Behaviour key to fraud detection: CommBank

By on
Behaviour key to fraud detection: CommBank

No value in set-and-forget kit.

CommBank has decried traditional black box fraud detection systems in favour of methods of determining normal user behaviour.

Group security manager John Geurts said black box solutions which promised and esasy automated way of detecting fraudulent transactions "do not work".

Instead, fraud was best identified by building extensive profiles on normal customer behaviour, rather than seeking to target fraud alone.  

"The secret of finding fraud is to stop looking for it," Geurts told an audience of banking technologists in Melbourne.

"If you collect sufficient data on a customer - like what ATMs they use, their IP address or their device ID - you are looking for fraud with behavourial characteristics.

"If you can infer what is normal for a customer, you can infer what is not."

The principle was applied in the bank's Financial Crimes Platform, used to detect fraud and money laundering.

The system analysed 420 million transactions overnight and was fed by 31 source systems, 11 million customers and 15 million daily transactions. 

CommBank also used a preauthorisation system dubbed Real-Time Transaction Monitoring. This averaged 85 transactions a second, peaking at 250, and was fed by 11 million account profiles and 6 million customers.  

Geurts said security professionals should move attention to front-end systems in order to ease the work load on fraud detection platforms. 

"We need to move the locus of attention to front end, to the session-level. Here we will solve more crime," he said.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?