Next Generation Fraud Detection

Summary:

This document outlines Hewlett-Packard's perspective on future operations, focusing on next-generation fraud detection across various channels like internet banking, ATM/debit cards, electronic payments, and telephony. The document discusses the technical challenges of detecting anomalies associated with these platforms, including man-in-the-browser attacks and sudden changes in user activities that may indicate potential threats. It introduces a common point of compromise (CPC) engine to identify customers linked to criminal accounts and highlights how Israeli banks use profiling techniques to detect merchant return fraud by analyzing custom schemas for various scenarios. The document also covers the use of real-time risk modules to evaluate multiple types of risks, including financial transactions, access patterns, risky accounts, changes in behavior, and payment destinations. It emphasizes the need for data collection across channels, cross-channel correlation, real-time analysis, enterprise-class scalability, and seamless integration with other security measures. The document concludes by discussing how fraud detection is evolving to adapt to faster cyberattacks through easy data collection, rapid information processing, real-time evaluation of transactions, and strong integration with existing security practices.

Details:

This document contains forward-looking statements about future operations, product development, capabilities, and availability dates. These are subject to uncertainties and may change without notice. Hewlett-Packard's predictions and expectations as of the date do not guarantee actual results or future plans. The information is not a commitment for material delivery and should not influence purchasing decisions. The document discusses "Next-Generation Fraud Detection" focusing on platforms, technical fundamentals, global risk views, fraud trends, data collection, correlation, and real-time analysis to detect anomalies associated with various channels such as internet banking, ATM/debit cards, electronic payments, telephony, etc. It also covers the Zeus malware capable of penetrating online bank safeguards and highlights other significant incidents like RBS WorldPay breach and Société Générale Incident. Fraud is described as a data and anomaly detection problem requiring cross-channel analysis, real-time correlation of over 200 fields with dynamic schema across various channels. Use cases include man-in-the-browser detection where criminals hijack user sessions to redirect users to fake pages, and sudden changes in activities indicate potential attacks. The document also introduces the concept of a common point of compromise (CPC) engine that looks across all accounts to identify customers who have created payees linked to criminal accounts, highlighting the need for advanced fraud detection solutions capable of handling such complexities. The document discusses the challenges of fraud detection in banking, emphasizing the importance of data collection, cross-channel correlation, real-time transaction risk evaluation, and enterprise-class scalability. It highlights how Israeli banks are using profiling techniques to detect fraudulent activities such as merchant return fraud by analyzing hundreds of fields within custom schemas for various scenarios. The system escalates risk based on different types of risky online activity and employs a high number of views from risky pages over days or weeks. The document also mentions the use of a real-time risk module that evaluates five types of risks: financial & non-financial transactions, access patterns, risky accounts, changes in customer behavior, and risky payment destinations. This is achieved through a combination of core systems, telephony, and internet banking, with alerts sent to fraud analysts before any money moves if the risk model indicates high risk. The document concludes by discussing how cyberattacks are changing, making fraud faster (from days to minutes), and that prevention requires visibility provided by easy data collection, speed in processing information across channels, real-time evaluation of transactions, and seamless integration with other security measures like insider monitoring. The approach is designed for scalability without additional hardware, leveraging technology such as the HP ArcSight App Engine for XML models running in real-time to detect anomalies and prevent fraud.