Andrea Casati

Andrea Casati
Data Science Director
@BIP xTech

Gabriella Jacoel

Gabriella Jacoel
Data Science Manager
@BIP xTech

Filippo Dalla Chiara
Data Scientist
@BIP xTech

Introduction to fraud management

Over the past decade, there has been a steady shift of daily activities online. This has been accelerated by the COVID-pandemic, which led to significant growth of electronic payments. Globally two-thirds of adults have sent and received money digitally [1]. At the same time, criminals have been taking advantage of this growth combined with people’s digital immaturity. Losses from financial fraud and scams have more than tripled in the last decade (from $9.8Bn in 2011 to $32.4Bn in 2020 [2]). It is projected that there will be another $343Bn lost over the next five years [3]. The financial industry can no longer ignore the threat to banks, payment services providers (PSPs) and their customers.

Nowadays, the integration of intelligent and scalable solutions into legacy systems, (eg transaction monitoring engines leveraging on machine learning or cloud-based platforms), is a core need for anti-fraud units in banking and PSPs at any level. The damages from fraud are not limited to financial loss. Reputational harm for financial institutions and legal and regulatory sanctions can cause equal or even greater damage.

Fraud comes in many forms:

  • Credit/Debit card fraud. Attackers steal PIN codes by phishing, social engineering, or massive data leaks. On rare occasions cards are physically cloned or defrauded (Card-present frauds), while in most cases money is stolen through online payments or P2P services (Card-not-present frauds);
  • Online transaction fraud. Attackers obtain home banking credentials or install malware directly on a victim’s device, defeating MFA authentication and transferring money directly to their own accounts;
  • Scams: Attackers convince the victim to make a payment or a transfer through social engineering tactics. Some do not include ‘scams’ in the definition of fraud as it is the victim themselves that make the transactions;
  • Bust-out frauds: Attackers don’t target individuals, they adopt a stolen identity or establish a fake company in order to get access to a bank line of credit (eg credit card) with no intention of repaying the balance or debts.

Banks and PSPs adopt defence in depth with multiple lines of defence. These are usually spread across processes and departments. Generally speaking, we can identify three key macro-processes in fraud management:

Fraud prevention
All the actions carried out with the goal of mitigating the chance of malicious attack, from fraud risk assessment, cyber security, to enforcing MFA and customer awareness;

Fraud detection
All the processes for identifying, giving early warning, and possibly blocking an attack when it occurs. In cases of transactional frauds often requires real-time action before money has gone.

Fraud response
All the operations required after a fraud has taken place. These cover investigation for preventing future occurrences and actions to mitigate loss in case attacks were not effectively countered.

Challenges in traditional fraud management

Figure 1 Traditional fraud management process

Historically, fraud management has relied heavily on human domain expertise. Human involvement has been needed both in the governance of the anti-fraud system and in operations, such as alert investigation and fraud reporting. Only in recent years have advanced data-driven technologies been integrated to enhance the overall process. These not only automate repetitive manual tasks, but also support analysis and critical functions, like fraud response and recovery.

Increasing volumes of digital payments have required anti-fraud processes to adapt to larger workloads. Technology infrastructure has had to scale-up on huge amounts of transactional data, easily classifiable as big data.

In addition, fraud detection requires real-time processing. For any transaction, the fraud risk needs to be estimated and a decision made to alert or block in at most a few milliseconds to guarantee a frictionless customer experience. This has forced the banking and payment industries to make significant technological investments. Even so, barring a few innovative cases, the traditional anti-fraud model has not evolved. It has remained mainly rule-based, requiring high levels of manual intervention.

A rule-based transaction monitoring system makes use of simple conditions to approve, alert or deny a payment (eg “block if more than 3 transfers and total amount exceeding €1000 in the last 10 minutes”). Traditional business rules work easily in a real-time fashion and they can be configured quickly and simply in reaction to emerging fraud patterns or experienced losses. However they have limitations.

Thresholds are essentially static. Fraudsters can learn to guess their values simply by making multiple attempts. They always act the same for all customers in any situation.

This approach is not well-suited for the dynamic nature of both financial and cyber-crime activity, which evolve rapidly. Fraud schemes and counter-strategies adapt to each other continuously. Whereas purchasing habits of customers may vary markedly between social groups and over time but follow fairly predictable commercial trends and the economic climate.

Human expertise still predominates when defining business rules. Continuous maintenance and calibration is needed to keep rules up-to-date with new trends. These are generally expensive tasks in terms of time and effort, especially considering the hundreds of rules that make up a fraud detection policy.

Legacy solutions also suffer from high rates of (false positive) alarms caused by sub-optimal or outdated rules and the typically low risk appetite of fraud management units. False alarms not only cause friction for the customer, they also present a challenge for ex-post activities, such as fraud monitoring and investigation tasks and verification with the customers by contact units. These processes are typically manual, often leveraging fraud specialists’ domain experience and acumen, which, whilst very accurate on a single suspicious case, is not scalable to huge volumes of alarms.

Therefore a backlog of, often non-prioritized, alerted transactions continually accumulates. Fraud analysts lack the capacity to handle all cases, and so this inevitably leads to increased critical time-to-reaction to fraud events allowing malicious payments to slip through the cracks.

Furthermore, fraud reporting activities, which are also key for fraud management to keep control of attack trends and economic losses, have recently seen a growing adoption of business intelligence and analytics tools. These ease data aggregation and visualization activities, while the decision-making remains mostly an exclusive prerogative of experienced fraud managers.

AI-driven Fraud Detection

Most of the challenges we have described above involve optimization or automation of critical decision making, often done in real-time or near real-time. Artificial intelligence is well suited to these use-cases and guarantees scalability that human effort cannot. In particular, among fraud management macro-processes, fraud detection is the field where AI shines and where it provides the most significant advantages.

From a data science perspective, fraud detection is essentially a machine learning problem.

The aim is to identify fraudulent transactions from the genuine ones. This can be based on past examples of malicious patterns (supervised classification) or targeting suspicious behaviours as they differentiate from the normal habits of bank customers (anomaly detection).

AI and ML algorithms, running on a sufficiently high-performance architecture, can provide sufficiently short response times to process data-driven decisions on massive volumes of transactions in real time. This can limit the need for human intervention and responsibility to focusing only on really difficult or potentially high impact cases.

AI also handles the dynamic evolution of fraudulent patterns and the digital payment environment. It is able to recognize phenomena such as concept drift before they lead to performance decay. Then, ML models can be refreshed by several strategies (eg windowing or online learning) to incorporate new data and ‘forget’ outdated ones.

The need for a lot of sample data to train and test fraud detection models is however a challenge. This conflicts with the intrinsic scarcity of fraud (technically speaking, class imbalance), which are (luckily!) few in number in comparison with the great majority of legitimate operations. Outlier detection algorithms which exploit the anomaly of suspicious transactions (eg Isolation Forest, Local Outlier Factor), or rebalancing techniques (eg under/over-sampling) and robust classification models (eg XGBoost Tree or Random Forest endowed with cost-sensitive criteria) have proven suitable to address this challenge.

Another obstacle in adopting AI for fraud detection concerns understanding why a transaction is flagged as suspect by a black-box model; for this problem eXplainable Artificial Intelligence (XAI) can  help. XAI techniques, such as meta-learning, can be used to train a second model that is able to discriminate within real-time model outcomes, helping further manual investigation with additional information.

Fraud detection is a non-trivial challenge. It needs both advanced technical experience and specific business knowledge to effectively leverage AI and improve a financial institution’s fraud detection process. The deep complexity of fraud detection requires that close attention is paid in all implementation stages, from model design and development to production deployment.

Additionally, MLOps practices should be adopted for ongoing maintenance and monitoring to ensure high-performance throughout the solution life-cycle. Whilst challenging, this is certainly less expensive than the risk of loss due to inefficient fraud management.

How can AI boost fraud management?

The adoption of AI in fraud management, and particularly in fraud detection, can be a game-changer for banks and PSPs in their battle against fraudsters.

AI benefits are not limited to countering frauds to reduce economic loss for financial institutions and their clients. They also enable several key capabilities for a modern anti-fraud system, improving the overall process performance and ultimately saving costs by efficiently focusing the manual effort of fraud specialists.

Figure 2 Where AI could bring a boost to the fraud management process

The table below details typical use-cases for AI enabled solutions, with a particular focus on the impact and benefits on key fraud management processes.

Control rules optimization

While rule-based systems remain a widely used solution, AI can be leveraged for fine-tuning rule logic. Tree-based algorithms, such as random forest, are particularly interesting since their branch structure is similar to rule conditional ones., They can be used to explore optimal rule combinations automatically and with limited out-of-system interventions.

  • Improved precision and False Positive (FP) rate of rule-based system
  • Early detection of bad rules
  • Low-intrusive deployment
Customer-tailored fraud detection

Online classification models, such as XGBoost or neural networks, integrated in parallel with legacy rule-based systems can remedy the shortcomings of the latter. They can effectively target each customer’s behavioural patterns, such as typical expense habits, and dynamically adapt to the evolution of the external payment environment, with limited need of manual intervention.

  • Improved precision and FP rate
  • Customer-based fraud detection
  • Defensive logics cannot be learnt by fraudsters
  • Self-learning of new fraud patterns
Payment network

Graph database and ML algorithms can be used to represent, store, and analyse the relationships within bank’s customers and other financial actors, not connected exclusively through payments, but possibly based on other personal information (eg similar address locations, phone number, similar IP etc).

This solution allows fraud specialists to explore the network to study criminal patterns, fraud rings, money-laundering schemes, and allows data scientists to incorporate new information into transaction monitoring models (eg measures of proximity between sender and payee), leading to advantages across fraud prevention/ detection, errors identification and response.

  • Network info for investigation of occurred frauds or general fraud patterns
  • Customer’s proximity info to be integrated into anomaly detection and classification models
Geospatial-based transaction monitoring

Geospatial information, propagated by phone banking apps, ATMs or POS devices, could provide evidence of where the customer is located with respect to past transactions, providing further evidence whether or not they are acting legitimately.

Once geolocated, historical transactions are collected and aggregated, safe zones can be generated by clustering of geo-data points for each customer. While a customer is operating from these areas, their fraud risk can be mitigated and (if no other threats are detected) payments could be allowed to proceed frictionlessly.

  • Reduced false positive rate
  • Geospatial info for investigation and reporting
Fraud alerts prioritization

As it remains impossible for the fraud analyst team to fully analyse all suspicious alerts, AI can provide alarm prioritization, based on quantitative fraud probability and tailored risk metrics. This can focus investigation tasks to the most relevant cases and reduce time-to-response.

  • Reduced investigation time-to-response for relevant cases
Explainability fraud detection module

XAI can be leveraged to provide more information about predicted transaction labels by real-time black-box models, especially when they are complex models such as neural network or XGBoost.

This can be implemented as a meta-learning module in-series, both running real-time or quasi-real-time, and trained from previous outcomes. Additional information from XAI modules are key for fraud investigation and performance monitoring in an AI-driven fraud detection process.

  • Explanation about AI’s predictions for investigation tasks
  • Easier model monitoring
Intelligent automation process of fraud operations

Most manual work by fraud analysts consists of repetitive tasks, such as monitoring, often similar, incoming alerts and reporting. Implementing RPA and intelligent process automation can ease this effort and allow specialists to focus on value-add tasks. Full control of the anti-fraud system is always guaranteed, and automation can be scaled according to transaction workloads.

  • Optimized efforts and saved costs for repetitive manual tasks
  • Reduced time-to-response for base cases
Business Intelligence-powered fraud investigation

Business domain expertise is not really challenged by data-driven transformation. On the contrary, human contribution is augmented using BI techniques and real-time dashboards. These help and accelerate fraud analysts in their investigation, while enabling complex analysis and visualization of geospatial or graph data.

  • Improved investigation tasks
  • Reduced investigation time-to-response
Deep fraud pattern data mining

Advanced analytics and data mining can drill-down on huge volumes of transactions. It can identify correlation patterns and hidden fraud schemes in data, as well as  designing feedback-loop cycles that re-process historical payments as soon new information is available. All this information is of critical importance and can be visualized on BI dashboards for supporting operations and decision-making to improve the end-to-end fraud management process.

  • Facilitated understanding of new fraud patterns
Device malware detection

Spyware and malware are the new frontiers for fraudulent activities. Attacks are sneakier since transaction approval is done from the victim’s device. AI can monitor device logs and behavioural patterns of the customer, using anomaly detection or classification algorithms to recognize whether the payment sender action is malicious software instead of a human user.

  • Prevent fraud led by malware attack
Synthetic data to boost fraud detection models

Cutting-edge generative AI can also be leveraged to produce synthetic transactional data sets for training particularly data-hungry fraud detection ML models, such as neural networks, overcoming issues caused by the class imbalance in historical transactions.

  • Enlarged the power of trained AI models

BIP xTech can help

BIP xTech is the largest professional data scientist community in Italy, with more than 180 data scientists (and more than 250 worldwide). Within the community, specialized teams in financial and banking industries help international clients improve their fraud detection processes by leveraging data-driven and AI-powered solutions, exploiting cutting-edge models, innovative technologies and benefiting from an ideal mix of technical skills and in business domain expertise.

Our teams can support clients in their projects end-to-end: from strategy to deployment, through planning, process re-design and implementation. Our professionals include cloud specialists to take care of infrastructures, data engineers to manage data pipelines, data scientists and AI engineers to develop ML models from experimental phase to productization, and BI specialists to prepare dashboards and data visualization for the final users.

To request further information about our end-to-end offerings or to have a conversation with one of our experts, simply send an email to [email protected] with the subject “Active Intelligence”, and we will get in touch with you immediately.






Andrea Casati

Andrea Casati
Data Science Director
@BIP xTech

Gabriella Jacoel

Gabriella Jacoel
Data Science Manager
@BIP xTech

Filippo Dalla Chiara
Data Scientist
@BIP xTech

Leer más opiniones

red lines


Milan, Italy | BIP xTech Head Office

Torre Liberty Building
Galleria de Cristoforis 1, Milan, 20121

[email protected]

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.