Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.
Abstract ............................................................................................. 3
Abbreviations .................................................................................... 4
Current State ..................................................................................... 5
Challenges ........................................................................................ 7
Best Practices ................................................................................... 8
Conclusion....................................................................................... 12
References ...................................................................................... 13
TABLE OF CONTENTS
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
3
Abstract
The discovery of fraud, waste and abuse (FWA) is a high priority for
financial insitutions in the US and around the world. FWA financial
analytics require software solutions which can address large volume
and discover hidden FWA occurences. Higher characteristics of
real-time and previously unknown fraud trends discovery capabilities
are becoming prevalent.
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
4
Abbreviations
Sl. No. Acronyms (Page No.) Full form
1 FWA (4, 7, 9, 10, 11,
12, 14)
Fraud, waste and abuse
2 CEP (8) Complex event processing
3 BRMS (8, 11) Business Rule Management
Systems
4 AML (7) Anti-Money Laundering
5 KYC (7) Know Your Customer
6 PMML (10,11) Predictive Model Markup
Language
7 JSR-94 (11) Specification Request for a
Java Rules Engine API
8 SAML (11,12) Security Assertion Markup
Language
9 XACML (11,12) eXtensible Access Control
Markup Language
10 FPGA (12) Field Programmable Gate
Array [semiconductor device]
11 HPC (12) High-Performance
Computing
12 MPI (12) Message Passing Interface
13 SAS HPA (12) SAS High Performance
Analytics
14 OpEx (12) Operational Expenditures
15 CapEx (12) Capital Expenditures
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
5
Current State
The current state of fraud, waste and abuse (FWA) financial analytics is described by an increased number of features provided by software solutions. Higher characteristics of real-time and previously unknown fraud trends discovery capabilities are becoming prevalent. An extension to this white paper is planned. Such extension is expected to align closer to specific financial processes of interest in order to refine the findings of this white paper and to explore greater level of detail within narrower areas of interest. More beyond fraud-detection systems coverage is expected. The fraud and financial crime prevention domain includes the following use cases:
Enterprise Financial Crimes
ACH and Wire Fraud
Anti-Money Laundering
Card Fraud
Organized Fraud Rings Loss reduction, compliance and business factors tend to drive the adoption of FWA analytics. Some elements of compliance legislation require absolute compliance in particular areas of financial organization operations:
United States o Gramm-Leach-Bliley Act (GLBA) o USA Patriot Act (Anti-Money Laundering/AML;
Know Your Customer/KYC) o FFIEC guidelines o Sarbanes-Oxley Act of 2002 (SOX) o Payment Card Industry (PCI) Standard o Right to Financial Privacy Act (RFPA), amended by
the Patriot Act o Bank Secrecy Act o Office of Foreign Assets Control (OFAC) sanctions o California SB1386 o Health Insurance Portability and Accountability Act
(HIPAA) for some types of transactions
Europe o EU MiFID o EU Market Abuse Directive o Terrorism Act 2000 (UK)
Basel II and Basel III Capital Requirements
Compliance and business objectives execution are supported by the majority of financial organizations‟ IT systems. This white paper‟s main concentration is within the fraud detection domain, but demonstrates how other financial operations and processes often have inherent co-dependencies on fraud detection systems.
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
6
Financial fraud detection systems traditionally rely on complex event processing (CEP) systems. Some financial organizations rely on custom scripts, while the general trend is toward fully-featured Business Rule Management Systems (BRMS). Many modern fraud detection systems have anomaly detection capabilities. Unusual and threatening patterns are continuously mined and presented as alerts. Fraud detection systems often include predictive models capability. Such capability predicts fraud risk scores and may re-route transaction execution and/or generate alerts. Fraud detection systems often include automated and interactive social network analysis. Such analysis aims to identify potentially threatening associations with known fraudsters, fraud rings and their patterns. Modern fraud detection systems allow global scoring of transactions in real-time and near real-time, as well as sub-second response of on-demand scoring. They offer scalable and sustainable scoring of high volumes of transactions. Sophisticated models and approaches may be used:
Neural Networks (including "Self-Organizing Neural Network Arboretum" [SONNA] – SAS patent), Decision Trees, Customer State Vectors
Hybrid multiple model operation
Champion/Challenger functionality
Multi-models ability to capture data types from across channels
Historical versioning and audit support
Unstructured text analytics
Note that anti-money-laundering legislation in the US and abroad
place particularly high demands and requirements on fraud
detection systems.
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
7
Challenges
The majority of fraud detection systems share common limitations and problems, such as:
Lack of flexibility to deploy new monitoring strategies
Inability to scale with transaction volume growth
Limitations pertaining to rules-based logic
Complexity of integration, isolated data silos, manual queries to many disparate systems may be required, findings of one system not shared with another
Limited procedures to detect risky patterns and manage the whole process from alerting to reporting
High false positives generate too many alerts, time consuming for analysts to identify and resolve
Detection and management processes may exponentially increase analysts‟ workloads
Increasing system sensitivity to identify more fraud transactions may increase false positives considerably
System ergonomics are not sufficient to aide analysts (visualization, drill-down capabilities)
Some sophisticated algorithms are difficult to perform in real-time
Variety of models (especially executed in disparate engines/systems) are difficult to orchestrate and complete results consolidation in real time
Custom financial processes might call for specialized systems and
approaches. For example, the high incidence of potentially risky
transactions calls for extra vigilance and flexibility to deploy a variety
of sophisticated models and approaches.
Fraud rings and individual criminals continuously invent new fraud
schemas – hence flexibility and efficient anomaly detection is
important for FWA management systems.
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
8
Best Practices
In this short white paper, we will address only the core approaches
(primarily business rules and statistical models) to detect and
manage fraud waste and abuse. FWA systems will benefit from
integration with other subsystems within the financial enterprise IT
environment. Proposed recommendations are reflecting general
trends in the FWA IT landscape, of increased flexibility and
customization requirements. We are looking forward to studying the
requirements in-depth, and adjusting the proposed solutions while
taking into consideration the existing infrastructure and solution
stack.
FICO Blaze Advisor is a business rule suite which is employed in
particularly in the financial domain. FICO Blaze Advisor key features
include:
Rule Maintenance Application (RMA) for previewing, editing, verifying and testing rules
Plug-in for Eclipse Integrated Development Environment (IDE)
Decision Graph, a decision tree management solution
Ability to edit decision tables through Excel
brUnit test framework, built on xUnit framework for unit testing
Decision Simulator module to estimate the impact of new and updated business rules before putting them into production
Comparison Query with Visual Comparison Editor to obtain and see all differences highlighted in the row and rows of a decision table or the branches of decision trees
Import of PMML (Predictive Model Markup Language) models, including neural networks and scorecards
Integration with FICO Model Builder, FICO's analytic platform, which provides:
Linear Regression, Logistic Regression and Neural Networks
Divergence-maximizing, Bernoulli likelihood, and multi-goal outcome scorecards
Continuous outcome scorecard, optimizing a least squares objective function
FICO Blaze Advisor for Java is a 100% Java solution that supports Web Services, Enterprise Java Beans (EJB) and Java Enterprise Edition (JEE) platforms, IBM mainframes, and other legacy platforms
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
9
The import/export of PMML is a growing trend which allows interoperability with the majority of statistical platforms such as SAS, R(Rattle) and RapidMiner. Custom requirements might call for trying out a variety of recently implemented or published algorithms, where flexibility to interoperate with a particular platform would be critical. The majority of business rules systems are JSR-94 compliant, which could allow interoperability across various rule engines to some degree. Both PMML model language and JSR-94 standards have their inherent limitations:
PMML supports a considerable number of models applicable to the FWA domain, but some models might not be supported. The newest algorithms appearing in publications are typically not supported in PMML
The JSR-94 is an engine API standard, but doesn't address rules interoperability. The ability to mix-and-match various business rules engines might be critical for some scenarios, but the majority of particular business rules engines recommend avoiding limiting to JSR-94 API only. Let's consider Drools recommendation listed in Chapter 7.1 (1)
There could be various use cases where PMML and/or JSR-94 interoperability would be desirable, even with some of their corresponding limitations:
o Profiling of various business engines performance/cost ratio (some engines have different versions of Rete algorithm implementation, licensing pricing varies from $0 [Drools] to tens of thousands $ per CPU)
o Profiling of various statistical platforms performance/cost ratio
o Real-time capabilities of all above
o Hardware testing and performance/cost optimization for a particular mix of loads for all above
Additional use cases for PMML interoperability could be adding scoring capability to general purpose databases (such as DB2) and to Hadoop. In-database analytics and in-Hadoop analytics are very efficient and economical for many large to very large scale applications.
Business rules interoperability per se is generally quite new and not widely supported area in BRMS, which is very well demonstrated in Chapter 5 of (2). Some use cases might call for exploration of particular standards and supporting systems.SAML (Security Assertion Markup Language) and XACML (eXtensible Access Control Markup Language) could be examples of standards which are very practical
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
10
in some privacy compliance use cases. SAML and XACML support is fairly common across many products.
There is some level of execution speed-up which exists across various infrastructure and hardware mixes. In particular, hard real-time requirements are often addressed in stock trading applications via FPGA architectures. IBM Netezza is classic FPGA analytics architecture. FPGA is becoming more common in products and appliances which were not originally designed as FPGA (such as Teradata). Stock trading applications frequently use HPC (High-Performance Computing) architectures such as low-latency and high-bandwidth networking. 10 GigE and 40 GigE could be considered for mainstream FWA applications, while very large-scale deployment might benefit from 40 Gig and 56 Gig Infiniband networking. Infiniband is generally rare for small to medium high-performance environments due to the fact that it is very different from Ethernet architecture and requires a steep learning curve. Direct Infiniband support without emulation is fairly uncommon across the majority of software. Still, Oracle selected Infiniband as their only connectivity system for their Hadoop as well as in-memory analytics appliances.
Management complexity of some infrastructure and software systems might be addressed by some level of data masking. PCI and other mandatory compliance regulations define data which need to be encrypted and protected. Some software systems have sophisticated data masking and/or data encryption capabilities where original plain text data is not accessible, even for super-users, roots or system admins, enhancing the level of protection for sensitive data.
Particular use cases might call for high performance statistical computing against a full (not a sample) dataset, where the majority of data needs to be placed into RAM. Economical and well performing scaling could call for highly interconnected clusters working mainly on MPI principles (like Revolution RevoScaleR). SAS HPA (High Performance Analytics) is another example of a distributed in-memory statistical platform which could be applied for some scale-out use cases. Algorithms availability in R vs. SAS, as well as licensing costs, are important factors to consider. R is generally free open-source software (FOSS), but its scaling within the FOSS realm is achievable on a case-by-case and algorithm-to-algorithm basis. Revolution R is a commercial offshoot of R which has some enterprise capability. Revolution also has the RevoScaleR platform which has a very efficient clustering and in-memory computation solution, but it supports a rather limited subset of R functions/algorithms. Similarly, SAS HPA is a clustering and in-memory solution which supports only a limited subset of SAS functions.
Special use cases might benefit from the highest performing
number-crunching chips available, which are IBM Power and Intel
Phi. The HPC world relies on performance per watt (important for
OpEx) even more than on performance per $ (important for CapEx),
since electricity and cooling OpEx usually exceed CapEx within a
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
11
rather short time of operation. IBM Power claimed 2.1 GFlops/Watt
efficiency, while Intel Phi offers 2.44 GFlops/Watt. IBM Power
requires a full IBM stack of hardware, while Intel Phi runs on various
servers and is less brand dependent, reducing vendor lock-in
concerns. Intel Phi is a very new platform, and might require C/C++
direct chip coding. Nvidia CUDA has dramatic performance
characteristics, though it provides acceleration for a smaller subset
of tasks when compared to the rather general purpose Intel Phi
architecture. All challenges with the highest performing chips could
be addressed such that these chips will become economically viable
for some high-scale and/or real-time use cases.
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
12
Conclusion
The most common approaches to address financial FWA were
presented in this paper. We presented open and interoperable
architecture which will allow the inclusion of traditional financial
FWA solutions as well as more generic packages (such as SAS and
R) to address custom needs.
Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013
© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
13
References
1. JBOSS. Drools. [Online] [Cited: 2 27, 2013.] http://docs.jboss.org/drools/release/5.2.0.Final/drools-expert-docs/html/ch07.html. 2. The Johns Hopkins University Applied Physics Laboratory (JHU/APL). National Human Services Interoperability Architecture, Business Rules White Paper. [Online] 6 2012. [Cited: 2 27, 2013.] https://www.acf.hhs.gov/sites/default/files/assets/o_rules_d02_0.pdf
Author Info:
Andriy is a Sr. Solution Architect with HCL‟s ERS-SEG-TFG. He has over 20 years of experience in the areas of data management and software development.
Some of his work includes:
Led the Big Data infrastructure work with a large medical insurance provider.
Served as a product owner of the US national “Transitions of Care” Reference Implementation project. This project consolidated HIT community efforts to establish the next generation of HL7 data exchange standards. http://wiki.siframework.org/Transitions+of+Care+%28ToC%29+Initiative
In 1998-2000, Andriy designed NoSQL GIS architecture with some MapReduce paradigms of image processing which demonstrated very high scalability/cost characteristics.
Hello, I’m from HCL’s Engineering and R&D Services. We enable technology led organizations to go to market with innovative products and solutions. We partner with our customers in building world class products and creating associated solution delivery ecosystems to help bring market leadership. We develop engineering products, solutions and platforms across Aerospace and Defense, Automotive, Consumer Electronics, Software, Online, Industrial Manufacturing, Medical Devices, Networking & Telecom, Office Automation, Semiconductor and Servers & Storage for our customers.
For more details contact [email protected]
Follow us on twitter: http://twitter.com/hclers
Visit our blog: http://www.hcltech.com/blogs/engineering-and-rd-services
Visit our website: http://www.hcltech.com/engineering-services/
About HCL
About HCL Technologies HCL Technologies is a leading global IT services company, working with clients in the areas that impact and redefine the core of their businesses. Since its inception into the global landscape after its IPO in 1999, HCL focuses on „transformational outsourcing‟, underlined by innovation and value creation, and offers integrated portfolio of services including software-led IT solutions, remote infrastructure management, engineering and R&D services and BPO. HCL leverages its extensive global offshore infrastructure and network of offices in 26 countries to provide holistic, multi-service delivery in key industry verticals including Financial Services, Manufacturing, Consumer Services, Public Services and Healthcare. HCL takes pride in its philosophy of 'Employees First, Customers Second' which empowers our 85,194 transformers to create a real value for the customers. HCL Technologies, along with its subsidiaries, has reported consolidated revenues of US$ 4.4 billion (Rs. 23499 crores), as on TTM ended Dec 31 '12. For more information, please visit www.hcltech.com
About HCL Enterprise HCL is a $6.2 billion leading global technology and IT enterprise comprising two companies listed in India - HCL Technologies and HCL Infosystems. Founded in 1976, HCL is one of India's original IT garage start-ups. A pioneer of modern computing, HCL is a global transformational enterprise today. Its range of offerings includes product engineering, custom & package applications, BPO, IT infrastructure services, IT hardware, systems integration, and distribution of information and communications technology (ICT) products across a wide range of focused industry verticals. The HCL team consists of over 90,000 professionals of diverse nationalities, who operate from 31 countries including over 500 points of presence in India. For more information, please visit www.hcl.com