SAS Fraud Framework for Banking Including Social Network Analysis John C. Brocklebank, Ph.D. Vice President, SAS Solutions OnDemand Advanced Analytics Lab
SAS Fraud Framework for Banking Agenda Introduction to SAS Fraud Framework SAS Fraud Framework Demo Preliminary Results 2
Starting with the SAS Fraud Framework Increasing Fraud: The Business Problem Fraudsters Far more sophisticated organized crime, patient, sharing of rules Engaging insiders to understand detection environment High velocity of attacks disappear after 2-3 transactions Hitting multiple channels and industries at the same time Continuously evolving fraud strategies Current Fraud Systems Systems are silo d by line of business Current systems act on transaction or customer Rules and predictive models have limitations No sharing of data Rely on 3 rd party systems No real proactive steps taken to combat 1 st Party Fraud Evidence insufficient to act upon 3
SAS Fraud Framework Innovation in Detection Driven by Industry Robust and Flexible Framework Capabilities Support for real-time, intra-day, batch execution Ability to use existing data infrastructure Ability to use existing fraud alert output from any LOB / 3 rd party Business intelligence for all levels of users Support for Business Functions Provide strategic insight into threats, trends, risks Enterprise view of fraudulent behavior Rapidly test, simulate, and deploy models/rules without dependence on IT Ability to provide single view for investigators Phased Approach to Support Tactical and Strategic Initiatives 4
SAS Fraud / Social Network Analysis Vision Banking Insurance Health Care Government 1 st / 3 rd Party Fraud Warranty Medical Fraud Medicare / Medicaid (DME) Fraud Telco Account Fraud Internal Fraud Auto and Auto P&C Fraud Dental / Vision Fraud Social Social Services Fraud Contagious Social Services Churn Card (Credit & Debit) Worker s Comp Fraud Prescription Drug Fraud Tax Evasion Householding/ Campaign Marketing Credit Risk Life Insurance Fraud Program Evasion AML Policy Pricing / Premium Evasion Law Enforcement Detection and Alert Generation Fraud Framework Alert Management Social Network Analysis Case Management Business Analytics Framework Business Intelligence Data Integration Analytics Storage 5
SAS Fraud Framework Using a Hybrid Approach for Fraud Detection Operational Data Sources Suitable for known patterns Suitable for unknown patterns Suitable for complex patterns Suitable for associative link patterns Customer Account Rules Anomaly Detection Predictive Models Social Network Analysis Transaction Applications Rules to filter fraudulent transactions and behaviors Examples: Detect individual and aggregated abnormal patterns Example: Predictive assessment against known fraud cases Example: Knowledge discovery through associative link analysis Example: Employee 3 rd Party Flags Internal Bad Lists Call Center Logs Txns in different time zones within short period of time 1 st Txn outside US Cash cycling event Wire transactions on account exceed norm # unsecured loans on network exceed norm Accounts per address exceed norm Like wire transaction patterns Like account opening & closure patterns Like network growth rate (velocity) Association to known fraud Identity manipulation Transactions to suspicious counterparties Hybrid Approach Proactively applies combination of all 4 approaches at account, customer, and network levels 6
Analytic Engine Analytic Approach: Unsupervised Methods Use when no target exists Examine current behavior to identify outliers and abnormal transactions that are somewhat different from ordinary transactions Include univariate and multivariate outlier detection techniques, such as peer group comparison, clustering, trend analysis, and so on 7
Analytic Engine Analytic Approach: Supervised Methods Use when a known target (fraud) is available Use historical behavioral information of known fraud to identify suspicious behaviors similar to previous fraud patterns Include parametric and nonparametric predictive models, such as generalized linear model, tree, neural networks, and so on Fraud Scores Incomes Predicted Fraud Scores # of previous investigations 8
Analytic Engine Predictive Analytics 9
Analytic Engine Analytic Approach: Text Mining Text Mining (e.g., call center logs or investigator notes) 10
Why Social Network Analysis? Rules, Predictive Models, Anomaly Detection on Linked Data More fraud / actionable cases identified Including both previously undetected networks and extensions to already identified cases Reduction in false positive rates SNA reduces false positives by up to 10+ times over traditional rulesbased approaches Improved analyst / investigation efficiency Each referral takes 1/2 1/3 the time to investigate using SAS fraud network visualization on aggregated data Significant increase in ROI per analyst / investigator Can be leveraged for credit risk, marketing, householding, AML 11
SAS Fraud Framework Analytics Network scoring SAS Social Network Analysis Rule and analytic-based Analytic measures of association help users know where to look in network Net-CHAID for local area of interest (node) in the network Density, Beta-Index (network) Risk ranking with hypergeometric distribution, degree, closeness, betweenness, eigenvector, clustering coefficients (node) 12
SAS Fraud Framework Process Flow Operational Data Sources Exploratory Data Analysis & Transformation Fraud Data Staging Business Rules Alert Generation Process SNA Server Administration Social Network Analysis ARC RTS Analytics Anomaly Detection Predictive Modeling Network Rules Network Analytics IRIS WC Claims Intelligent Fraud Repository Learn and Improve Cycle Alert Management & BI / Reporting Case Management 13
Demo 14
Status Update 15
SAS Fraud Framework History Built on SAS Foundational Components SAS Business Analytics Framework in production since October 2002 Alert Generation Process in production since 2003 Social Network Analysis using OR macros, NVW since1999 SAS Fraud Framework / Alert Management UI First production release in January 2008 (thick NVW client) Release 1.0 with thin Flex client September 2008 Installed v2.0 (field release of thin client used for pilots across industries) SAS Fraud Framework V2.1 First production release with thin client interface Available now for implementation (in use by current customers) General availability 15Dec09 16
17 Copyright 2009, 2008, SAS Institute Inc. All rights reserved.