Machine Learning and Fraud Detection in Payments: Protecting Your Organization from the Inside Out

Fraud and Financial Crime

Neira Jones

Mar 4, 2019

B2B payments have traditionally been complex, time-consuming, manual and expensive. This is unsurprising as, in contrast with consumer payments, the main pain points in the B2B space are still cash management, cross-border payments and treasury management. Consequently, customer expectations will be the main driver for change, combined with the added pressures of increased regulations, nimble digital competition and advances in technology - both to improve the customer experience and maintain trust (e.g. machine learning, fraud detection).

Formula 1 racing is no different: there is an increasing need for more and more data to analyse and regurgitate to decide on race strategies, improve performance and deliver insights to fans in real-time, whilst staying on the right side of automotive and racing rules. Suddenly, opportunities that were unimaginable in the past are readily available.

With technology continuing to evolve at breakneck speed, regulators are faced with the multidimensional challenge of protecting consumers whilst fostering innovation and economic development. With the endless cornucopia of data available to businesses (and criminals alike), whether genuine or fake, catching up with criminals and developing regulations able to cope with new technologies and new crimes is no mean task. This complex landscape has led to much regulatory complexity and overlaps. Indeed, the 2nd Payment Services Directive requires strong customer authentication and fraud detection measures whilst the many anti-money laundering laws require more stringent customer due diligence, with ever more complex KYC requirements. When we overlay this with the increased worldwide focus on data protection and data privacy (and the many related global regulations), it is no wonder that businesses are overwhelmed by their ever growing attack surface and the complex regulatory maze this presents. The lack of interoperability and standards, combined with the disparity among industries and jurisdictions, only serves to increase this complexity.

And whilst the regulators grapple with their long regulatory cycles and try to future proof regulations, consumers adopt more and more technologies, share more and more data, demand safety and expect their trust not to be broken. In the meantime, mobile device ownership has overtaken personal computers, with smartphones now established as the preferred mode of consumer interaction and social media as the third shopping channel[1], whilst the Internet of Things (IoT) has become pervasive in our lives. Whether it is Alexa, a Nest security camera, a fitness monitor, a smart watch or a connected toy, these technologies have endeared themselves to us with their simplicity and convenience, often at the expense of security and safety.

This complexity has generated an increased need for automation, which itself has engendered an increased focus on technology to deliver this automation, such as Artificial Intelligence (AI), machine learning, or behavioural analytics, exemplified by the booming Regtech industry which is predicted to reach $12.3 Billion by 2023. And the opportunity is vast: with B2B payments exceeding $100 Trillion each year, even a small enhancement in the way businesses pay each other could unlock substantial value for all players in this ecosystem. Indeed, improvements can substantially reduce the cost and risk associated with inefficient B2B payment and fraud detection processes:

[1] © Bazzaarvoice Shopper Experience Index 2018

In that respect, artificial intelligence, machine learning and automation present many opportunities for businesses. Indeed, as AI and machine learning become more proficient at analysing and interpreting vast amounts of data faster than ever before, businesses now can become more efficient at fraud detection whilst delivering seamless customer experiences. Deploying a layered approach, where automation is applied to eliminate or significantly reduce mindless and repetitive tasks, will free staff to concentrate on complex cases or reviews and value-adding activities, thus bolstering productivity (and job satisfaction) as well as maximising operational efficiency.

B2B payments largely leave businesses and their suppliers stuck with 20th century inefficiencies (e.g. cheques, manual paper-based processes, long payment cycles, etc.), but Real-Time (or Faster) Payments, already established in the retail consumer space, are now making headways in the B2B arena. And let’s face it, very much like driving cars, going faster generally means increased risk.

In this context, machine learning can be used to track and identify fraudulent behaviours, and continuously learn from the data gathered over time, but also to decide in record time whether payment transfer requests are legitimate or fraudulent. After all, when money is moving faster than ever, decision making needs to be just as immediate. This is how PNC Financial Services Group, one of the first banks in the offer real-time payments to personal and business banking customers alike, uses a combination of human security experts and authentication technology - enabled by artificial intelligence and machine learning - to detect fraud and protect funds and data against criminals.

And as late payments across the B2B industry continue to make the news, solutions have started to appear on the market where machine learning is used to analyse multiple data points giving a score predicting whether an invoice is likely to be approved for payment or rejected. If the score is above a certain threshold, the payment can be automatic; only when the score is below that threshold is the invoice held back for further manual intervention, thus driving efficiency.

The technology-enabled business of the future should be able to meet any business payment need fast and efficiently, regardless of the scenario. As technology evolves and consumer preferences drive change, it should also be able to incorporate mobile and IoT with the expected level of security and fraud detection. The dynamic nature of the global economy and evolving demographics also mean that businesses must ensure that their strategies not only incorporate traditional trading partners, but also facilitate participation in the gig economy, where freelancers and micro-businesses can both get paid and pay for goods and services, faster, without borders, easily, safely, and from any device or channel.

However, whilst automation has become a necessary component of any security and fraud prevention endeavour, it alone does not make a sensible or even viable strategy. Of course, in an ideal world, technology (such as machine learning) would be able to spot and stop crime without human intervention. Unfortunately, real life gets in the way: technology is only ever as good as those who design it, and humans are fallible. Furthermore, can businesses guarantee that the available data to derive insights is perfect and completely accurate? And of course, whilst we’re all busying ourselves with innovations and new processes, let’s not forget that criminals never stand still... Indeed, technology can also be used against itself, as evidenced by the emergence of methods such as “Adversarial Machine Learning” where malicious attacks can be designed to subvert defensive technologies in order to appear legitimate or inoffensive.

This really means that any technology, on its own, will not protect any organisation from criminal activity or render it more competitive, just as machine learning on its own doesn’t make a winning and compliant Formula 1 team. So Caveat Emptor: any technology solution claiming to offer absolute protection and accuracy should be treated with caution. Technology has a legitimate place where a specific risk can be mitigated or business purpose fulfilled by its use. Common sense should prevail when developing a working cyber security and fraud detection strategy where the basics are covered first, and the risks specific to the organisation are managed. Legacy infrastructures will need to be enhanced to fit in the digital age, technologies will need to be deployed, the appropriate processes will need to be put in place to make those technologies effective and last, but not least, the human element will need to be factored in, both internally and at the customer level. Even the largest businesses struggle to manage continuous technology changes and regulatory compliance requirements. Deploying a layered approach, where automation is used where the processes lend themselves to it, will free staff to concentrate on adding value. Developing future proof business capabilities will require vision, digital transformation, the right skills, a conducive culture and the right partnerships.

Posted by

Neira Jones

Neira Jones is an independent advisor and international speaker, partner for the Global Cyber Alliance, and ambassador for the Emerging Payments Association.
Browse all posts
footer curve