Real-time Fraud Detection - Challenges and Solutions

Welcome everyone. So anyone who here works in finance fraud detection. Nope. So this topic is quite hot these days because it's like we're talking about sub milliseconds events and how we can handle it in real time. So what I wanted is just to describe the problem that we are trying to solve. Even if you don't work in finance, you probably use some kind of payment system with your card or you know, your mobile app or online systems where you try to make payments and you want to make sure, basically if you have a fraud activity, you want your bank to detect this type of activities. And at the same time you try to avoid something called false positive. So if you're trying to use your card and your bank declines using this card, so I'm sure those who have more than one bank account, you have some kind of preference.
So you prefer bank A over bank B for some reasons. Usually when we surveyed customers, we find out, like when it comes to fraud detections, you want to make sure to detect this in accurate way. And at the same time, so I came from the UK Liverpool and essentially if I'm currently here today in Berlin and someone else is using my card somewhere, you know, in the uk, I want to know now I don't want to my bank to notify me later in the day or next day. So that's what we are talking today to about and essentially what we wanted is to figure out the mechanism. So if you're not using fraud detection, perhaps you've used some kind of different actions in real time. So the main thing here is to define what is real time. And as I mentioned, real time for different people means different things.
So it depends on, you know, your, you know, your career basically. So for you could be related to transactions or events happened yesterday or last week or maybe maybe last month. But we're talking about sub milliseconds. So for example, and I to blink text around one third of seconds, so this is kind of pretty fast. If you want to detect fraud, you have an sla which is like time you need to response. If you want to create a solution for fraud detection, you probably want to kind of like finding the right structure to do it. And the right structure comes into place where you can combine two different types of data. So most of you here work on the historical data, some kind of data stored somewhere on the cloud or in database and you want to figure out a way of processing this data.
Obviously you are limited, which means you have some kind of network hubs or input outwards. So this is, you can't change, you will want to figure out a mechanism of handling this in real time as well as getting the historical data as I will show you today in this demo. So how much data we are talking about. So for some, again it's maybe like a few hundred or a few thousand. So on average if you walk in this area or in this domain, you're probably looking around 20 K or more transactions per second. So this is not only fast but also a problem when it comes to scale it. So you want basically to find fraud acti activity, which is roughly around 5% of all total transactions. So let's imagine you've done hundred transactions. So as assumption here is you will get around five fraud activities, whether it's a true positive or false positive, that's different matter.
We're trying to find this and scale it, right? So we want to make sure that not only we scale it in this location for example, but you also want to paint it all over places, all over countries. So we want to define trends obviously, and it's essentially it's, it's a problem, right? Because you're dealing with two different types of data, which is like the realtime data, this is like the trans transaction, you're making it now, right? And your historical data. So whatever transactions you've done before. So every bank gives you a score which is called credit score in the uk, I'm not sure what it's called here. So credit score essentially is like, you know, based on previous transactions, whether you have mortgage or not, whether you have, you know, house or not and so on. So your bank figures out a credit score, gives it to you and they use this in order to actually decide if a next transaction you will make is fraud activity or not.
So there are various ways to implement this type of solutions. Most ways focus on the real time story of it. So data you want to process it before you store it. So this is very important to understand. Most solutions focus on processing data after storing it somewhere, whereas in fraud activities for example, or online payments, you want to process these activities before you store it. There are various solutions. So I'm not going to go into describing technical solution for this, but I would just describe one way of implementing this using the company I work for, it's called Heca. So this is open source so you can try it out and we will figure out how we can achieve it in this scenario, right? For fraud activities, it's not only your transactions history, there are so many other elements in this type of activities you want to detect.
So for example, your data can come from your bank obviously, but that's only one part of story. So most banks used a very sophisticated models to implement this type of solutions because they check for example, weather forecast. So for example, if I'm now here in Berlin, temperature is, I dunno, is it 11 or 12, whatever. So and if my card is being used with a city that has forecast or temperature of, I dunno, five for example, this should flag a red activity, right? And same thing for GBS coordinates. So GBS coordinates can be used to actually detect if the transaction with the person is located in exact same place that the person and transaction. So you can see here you can use I iot devices for example. So GBS coordinate from your mobile for example, or whether forecast data alongside your bank details and so on.
So you want to process multiple sources at the same time. And this happens in real time even before you start. Now solution U usually focus on scaling this into different parts. So scaling, when you hear the word scaling, you might assume it's based on your data. So you want you to scale your data or you want to scale your compute and that's, you know, partially true. We want basically to scale on two different, you know, areas. So you want to scale on compute as well as your data. The only thing you need to be, you know, aware of is when you scale you need to have something called partition aware. So your compute, your solution should be as close as possible to your data. So if you store your data in multiple data centers, so one in Germany, one in the UK, and one in the United States, you want your compute or microservices or application to be stored as close as possible and there are various ways to deploy it.
So for example, you can deploy it locally. So if you are interested for example in speed, that's the approach you want to follow. So some, some banks deploy fraud detection models and solutions locally based on their data and other banks prefer to deploy it remotely. So remotely means on the cloud you don't care where it is located, but at the same time you want to actually have, you know, fraud detection algorithms running at the same time as your data. So this is where your data can be stored. So from here you can see you can import different data entry points into your application and you ca you should have some kind of high performance scaling and fraud detections algorithms in place. Obviously you will have multiple models running and at the same time you need to be able to switch models. So I, I'll give you examples here, not related to fraud.
So if you are using some kind of online platform, whether it's Uber, Netflix, Amazon, Facebook, all these companies have inbuilt solutions for real time stream processing. So which allow them to switch models between different types of activities. For example, if you try to log into one of these platforms on your mobile and the same time you use your laptop even that it is you who's, who's logged in, you will have different feed because they have different models in place. So one model could be related to your mobile, whether you are using your mobile provider data or wireless data and same thing applies to your laptop. So they provide multiple models and essentially you end up by deploying either the model as close as possible to your cluster or running multiple models. So that's also very important for fraud detection. You want to have these multiple models happening and running at the same time.
I'm not sure about your background so, so maybe you, you use some programming languages, if not it's just the idea here you use a python to do create your model and then you use Java to deploy it and this will allow you to scale. So this is very important when you scale you want to make sure that the scaling happens in various way, it depends how you want to deploy it. So for this today, for this demo today, so my demo is hosted locally. So one way is to store your model as close as possible to your cluster, but you also have the option to store it on sidecar. So this is basically you deploy it on the edge, so the on the edge, which means you have your model or solution as close as possible to your cluster. It's not on the same machine or same node.
And for most banks they use something called separate forms or super form means they use different different models stored in one location and then different structure for their clusters. And essentially this will allow them to switch between models and cluster in more efficient way. Now you might be asking, okay, so that's good, but how much data we're talking about. So we've done this actually study just to see how much we can detect and basically we run 1 billion transactions and was only with 30 milliseconds latency. So this is between sending requests and receiving response was only 45 n node. So this is really high performance and you know banks usually have different types of activities running. So not only fraud detections but also other activities as well. So your enemy with this solutions is latency and you want to make sure you have as low latency as possible.
So in some cases you can't avoid latency when it comes to network hopes where you deploy it input output. But in most cases you should be able to do basically minimize it. It depends on where you actually have your data. So let's just describe this demo here. So for demo i I, I will, you know, explain this topic in a very simple way but I will also make sure that you can also replicate it in various scenarios. So you should be able to replicate this solution after we finish today. So imagine I'm, you know, in the UK and I'm using my card and in here, let's assume there is a bank processing this transaction and essentially if I use my card after two hours in Frankfurt, my bank should actually validate this transaction, right? Because the time spent flying between two cities, London and Frankfurt is roughly around two hours.
I will show you how we calculate this. So it should in principle it should be valid transaction. However, if I try to repeat the same transaction again, but instead of Frankfurt, I use for example different city which is in New York. So there is no way, well at least I don't know if there's a way, there is no way to fly from London to New York into hours, right? So this is basically where I, we try to see if this is a fraud or not and the bank should flag it as red activity and should be declined. Obviously you might have a question. So what is big deal about it? So I, you know, you can use any solution for this type of transaction. So the answer is yes but, but in most cases you can't basically scale it. So I've done this study just to figure out, so on average this is from last year.
So obviously you can see different, different, different variants between number of flights. So I took number of flights, obviously we're not interested in the black line. So basically in 2022, which is last year and on average we have roughly around 250 K flights per week. Now you need to multiply this by number of passengers and obviously, which is with each passenger you want to multiply how many credit cards or debit cards. So this number becomes really big and you want to find its solution to deploy this. So the solution we use on aws, so in here what you see in, in simple terms a solution to basically detect the fraud activities. So we stored our data on aws, obviously you can use any cloud provider but it's very important to host it on the cloud, avoid latency as I mentioned. And you have validating validation function which allows you to check if a fraud is of is if activity is a fraud or not.
Obviously you need data for this type of application. So we're using GBS coordinates for airports, this is in Jason format if you want basically to try it out. And I wrote a machine learning algorithm here. So the model essentially try tries to use something called linear regression. And linear regression will check your previous transactions to detect if the next transaction will be fraud or not. So I'm not gonna bore you with the code here, but the solution in simple terms, you have IB addresses where the data is coming from or where you're trying to make a payment with timestamp and then we import it, we create a trend out of this and we try to predict if the next activity will be a fraud or not. If it is a fraud activity, flag it as one and provide alerts. That's when you get alerts on your text for, sorry, on, on your mobile.
And if not, if it is normal activity, flag it as a zero. So the trend itself is, will be created in memory. So this is very important. So we're not installing trend somewhere on the hard drive, but we're installing it in memory. And from there we actually try to create a different map or different structure to store the new data. The host is basically on the cloud and yeah, i I, I don't want again to describe the code, but essentially it's machine learning model using linear regression, it could be any model here. And from there you can see you can actually detect these type of activity. So when it is zero flag it as normal activity. When it is one flag it as normal activity. So this is where you can basically apply it. And if you don't want to use this type of scenario solutions, I will just show you how you can use it in different scenarios.
So if you don't work with finance or in fraud detection, so in here we look at it from sql. So if your data scientist for example, you want to handle and process data in real time, you can see this is where you can use the sequel, which is like a long programming language just to make some queries to detect or find the transactions. And from there, if you have multiple events or multiple transactions from multiple banks and multiple PEOP customers, you want to figure out where you store these types of activities. So you store it first in one kind of trades. It could be events, it could be transactions, it's not important. So this is transactions where you know, you track the trend and once you have it you want to enrich it, you want to add more data into it. So why this is important because you want to actually take the data or transactions and provide context to it.
So I'll give you another example here. Imagine that's you are trying to order from Uber, for example, Uber food and basically you have a favorite restaurant that you want to order from. And essentially you want not only to submit your order, but also for example to specify different active. So you specify time for example, you want your order to arrive at specific time. You also want for example to schedule it. So if it's not going to happen now you want to have it in like a specific schedule. And from there when, when Uber takes this order, they have various elements integrated within the their solution. So in, in this when try to place order, so they check first the restaurant or place that you're trying to order, they check also the bank for example to make sure the payment, they check for example how busy the restaurant is and at the same time how many other, you know, restaurants available to offer you a different and they take multiple inputs to provide you with the, you know, re response to your request.
And this happens in sub milliseconds, which is like they want to make sure not only to provide the solution and that also to make sure that this is the solution will work. And this is where you can enrich your orders. And this enrichment means that they take other factors to provide context. So with that being said, if you are interested with this, feel free to join this community here. We will have very large community about real realtime stream processing, fraud, detections, payments and so on. So you should be able to replicate these solutions in realtime and figure out how you can also scale it because solution is one part of it, but also the scaling it up and down depending how many transactions you have, is also very important with these type of solutions. So with that being said, thanks very much for the, for the Raiders and organizers. So I'm happy to take one or two questions if you have any. Thank you.
Thank you
Questions.
Well, I think we're a little over time so we'll go ahead and get ready for the next speaker. If
So, I'll be out if anyone wants to have a chat. Thank you.
Yep. Anyone wants to get in contact with, that's the way to do it. Okay.