Top Five Insights Needed for Unknown Fraud Analytics

The effort it takes for a fraud manager to review a brand new fraud attack versus an attack type that has long been documented and has a process in place is very different. A known fraudulent transaction can be automatically blocked in real-time using traditional tools such as rules engines and supervised machine learning. On the other hand, unknown attacks require more insights into behaviors and activities that can be indicative of a previously unknown pattern. In order to take action on an evolving fraud pattern that a fraud team has never seen before, a fraud analytics dashboard must be able to provide actionable insights designed for unknown fraud detection.

Making unknown fraud analytics actionable

Here are the top five considerations and insights needed for a dashboard to provide actionable insights for unknown fraud:

1. Strong fraud indicators 

Unknown fraud types need strong indicators in order to convict a suspicious account is indeed fraudulent. In addition to providing a detection score, a fraud analytics dashboard needs to include top reasons why a score is determined in human-understandable reason codes. For unknown fraud, anomalous attributes showing how an account or transaction deviates from the global population provide additional indicators.

2. Detailed detection and activity history 

A detailed detection and activity history provides insights into the activities that lead to the event that triggered the detection and how a detection score changes over time. Such insight reveals the progression of an attack and informs any corresponding action needed to counter such attack. For example, some attacks we see here at DataVisor evolve from an initial ATO attack that transpires into fraudulent transaction attempts. The ability to monitor account behavior changes over time can help inform actions such as the use of quarantine at registration or ATO time to prevent downstream attacks. 

3. Connections among coordinated attacks

New fraud attacks are rarely lone wolf attacks as they are often carried out by groups of bad actors creating a number of fake accounts or conducting large-scale ATO attempts in order to maximize financial gains. A dashboard needs to display accounts that act in a correlated fashion and the distribution of correlated events among the group. It should compare how the correlated group differs from the global population. A fraud analyst should be able to track the progression of an attack campaign over time and efficiently review incremental detections.

4. Actionable fraud patterns and trends

A fraud analytics dashboard should not only provide analytics of detected accounts but also inform general fraud activity within a business in real-time. Businesses should be able to use the analytics to see global fraud trends and monitor its business risk profile. Some of the insights provided should include where the fraudsters come from, what attack tools the fraudsters use (e.g., device type, OS, email domain, IP, etc.), and what attack events are the most common. 

5. Customizable widget and visualization

Each fraud team has its unique use case and workflow. A future-proof dashboard design needs to be able to support fully configurable and personalizable workflow to reflect the specific interests of fraud teams and individual users. This would greatly improve a team’s productivity by prioritizing based on their unique workflow.


Gaining 20/20 vision into unknown fraud attack patterns

Reimagining how fraud analytics dashboards should look like is the theme of DataVisor’s Fall 2018 product release. The goal of our dashboard redesign is to give our customers a 20/20 vision into the most sophisticated, unknown fraud attack patterns. If you are at Money 20/20 this week in Vegas, come visit us at Booth #851 to receive a demo of the future of fraud analytics.