Online scams, where a consumer has been persuaded to authorise a transaction, and fraud, which involves suspicious activity to bank accounts without prior knowledge, are going through the roof in Australia. According to the Australian Competition and Consumer Commission (ACCC), consumers lost over $3.1 billion to scammers in 2022, with the actual amount expected to be higher.
The situation has become so dire that the federal government is establishing a National Anti-Scam Centre (NASC) as scams rose 80% from 2021.
Scammers have become experts at exploiting people’s psychology and good nature. Tricking someone into sending money to a ‘relative in trouble’, sending customers a link via SMS to pay for an unpaid toll or an overdue parcel, or even impersonating a bank security officer and getting them to download malware on their computer has become child’s play.
Traditional fraud detection is no longer effective for the inventive ways fraudsters are working. Existing systems are often rule-based and can’t detect when a scammer has tricked someone into sending money that looks like a legitimate transaction to a bank.
While banks have become much better at blocking larger transactions to unknown recipients or new recipients, many smaller transactions fly under the radar. But they represent hundreds of millions of dollars in losses when added up. So a single $20,000 transaction might be flagged but not multiple $1000 transactions.
Why context is critical
What’s missing is the ability to understand the context around a specific transaction, making its suspicious nature much more apparent. This might involve correlating different events and patterns of behaviour using internal and external data.
One example is the recent collaboration between Telstra and the Commonwealth Bank to protect customers from phone scams. This partnership has resulted in the design of a unique tool designed to check certain high-risk scam situations, such as a customer being on the phone (and potentially being guided by a scammer) when logging in and trying to make a transaction through online banking.
Connecting all the dots is complex with current systems. Traditional databases of rows and columns can’t handle the volume and complexity of information involved.
One solution is to use graph technology to store vast amounts of data from disparate sources, including the context and relationships between each data point. Knowledge graphs can also be updated and queried in real time, which is critical, as time is of the essence in preventing scam payments from going through in the first place.
Once a payment has been executed, it’s challenging to recover. Even if the criminals are later identified, they can often use foreign jurisdictions to evade prosecution, as recently seen with the Medibank hack. Using a knowledge graph, security teams can look across the banks and customers’ accounts to help determine whether their services are being used by perpetrators, at least locally.
With scams using overseas bank accounts, detection and prevention are even more complex. However, a graph can still help analyse the likely legitimacy of a transaction. For someone making a transaction to a foreign account, indicators might include whether the amount is large, whether the person has ever transacted to that destination before, and whether that foreign account typically receives large amounts of money from Australian accounts. If things don’t fit a usual behaviour pattern, the transaction can be quarantined until further confirmation and verification occur.
More accurate detection
False positives are a problem because customers can be seriously inconvenienced if legitimate transactions fail. Reviewing these false alarms also drives up costs for banks, which end up being passed onto customers. This is where a knowledge graph can handle the probability of risk using a simple rules-based system that often results in a binary yes or no response.
With a graph, the analysis becomes much more sophisticated. Many different signals, within and outside the bank, can be analysed in real time to develop a more accurate predictor of scamming. This may include demographic data indicating when someone is likelier to be a victim of a romance scam. It’s much more reliable and accurate than a simple green or red light.
The other advantage of a graph-based fraud detection system is that everything is traceable. You can easily see how a conclusion was reached and weigh all the relationships and data points factored into it.
Graph technology enables more accurate decision-making and takes a greater preventative and proactive approach to cybersecurity. While user education remains essential, proper tools and technology are critical — graph databases can store much richer and deeper data, enabling real-time analysis and fraud detection that will save organisations and individuals hundreds of millions in potential losses.
By Peter Philipp, General Manager, ANZ at Neo4j
This article was first published by Technology Decisions