Credit Card Fraud Detection: Advanced Analytics in Action or Pure Luck?
Published On: April 2011
Have you ever wondered how credit card companies are capable of detecting purchases that a particular card holder did not make? Do these companies make use of advanced analytics to detect fraudulent purchasing behaviors or do they simply detect these actions by pure luck? A recent incident with my credit card prompted me to investigate further. Here’s what happened.
I recently received a call from my credit card company about a transaction it deemed suspicious. Upon confirming that I did not make the purchase, my credit card was immediately cancelled to prevent further fraudulent purchases. There’s nothing unusual about this story—identity theft and fraud are present-day happenings affecting many people and involving substantial monetary losses. But what surprised me was that the transaction itself that aroused suspicion: it was for an amount of $8.00 (CAD) from a McDonald’s restaurant.
I can understand how a transaction of $1,000.00 (CAD) would trigger an inquiry, but how on earth could a transaction made at a McDonald’s restaurant for an $8.00 (CAD) meal raise eyebrows? Here are my hypotheses on this:
1. Credit card companies compile a consumer profile for each and every card holder based on purchases he/she makes using his/her credit card over the years. In my case, if my credit card company compared this transaction against my profile, they may have noticed that the last time I visited a McDonald’s restaurant was two years ago, flagging such a purchase as an uncommon event.
2. Credit card companies keep tabs on areas where the transactions are made—if the area is far from the card holder’s area of residence, or if two transactions from the same credit card are made in vastly distant areas within a relatively short timeframe, a red flag may be raised. In my case, the McDonald’s restaurant outlet where the transaction was made is in some remote area of Quebec, which is long ways from my residence.
3. Credit card companies may also be reviewing and possibly tracking trends of fraudulent purchases. Along this line of thought, it’s possible that many suspicious transactions have been made recently in that remote area, prompting my credit card company to verify further transactions made in local area establishments.
4. Credit card companies simply perform random checks by calling their customers every so often to verify randomly selected transactions. I seriously doubt this is the case, as this is the first time I received a call from my credit card company.
So, if it’s not pure luck, then credit card companies must be using some very sophisticated analytics tools to detect suspicious transactions, even when at first glance they may not look suspicious at all, as in my case. To get to the bottom of this, I decided to consult with Technology Evaluation Centers’ (TEC’s) business intelligence (BI) analyst Jorge García, who has plenty of experience with business intelligence projects for the banking industry. Here’s an analyst perspective on this issue.
The solution may involve a combination of the first three hypotheses. Let me clarify! Detection of fraudulent purchases might involve one of the more interesting applications of a set of algorithms and technologies for performing data mining processes. So, data mining applications use a set of techniques to detect specific “patterns” or relations within the data, and the financial field seems to be an excellent field for the application of such technologies. Establishing data patterns requires the analysis of large amounts of information—thus, most data mining applications use the vast array of data sets provided by data warehouses.
Once the data to be analyzed is selected, many algorithms can be applied to perform a data mining process. Predictive and descriptive modeling and anomaly detection are part of the common algorithms used for this purpose. Here’s how this might work:
• A credit card company may apply an anomaly detection algorithm as well as a descriptive modeling or “clustering” technique to establish the type of buyer (profile) for a particular card holder. So, in your case, when the purchase you mentioned was compared against your profile, it was found that it did not fit.
• A company may use an anomaly detection algorithm straight away to detect whether a purchase fits into the buyer’s regular purchasing pattern. In your case, as you don’t frequent McDonald’s restaurants, that new purchasing behavior stood out.
• And, finally, by applying a pattern mining process, a company can discover that a group of purchases has a similar pattern, thus raising suspicions. As you mentioned, there could have been previous fraudulent purchases in that remote area.
Many more algorithms exist that could be applied to detect fraudulent purchasing behaviors. It becomes obvious though that the application of these methods proves a difficult task. The fact remains that fraud detection involves the creation of an analysis model based on the identification of factors that might lead to such behaviors. Due to the volume of data to be analyzed and the variety of possible transactions, it is extremely difficult to identify and build a perfect model that would bring to light all fraudulent purchases. So, we can reduce the risk but not eliminate it.
Finally, we must not forget that there is always an element of chance in this critical detection process. It’s possible that a suspicious purchase of $8.00 (CAD) will be detected right away, as in your case, whereas a fraudulent purchase of $1,000 (CAD) may never be detected. A lot of money is still being lost due to fraud.
Fraud detection processes begin with a purchase, when the customer’s credit card is swiped through the credit card reader. At that time, validations are performed to verify the authenticity of the card and the card holder and to abide by some constraints as to the total amount of the purchase. However, the core analytical process currently used by credit card companies is not performed in real time, and despite the use of the most advanced analytics technologies, some fraudulent purchases will still go undetected.