Mathew Hobbis – Chief Architect FSI, Solace
The number of payment channels has grown exponentially. The time it takes to settle a transaction has gone down from days to minutes. Traditional banks have had to move from a couple of channels to potentially 10-15 within their organisation. The more channels, the more vulnerable the system becomes to fraudsters and criminals. The two big challenges for financial institutions right now are payments fraud at the consumer end of the spectrum, and the growing threat of organisational money laundering.
Here’s the conundrum. Modern financial organisations have to mitigate against such criminal activity for the safety of their users and its own reputation. But they must do this without adding any friction into the payments process that would put off or dissuade users of their services.
They need a solution that can not only keep pace but can carry out the additional checks in real-time across systems that often encompass legacy, on-premises deployments, as well as modern container deployments, and public cloud for AI and ML capabilities. In the real-time world of today, this can only mean using the new generation of event-driven architecture (EDA).
The more channels, the more opportunities for payments fraud
McKinsey charts a rise in fraud in a recent article series: “Skyrocketing levels of fraud, enabled by the accelerated adoption of digital commerce and the ever-increasing sophistication of fraudsters, have overwhelmed traditional controls in recent years. This surge has led to increased fraud losses and damaged customers’ experience and trust.”
For retail banks, payments fraud impacts both consumers and their bottom line. The Association for Financial Professionals®’ latest Payments Fraud and Control Survey, underwritten by J.P. Morgan, found 71% of financial professionals report their organisations were victims of payments fraud. Not only do fraudulent payments negatively impact banking customer experience and confidence, the cumulative cost is also large – one recent study by Juniper Research warns online payment fraud losses alone will globally reach $343 billion between 2023 and 2027.
Anti-money laundering (AML) spells the danger of more serious crimes
Money laundering is a major threat for banks because it usually goes hand in hand with serious organised crimes – including drug or people trafficking, weapons dealing or even terrorism.
The estimated amount of money laundered globally is between 2 and 5% of global GDP – and the reputational damage of undetected money laundering can be catastrophic. The Bank for International Settlements also explains “spotting different money laundering patterns is complex, requiring different data points and data sources as well as the ability to connect them across different systems in order to better identify suspicious flows and patterns.”
There are three key areas where technology and event-driven architecture (EDA) can help address these growing threats. The first is the tech to help you better detect. Banking and payments organisations must be able to quickly identify and action these fraudulent or criminal transactions, across all channels. Many are turning to data modelling and Artificial Intelligence (AI) and Machine Learning (ML) that can learn to recognise questionable transactions. But this can be further enhanced with EDA to manage fraudulent and money laundering transactions at scale.
The second issue and challenge for organisations is speed, specifically feeding transaction data, in real-time, to the AI / ML processes which often live in the public cloud. This is where EDA provides the real-time integration allowing legacy core-banking/mainframe systems to communicate with modern micro-service payment frameworks and cloud-based AI/ML for fraud and anti-money laundering (AML).
Finally, they must be able to stay one step ahead. EDA and the Event Mesh allows flexibility in how software components are wired together and flexibility in where they are located. This allows the platform to ‘evolve’, to react quickly and effectively to changes in the financial landscape. Flexibility, or ‘re-wiring’, and platform evolution needs to be a ‘business as usual’ activity as fraud and fraud detection is a constantly evolving game where financial institutions are pitted against criminals. Who can act the fastest wins.
Building a model – it all starts with scoring transactional data and setting triggers
The sort of activities that go into building a fraud prevention or anti-money laundering model with setting trigger points would include: type of transaction vs. is this consistent with a customer’s previous transaction history? Is it in an expected geography? If they travel a lot, then is the time and travel distance between their last transaction and this transaction reasonable? All this data must be fed into the model and assigned a score.
The score also depends on authentication requests. So typically, if you can identify a user together with their mobile phone, banks may pass the transaction because they are comfortable they know who the user is. But if a similar scenario occurs where the user has reached the same score, but there is no biometric data or mobile authentication, then this would be highly likely to trigger a different reaction – blocking or flagging the questionable transaction for escalation.
Now add AI and ML – fraud and money laundering detection starts to get powerful
When a bank has built a database of models, new transactions can then be checked against the models, and given an accumulated score, AI and machine learning then step up to the plate. These technologies, aided by EDA, can make rapid decisions and enable companies to flag abnormal transactions in real-time across all channels.
Layering these data models with AI/ML offers an opportunity for banks to get out in front and gain ground on fraudsters and money launderers. McKinsey research sees “Recent enhancements in machine learning are helping banks to improve their anti-money-laundering programs significantly, including, and most immediately, the transaction monitoring element of these programs.”
To be fully effective, AI/ML needs a big data set. They can only make decisions based on access to historic datasets. So, the first thing a bank has to do is to ‘train’ the model by buying data or scraping from its own historical datasets. And then the model runs through several fraudulent transactions, so it is now ‘trained’ on what a fraudulent transaction looks like. The objective is to build an understanding so AI/ML can pick out the right (fraudulent) activities.
Event-driven architecture helps police fraud and money laundering faster than ever before
Ideally, banks should build one model set for fraud and one model set for money laundering – then implement both models across all transactions and payment channels. And this is where event-driven architecture (EDA) enables them to leverage their fraud and money laundering data models and use AI/ML technology in real-time across an ever-expanding number of payment channels.
EDA allows banks to build an enterprise IT architecture that lets information flow between applications, microservices, and connected devices in a real-time manner as events occur throughout the business.
Meet the event broker who understands it all
EDA works with a middleman known as an event broker, which enables what’s called loose coupling of applications. This is essential because it means applications and devices don’t need to know where they are sending information, or where the information they’re consuming comes from. But the event broker does.
So, in the event-driven world, a bank just has to make sure a payments channel just sends the right event to communicate with the fraud detection or the anti-money laundering system and receive the same events to get the “yes or no” back.
The alternative is not really an option
It’s a much easier integration than trying to do this via standard REST APIs – which becomes a lot more challenging and will need to be built differently for every different channel a bank has now, plus any new channels. This means banks may have to change models based on not only changes in user behaviour, but changes driven by new products and services or to counter new types of fraud or money laundering.
With standard REST APIs – every time a bank adds a new channel, it has to change the way anti-money laundering and fraud systems work, because they have to know about this other channel. In the event-driven world they don’t know, don’t need to know – and they don’t care!
Banks can accurately support a high volume of transactions in the quickest response time, balance transaction authentication and authorisation with fraud detection without decreasing customer satisfaction, and route events securely across the whole payments ecosystem with efficiency.
A platform for the future – EDA opens the door to manage technical debt and quickly introduce new channels
EDA also provides a platform for the future – allowing banks to innovate outside of just countering fraud and money laundering. EDA will help traditional banks compete in the new world as they need to deliver products and services faster in order to compete. A large bank, with its legacy systems, can now compete against an online mortgage lender—and deliver a broader portfolio of products to customers with more speed.”
Yes, newer fintech market entrants have significantly less technical debt than traditional financial institutions. Imagine a new FX rate provider that can provide payments to every country and give customers the best FX rates. Everything is built on a modern infrastructure anyway – there is no legacy core banking app, and everything is microservice, as everything is in the cloud.
But EDA as an approach to enterprise IT architecture can help traditional banks introduce new services and link applications quickly and at scale, ensuring they can match these agile competitors and provide customers with the instant kind of feedback they seek from their banking services, while not being held back by large volumes of existing technical debt.
EDA – keeping financial institutions one step ahead
The challenge for larger banks is to move more towards real-time – even with a large amount of technical debt. EDA not only provides the springboard to payment modernisation; it also ensures a proliferation of payment channels does not come at the cost of increased fraud and money laundering.
