This transcript is edited from the TigerGraph Connections podcast episode published on May 20, 2022, with Harry Powell, Head of Industry Solutions at TigerGraph, and Martin Darling, Vice President, EMEA, at TigerGraph.
Corey Tomlinson: Our topic today is fraud; specifically, how financial organizations can employ graph technologies to help detect fraudulent activity. Obviously it’s a big concern for those types of organizations. These principles can actually apply to other organizations fairly easily.
Before we get into the conversation, I think it’s relevant to ask – is fraud only getting worse? We see so many articles and so many conversations are based on that premise that says, “the ever-growing fraud problem.” So is it true that fraud is really getting worse for these organizations?
Harry Powell: Well I guess the evidence is that it went up 30% during COVID, and that’s a big big number right? When you see a number that size you kind of wonder, can it really be right? The truth is that no one really knows the full extent of financial crime-fraud. COVID drove a lot of stuff online right? And that means that when activity moves online, it suddenly becomes prey to information crime. The fact that a lot more transactions are happening online, a lot more banking was happening online, people weren’t actually going to shops for example or speaking to people directly. A lot more emails, a lot more chance to trip people I think at the same time, opportunities for crime perhaps reduced conventional crime.
And organized crime realized the massive opportunities. So when we’re talking about financial crime, we’re not talking about loan operators anymore, we’re talking about very highly organized groups of people swapping information, sharing and selling information. Strategic attacks on particular institutions where there are known vulnerabilities. It’s a pretty sophisticated crime and when the criminals woke up to that, suddenly fraud started shooting up and it became a massive issue.
Martin Darling: I don’t like to agree with Harry as a matter of principle. But for the sake of this, seeing as he’s correct, I’ll endorse it. The conversations that I’ve had with finance institutions, it’s absolutely a problem at the C-suite. Retail banking is barely profitable and because fraud is increasing fraud is directly impacting the bottom line and profitability of these institutions. But it’s also not something that they’re going to shout about, it’s not something that they want to publicize so it ends up being a little bit of a dirty secret that’s kept in-house.
I think the second thing to Harry’s point about everything’s going online. When I started looking into this I understood what credit card fraud was because back in the day that was somebody stealing your credit card or cloning your credit card and making purchases in your name. But you realize as Harry says that these criminals have gone online and it’s much more sophisticated with synthetic identity fraud where they will take different pieces of data on different people. Maybe it’s a national insurance number or you know or a health number or an address. They will mix and match those pieces of data to create a false a person who’s not real but all of the elements of the data will be real and of course, because they can now apply online to open an account or apply for a credit card. They could just continuously try to get this fictitious person an account or a credit card and it’s all done online.
No one’s going into a bank branch anymore and applying for any of these things. It’s all done digitally. So it’s literally crime as a service. People like us would be impacted by credit card fraud, whereas now it is the bank directly. Once you set up a synthetic identity and you do a couple of transactions and you get a credit rating and then you apply for a credit card and a loan. Once you get that, you close the account down and you’re gone. It is only the bank that is impacted and you know in the world that we live in, there’s not a lot of sympathy for the banks taking the blow because it’s now not the public taking the hit.
The second thing was I spoke to somebody at one of the larger banks in the UK and what they said there’s a direct correlation between fraud and customer experience. Because one way of reducing fraud is to decline more and more transactions but clearly that’s going to negatively impact the consumer, because we all know how we feel when our credit card gets declined if it’s a legitimate transaction. We’re frustrated and we curse the bank. So, there’s a direct correlation between the level of fraud that is acceptable to the business and customer experience. So I think sometimes you can look at fraud as just being a very specific use case, but actually it’s more meaningful than that and has more meaning across the business because customer satisfaction is critical to retention in what is effectively a commodity service.
Corey: One of the terms that stuck out for me in that was “crime as a service.” That’s definitely a paradigm shift for everybody to be concerned with.
Looking at how these organizations can prevent or detect these fraudulent activities more quickly and hopefully shut them down, how does graph technology help these organizations? Graph is about connecting data, right? It’s about connecting relationships between entities and finding those connections. So obviously there’s a play there but is it something that works within the fraud detection function that’s already in place or does it replace other tools? How does this practically work?
Harry: This is not a new thing for banks. I say banks, but insurance companies, FinTech firms, buy now pay later – all of these firms have been targeted for years and have gradually increased the size of their teams. On top of that, over the last several years gradually systems have been implemented at banks, specialist systems for detecting what they call anomalous transactions or suspicious customers, and you can buy these off the shelf and they’re kind of okay, right?
Ten years ago they made a big impact against fraud and they’ve been honing these models ever since, improving them with data and tuning the algorithms, introducing new machine learning algorithms. They thought they were all right and then what happened was that the pace of change accelerated? Fraud became more professionalized. They became more sophisticated as the pace of change increased.
All these systems are great at catching last year’s fraud, because last year’s fraud is what it’s already trained for. I mean to say last year’s, last week’s, yesterday’s fraud – it’s been trained on what’s already happened. Firms are working incredibly hard to catch more and more but it’s almost like the pace of change is accelerating away. You need some kind of quantum shift in what you’re doing and and it can’t just be addressed by a bigger computer or more people working in the firm. Effectively the way they address it to some extent, as Martin said, is just by increasing the number of false positives. But there’s a tradeoff there with customer satisfaction, we discovered, so we got involved in this in terms of graph. There must be something graph can do here because we’re great at understanding the relationships between things.
And of course, fraud is about hidden relationships, right? If you’re a fraudster you try and hide the fact that you’ve got relationships to different fraudulent accounts. You’re trying to make your counts look unrelated but we know the relationships underneath there and so that’s where you know there must be something to do with the graph. We worked really hard with four of the top-tier banks in the USA, you know the ones you’ve heard of … those are them … to try and find out how we could work with their current platforms, because it wasn’t about changing everything they started off with. How could we work with their platforms to improve?
It turns out that by using the connectedness of their information, the same information they had before but they weren’t really using the connectedness of it in their machine learning models, you can massively increase fraud prevention. You need a graph database to take their information make it into a knowledge graph and extract that connectedness using graph algorithms like PageRank, Louvain Community Detection, or shortest path out-of-the box graph algorithms Models were okay but the professionalism of the fraud industry crime as a service accelerated away to the point where they simply couldn’t keep up and they needed that connectedness to catch up again.
Corey: Do the principles that you’re talking about apply to fraud in other industries? I would guess the answer is yes, I’m hoping the answer is yes, but I’d love to hear what you guys have to say.
Martin: Because Harry gave a really long answer to the last one I thought I’ll say something this time. One of the key points that we want to get across to the market is that we’re not “rip and replace.” The existing tooling that our customers have that they’re using to solve fraud, we are just simply making things better by being able to leverage the connectedness of the data as Harry put it.?
In a very simple way, if you have somebody who’s a known fraudster, then obviously the closer somebody is connected to that person, the more likely they are committing fraud themselves. So clearly there is value in understanding those relationships, the closeness factor.
I’m sitting here in Paris and we just had a meeting with somebody who’s focused on mobile operators in Africa. We’re starting to see more and more payments and transactions happening through the phone systems. Orange, a very large telco based out of France, have applied now for full banking licences for their mobile business. So they are now entering that space. They’re doing the transactions differently because it’s appearing on your phone bill but they are going to have identical challenges and looking for ways to address that.
And we all know there’s fraud in retail. We deal with a lady in the UK who used to be a head of fraud and compliance, which meant that she was specifically focused on the financial services industry, but her brief has now changed to a global remit because fraud occurs in all industries, regardless of vertical or location.
Harry: Wherever there is an opportunity to trick people into transferring assets without paying for them right, you’ve got an opportunity for fraud. Even small frauds add up. There’s plenty of fraud in online retail where people buy things and end up not being real or sending them back. But it turns out if you never bought them in the first place but you get a refund … all that kind of stuff. It’s everywhere. It’s not just multimillion-pound frauds out of banks.
So increasingly one’s ability to identify fraud and also I guess to some extent to identify yourself right, which is another thing that graphs are great at, our ability to identify ourselves in remote transactions in a way that is conclusive and unchangeable. That’s really important and until we get that it’s going to be important to be able to identify people who are trying to dupe you all over the place, you know, huge issues in government with tax with social security payments. It’s everywhere and the people doing it. People doing it are living an extravagant lifestyle on the back of it.
Corey: Right? And COVID relief actually to be kind of very specific in the US was a huge concern with fraud over the past year or so.
Harry: They published the numbers in the last week or so that were astounding the amount of fraud there was been in all of that.
Corey: I think the logical next answer for somebody would be to answer “do you help predict or prevent fraud?” Do you stop it from happening versus detecting it more quickly? Does graph have a play in the prediction and prevention side that we should be talking about as well?
Martin: Harry has a strong background in data science to add some flesh to that question, but that’s the way customers look at it with machine learning models, both for detection in real-time but also for prediction and predictive analytics.
Harry: Conventionally analytics and machine learning, however much you call it prediction, are kind of backward-looking. It takes historical data and tries to find patterns there. Right now there is enough scope to reduce fraud from existing patterns for us to make a massive dent in them without having to do something even cleverer than that.
There’s just this gap and that gap has to be filled. And until that’s done we’re probably best focusing on that. However, if you think of patterns. What are the patterns of patterns? Once you start thinking of the kind of the patterns of patterns, you can start seeing where people might go next. Where the vulnerabilities are on top of that if you want to be thinking about simulation.
You can start trying to simulate different ways using a graph to compute an actor that might try different things. We know that that is what the fraudsters do, right? They’re not inventing them themselves. They’re writing computer programs to find new ways of attacking a system, and if we can simulate that then even if we aren’t able to be a step ahead of them we can be closer behind them and at least monitoring to see what they might try next.
Of course if we actually knew there was a vulnerability you could close it. I guess when a new style of fraud happens, it happens in small amounts because what you want to do is you want to try it out with a number of little transactions that maybe no one notices until you’re sure you understand how you get the best out of it. And then the criminals will pile in with big transactions to make as much money as they can out of it. So if we can make our algorithms more sensitive we can maybe pick up patterns in those small transactions, and if we can use graphs to find ways of presenting information to investigators more quickly and in a more intuitive way, then when a new fraud happens they can understand it more quickly and respond. There are lots of things that go beyond simply having a better machine for spotting problems. That data is oriented towards new crime rather than existing in historical crime.