Skip to main content

Fraud Detection: Revolutionizing Financial Security - Part 1

Global-BRD-24-2927900-GTDA Thought Leadership

With a single prompt, generative AI (GenAI) has proven capable of creating text, images, videos and more from scratch — simply by learning from patterns within its training input data. Positively, this has led to improvements in predictive performance, speed-to-market, operational efficiency and bias elimination. All of which can play a role in detecting fraudulent activity in our everyday lives.

So, as a global information and insights company built around stewarding sensitive data, this begged the question: Can TransUnion use the same methods as GenAI to decipher behavioral patterns that can identify potential fraud?

The short answer is yes.

We discovered with the use of machine learning systems, long short-term memories (LSTM) and graph neural networks (GNN), GenAI could detect a variety of common fraud modalities.

The long answer is also yes, thanks to the help of grammar syntax rules and fraud modus operandi. If that sounds like some serious tech jargon, don’t worry — we’ll give you a crash course throughout the rest of the article. 

Part 1 is going to cover two areas:

  • Grammar syntax rules include how humans must follow these rules to sequence their words such that their meaning is effectively conveyed

  • Fraud modus operandi includes how fraudulent actors often need to sequence a series of operations to employ common fraud prevention techniques
     

The rules of grammar syntax 

By now, many of us have used platforms like ChatGPT for writing help. Platforms like this work because of generative artificial intelligence’s ability to track communication patterns and sequences that make up our language or grammar syntax rules.

Side note: Grammar syntax covers the rules we use to sequence words, so their meaning is effectively conveyed — from making up rules for a language to putting together phrases, clauses and sentences.
 

Part-of-speech (POS) tagging

One way in which data scientists evaluate grammar syntax is through part-of-speech (POS) tagging. This is the process of making up a word in a text as corresponding to a particular part of speech. The complex part is words can have more than one part of speech (e.g., a noun, verb, adjective or adverb) depending on how you use it in a sentence. With POS tagging, the goal is to find the correct tag for a particular usage. It looks like this: 

diagram of part-of-speech tagging

Figure 1: “From Languages to Information. “Introduction to Part of Speech Tagging. YouTube video, 9:02. July 19, 2021. https://www.youtube.com/watch?v=WQYt3DRLpuQ

In this case, the phrase “Stay vigilant to stop fraud” includes nouns, verbs and adjectives
 

The process of speech

Next, data scientists look at the sequences of words communicated between people. There are a handful of models to reflect this phenomenon. One of the earliest and most famous is the Shannon-Weaver model which depicts how effective communication from an original source to its destination is based on the presence of disruptions (or noise). 

diagram of part-of-speech

Figure 2: "Shannon and Weaver Model Of Communication." Businesstopia, July 30, 2024, https://www.businesstopia.net/communication/shannon-and-weaver-model-communication

Now, one thing to note about the Shannon-Weaver model is it simplifies the process down to just two individuals: the source and destination. Since many instances occur where communication is between more than two people, scientists continued to develop more models to reflect that.
 

Predictable patterns of fraud

Just as we must learn the ways of communicating grammar syntax as humans, models need to do the same with behavioral data. In the above research, our data scientists discovered patterns and sequences in fraud schemes take on a similar structure to what we just talked about seeing in language. 

 

Fraud modus operandi 

Fraudsters have a habitual way of operating that begins to represent discernable patterns. Just like a detective may focus on this to track down a criminal, the methods behind GenAI could be used to decipher and prevent fraudulent activity. 

Perpetrating an account takeover

Let’s walk through an example of account takeover (ATO) fraud. In this scheme, a fraudster accesses an unsuspecting victim’s account by creating a high-pressure event where the victim is caught off guard. As they’re asked to take quick steps to solve the problem, the perpetrator gets the information needed to access their account.

In this example:

  1. A fraudster contacts the victim over email addressing suspicious activity on their account. They instruct the victim to contact their bank and provide a link to a spoofed website.

  2. The victim attempts to log in with their username and password, giving the fraudster their credentials.

  3. Simultaneously, the fraudster enters the credentials on the real institution’s website. While on the website, they start the two-factor authentication by getting the bank to send an SMS passcode to the victim’s phone.

  4. The victim is given a prompt on the spoofed website where they enter the legit one-time code initiated by the fraudster.

  5. The fraudster sees the legit code and enters it on the real institution's website.

In five simple steps, they've just accessed the victim’s account and can control it.
 

Detecting perpetrated fraud

Fraud prevention techniques have changed throughout the years, but the foundation is always based on setting specific rules. That means when a certain action is taken, there are conditions that will happen next. For example, if you fail a login, you’re denied moving forward. Or, if you’ve got multiple failed logins followed by a successful login, it’s indicative of suspicious activity and should be reviewed manually by a fraud analyst.

Every organization has its own business rules set up to discourage fraudulent activity within the organization. Nowadays, other tactics are complementing these business rules, such as anomaly detection, models and machine learning algorithms.
 

Covering the gaps

Even with our advanced comprehension of fraudulent activity and GenAI, industries face gaps in how we assess entities, attributes and actions due to having partial visibility for any one interaction point. For example, providers only see information about when and how partners integrate with them.

So, if a company is only added on the demand deposit account (DDA) at a bank and not a consumer’s credit card, wire or automated clearing house (ACH) flow, the company will only have visibility into items about the DDA. If fraudulent activity starts happening elsewhere, they’d never know.

To overcome these gaps, TransUnion uses the same methods as GenAI to view our information in its entirety– developing a much fuller view of the entire population. With graph constructs, we’re able to see a more detailed view of the overall fraud scheme across multiple interaction points. This gives us an understanding of how events are happening via different entities and attributes from multiple companies, industries and even countries.

By looking at attributes across a consumer on top of actions like visits and calls, we’re able to link individuals to many attributes, which in turn flags potential fraud across the board rather than in just one siphon.

Why it all matters 

As we’ve taken a deep dive into the patterns of communication and realities of fraud, we can see how incorporating advanced GenAI tech could make a huge difference in the way institutions like TransUnion view and protect their consumers. First, through conveying language via ordered sequences of word tokens and how communication is interpreted across participants. Second, how fraud is based on sequences of actions — often perpetrated by fraud rings. 
 

Want to learn more?

Now that you’re an expert in grammar syntax and fraudulent activity, head over to Part Two of our series to learn exactly how TransUnion is implementing GenAI tools to detect and prevent fraud. 

Fraud Detection: Revolutionizing Financial Security - Part 2 | TransUnion
 

 

Authors:
Zinan Zhao (Sr. Advisor, Data Science and Analytics), Brad Daughdrill, PhD (VP, Data Science and Analytics) and Robert Stratton (SVP, Data Science and Analytics)