A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

July 24, 2023 • Issue 23:07:02

Tightening payment security in real-time with EDA

By Mat Hobbis

The number of payment channels has grown exponentially. The time it takes to settle a transaction has gone down from days to minutes—which could now be seconds as I write. Of course, some older channels, such as direct debits and check deposits, remain.

Traditional banks have had to move from a couple of channels to potentially 10 to 15 within their organization. The more channels, the more vulnerable the system becomes to fraudsters and criminals. The two big challenges for financial institutions (FIs) now are payments fraud perpetrated by consumers and organizational money laundering.

Here’s the conundrum. Modern financial organizations must mitigate against such criminal activity for the safety of their users and their own reputations. But they must do this without adding friction into the payments process that would put off or dissuade their customers.

They need a solution that can keep pace while carrying out additional checks in real-time across systems that often encompass legacy, on-premises deployments, as well as modern container deployments, and public cloud for artificial intelligence (AI) and machine learning (ML) capabilities. In today's world, this means using the new generation of event-driven architecture (EDA).

The more channels, the more opportunities fraud

In a recent article series (https://tinyurl.com/3rnp8n9k), McKinsey wrote, “Skyrocketing levels of fraud, enabled by the accelerated adoption of digital commerce and the ever-increasing sophistication of fraudsters, have overwhelmed traditional controls in recent years. This surge has led to increased fraud losses and damaged customers’ experience and trust.”

For retail banks, payments fraud impacts both consumers and the banks' bottom line. The Association for Financial Professionals' latest Payments Fraud and Control Survey, underwritten by J.P. Morgan, found 71 percent of financial professionals reported their organizations were victims of payments fraud.

Not only do fraudulent payments negatively impact banking customer experience and confidence, the cumulative cost is also large: Juniper Research recently warned that online payment fraud losses alone will globally reach $343 billion between 2023 and 2027 (https://tinyurl.com/48vt3c4e).

Money laundering and organized crime

Money laundering is a major threat for banks because it usually goes hand in hand with serious organized crime, including drug or people trafficking, weapons dealing, and even terrorism.

The estimated amount of money laundered globally is between 2 and 5 percent of global GDP (tinyurl.com/3m93xnuu) and the reputational damage of undetected money laundering can be catastrophic.

The Bank for International Settlements (tinyurl.com/3m93xnuu) explained that “spotting different money laundering patterns is complex, requiring different data points and data sources as well as the ability to connect them across different systems in order to better identify suspicious flows and patterns.”

Technology and EDA—a software design pattern in which decoupled applications can asynchronously publish and subscribe to events via a middleman known as an event broker—can help address these growing criminal threats in three key areas:

  1. Detection: Banking and payments organizations must quickly identify and address fraudulent or criminal transactions across all channels.
  2. Real-time action: The challenge for organizations is feeding transaction data, in real-time, to AI /ML processes, which often live in the public cloud.
  3. Keeping one step ahead: To outpace fraudsters and criminal enterprises, FIs need flexibility in how software components are wired together and flexibility in where they are located.

Building a model

The sort of activities that go into building a fraud prevention or anti-money laundering (AML) model with setting trigger points would include: type of transaction versus consumer behaviors, including whether a transaction is consistent with a customer’s previous transaction history, takes place in an expected geography, and whether time and distance between the most recent and current transaction are reasonable. This data must be fed into the model and assigned a score.

The score also depends on authentication requests. Typically, if you can identify a user together with their mobile phone, banks pass the transaction because they are comfortable they know who the user is. But if a similar scenario occurs where the user has reached the same score, but there is no biometric data or mobile authentication, this would likely trigger a blocking or flagging of the transaction for escalation.

Now add AI and ML

When a bank has built a database of models, and new transactions can be checked against the models and given an accumulated score, AI and ML step up to the plate. Aided by EDA, they can make rapid decisions and enable companies to flag abnormal transactions in real-time across all channels.

Layering these data models with AI/ML enables banks to gain ground on fraudsters and money launderers. Mc Kinsey researchers (tinyurl.com/4a73xtmt) wrote, “Recent enhancements in machine learning are helping banks to improve their anti-money-laundering (AML) programs significantly, including, and most immediately, the transaction monitoring element of these programs.”

To be fully effective, AI and ML need a big data set. They can only make decisions based on access to historic datasets. The first thing to do is to "train" the model by buying data or scraping from a bank's own historical datasets. Then the model runs through several fraudulent transactions, so it is now trained on what a fraudulent transaction looks like. The objective is to build an understanding so the AI/ML can pick out the right (fraudulent) activities.

Speedy policing of fraud and money laundering

Ideally, banks should build one model set for fraud and one model set for money laundering and implement both models across all transactions and payment channels. And this is where EDA enables them to leverage their fraud and money laundering data models and use AI/ML technology in true real time across an ever-expanding number of payment channels.

EDA allows banks to build an enterprise IT architecture that lets information flow between applications, microservices and connected devices in a real-time manner throughout the business.

EDA works with a middleman known as an event broker, which enables what’s called loose coupling of applications. This is essential because it means applications and devices don’t need to know where they are sending information, or where information they’re consuming comes from. But the event broker does.

In the event-driven world, a bank just has to make sure a payments channel sends the right event to communicate with the fraud detection or AML system, and receives the same events to get the “yes or no” back.

The alternative is not an option

It's a much easier integration than attempting this via standard REST APIs, which becomes far more challenging and will need to be built differently for every channel a bank has now, plus any new channels. This means banks may have to change models based on changes in user behavior, as well as changes driven by new products and services, or to counter new types of fraud or money laundering.

With standard REST APIs, every time a bank adds a new channel, it has to change the way AML and fraud systems work, because they have to know about this other channel. In the event-driven world they don't know and don’t need to know.

With EDA, banks can accurately support a high volume of transactions in the quickest response time, balance transaction authentication and authorization with fraud detection without decreasing customer satisfaction, and route events securely across the whole payments ecosystem with efficiency.

A platform for the future

EDA also provides a platform for the future, allowing banks to innovate outside of just countering fraud and money laundering. According to PwC ( tinyurl.com/2d8mhcry ) EDA will help traditional banks compete in the new world: “[B]anks need to deliver products and services faster in order to compete," PwC wrote. "A large bank, with its legacy systems, can now compete against an online mortgage lender—and deliver a broader portfolio of products to customers with more speed.”

Newer fintech market entrants have significantly less technical debt than traditional FIs. Imagine a new FX rate provider that can provide payments to every country and give customers the best FX rates. Everything is built on a modern infrastructure anyway; there is no legacy core banking app; everything is microservice; everything is in the cloud.

But EDA as an approach to enterprise IT architecture can help traditional banks introduce new services and link applications quickly and at scale, ensuring they can match these agile competitors and provide customers with the instant kind of feedback they seek, while not being held back by large volumes of existing technical debt. The challenge for larger banks is to move more toward real time—even with a large amount of technical debt. end of article

Mat Hobbis is chief Architect FSI at Solace, https://solace.com, which helps enterprises adopt, manage and leverage event-driven architecture. Contact him at linkedin.com/in/mat-hobbis-609758.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing