Credit cards are one of the most famous targets of fraud. But fraud is also possible through any type of credit card products such as personal loans home loans and retail. Indeed credit cards are the most vulnerable to fraud. Credit card is a small plastic card issued to users as a system of payment. Credit card security relies on the physical security of the plastic card as well as the privacy of the credit card number. CVV (Card Verification Value Code) is a new authentication procedure established by credit card companies to reduce fraud in internet transactions. The number of credit card transactions has reached the peak and led to a substantial rise in fraudulent activities. Occurrence of credit card fraud is increasing dramatically due to the exposure of security weaknesses in traditional credit card processing systems resulting in loss of billions of dollars every year. A critical task to help businesses and financial institutions including banks is to take steps to prevent fraud and to deal with it efficiently and effectively to inhibit the loss. The risk is that "credit card fraud remains usually undetected until long after the fraudster has completed the crime". Credit card fraudsters employ a large number of techniques to commit fraud. In credit card business, fraud occurs when a lender is fooled by a borrower by offering purchases, believing that the borrower credit card account will provide payment for this purchase. Ideally, no payment will be made. If the payment is made, the credit card issuer will reclaim the amount paid. Fraudsters can either internal party or external party. As an external party, fraud is committed being a prospective/existing customer or a prospective/existing supplier. To combat the credit card fraud effectively, it is important to first understand the different types of credit card fraud.
II. Different Types of Credit Card Fraud and Recommended Solutions
2.1. Preventing Bankruptcy Fraud using Credit Bureaus
Bankruptcy fraud is one of the most difficult types of fraud to predict. Bankruptcy fraud means, purchasers use credit cards knowing that they are not able to pay for their purchases. The bank will send them an order to pay. However, the customers will be recognized that they are not able to recover their debts. The only way to prevent this bankruptcy fraud is by doing a pre-check with credit bureau. Information in the credit bureau data is gathered from many different sources. Banks, consumer finance companies, credit unions, and collection agencies are some of the entities that periodically report to the credit bureau. Data are also obtained from state and federal courts on judgments, liens, and bankruptcy filings.
The process is as follows: the bank passes an enquiry to the credit bureau, who uses a third party in gather information. The enquiry includes identification information required by the credit bureau. The credit bureau sends a credit report for this single individual including personal particulars, details of non-compliance with contractual obligations, information from public directories and additional positive information such as repayment of loans according to contract at or before maturity. Some credit bureaus are also able to trace the address of a specific individual, who has moved to an 'unknown' address.
A credit file is created when an individual applies for, or uses, credit or a public record is reported to the credit bureau. Once a credit file is established, consumer's credit-seeking behavior, payment and purchase behavior, and any changes to the public records are recorded to estimate, detect, or avoid undesirable behavior and the updates are posted. Once the bank has received the credit report from the credit bureau, the bank can identify insolvency cases.
There are only few other methods to detect bankruptcy. Foster & Stine suggested a model based on standard regression techniques such as variable selection in data mining, to predict bankruptcy.
2.2. Detecting Charge-backs through Overlimit/Vintage Reports
Theft fraud means using a card that is not owned by him/her. The fraudster will steal the card of someone else and use it as many times as much as possible before the card is blocked. The owner must react and contact the bank sooner, so that, bank will take measures to stop the fraudster.
Counterfeit fraud occurs when the credit card is used remotely and only the credit card details are needed. The fraudster will copy your card number and codes and use it via certain web-sites, where no signature or physical cards are required. Fraudsters use stolen or manipulated credit card data where the merchant loses money and this is named as "charge-backs". Charge-backs are generated if credit card holders object to items on their monthly credit card statements because they were not responsible for the purchase transactions.
This type of fraud can be detected through 'over limit' reports or 'vintage' reports. These reports provide a daily list of customers that have exceeded their credit limit. A certain degree of tolerance may be accepted. For the credit card listed, the customers are contacted and if they do not react, the card is blocked. ATM transactions of large amounts and purchases of goods for a larger amount than normal are suspicious and must be notified to the customer.
Fig.1. Different Types of Credit Card Fraud
2.3 Detecting Duplicates/Identity Fraudsters using Cross-matching technique
Someone applies for a credit card with false information is said to be Application Fraud. Two modes of application fraud are: Duplicates and Identity fraudsters. When applications come from a same individual with same details, it is called as duplicates. When applications come from different individuals with similar details is called as identity fraudsters.
The bank requires some details from the credit card applicants such as identification information, location information, contact information, confidential information and additional information. All these characteristics may be used individuals with more than one card can be identified. In contrast, identity fraudster is perpetrated by real criminals for searching duplicates. Cross-matching technique is used to identify the duplicates and identity fraudsters. To detect the duplicates simple queries that give fast results are passed to cross-identify the information with location details. As a result, filling wrong application data consciously. Identity fraudster may be either identity fraud (contain plausible) or identity theft (real but stolen identity information) [Phua et al. (2006)]. Many matching rules must be applied and it is acknowledged that many false positive cases will be identified (Thomas et al., 2004).
III. Fraud Detection techniques
3.1 Genetic Programming, Clustering and certain other Algorithms
Using algorithms, certain types of credit card fraud can be detected.
The Evolutionary-Fuzzy System- An GP Approach
Algorithm proposed by Bentley et al (2000) is based on genetic programming and it contains logic rules, capable of classifying credit card transactions into suspicious and non-suspicious classes.
This system includes a Genetic Programming (GP) search algorithm and a fuzzy expert system. Data is provided to the Fraud Detection System (FDS) is clustered into three groups namely low, medium and high. The GP contains rules which match the incoming sequence with the past sequence. This algorithm easily detects stolen credit card Frauds with good accuracy and low false alarm. But it is very expensive and the processing speed is low.
Fig.2. Block diagram of the Evolutionary-fuzzy system
Other Algorithms
Chan et al. (1999) suggested an algorithm to predict suspect behavior and evaluated based on prediction rate/the true positive rate and the error rate/the false negative rate. Combination of different algorithms such as diagnostic algorithms, diagnostic resolution strategies, probabilistic curve algorithms, best match algorithms, negative selection algorithms, and density selection algorithms was suggested by Aitken (2000) to improve the power of prediction.
3.2 Neural Network Technologies in FDS
A technically accessible online fraud detection system, based on a neural classifier was proposed by Dorronsoro et al. (1997).
Card watch (Aleskerov et al., 1997); Back-propagation of error signals (Maes et al., 2002); FDS (Ghosh & Reilly, 1994); SOM (Quah & Sriganesh, 2008; Zaslavsky & Strizkak, 2006); improving detection efficiency "mis-detections" (Kim & Kim, 2002) follow the same concept and have a constraint that data must be clustered by type of account.
An Artificial Neural Network consists of an interconnected group of artificial neurons and processes information using a connectionist approach to computation. They are usually used to model complex relationships between inputs and outputs or to find patterns in data. It is used in applications, such as Pattern recognition or data classification, through a learning process. The most commonly used neural networks for pattern classification is the feed-forward network. A feed forward neural network is an artificial neural network where connections between the units do not form a directed cycle. In this network, the signals are propagated in forward as well as in backward direction. Perceptrons can be trained by a simple learning algorithm. It consist of three layers namely input, hidden and output layers. The incoming sequence of transactions passes from input layer through hidden layer to the output layer. This is known as forward propagation. The ANN consists of training data which is compared with the incoming sequence of transactions .The neural network is initially trained with the normal behavior of a cardholder. The suspicious transactions are then propagated backwards through the neural network and classify the suspicious and non-suspicious transactions.
Bayesian Neural Network (BNN) is also known as belief network (Ezawa & Norton, 1996; Maes et al., 2002; Mehdi et al., 2007) and it is a type of artificial intelligence programming that uses a variety of methods, including machine learning algorithms and data mining, to create layers of data, or belief. Bayesian learning combines evidences from current as well as past behavior using supervised learning. By using supervised learning, Bayesian networks are able to process data as needed, without experimentation. Bayesian belief networks are very effective for modeling situations. Time constraint is the main disadvantage of this technique.
A neural network learns and does not need to be reprogrammed. It can be implemented in any application without any problem. Its processing speed is higher than BNN. Neural network needs training to operate and requires high processing time for large neural networks. Bayesian networks are supervised algorithms and they provide a good accuracy, but it needs training of data to operate and requires a high processing speed. The accuracy in fraud detection of ANN is low compared to BNN.
3.3 Behavioral Analysis
Once human behavior is correctly modeled, any detected deviation is a cause for concern since an attacker is not expected to have behavior similar to the genuine user. Hidden Markov Model- HMM (Abhinay et al., 2008) modeled human behavior. If an incoming credit card transaction is not accepted by the trained Hidden Markov Model with sufficiently high probability, it is considered to be fraudulent transactions.
HMM never check the original user as it maintains a log. The log which is maintained will also be a proof for the bank for the transaction made. HMM reduces the tedious work of an employee in bank since it maintains a log. HMM produces high false alarm as well as high false positive.
