Perception vs reality: AI and ML take their place in business payments fraud conversation

Fraud and Financial Crime

Chris Gerda Headshot

Chris Gerda

Nov 27, 2023

There are so many concepts and debate topics surrounding AI today – in addition to a fair amount of executive drama – that it’s good to take a step back and clear the air around how it’s being applied in fraud detection for business payments. By examining the perceptions vs realities based on actual experiences we can clarify the impact of AI as well as learn how to apply a data-driven strategy at your organization.  

AI is a multi-faceted concept and can be seen very simply as machines that simulate human thinking.  Machine Learning (ML) is a subset of AI where models learn to make decisions from data. Think of this as “ML rules AI.” It’s people and outcomes that teach the computer models and give them general directions through creative tuning and feedback loops.  

The fraudulent perception of AI comes from things like WormGPT (Chat GPTs sinister counterpart), which can be used to write phishing emails in much more convincing ways to increase a fraudster’s chances of a successful Business Email Account Compromise. I call it the “typing AI”. Then, there are deep fakes of people’s faces and voices. I call this the “art AI”. With these basics in mind let’s get into some perceptions and realities.

Perception: AI and Machine Learning are the same thing.  

Reality: Machine Learning is a subset of AI. There’s more machine learning being used in business payments than artificial intelligence. But you need to understand three concepts to understand this reality. 

The first is the difference between rules-based analytics and machine learning. Rules-based analytics, as the name implies, relies on a predefined set of rules and thresholds to analyze and then act on transaction data. Suppose you’re a bank with a rule-based engine to alert for Company X’s payments above $10,000 to a high-risk country for manual review. Tried and true equals consistency here. On the downside, this rule could be too rigid to accommodate Company X’s growth and international business payment patterns. In comes ML with algorithms instead of rules to identify patterns in data. Instead of being explicitly programmed to perform a task, the “machine” learns from historical data to make predictions or decisions. As more data is fed into the system such as investigators marking alerts as false positives or fraud, the model can refine its predictions, potentially improving accuracy over time. So, if Company X’s revenue is growing and their amount of transactions to specific foreign countries grow with it, the ML algorithm can include this new data and increase thresholds for certain countries, but not others. It can even identify a lower dollar transfer to those jurisdictions as suspicious when a payment to a new bank account for an existing vendor in that geography occurs.  

Perception: AI and ML make data better. 

Reality: Yes, they do, but (and it’s a big “but”) data also creates the basic function of AI and ML. Its success hinges on data quality and human creativity along with business strategies and continuous monitoring. To implement rules-based analytics with a sidecar of ML within a payment network, you need data about the companies within it and their payments history. The outcome of a rule-based alert will slowly train the model to learn the data elements that predict a false positive or fraud attempt, while still producing high quality alerts. It all starts with basic data, which humans then use to make more creative data they know is impactful to the use case.  If you apply some type of ML or AI you need governance to oversee those models and ensure against bias, inaccuracy, and other factors that could creep in detrimentally. AI and ML will not replace some of the foundational rules, but they can certainly supplement them. As more data is added and created more useful insights will appear.  

Perception: AI is key to fraud protection today in business payments.  

Reality: It could be helpful but taken on its own it doesn’t rise to the level of basic security requirements for business payments today. In the context of consumer payments networks, AI has a fantastic ability to scan, interpret and act on datasets at scale. For business payments networks, ML has more practical potential than AI as a fraud detection tool due to its functional purpose and available data. No system is perfect and ML/AI models can produce false positives and false negatives (fraudulent transactions that go undetected). The combination of skilled humans, high-quality data, and vigilant customer awareness form a multi-faceted defense against payment fraud. 

Bottomline’s Paymode-X network takes advantage of large data sets which include invoices, logins, payment history, and behaviors to protect all our customers. It’s a bit cliched but “stronger together” is a thing when it comes to data.  Stack that up against a consumer card payments network like Mastercard that has more than 1.4 billion consumers in its network with data ranging from geolocation, merchant types, to card holder professions needed to decide if there should be a text asking if the high-ticket electronics purchase just executed online is really yours. AI becomes more applicable here because of the numerous variables and much larger data set in play.  

Here's a story to put this in perspective. You’re a new salesperson traveling the Western region of the United States starting to use your card around several states. At first you got flagged away from home with denied swipes and phone notifications asking if you made the purchase. A rule-based approach says anything outside of normal geographical transactional behavior will be flagged, and if that’s the case, you might be reaching for cash often. If the network is using machine learning to integrate more data into your behavior, the algorithm will learn to recognize where you travel often, you purchase food and lodging, that you bought a plane ticket a month prior, or maybe have multiple past charges for a rideshare service in that city before, but not expensive electronics. (And although you might still get denied for $1,000 electronics purchase while traveling, this is a good thing!). 

Perception: AI and ML are poised to replace humans in the payments industry. 

Reality: AI will be more about augmenting human capabilities than replacing them. While AI can handle many data-related tasks, there are nuances and complexities in data interpretation, especially in finance and fraud, that require humans. Human intuition, domain expertise, and contextual understanding remain crucial. Instead of manually pulling and desiloing data, investigators may spend more time interpreting results, strategizing, or collaborating with teams. Machine learning will always need the data and coaching created by humans as well as basic data elements like routing numbers, zip codes, or time. AI models require regular updating and fine-tuning based on new data and changing market conditions. This means there will always be a need for experts who understand both the domain and the technology.

The Bottom Line: These perceptions and reality will change based on your use cases and AI strategies with big data have an unwavering place in business payments, but people remain the key to success. I mentioned creativity with data earlier and this creativity comes from humans first and AI after. People are the gourmet chefs that must feed the models with quality and insightful data that fits each use case.  AI won’t tell us what data we are missing, but it will decision with the data we give it.  


Related topics

Artificial Intelligence
Chris Gerda Headshot

Posted by

Chris Gerda

Chris Gerda serves as the head of risk and fraud prevention at Bottomline, with a focus on security for Paymode-X. He is responsible for the overall anti-fraud strategy and technology initiatives to maintain the security of $200 billion in payments within the 450,000+ network membership base.
Browse all posts
footer curve