“It’s A Responsibility For Us All” Derek Dempsey On The Fraud Industry: Part One

Rosalind Madge our consultant managing the role
Posting date: 2/26/2019 9:31 AM


Derek is a Director of Fraud Analytics for leading fraud analytics software provider, FICO. With a background in Philosophy, he is passionate about the application of advanced analytics in furthering the Fraud industry. I recently met with him to discuss the latest Fraud trends, tools and challenges for the industry.


Fraud is an ever changing landscape. What trends do you anticipate for the next 12 months and beyond? 

It is ever-changing indeed. As other routes are shut down, we will see new Fraud attacks that reflect the changing payments landscape and the continuing shift to digital, mobile and the introduction of new players due to PSD2.

For example, we’ve seen a significant shift in card Fraud following the introduction of chip and pin towards card not present or ID Theft and Application Fraud. We’re also seeing Fraudsters using AI to mount ever-more sophisticated attacks. 

From a Fraud Detection perspective, this has led to a convergence of Fraud teams towards a more holistic financial crime approach, as well as increasing use of AI techniques alongside requirements for greater explainability. 

What are the biggest risk areas for businesses to be aware of? 

I’d say one of the main areas is the risk of data breach through hacking and internal leaking. 

In terms of cyberattacks, companies may feel that they can address this fairly readily. However, they need to be vigilant as hackers have some very sophisticated techniques at their disposal. FICO have recently introduced some of our AI fraud techniques into the cybersecurity domain to combat this.  

However, internal leaking probably causes bigger issues. This is more often due to social engineering than a malicious internal leak but these types of breach are difficult to detect. You need an additional level of control to detect unusual, but permitted, activity and this is challenging.  

Financial Service organisations also need to be aware of risk areas associated with new products and services. The proliferation of mobile payments and new account and payment service providers in the new PSD2 ecosystem marks another shift in payment services and this will bring in many new players. However, new products tend to be targeted by professional fraudsters.  So while we all like the greater ease and convenience, anti-Fraud measures need to keep on top of this. 

For aspiring Fraud-fighters, what skills do you think are key to being successful in the industry? 

It varies really. I got into this because I’d previously been a mathematics lecturer and then did a Master’s in AI and Cognitive Science. Fraud was, and remains, one of the best areas to apply these skills and techniques. Certainly it helps to have a Mathematical or Statistical background, but ultimately a problem-solving mindset is what really matters. 

The modern-day Data Scientist needs to be equipped with a range of technical skills to be effective, so it is useful to understand Big Data technologies such as Hadoop and Spark and how to interact with cloud-based services. Python and R have become the key analytical programming languages. Visualisation is also important so its useful to have skills in this as well. 

Soft skills are probably not the most important when it comes to Fraud Analytics but communication skills are essential - you need to work in teams and be able to ask questions and provide answers to others. Primarily, you need the ability to interrogate your Data, understand what it actually represents, understand its source and its reliability. And you need to do all this whilst keeping in mind your business objectives.

It's well known that Fraudsters are sharing their approaches, so why is the industry not? 

There are examples of sharing in industry. In the UK we have CIFAS which is one of the leading organisations for Data sharing and this provides a great service to its affiliated businesses. We have the IFB and other organisations that are based on sharing Data. The introduction of cloud-based technologies should encourage companies to share more and FICO have invested heavily in a cloud-based strategy. The next generation of FICO's flagship Falcon fraud product, Falcon X, is a flexible cloud-based, platform solution. 

However, a lot of information is currently held by the commercial sector which limits how much sharing can be done. There are many companies who provide specialised Data on email addresses, devices, IPs but all of this is under a commercial umbrella and companies do need to protect assets that they have built up over many years of research.  But most businesses do support sharing activity and see that that it’s to their benefit and there is definitely a willingness there. 

Personally, I would like to see more sharing in terms of guidance, education and awareness to customers. This is a responsibility for all of us in the sector and we need to be more proactive than just leaving information sitting on a website. Companies should be under greater pressure to provide this awareness training and, if they do, I would predict a significant reduction in certain types of fraud. 

There were a string of high profile Data breaches in the news last year such as Facebook and Carphone Warehouse. Do you think businesses are doing enough to protect customers?

I don't think so. Obviously this something we take this very seriously and, for us, most of the Data we use is anonymised so we already minimise the risk. I know that banks are investing very heavily in this and being proactive as, more than anything, there’s a huge reputational risk to a large-scale Data breach. Other sectors probably need to do more however and all sectors can improve.

Hopefully GDPR will make a big difference within the EU. There are large fines for failing to take adequate measures. Other countries are adopting similar legislation and we’re seeing non-EU businesses embrace the same guidelines as well, so hopefully that will help. 

If you could change one thing in the industry, what would it be? 

I think increasing awareness and education would make a big difference. One company I worked with mounted a big customer campaign and it made a huge impact in driving down Fraud. I think this is an underrated area. I'm aware that the FCA and other industry bodies such as IFB do produce materials but I think much more could be done.

It perhaps goes without saying that I also think that increased usage, and better usage, of Data and Advanced Analytics is crucially important to reducing levels of fraud.

Derek spoke to Senior Consultant, Rosalind Madge. Get in touch with Rosalind or take a look at our latest job opportunities here.

Related blog & news

With over 10 years experience working solely in the Data & Analytics sector our consultants are able to offer detailed insights into the industry.

Visit our Blogs & News portal or check out the related posts below.

Mitigating Risk In The Financial Services Sector With Machine Learning

Data & Analytics is an industry that is constantly evolving and is always using the latest technology to innovate its services and capabilities. More recently, these advancements have moved in areas such as Artificial Intelligence (AI) and Machine Learning (ML). Machine Learning is a method of data analysis, under the branch of Artificial Intelligence, that allows systems to learn from data, identify patterns and ultimately make decisions with little to no human intervention. Used across a vast range of sectors, this arm of Data & Analytics has become widely popular, especially within highly-advanced industries such as Finance.  Since the 2008 financial crash, at the top of the agenda for many Financial Institutions (FIs) was, and still is, the need to protect business, increase profitability and, possibly most importantly, address the abundant inadequacies of risk management. This includes risks posed by consumers such as liquidity, insolvency, model and sovereign, as well as any internal process and operational risk the FIs may also be facing through any failures or glitches.   Machine Learning has played a crucial role in improving the quality and precision of FIs risk management abilities. In HPC Wire, it has been reported that the use of AI and ML within the financial sphere to mitigate risk, improve insights and develop new offerings may generate more than $250 billion for the banking industry.  How does ML work? By using incredibly large data sets, drawn (with consent) from consumers, ML can learn, and predict, patterns in consumer behaviour. This can be done in one of two ways: through supervised learning tools, or unsupervised learning tools.  Explained by Aziz and Dowling; “In supervised learning you have input data that you wish to test to determine an output. In unsupervised learning, you only have input data and wish to learn more about the structure of the data.” How do banks use ML to mitigate risk? In FIs, a mix of the two ML tools are used. Most commonly, we can expect to see learning systems such as data mining, neural networks and business rules management systems in play across a lot of banks. These models work in tandem to identify relationships between the data given from the FIs and their consumers – from their profiles to their spending habits, credit card applications to recorded phone calls – which then build ‘character profiles’ of each individual customer. The process can then begin, spotting signs of potential risk factors. This may include debt, fraud and/or money laundering.  Here we break down two key examples.  Fraud Thanks to ML, customers have become accustomed to incredibly quick and effective notification of fraudulent activity from their banks. This ability from FIs comes from large and historical datasets of credit card transactions and machines which have been algorithmically trained to understand and spot problematic activity. As stated by Bart van Liebergen; “The historical transaction datasets showcase a wide variety of pre-determined features of fraud, which distinguish normal card usage from fraudulent card usage, ranging from features from transactions, the card holder, or from transaction history.”  For example, if your usual ‘character profile’ is known by ML tools to spend between £500 - £1000 per month on your credit card, and suddenly this limit is overtly exceeded, fraudulent activity tags will be alerted, and the freezing of your account can be done in real-time.  Credit applications When borrowing from a bank or any other FI, consumers must undertake a credit risk assessment to ensure that they have a record of paying back debt on time, and therefore not adding greater cost, and risk, to the lender.  Traditionally, FIs have approached credit risk with linear, logit and probit regressions but, serious flaws were found in these methods, with many applications being left incomplete. In this space, the evidence for the effectiveness of ML is overwhelming. Khandani et al. found that FIs using ML to analyse and review credit risk can lead to a 25 per cent cost saving for the FI involved.   These ML models come in various shapes and sizes, with the most common being instantaneous apps or websites which allow users and their banks to have access to real-time scoring, data visualisation tools and business intelligence tools.  The risk of risk management with ML Like with any AI or ML application or tool, there will always be cause for concern and real need to always remain vigilant. While ML has shown to be an invaluable tool across lower risk areas, the complexity of more statistical areas of banking, such as loans, has proven to be an Achilles heel for the technology. This usually stems from bias, a perpetual problem for AI and ML across all industries.  Technology Review notes that “There are two main ways that bias shows up in training data: either the data you collect is unrepresentative of reality, or it reflects existing prejudices.”  Data, analytics, AI and ML are notoriously non-diverse working sectors. The person behind the screen creating learning algorithms tends to be white and male, and very unrepresentative of the whole society that the machine learning tool will serve. Over the years, we have heard numerous accounts of unfair and unjust machines, which have learned from a very narrow and unrepresentative dataset, which stems from the lack of diversity amongst the employees within the Data & Analytics industry. For example, Microsoft’s racist bot and Amazon’s sexist recruitment tool, both clear examples that ML and AI are not ready to be used on their own, and humans still need to play an integral part in decision making.  Banks and FIs must be aware of the, potentially lethal, consequences that bias in ML may present. Lenders must be careful to ensure they are working within the guidelines of fair lending laws and that no one group of people are being penalised for no reason other than issues within the technology and its algorithms. It is vital that the humans behind the technology don’t rely on ML to provide them with an answer 100 per cent of the time but, instead, use it to aid them in their decision making when it comes to risk mitigation.  If you’re looking for a role in Data & Analytics or are interested in finance or Risk Analytics, we may have a role for you. Take a look at our latest opportunities or get in touch with one of our expert consultants to learn more.  

Why Businesses Need To Put Fraud Prevention Front And Centre

If Fraudsters are anything, they are opportunists. Once the first new stories about COVID-19 started running, it wasn’t long until they were joined by tales of fraudsters selling face masks and hand sanitiser, asking panicked customers to transfer money and then disappearing without a trace.  And it’s not the first time we’ve seen this. Fraudsters are notoriously wise to periods of heightened sensitivity and uncertainty, often preying on the vulnerable. The 2008 financial crisis saw an increase in email-based phishing scams and a decade’s worth of technological advancements means that Fraud remains a many-headed beast.  Add into the mix a change in working styles and environments, and many businesses are more exposed to potential security breaches than they have been in years. Now, more than ever, companies need to make sure their Data is well protected and secure. THE FIRST LINE OF DEFENCE If you’re part of, or leading, a Fraud Prevention team, there are a number of ways you can support your business and keep on top of the situation. Here are just a few: Increase and update your investigation capacity. This team are the front line of your business’ Fraud defence team, interacting with customers daily and spotting new scams. During an uncertain period, retention and team stability is key. These are the people that understand the day-to-day Fraud challenges you face and will be essential in fighting any future challenges.  Sharing Fraud Prevention knowledge is key. Throughout this crisis, trends will be evolving quickly and working collaboratively across teams, and even other businesses, is the best way to combat this. We consistently hear from Fraud Managers that the key to beating Fraud is to share information and knowledge. Despite this, there is always a hesitation amongst companies to admit that they have been a victim to an attack. Perhaps now is the time to change this. Invest in Machine Learning and real time updates for your Fraud defences. Fraud technology has moved on from script writing in SQL and rule changes. Businesses need a real time reactive response and now is an important time to be embracing new technologies. There are a number AI-driven off the shelf packages available or, for a more bespoke solution, a Fraud Data Scientist can create something internally. Educate your team. It may seem simple, but the Fraud team can play a crucial role in minimising any potential risk from human-error. Educating employees on the risks they may face when working remotely, or what scams they need to look out for, is one of the most effective ways of fighting Fraud.  PREPARING YOUR BUSINESS Success in the fight against Fraud isn’t purely down to the group of individuals that make up the Fraud team. As a business, now is the time to be making decisions that can help you stay ahead of the Fraudsters. Here are some considerations: Consider investing in tech as an your immediate response. Not just to bolster your Fraud defences (although there are plenty of vendors offering AI-based solutions), but also technology for your employees to keep work as normal as possible such a sharing platforms, DevOps technology and video calling networks. One of the best ways to block some of the vulnerability loopholes fraudsters are trying to exploit is to keep working habits as close to normal as possible as you move to a remote solution. Be transparent with your customers. Consumers are being incredibly savvy and noting how businesses respond to the pandemic in a way that could have a big impact when normality returns. But they’re also being more empathetic and are willing to understand difficulties. For example, shopping delivery service Ocado were open and transparent when their system could not initially deal with demand. Having communicated the difficulties, worked through their issues and gone the extra mile to let customers know how they can be supported in this time, the received minimal backlash. There is an understanding that we’re all in this together. Finally, if you have the budget, continue to staff up - particularly in competitive fields such as Data Science. A lot of top Data professionals are currently at home and much more accessible than they have been in a long time. With a number of ways to remotely interview and onboard both permanent and contract staff, if you are able to get begin conversations with them now, you’ll have an edge in what will be a very competitive market come later in the year.  If you’re looking to take your next step in the world of Fraud, we may have a role for you, including a number of remote opportunities.  Or, if you’re looking to expand and build out your Fraud team, get in touch with one of expert consultants who will be able to advise on the best remote and long-term processes. 

RELATED Jobs

recently viewed jobs