Machine learning may find fraud victims before the scammers do
LAS VEGAS—It’s become a common analogy for the use of predictive analysis in business technology: Wayne Gretzky became the best hockey player of his generation not because he skated to where the puck was, but because he skated to where the puck was going.
Similarly, financial institutions are hoping to get ahead of the growing and seemingly insurmountable problem of payment card fraud not just by looking at who cyber-attackers are going after currently but who they are likely to defraud in the near future.
At the Black Hat USA conference here last week, a pair of researchers — one from Royal Bank of Canada and the other from a service provider that focuses on dark web intelligence — presented on their joint effort to use machine learning, predictive analytics and transactional data together to get a handle on which cardholders might be the next victims of cyber-crime.
According to Dr. Cathal Smyth, machine learning researcher with the Royal Bank of Canada’s Vanguard cybersecurity team, these tremendously complex predictive efforts present “a classic big data problem.” With the vast stores of payment card, transactional, personal, demographic and historical fraud data to work from, it would seem that card-issuing banks already have a lot of information with which to work to help them determine the direction of fraudulent activity.
The problem with having so much data is it is hard to find the right information at the right time.
“Often a breach can affect a large number of clients with a huge number of transactions,” Smyth said, “but there’s still a degree of uncertainty.”
Hence, the bank has been working with Terbium Labs, a Baltimore-based cyber vendor that specializes in dark web data and monitoring, to help RBC’s Vanguard unit better analyze the cards and cardholders that have already been compromised. They are working to develop “candidate groups” – pools of potential victims based on information and extrapolation from what crime patterns have come before and the current landscape for black market data.
For example, by poring through the combined data using machine learning-based predictive modeling, RBC’s Smyth and his team were able to find an overlap between connections among various transactions and cardholder “candidate groups” which confirmed at least one so-called “point of compromise,” a merchant that cyberthieves had attacked.
But even with support from dark web data and advanced analytic modeling, a little finesse is required.
“You can’t assume there’s only one breach,” Smyth says. “You have to be careful with the thresholds you use. But you can still make inferences.”