SOLUTION FOR FRAUD PREVENTION
in Wire Transfers
Fraud Prevention in Wire Transfers
Solution
- System is easy to manage, allowing the user to set it up without the need of significant technical knowledge
- Transactional behavior profiles at customer level and transfer type, which can be internal in the accounts of the institution, interbank or SWIFT, based on the transactional history and supported by multiple statistical tools
- Rule-based models that include different sources, operators, statistics, functions, lists, groups of conditions and formulas
- Different model generation tools, such as rules, dynamic behavior profiles, link analysis, machine learning algorithms (neural networks, decision trees, deep learning, vector machines, among others)
- Rule evaluator embedded in the main system environment, with impact analysis, efficiency, and false positives of the rules
- Distribution of alerts and investigations to the analysts
- Integrated control board for the analysis of attention to alerts and investigations
- Generation of specialized reports and boards
- Generation of automatic or manual blocking by customer and/or transfer type
- Different monitoring approaches, participating or not in the transfer authorization process, in real time or near real time
Risk Analysis and Fraud Prevention Stages in Electronic Transfers
Real Time
The financial institution must have the ability to reject a transfer with sufficient characteristics to be classified as a fraudulent or high-risk transfer, precisely when it is executed. This is the first fraud prevention barrier.
Real time is defined as the ability to assess complex events through a transaction analysis that assesses the transfer and all its data, based on different conditions, such as rules, statistics, and lists. It provides an answer to the authorizer indicating whether to accept, reject, or review the transaction in just milliseconds.
Monitoring
With a “near real time” approach, it usually only takes some seconds or in many cases minutes to determine the transfer risk level, and based on this, take the following actions that usually translate into accepting, rejecting, or reviewing the transaction. However, it can be customized based on the processes of the financial institution.
Different modules are involved in this risk analysis that are part of or complement the solution:
Rule-Based Models: The system presents a modern and completely graphical rules editor, making it easy for the user to build models: it groups conditions, includes lists, multiple statistical conditions, complex analysis patterns, and data pre-processing, among others. The expert users can also employ formulas about conditions, facilitating the data manipulation and rule results.
Statistical Behavior: It allows the creation of individual profiles by customer or type of transfer (internal, interbank, or SWIFT). These profiles can be used as input in the configuration of the rule-based fraud detection models.
Dynamic Behavior Patterns: It is a new proprietary technology of Sentinel that allows the automatic definition of the usual profile of the client and of the population it belongs to. In this way, the system generates an alert in the event the behavior detected is “unusual” for the client or “atypical” for the population it belongs to.
Black Lists: This module enables the analysis to find out whether there are similarities in the names of the beneficiary or applicant of the transfer, as applicable, with people, companies, or entities registered in internal or external black lists. It is also possible to include “negative news”, that is, people or entities that appeared in news related to events or activities subject to screening, even if they are not subject to trial.
Sentinel has the largest risk database about individuals and organizations, which is continuously monitored and updated. Some of its main features are:
- More than 450 lists.
- More than 1 million PEP’S, 14 types, 4 levels in more than 240 countries.
- More than 50 classified risk events: abuse, kidnapping, fugitive, fraud, murder, robbery, trafficking in people, etc.
- Definition and classification of the risk stages: accused, suspect, arrested, in trial, sanction, etc.
Geolocation: It analyzes different aspects related to the usual location of the customers, their Internet service providers, connection types, zip code, country, region, and city, among others. The access data generated from the IP of the client and recorded in Sentinel can be used in forensic or criminal investigations, in audits and as evidence in criminal procedures.
Some of its main features are:
Static Risk Factors:
- Location specific risks (countries, regions, cities, zip codes)
- Risk connection types
- Information of risk domains (suspicious Internet service providers, blocked domains)
- Risky connection proxies (anonymous, hosting)
Risk Indicators in Real Time:
- Speed infractions
- Connection increases from an ISP/location or account
- Suspicious connection time, along with IP locations that do not match
Anomalous Behavior Patterns:
- Current location versus previous locations (frequency)
- Changes of Internet service provider, together with other factors
- Change of mobile telephony carrier
Creation of Device Digital Prints. Geolocation characteristics used to classifying a device:
- Geography (country, city, state, zip code)
- ISP
- Connection type (DSL, mobile, cable, etc.)
Predictive Models Based on “Machine Learning”: The Sentinel Predictions module enables a visual design environment to build predictive analysis models for fraud prevention. It provides a complete library of supervised and non-supervised learning algorithms, data preparation and exploration, validation and model evaluation tools.
In addition, it provides a potent “Model Auto Generation” functionality that enables Sentinel to create and train multiple models automatically, compare their results, and allow the user to determine which it wishes to set up in a productive environment. Being a data scientist or an expert in mathematics or statistics is no longer required to use the most advanced “machine learning” techniques.
Investigation
The analysts have queries or viewers that allow them to view unusual activity with multiple inputs useful in the decision-making process:
- Filter by date range
- Alert objective
- Filter by alert status
- Advanced filter
- Transaction assessment scores
- Behavior profile
- Alert models in the transaction
The supervisors and analysts can have strategic control of the whole operation of the fraud prevention department by observing the following key indicators:
- Pending alerts
- Average attention time
- Alerts marked as fraud
- Alerts referred to investigation
- Alert resolution times
Case Management
Once the analyst reviews the activity suggested as suspicious by the system, they can generate cases to follow-up on the suspicious transactions and record all the actions during the investigation process.
The investigation case is the digital file to track the entire process in the unusual activity management of the customer:
- Change the investigation status, based on the work flow
- Actions performed by the analyst
- Detail of the transactions reviewed
- Storage of relevant attachments related to the case
Reports and Control Boards
Sentinel has a powerful tool for data discovery and information analysis. Its main characteristic is that it is oriented to end users without a lot of technical knowledge, who can design their own control reports and panels, schedule their execution and automatic sending to different addresses, if desired.
Some of its main features are:
- It has a series of predetermined reports
- It allows the end user to create reports using the different data sources and fields of Sentinel
- The reports can be private or public so that other users can access them
- Enabling of creation of groups, filters, field order, and definition of date ranges to display the information
- Ability to export the reports in multiple formats, including Excel, CSV, PDF