Controlling Cybersecurity Risk: Fast Fraud Detection using sequential and optimal stopping techniques

Society is undergoing a revolutionary change in the way purchases are made: the number of payments by credit, debit and prepaid cards is increasing constantly, on-line markets are more and more mature and new online money transfer systems, such as PayPal, Google Wallet and MoneyBookers, are gaining popularity. E-commerce is now firmly established in consumers’ lives and its role in stimulating the world economy is widely recognized: sellers are expanding their target market due to the possibility of reaching clients worldwide; people are making online purchases in smaller amounts and more frequently and can buy products not found in traditional stores; the financial industry has high revenues from a range of electronic payment services. However, in this context, the massive volume of money moved by electronic payment methods is a gold mine for fraudsters: the European Central Bank has reported an 8% increase in credit card fraud within the Single Euro Payments Area for 2013 [11], amounting to 3.9 cents per EUR 100 of card transactions (2013: EUR 1.44 billion), whereas in the US, the damage is even greater at 10 cents per USD 100 (2014: over USD 7 billion) [17]. The overall worldwide losses from card fraud total over USD 16 billion (2014), and the amount is expected to double by 2020 [17].

The total cost is even greater if the consequences of frauds are considered: card issuers and financial institutions bear the losses incurred by the clients, make significant investments in anti-fraud technologies and pay a high reputational cost when they block cards which are not actually involved in fraud; merchants sustain high costs to guarantee their clients a high standard of security and can be charged back by card issuers if any negligence during a transaction occurs; insurance companies are called upon to refund insured corporate clients when frauds occur through company cards. Final consumers also suffer non-negligible costs: although they can be refunded by banks when victimized by fraud, they may not notice small swindles on their cards and, even when they do, they often fail to report the crime; consumers are frustrated when their cards are blocked unnecessarily. In general, the growing threat of cybercriminals is a burden to society and hack attacks are often launched to damage the economic actors of transactions. As new devices are introduced to limit the problem, fraudsters quickly adapt, making their actions more and more difficult to detect with existing technology.

In the light of this, my project aims to develop techniques for detecting fraud in e-payment systems on the fly by providing tools that work efficiently against cybercrime threats. Sequential analysis and optimal stopping theory are the foundation of this research (see [21, 24]), where the problem of frauds in electronic payments is formally described as a disorder problem and, hence, as an optimal stopping problem. Thinking of the occurrence of fraud, the “disorder”, as an unknown and unobservable event, the goal is to detect it using only information that is present in the transaction: the amount, the time and the location of the consumers’ expenditures, together with related information from other similar consumers (covariates). The challenge is to declare the disorder as soon as possible after its occurrence, while minimizing the rate of false alarms. In order to devise detection techniques which are fast from a computational point of view, reliable in detecting the occurrence of a fraud and efficient in controlling any desired frequency of false alarms, this research project will address this disorder using the following approaches:

I.             theoretical extensions of the disorder problem to new classes of stochastic processes that could potentially suffer of disorders in real applications, such as processes with infinitely many jumps on bounded time intervals, and under new settings, like a finite time horizon by which the disorder should be detected;

II.            the correct application of optimal stopping rules relies on the knowledge of the pre and post-fraud expenditure distribution parameters of a cardholder; then, the following research lines need to be deepened: a) determination of the minimum number of observations for deriving accurate parameters estimates; b) use of card holders covariates to improve the predictive power of the model; c) use of clustering techniques and hierarchical models for grouping similar card holders in order to compensate the lack of information of the less informative users;

III.          development of a double thresholds model that launches a warning when the probability of the occurrence of a fraud exceeds a certain level and suggests the block of the card when such a probability gets higher than an upper threshold.