Written by Guido Ronchetti, CTO at XTN Cognitive Security®
Machine Learning (ML) and Artificial Intelligence (AI) are omnipresent buzzwords in the security market. Looking at vendors (as we are) seems that AI can easily solve any complex problem, a silver bullet solution for any situation. Is it right? What’s the role of Artificial Intelligence/Machine Learning in the fraud prevention world? This article will give our take.
Starting with a definition, Artificial Intelligence is a technology using which we can create intelligent systems that can simulate human intelligence. Machine Learning is a subfield of AI which enables machines to learn from data and experiences without being explicitly programmed. Let’s focus on how Machine Learning can protect digital services from fraud protection.
In the fraud protection space, Machine Learning is an extraordinary tool to solve some challenges of fraud evaluation. There are three applications areas:
- Behavior analysis: evaluating the behavior of actors (for example, users, credit cards, enterprises, devices, merchants) accessing the service. This analysis relies on the data collected over time during previous accesses to build a profile to compare. In this case, the behavior needs to be considered in a broader sense: ranging from patterns of interaction to passive biometrics, from in-depth service interaction evaluations (payment details, access metrics, etc.) to technological characteristics of malware apps.
- Decision making: evaluating contextual conditions to make a risk decision. Fraud prevention systems process vast events volumes. Then the system will decide how risky each one is. Usually, this is done by emulating human skills in recognizing fraudulent activity or allowing the machine to spot anomalies autonomously.
- Tuning and support to fraud analyst: autonomous management of tuning the system and support to analyst manual activities. Those use cases are more industry-specific and focus on automizing some tuning tasks.
Once you are choosing to adopt a Machine Learning model to address a fraud prevention-related challenge, there are some essential requirements to consider:
- Time effectiveness of the evaluation and training. Knowing how the adoption of technology will influence the response time of the event evaluation and how quickly the model will work on new entities is crucial.
- Human intelligibility about the risk result. Besides having an independent evaluation from an AI technology, it is also crucial to provide all the needed side details to understand the reasons for producing the issue.
- Flexibility in adapting to different contexts: industry-to-industry or client-by-client models will have to respond consistently even if the context changes. Having the right amount of flexibility and control about how the model will behave in different environments is necessary. Consider how different the behavior of a millennial user on a new banking service in the US can be from a third-age user on a traditional bank in the EU. The algorithm must be able to adapt, producing valid results in both scenarios.
- Shareability of data sets: in a privacy-protected environment, data types available and sharable have limits. Those limits will influence the ability to build models that require access to personal information and how those data sets can be shared outside the client’s perimeter. Often dealing with data anonymization will be part of the requirements.
Based on those requirements, I think we can start by stating that Machine Learning is a powerful and efficient tool in some circumstances but not necessarily a suitable solution for any situation. Choosing the right ML technology means matching the suitable model with the proper challenge to solve, comprehending limitations and constraints, and evaluating KPIs and flexibility. If the match is well done, the power provided will be enormous in terms of multi-dimensional analysis, speed, automation, and depth. Under different conditions, a statistical or static approach (think about a watchlist) will be a more suitable choice.
At XTN Cognitive Security®, we always apply this decisional procedure avoiding hype-based choices. We strictly focus on finding the best approach to offer the best fraud prevention functionalities we can offer. Choosing between different tools, including AI technology, is part of our daily job, evaluating results in the field.