapter with an overall view of the Retail Banking Industry, to understand both its services and IT architecture (Section 2. 1) we continue with a de? nition of fraud together with a description of the different fraud types that affect banks and how they operate (Section 2. 2) lastly, we give an overview of some of the current solutions available (Section 2. 3). 2. 1 The Retail Banking Industry To describe the banking industrys phylogenesis that started earlier than 2000 B.C. 91, deserves almost a research paper on its own. For this reason, and because we dont want to divert from the topic, we start by solely providing a simple and brief resume about the origins of the banking industry (Section 2. 1. 1). The latter is an provoke talking point that not only allows you to understand how it all started, but also to perceive the challenge of keeping a bank pro? table. Additionally, it is a good introduction to understand a more adept description of the IT architecture behind the banking services (Section 2. 1. 2). 2. 1. 1 A minuscule Walk Down Memory LaneIt all started with barter back in the time of Dravidian India, passport through Doric Greece to preRoman Italy, when a cow or an ox was the standard medium of replacement. 91 However, given the dif? culty of trading fairly, evaluating different goods with the same standards, and ? nding suitable goods for both parties involved, the invention of money inevitably developed. Indeed, the origin of the word money is pecunia in Latin, which comes from pecus, meaning cattle. Through time, money evolved in the different civilizations and became not only a symbol but also a key factor in trading.Together with the development of the art of casting, the different mediums of exchange evolved gradually from random precious metals to what we now know as currency. This developments made our forefathers the proponents of the ? rst banks for reasons that are still of applicability in todays banking system. The polity of Hammurabi in the early 2000 B. C. stated If a man gives to another silver, favorable or anything else to gumshoeguard, whatsoever he gives he shall show to witnesses, and he shall ordinate the contracts before he makes the deposits. 91 It is therefore clear that the Babylonians already placed back in their time their valuable possessions in a safe place, restrained by a trusted man. 3 Nevertheless, the real inspiration for the banking system as we know it today came from the Greeks. Unlike the Babylonians, the Gree ks didnt have a government and therefore the country was divided into independent states that were constantly any at war or in a state of unrest. 91 In these turbulent times, they found Temples to be the only safe place able to survive the test of wartime.They were seen as safe deposit vaults, marking the beginning of the functions of our current banks. Indeed, records show that the Temples not only kept money safe but also lent the funds at a reliable(a) hobby rate. In addition, even though safeguarding the money started as a service free of focal point, it soon turned into a business where small commissions were applied. The banking industry continued to evolve through time, from the commercial development of the Jews passing by the establishment of the Bank of St.George, the Bank of the Medici and the Bank of England, to the rise of the Rothschilds, and the development of banking in the land of the Vikings. 91 At this moment in time, a study bank is a combination of a dozen of businesses, such as corporate, investment and small business banking, wealth management, capital markets. One among these is the sell banking industry. 46 The retail banking industry is characterized by a particularly large number of customers and bank accounts in comparison to any other banking business, which results in a much higher number of transactions, services and crops.In addition, it relies more and more on technology due to the levels of cooperation between banks, retailers, businesses, customers leading to an ever-increasing amount of information processing requirements. In a nutshell, todays banks follow the same precept described earlier by borrowing from clients in surplus and modify to those in de? cit. This triangulation is a win-win situation for the bank and its customers the bank makes revenue from the net use up income, which is the difference between what it pays to the lending customer and what it receives from the borrower.Nevertheless, the bank cant lend all the deposits and needs to guarantee that a certain(prenominal) percentageage is kept aside to satisfy customer withdraws and requirements. 92 Even though the situation varies from bank to bank, it is noteworthy to mention that more than half of a retail banks revenue, perhaps three-quarters, comes from this intermediation role in the form of net interest income. 46 To conclude, in todays world, and afterward years of evolution, retail banks provide you with a multitude of services for which they charge fees, mainly to cover the maintenance of the infrastructure and the banks structure.These added up together account between 15% to 35% of the net interest income. 46 Among the services you can ? nd compensation services, phone banking, money transfer, cash dispensers1 , online banking, advisory services, investment and taxation services, mobile banking and many more. How does a bank ef? ciently govern, offer and maintain all these services? 2. 1. 2 The Retail Banking IT Systems Architecture Just as banking services evolved through time so did the overall back-end architecture allowing a bank to provide all the aforementioned services. This evolution was specially prominent after the unveiling by Barclays Bank f the ? rst atmosphere machine in 19672 from that moment on, banks started investing heavily in computerized systems with the name and address of automating manual processes in an effort to improve its services, overall locating in the market and cut costs. From this perspective, the IT systems of banks matured from the creation of payment systems together with the immerse of the international SWIFT profit3 in the 70s, to todays core banking system a general architecture that supports all the channel and services of a bank and where each one of them is digitalized.An overview of such general architecture is illustrated in Figure 2. 1 77. 1 acronym for Automated Teller Machine, a machine that automatically provides cash and performs oth er banking services on insertion of a special card by the account holder de? ned in the Glossary 2 http//www. personal. barclays. co. uk/PFS/A/Content/Files/barclays_events. pdf 3 Society for Worldwide Interbank Financial telecom (SWIFT) is a member-owned cooperative that operates a worldwide standardised ? nancial messaging interlocking through which the ? nancial world conducts its business operations http//www. wift. com 4 This architecture was in place in many banks some years ago, and still is in some cases, but even though it provides the clients with all the necessary banking tools, it had certain drawbacks that became visible through the modernization and improvement of services. As it is described by both Microsoft 82 and IBM 77 the as-is architecture has no true enterprise view of a customer because information is duplicated, which leads to inconsistent customer services and promotions across channels when adding new or changing current products, it takes time to bring F igure 2. As-Is Banking IT Architecture (source 77) them to the market and a signi? cant amount of changes to the core system code. This leads to a dif? culty in responding quickly to new challenges and evolving regulatory pressures. Faced with the aforementioned problems, banks had the need to change towards a more ? exible and ef? cient architecture that would allow them to play along with the ever-changing needs of the clients and of the technology. With this n mind, the major players in core banking have switched to a Service-Oriented Architecture (SOA) with the intended goal of improving growth, cut back costs, reducing operational risks, and improving customer experience. 69 94 83 77 82 As reported by Forrester in a survey in 2007 82, out of 50 European banks, 53 percent declared they were already replacing their core system while 27 percent were planning to do so and 9 percent had already completed a major transition. The same survey assessed that 56 percent of the banks a lready used SOA and 31 percent were planning to.Additionally, in Gartners 2009 report (Figure 2. 2 28), supports this strategy and believed that SOA-based architectures was increasingly being espouse and would be widely accepted in a time figure of speech of 2 to 5 years. In the latest update (2011th Edition 29), SOA is submission the Plateau of Productivity, which indiFigure 2. 2 Hype Cycle for Application Architecture, 2009 cates that the mainstream adoption is offset to take off. (source 28) With this transition to an agile banking platform with a more ? exible product de? ition built on SOA principles, banks expect to gradually simplify their business and run short more ef? cient in the long term. Indeed, the aforementioned platform which is illustrated in Figure 2. 3, is meant to provide the banks with prodigaler and easier ways to update the system and comply with changing industry regulations and conditions. Additionally, by having a holistic view of the customer-releva nt data across systems, a bank is able to better focus and analyze it with the goal to improve its customers experience by investing in more ef? cient and ? xible customer-centric offerings. Lastly, the architecture allows for integrated customer analytics and insight capabilities. In this line of thought, a stream-based real-time fraud detection solution would be easy to integrate in such an architecture, allowing the bank, as we will see later on, to broaden its services, data analysis capabilities and detect fraud in realtime. Figure 2. 3 To-Be Banking IT Reference Architecture (source 77) 5 2. 2 Fraud When one wants to get something from others illegally he can do it in two ways repulse or trick them into doing so. The ? st is better known as robbery and is unremarkably more violent and noticeable the second is known as fraud, which is more discrete and therefore preferred by fraudsters. 76 From this we can understand that fraud includes a wide variety of acts characterized b y the intent to deceive or to obtain an unearned bene? t. 30 Many audit-related agencies provide distinct insights into the de? nition of fraud that can be brie? y summarized in this way De? nition 1. Fraud consists of an illegal act (the intentional wrongdoing), the concealment of this act (often only hidden via simple means), and the deriving of a bene? (converting the deducts to cash or other valuable commodity) 30 Given this de? nition, we can further classify the known types of fraud by victim, perpetrator and contrivance 76 Employee Embezzlement Employees deceive their employers by taking community assets either like a shot or indirectly. The ? rst occurs without the participation of a third party and is characterized by an employee who discriminates company assets directly (e. g. cash, inventory, tools, etc. ). In the second, the stolen assets ? ow from the company to the perpetrator through a third party.Indeed, indirect fraud happens usually when an employee accepts bribes to allow for lower gross sales or higher purchases prices, or any other dishonest action towards the company. Vendor Fraud This type of fraud usually happens when a trafficker overcharges its products ships lower quality goods or doesnt ship any products to the purchaser even though it received the corresponding payment. Vendor fraud happens more frequently with government contracts and usually becomes public when discovered, being one of the most common in the United States. Customer Fraud Customer fraud takes place when a customer doesnt pay for the products he purchased, pays too little, gets something for nothing or gets too much for the price. All these situations occur through deception. Management Fraud Management fraud, also known as ? nancial line fraud, is committed by top management who deceptively manipulate ? nancial statements. The interest behind these actions is usually to hide the real economic situation of a company by making it look healthier than it actually is.However, for the purpose of this research, and given the fact that we are focusing on fraud perpetrated in the retail banking industry, we will mainly focus on every possible bank transaction that a customer can perform. The research will be based in debit, online banking namely electronic bill payment and giro transfers and debit shaping card transactions. Fraud that can be perpetrated against these transactions falls at heart the category known as consumer fraud. Additionally, the latter can be sub-categorized in Internet and e-commerce fraud and other (non-)internet related fraud that we will now describe in more detail. . 2. 1 Internet and E-Commerce Fraud The Internet a technology that was unknown to many of us 25 years ago and is used now by billions of people either at home, work or on-the-go. We can ? nd webpages from business home pages, to informational wikis, passing through social electronic intercommunicateing sites ? les that take the form of text, audio or video and a multitude of services and web applications. It took just 3 years for the Internet to reach over 90 million people while the television and the radio took respectively 15 and 35 years to reach 60 million people 76 This is how fast the medium through which e-commerce fraud takes place has evolved. This informational and technical revolution led to new ways for fraud to be perpetrated while techniques to avoid it have dif? culties to keep up with the pace. Today, businesses depend on the Internet to perform paperless transactions and exchange information between them they mostly use e-business connections, virtual snobby networks (VPNs1 ), and other specialized connections. 76 This type of commerce is known as e-commerce, or electronic commerce, because it takes place over electronic systems. Therefore, even if you think you are not using the Internet, any operation you make at a local branch, any withdraw you do from an ATM or any purchase you make at a local st ore with your bank card, a Network transaction takes place. 1 its a method employing encryption to provide secure access to a remote computer over the Internet de? ned in the Glossary 6Since most businesses rely on Network-based transactions and, as we will describe later on, Internet exploiters use the network more and more frequently to buy products or services, the North American Securities Administrators Association (NASAA) considers that Internet fraud has become a booming business. 76 With this in mind, there are three standpoints that need to be taken into retainer when describing in more dilate the risks involved in this category that soften banks and more importantly their customers risks lying in spite of appearance and/or orthogonal the organization.Risks at bottom Banks and Other Organizations The main risks come from within the bank. 76 Indeed, a perpetrator with inside access has knowledge regarding the environment, the security mechanisms and how to bypass them. Additionally, any employee with access to the organizations network has automatically bypassed ? rewalls and security checks making it easier to in? ltrate systems, steal information or data and cause damage to the bank. From this perspective, the most common example is the superuser access that most IT-related employees (e. g. rogrammers, technical support, network administrators or project managers) have within the companys infrastructure and database systems. 76 In one survey, more than a third of network administrators admitted to snooping into human resource records, layoff lists, and customer databases. 76 A related survey found that 88 percent of administrators would take sensitive data if they were ? red, and 33 percent said they would take company rallying cry lists. 76 Even if a perpetrator does not have personal access to the targeted system and information, there are techniques that he can use to get at them indirectly, i. . via a person of interest Snif? ng, also kno wn as Eavesdropping Snif? ng is the logging, ? ltering, and viewing of information that passes along a network connection. Applications are easily and available for free on the Internet, Wireshark1 and tcpdump2 that allow network administrators to troubleshoot any possible problem in the network. Nevertheless, these applications can as easily be used by hackers to gather information from unencrypted communications. 76 A good example is the usage of unencrypted e-mail access protocols like Post Of? ce Protocol 3 (POP3) or the Internet Message Access Protocol (IMAP) instead of other more secured ones. Since e-mail clients check messages every span of minutes, hackers have numerous opportunities to intercept personal information. 76 A user could in addition encrypt the body of the email by using fixate/Multipurpose Internet Mail Extensions (S/MIME) or OpenPGP in order to avoid that sensitive information passes through the network in plain text.Even though security experts have succes sfully managed to encrypt emails, the reason behind this want of security is that they have failed to take into consideration the needs of the end-user namely, the ability to from time to time encrypt an email without much trouble at all. 113 Wartrapping Wartrapping happens when hackers set up free access points to the Internet through their laptops in speci? c locations like airports or inside a companys headquarters. Users, unmindful(predicate) that the wi? passes through a hackers computer, connect to the latter and sweep the Internet as if they had a secured connection.When logging their internet banking services and playing transactions, or simply access their emails, the hacker can see the bits and bytes of every communication passing through any laptop in the clear. In this line of thought, hackers can get caught in their own web as companies are also using what they call honeypot traps. The latter is an information system resource, like a computer, data, or a network site (e. g. wireless entry), whose purpose is not only to divert approach shoters and hackers away from minute resources, but also to serve as a tool to study their methods. 1 These systems are placed strategically so to look like part of the companys internal infrastructure even though they are actually isolated and monitored by administrators of the organization. One of the most widely used tools is honeyd3 . 89 1 2 3 http//www. wireshark. org/ http//www. tcpdump. org/ http//www. honeyd. org/ 7 Passwords are the Achilles reheel of many systems since its creation is left to the end user who keeps them simple and within his or her preferences and life experiences (e. g. birthdays, family names, favorite locations or brands).In addition, users tend to re-use the same password for different purposes in order to avoid having to remember different ones, which leads perpetrators to gain access to different services and accounts with a single password from the person. In addition, anot her source of threats are the laptops and mobile devices that many employees take with them outside the companys protected environment. While in these unsecured contexts, the devices are exposed to viruses, spyware, and other threats that might compromise again the integrity of other organizations system once these computers are plugged in the network.Viruses, trojans and worms are able to enter the protected environment without having to go through ? rewalls and security checks, making it easier to in? ltrate key information systems and bypass apology mechanism. Risks Outside Banks and Other Organizations The Internet not only became a source of services to users and companies but also a rich medium for hackers to gain access to personal systems. Indeed, when performing attacks, hackers are relatively protected because they cross international boundaries which puts them under a different jurisdiction than the victim of the attack and are mostly anonymous making tracking dif? ul t. Therefore, the Internet became the defacto technological medium to perform attacks and there are numerous ways of doing so Trojan Horses A trojan horse is a program intentional to breach the security of a computer system and that has both a desirable and a hidden, usually malicious, outcome. 86 These programs can be embedded in a bank users computer when he views or opens an infected email, visits or downloads a ? le from an unsecured website or even when visiting a legitimate website that has been infected by a trojan. 85 From this perspective, a good example is the man-in-the-browser (MitB) attack, represented in Figure 2. , which uses trojan horses to gear up extensions or plugins in the browser that are used to deceive a bank customer Whenever a speci? c webpage is loaded, the Trojan will ? lter it based on a target list (usually online banking pages). The trojan extension waits until the user logs into his bank and starts to transfer money. When a transaction is performed , the plug-in extracts data from all the ? elds and modi? es the amount and recipient according to the hackers preferences through the roll object model (DOM1 ) larboard, and resubmits the form to the server.The latter will not be able to identify whether the values were written by the customer or not and performs the Figure 2. 4 MitB Operation (source2 ) transaction as requested. 85 ATM Attack Techniques An Automated Teller Machine (ATM), is a computerized device that allows customers of a ? nancial institution to perform most banking transactions and check their account status without the help of a clerk. The device identi? es the customers with the help of a plastic bank card, which contains a magnetic stripe with the customers information, together with a personal identi? ation number (PIN) code. 2 ATMs are attractive to fraudsters because they are a direct link to customers information and money, and there are security pitfalls with their current architecture 2 the way data is encoded in the magnetic media makes it easily companionable if a hacker invests some money to buy the easyto-be-found equipment, and time to decrypt and duplicate the contents in addition, with a four 1 An interface that lets software programs access and update the content, structure, and style of documents, including webpages de? ed in the Glossary 2 www. cronto. com, blog. cronto. com/index. php? title=2fa_is_dead 8 digit PIN, not only will one in every 10. 000 users have the same number but it also allows brute force attacks to discover the combination. Not to mention the possible visible attacks on ATMs which cannot be considered as fraud (see De? nition 1), there are a couple of ways fraudsters steal money from bank customers 2 1. Skimming Attack skimming is the most popular approach in ATMs and consists in using devices named skimmers that capture the data from the magnetic strip.These devices can be plugged in an ATMs factory-installed card reader and allows for downloa d of all personal information stored on the card. In addition, to obtain the PIN code fraudsters use either shoulder-sur? ng and hidden video cameras, or distraction techniques while the customer uses the ATM. 2 Sometimes fraudsters take a step further and urinate their own fake teller machines to deceive bank customers this is considered to be a spoo? ng attack that we will describe in more details below. 39 2.Card Trapping this tech