For the Record, Why We Believe Rules Are Ineffective For Stopping Fraud

Anyone who knows Guardian Analytics knows that we’ve built our business on the knowledge that using behavior is far more effective at detecting fraud than using rules. But do you understand why? Let us explain, first why we believe rules are ineffective, and then (quickly) why modeling behavior works so much better.
The challenges with rules are that they:

  1. Require knowing what fraud looks like or what an analyst is looking for. So, detection requires a massive number of rules to look for the endless proliferation of fraud schemes.
  2. Will miss new schemes until the scheme is discovered, understood, and a new rule is created.
  3. Assume all (or a very large group of) users are alike. For example, having a rule to flag transactions over a specific amount will flag legitimate transactions from account holders for whom such payments are common, and will miss fraudulent transactions that are lower than what is typical for the users, generating numerous false positives while damaging service levels and customer service. The same could be said about rules based on location, time of day, or other factors.
  4. Require time and effort to define and maintain the rules as some schemes disappear and others emerge.
  5. Trigger on isolated activity, without context of what else is going on. For example, a user changing his phone number in his online banking profile is not necessarily high-risk, but combine that with activating mobile banking and it becomes more suspicious. Rules would have to be complicated and account for every possible suspicious combination of activities.

Behavior-based systems like ACH ODFI & RDFI Fraud Detection, on the other hand, start by asking what legitimate activity looks like instead of having to know what fraud looks like. Using behavior doesn’t require knowing what to look for, will detect new schemes, models the unique behavior of every individual account holder instead of treating everyone the same, automatically adapts to changing schemes and changes in legitimate client activity, and evaluates activity in the context of everything else taking place with that client
And we’re not the only ones promoting the use of behavioral analytics. This approach is validated by some pretty credible sources, including the FFIEC. Here’s a sample of third-party comments endorsing the use of behavior to prevent fraud.
“Advanced analytics is indispensable in fighting fraud. As fraud becomes more sophisticated and schemes more complex, simple rules are not adequate to protect the financial institution or its customers.” Shirley Inscoe,  Aite Group.
“Banks have to put mechanisms into their systems so that when data like [the Heartland Payment Systems breach] is stolen, they can detect behaviors within the account or activities that might be abnormal.” “All types of attacks are continuing to penetrate organizational defenses, highlighting the fact that most security is based on yesterday’s security concepts that use rules and signatures to prevent ‘bad’ occurrences. What’s needed is rapid detection and response enabled in part through behavioral analytics.”  Avivah Litan, Gartner
“Based on the incidents the Agencies have reviewed, manual or automated transaction monitoring or anomaly detection and response could have prevented many of the frauds since the ACH/wire transfers being originated by the fraudsters were anomalous when compared with the customer’s established patterns of behavior.” FFIEC Guidance.
“Our recent research shows that institutions find behavioral analytics to be one of the solutions that FIs perceive to be most effective and least intrusive.” Julie Conroy, Aite Group.
“We are also going to see a rise in products focused on analysis of user behavior – both as an ongoing way of verifying the user’s identity as part of the authentication process, and also as a way of anomaly detection by running activities through various data models to determine the level of risk associated with a particular activity. There is clearly a security visibility gap today that behavioral analysis can fill.” SC Magazine.