HSBC is deploying the first major enterprise fraud system by an international financial institution, and thus making a strong case for centralized anti-fraud efforts. HSBC found during its U.S.-based pilot that improving fraud management performance at the point-of-sale achieved significant efficiencies by stopping fraudulent transactions, keeping false positives low, and reducing processing costs. That's a big change in an industry where anti-fraud efforts are chiefly measured by loss prevention.
The new system took a while to materialize. But two years after HSBC launched development efforts with SAS Institute on a universal fraud management system — and three months after a successful U.S. trial period of the resulting platform — HSBC is going forward with plans to implement it for real-time, card payments protection.
During the pilot there was an 87 percent gain in the number of processed items, including both card transactions and customer information, with a "corresponding reduction" of 12 percent in mainframe processing overhead — which reduced cost-per-data item rates 53 percent and cut by 30 percent computing output by having fewer flagged items.
"That has been one of HSBC's concerns," says T.J. Horan, SAS' director of fraud solutions. "Could they improve their detection capabilities without a corresponding increase in the false positive rate."
The SAS Fraud Management Platform, which SAS now plans to market to other Tier 1/Tier 2 institutions, is the culmination of the two-year "Raptor" project HSBC undertook to centralize its fraud management across its global footprint. HSBC declined to be interviewed for this story, but past reports note the London bank holding company is consolidating "hundreds" of siloed fraud systems across its 83 worldwide operations.
"What this signifies to me is there really is a trend among some of the largest banks to implement enterprise fraud risk solutions, instead of siloed solutions," says Avivah Litan, vp and analyst with Gartner. It's also a potentially shape-shifting move in the financial services security space for SAS, whose BI platform caters to the "self-serve" model for end-users to build their own rules engines on the fly for new scenarios — which sounds exactly how banks would want to handle daily fraud threat analysis.
"It's pretty significant because no one has really challenged the [Fair Isaac] Falcon system in 20 years," in fraud management, says Litan, referring to the most widely adopted anti-fraud solution for card acceptance. "[SAS'] strength is in data mining, analysis and big customized projects, and now they're starting to productize it."
The fraud management platform in place for HSBC will crunch various feeds of business logic (establishing parameters of what may be behavioral aspects of a fraudulent transaction) to create split-second decisions that will alert merchants in the authorization stage to not accept a card. A card with a very recent address change, or out-of-band purchases could trip the alerts, which will be in effect worldwide by 2009 once HSBC completes the total rollout.
"HSBC can deploy their own rules and business logic to supplement those analytic models," according to Horan. The models themselves, he says, are built from behavioral customer trends that make fraud alert decisions not just on that individual transaction, but overall account experience.
"An event can be a purchase transaction or an authorization at a merchant location, and it can also be a change of address into a call center or through an Internet channel, or a payment or deposit that might come in," says Horan.
That kind of complexity throws manual review processes into a tizzy, Litan says. A bank that has systems spitting out departmental alerts makes it nearly impossible to implement changes across the different platforms, especially when a new fraud trend emerges.
"So there is a trend now — it's not huge but it's growing — to put enterprise fraud detection systems where it's real easy for you to change the rules, and all feeds go into one case management system," she says.
The pluses of such centralization produced an additional benefit for HSBC: there was a 10 percent increase in call-center agent efficiency against potential fraud investigations instigated through the bank's proprietary case management system. There were also reduced IT support costs by cutting ties with three other software applications, according to HSBC and SAS.
After rolling out the new fraud management system in the UK and Asia, HSBC's plan is to use it for its entire global reach of 100 million credit and debit cards in more than 30 countries. This will help create better risk profiles of its customers across products and services, an important component of new Basel II capital and risk regulations for major international banks.
Given the credit-market turmoil of late, tightening risk controls and deploying better risk analytics firmwide can only be a good thing for institutions.
(c) 2007
