SAS Fraud Framework

SAS Fraud Framework is an end-to-end system for counteraction to fraud.

Description

SAS Fraud Framework provides the hybrid approach to fraud identification - it provides the maximum accuracy of determination of potential swindlers and decrease in an indicator of False Positive ("false operation") to minimum possible values (i.e. decrease in unproductive load of division of security or the division which are engaged in investigations of fraudulent cases).

The hybrid approach of identification of fraud includes five blocks:

• Set of the known expert and statistical rules;
• Monitoring of a deviation of behavior of objects from typical (average) behavior;
• The forecast models developed using the Data mining tools;
• The analysis of unstructured text information using the Text Mining tools;
• Identification of communications between objects (clients, insured events, policies, requirements, etc.) with use of the instrument of creation and the analysis of social networks.

For the solution of possible problems of quality of data, the maximum reducing costs for their collecting and consolidation, SAS Fraud Framework offers users a logical structure of data – DDS. All necessary information for DDS arrives from operating systems, the application systems and other bases of the client through special procedures of collecting, processing and loading.

For data analysis and development of the SAS Fraud Framework models offers idle time in use, but the flexible and multifunction tool - SAS Enterprise Miner. SAS Enterprise Miner has the intuitive graphical interface for creation of projects on data mining and modeling.

SAS Text Miner allows to analyze unstructured data and also to use unstructured data in the DataMining models.

One of the major SAS Fraud Framework components - the instrument of creation and the analysis of social networks (SAS Social Network Analysis). This tool allows to build social networks and to analyze them, i.e. to calculate characteristics of communications, roles of nodes, to select in the graph of community (group of the nodes connected among themselves), etc. Such structures of interrelations help to identify organized groups of swindlers. Analysis results of social networks can be used by two methods:

• Visualization of a part of the graph (community or cluster) connected with the studied object. Visualization in SAS Social Network Analysis server, also the interface allows to browse development of network in time.

• Enrichment of a data mart on the basis of which the improved scoring cards and models revealing "non-standard behavior" are under construction.

2016: Integration with Bot-Trek Secure Bank

On October 5, 2016 the companies SAS also Group-IB announced integration of the products for increase in accuracy of identification of fraud in the RBS systems in real time, creation of a system on the SAS Fraud Framework platform and Bot-Trek Secure Bank.

Schemes of fraud become more and more sophisticated, it becomes more difficult to reveal them therefore today it is natural that different vendors willingly cooperate for the purpose of increase in efficiency of the tools and guaranteeing the due security level of the RBS systems to customers. It is at the moment obvious to all that uses only of expert knowledge for fraud identification already insufficiently. Symbiosis of advanced approaches, non-standard solutions and the saved-up examination is required that at a stage of planning of a compromise to define and level threats. Pavel Krylov, head Bot-Trek Secure Bank, Group-IB

The hybrid approach of SAS to identification of fraud allows to combine flexibly business rules, methods of predictive analytics, model of identification of anomalies, the analysis of unstructured information and also to carry out the intellectual analysis of interrelations between system objects (transactions, clients, incidents and so forth). But it is important not just to reveal a fraud, but also to reduce the number of false operations an antifraud of systems and, as a result, to reduce load of security experts. The solution of these tasks depends, first, on ability to estimate correctly how specific actions in the RBS system and the subsequent to it transactions are characteristic of the client. We draw such conclusions, proceeding from information which is available directly in the systems of bank. And secondly, knowledge which we gain in an analysis result of the network environment and the client's environment at the time of commission of such transaction are necessary: whether the machine is infected whether the fact of remote connection was recorded, whether there are signs of application of a phishing and other. Dmitry Konovalov, head of counteraction to fraud of SAS Russia/CIS

Along with integration of solutions of the company announced creation of service for the banks using SAS Fraud Framework and Bot-Trek Secure Bank for operational informing on cyberfraud cases. All data on the revealed incidents and the appeared schemes will be immediately interpreted in the form of algorithms an antifraud system that will help to increase efficiency and security of remote links of service taking into account changes and emergence of threats.