20230526-EB-Putting_Fraud_In_Context.pdf

What is the Right Approach?
1
Bring It All Together With

Confluent to Fend Off Fraud
Conclusion
2
The Fraud Problem
3
How Do You Counteract Fraud?
4
5

Where there is an opportunity for gain, there is
fraud. An age-old problem that has evolved over
the centuries from simple sleight of hand to highly
engineered cyberattacks coordinated among
complex networks of organized criminals.
The 

Fraud 

Problem
01
5

01 the fraud problem
1 Pandemic has made the problem worse
2 The Cost of Fraud
3 UK Government Benefit Fraud
4 PWC’s Global Economic Crime & Fraud Survey 2022
t’s hard to escape the headlines dominating the news.
Financial services fraud in particular is a major crisis today,
with even the most cyber resilient organizations incurring
huge financial losses and negative reputational impact (see
right The Global Fraud Epidemic). Regardless of what is
reported, the true liability always runs much deeper and the
risk to organizations extends beyond an operational problem.
But how do the bad actors continue to outsmart seemingly
fail-proof fraud detection models?
Just as technology has advanced, so too has the fraudster’s
business model. In today’s globally connected, multi-channel
digital world, the footprint is expansive and the market is
ripe to build a virtual empire of hackers and bad actors, each
with specialized expertise to ensure successful compromise
at every potential entry point. Cybercriminal teams can
strategize to infiltrate an organization, through coordinated
internal and external attacks, with greater sophistication
and at a greater scale than ever before. The outcome could
be the theft of money or goods or the misuse or exposure of
confidential information or data.
And the pandemic has made the problem worse with the
rapid shift to online transactions and, with it, the huge
numbers of people to exploit who are less digitally aware of
scams to extract their confidential data1.
4
Fraud impacts everyone from private individuals 
 to large corporations, from private industry to public sector and even the military. Financial services firms are not the only targets of fraud in today’s digital world. E-retailers spend more than 7% of their total annual revenue combating fraud2. The U.K. government lost £8.5 billion pounds in benefit fraud in 20213. PwC's Global Economic Crime and Fraud Survey 2022 respondents reported total losses of US$42 billion4, on top of the damage to brand, reputation, and market share. In actuality, fraud losses are often higher than the figures reported. Firms never want their customers to know the full extent of what is really lost. The actual cost of fraud incurred by organizations extends beyond the direct loss to investigation and recovery costs, regulatory penalties, and reputational damage that impacts customer and partner relationships.
The Global Fraud Epidemic

One of the most common, and the most damaging,
types is transactional fraud which has seen pandemic-
attributed spikes across different payment platforms
including credit card, P2P instant payment systems,
and even the more traditional bank wire transfers. Zelle
in particular, the U.S. bank-owned answer to PayPal,
has been a significant target for scams. When Zelle
customers fell victim to social engineering attacks5, the
subsequent fraudulent transactions were defined as
authorized and legitimate transfers by account holders
with the banks claiming no culpability or recompense.
That, however, has changed with recent U.S. Senate
pressure forcing JPMorgan, Wells Fargo, and Bank of
America to assume ownership and reimburse
compromised accounts accordingly6.
Perhaps more dangerous than typical transactional 

fraud is the evolution of account takeover attacks, 

a sophisticated long-term compromise which often
originates through data breaches, ultimately resulting 

in some form of payment fraud.
Like every other individual and organization across the globe, your firm will always be a primary target. In fact, an attempt to defraud your clients or firm is likely happening right at this very moment, in a multitude of ways, across many attack surfaces on your infrastructure (see right Examples of Financial Services Fraud).
5 Fraud is flourishing on Zelle
6 Banks to reimburse Zelle scam victims
7 Aite Group research
Bad actors can assume account credentials and
strategically lurk over a prolonged period, assessing
further vulnerabilities in a firm’s cybersecurity process
and striking when an opportunity presents itself. In the
context of financial services, an account holder could be
unaware their bank login credentials have been
compromised, with an illegitimate payment taking
place months later rather than an instant fraudulent
Lpne 
nGLv-eCnLLkcLl?
Furthermore, these are usually not singular attacks. 

A bad actor has the propensity to engineer further
attacks on a targeted account, at any time, if it can
back up the compromised bank login with additional
identifying credentials such as an email or a phone
number for example. Having a real-time forensic view
of all potential indicators of compromise could help
mitigate this. Aite Group research reports 64% of
financial institutions have seen an increase in account
takeover fraud since pre-COVID-197.
From Transaction Fraud
to Full Account Takeover
01 the fraud problem
5
Examples of 

Financial Services Fraud
'Transaction fraud
'Cross-border payments fraud
'Account takeove3
'Synthetic identitie/
'Phishing and smishine
'Insider threa2
'Scam/
'Market abuse and rogue tradine
'Invoice and payroll fraud
'Application fraud
'Stolen cards and stolen credentials
(often sold on the dark web
'ATM/IDM fraud (skimming, etc.
'Check (cheque) fraud
'Cybersecurity breaches 

and related attack/
'Crypto scam/
'Gift card fraud
'BNPL (by now pay later) scam/
'Money launderine
'Tax fraud
'Benefit fraud
'Insurance claims fraud
'Claims exaggeratio-
'Insurance premiums application fraud

6
01 the fraud problem
This is due to the fact that across many organizations
fraud teams still operate independently from cybersecurity
teams and they typically have different views into the data
and use different tools and processes to address fraud.
Fraud teams typically have access to transactional
structured data but often have limited contextual insight
into those transactions. They look for likely indicators of
fraud, after the occurrence of the event, and conduct
transaction-centric assessments to determine if fraudulent
activity has occurred or not. Most fraud detection systems
rely on statistical models and rules for detection.
Unfortunately, with the exponential growth and
sophistication of attacks, the number of indicators that
can influence a fraud assessment has also grown. And this
has fraud teams adapting their “legacy” models to adjust
to evolving channels and types of fraud.
On the other hand, cybersecurity teams have invested heavily in analytics-oriented SIEM (security information and event management) tools that rely on the ingestion 
 of log data and other unstructured sources for incident investigation and resolution. While these systems have 
 a good deal of context from unstructured data sources, they often do not have an easy way to extract insights 
 from transactional systems such as databases, mainframes, and e-commerce platforms.
With crime pathways converging, and the traditional
distinctions between cyber breaches and fraud and
financial crimes fading, such siloed approaches are
becoming increasingly untenable.
While organizations are pouring in millions of dollars to fight fraudulent activity, existing systems and models are incapable of detecting and preventing fraudulent behavior and attacks in an effective way—they lack timely information and contextual intelligence to determine if an event or a transaction is legitimate or malicious in nature.
Why Current Approaches Fail to Deliver

Organizations have to protect themselves 

against every vulnerability possible, but fraudsters
(and hackers) just need to find one. That is why
effective fraud management should focus on areas
of prevention, detection, and intelligent response.
How Do You

Counteract 

Fraud?
02
5
Today, many organizations are taking a more holistic,
collaborative view of the underlying processes to
create a “fusion center”–streamlining the business and
technology architecture to effectively fight fraud.
Context is key and time is of the essence!

Day 1 [10:30 PM]
Successful login:

Usual IP address (FL)
Day 2 [8:07 AM] NY ATM withdrawal
Day 2 [5:52 PM] Failed login x2
 New IP address (1)
Day 3 [7:17 PM] Successful login:
 New IP address (2)
Day 5 [11:30 PM] Successful login:
 Usual IP address (FL)
Day 6 [5:20 PM]
Funds transfer ($1):
 Unknown recipient
Day 4 [3:38 AM]
Mobile banking:
 Authorize new device login
Day 5 [12:34 PM]
Password change:
 New IP address (3)
Day 10 [4:30 AM]
Funds transfer ($5k):

Unknown recipient
Day 2 [2:4 3 PM]
Onboard purchase:

United Airlines
Capturing and understanding contextual and situational data
can help identify a fraudulent actor before an unauthorized
transaction is even invoked. Identifying unusual, erratic, or
incongruent changes to the contextual data for an account can
help prevent malevolent activities before they occur by possibly
locking the user’s account or taking other preventative action.
Let’s consider the example of payment fraud.
To understand when payment fraud happens, you need to
know more than just the fact that a transaction has occurred.
To know whether that transaction was legitimate or
fraudulent, it becomes ver y important to understand the
context around that transaction. To this end it beco mes critical
to collect and analyze all the information that can provide that
context, regardless of which systems or data sources may
contain that data, to create the appropriate risk score.
The illustration above highlights some of the contextual data that may be critical to informing a fraud detection decision including:
Failed login attempts Did the user attempt to log in
multiple times before gaining access to the system?
Change of password Did the user change their 

password recently?
User geolocation Is the user making the request in 

a location that is different from their usual location?
User device/software info Is the user using a device or
software version that is new or different?
User network address info Is this request coming from 

a new or different IP address or host for this user?
New payment recipient Is the user sending this payment 

to a new or unknown recipient?
Amount of transaction Is the a mount of this transaction
unusual for this user based on their historical patterns?
Time/Day of transaction Is the time of this transaction 

unusual for this user?
Context Matters
8
02 How to counteract fraud
Day 4 [6:30 AM]
Airport Taxi card swipe

Time is Critical
In addition to having visibility into all the information
required to make a fraud determination, it is critical to gain
that important context in a timely fashion. Detecting and
preventing fraud as it happens requires decisive action in
real time.
In the example illustrated on the previous page, we can see
that the user has logged in from a new device overseas at
the same time that they have returned home to their
normal location and purchased a taxi fare. A fraud system
operating on real-time data can identify the overseas
activity as something suspicious and possibly malicious so
it can then communicate to the connected account
systems and temporarily suspend the account to prevent
any fraudulent activity from occurring. The system can also
alert the user of this activity and recommend remediating
actions. This can only happen with a system that is
leveraging the latest possible contextual information
coming in for this user and account, the moment it occurs.
However, systems that only look at historical data retrieved from data-at-rest sources (such as databases or logs for after-the-fact analysis), by definition, are unable to detect fraud as it happens and thus won’t have the chance to stop or prevent the fraudulent activity.
Fraudulent attacks can easily be averted if organizations
shift from a transaction-centric, data-at-rest processing
mindset to an event-driven, real-time processing mindset,
where every event is analyzed as it occurs and fraud threat
vectors can be updated on the fly.
9
The information that is critical for detecting fraud comes in different types and formats, and from different data sources and systems. The data is often available at different speeds and times and can be delivered in large volumes. Some of the data will be structured data such as transaction amount or user login information and may originate from relational databases, mainframes, or order management systems. Other data that can help provide context may be unstructured data such as network access log entries or geolocation information, and may come from HTTP logs, network logs, server logs, or identity and access management systems.
In order to proactively detect and prevent fraud, all of this data
must be aggregated and analyzed together by the fraud system
to derive the right security context and respond with intelligence.
02 How to counteract fraud

Many fraud platforms today are not able to
combine both the structured and unstructured
data, or the transactional and the contextual
information, nor are they able to put it all to
use in real time to make the best fraud
detection decision.
The
Right 

Approach
03
5
True fraud detection and prevention requires
that contextual events, transactional data, and
data changes be analyzed as they happen
together, with historical patterns, to inform the
best fraud decision system possible.

03 The right approach
To inform the best fraud decision possible, organizations need to:
DH@sGHeCBIAH;Ac
Draw on multiple sources of data—structured and
unstructured, historical and real time, event streaming and
event sourcing, wherever it resides on the data estate—to
apply context, develop good indicators and leverage a fraud
scoring system, at scale
uvABpoAHessiee`rB@sIcc
Enable the processing and transformation of all relevant data
for analysis, executed through the application of sophisticated
ML modeling that optimizes for multiple constraints instantly
and/or self-calibrates through learning, to create appropriate
threat scores on anomalous activity
Connect Data and People
Facilitate sharing of intelligent, contextual data by delivering
the right data, to the right place, in the right format, at the
right time, for smarter rapid decision making and well-
orchestrated response
11
Previously, fraud detection was attempted via a batch/nightly process. With Confluent, Capital One’s "Second Look" platform moves to real-time fraud detection and triggers actionable alerts on suspicious activity (e.g., double swipe/duplicate charges, high tips, increased recurring charges). The solution combines real-time account data with historical context (e.g., past % tipping behavior), thereby improving threat response and mitigating fraud costs with average savings of $150 per year for each customer.
“We look at events as running our business. Business people within our organization want to be able to react to events— and oftentimes it's a combination of events.” 
 —VP of Streaming Data Engineering
customer story

Confluent is a data streaming platform
that enables you to integrate and process
large amounts of customer data at scale,
from a variety of different sources that exist
in your departmental and technology silos,
across a distributed data estate.
Fend Off
Fraud with
Confluent
04
5

04 fend off fraud with confluent
13
Our data streaming platform enables you to derive
meaningful context and distribute the data to the right
place, in the right format, at the right time, to fight fraud
and enhance your cybersecurity posture.
Unlike traditional transaction-based threat detection
systems, Confluent’s event-driven architecture can
understand the occurrence of any event whether it is part
of the actual transaction (transaction amount) or
something that provides context for that transaction (user
geolocation change).
Confluent can aggregate data from transactional systems such as databases, file systems, mainframes, and data warehouses as well as system logs and other unstructured data sources, and capture every change to these systems the moment it occurs.
By combining and contextualizing all the required data to
identify patterns, detect abnormalities, and automate
immediate actions in real time, Confluent uniquely makes
it possible to combat fraud with great precision.
Protect your money

Prevent or minimize the losses associated with fraud and financial crime
Know your customer behavior to improve overall
customer experience and retention
Reduce the amount of downtime experienced by
a system impacted by fraudulent activity
Enable a holistic and consistent view of data to
build a next-gen fusion center and manage the
security health of the organization
Keep your customers happy

Improve business continuity

Advance security posture

Fend off fraud with a real-time,

event-driven data streaming platform
Fraud Tools
(FICO, Actimize...)
ML/AI
(BigQuery, D atabricks...)
SIEM Tools
(Splunk, Elastic...)
Website L ogs (HTTP)
User Actions D atabase
Branch and ATM Data
Transactions
Authentication L ogs
Route
Filter
Join
Detect
Govern
Enrich

04 fend off fraud with confluent 14
Bank BRI needed to move from synchronous to
asynchronous microservices development on an
enterprise-ready platform and enable stream
processing for real-time data processing in flight. They
chose to use Confluent Platform and Apache Kafka® to
deploy an event-driven microservices architecture that
powers big data analytics for real-time credit scoring,
fraud detection, and merchant assessment services.
Bank BRI is now able to detect fraud in real time.
“Confluent Platform and Apache Kafka, by enabling us to build and deploy real-time event-driven systems for credit scoring, have helped BRI become the most profitable bank in Indonesia.” 
 —Kaspar Situmorang, Executive Vp at Bank bri
customer story
Confluent’s industry-leading data streaming platform offers the following capabilities that can be instrumental in detecting, understanding, and even preventing fraudulent activity by bad actors.
How We Do It
Connect
Harness and aggregate all the required data— unstructured and structured, event streaming and event sourcing, real time and historical, at massive scale providing both contextual and transactional information to inform and improve the fraud detection decision process.
Confluent delivers this capability through a variety of
data source connectors, APIs, and advanced
capabilities to enable seamless mobility of data across
any combination of on-prem, hybrid cloud, and multi-
cloud environments. This capability allows teams to
improve fraud detection by leveraging full contextual
data for increased accuracy.
Govern
In the world of fraud detection and prevention, governance and audit controls become key components of a successful approach. Confluent provides the only governance solution designed for the intricacies of streaming data, allowing businesses to expand their usage across more teams without bypassing requirements for risk management or regulatory compliance. Governance for data streaming is the key to fostering the collaboration and knowledge sharing necessary to become an event-centric business while remaining compliant within an ever-evolving landscape of data regulations.
Confluent’s Stream Governance suite (Stream Quality,
Stream Lineage, and Stream Catalog) establishes
trust in the data streams moving throughout your
cloud environments.

04 fend off fraud with confluent
15
Process and Enrich
Organizations can use the data in Confluent to
process, build, and maintain a real-time “fraud threat
score” or “threat vector.” Continuously combine and
analyze in-flight data with historical data for every
customer, and update that threat score every second
to derive real-time situational awareness and detect
12ot=2o:;57r.=*(;*1.:2(;r0
Confluent can perform stateless and stateful
processing of both in-flight and historical data, so 

the appropriate fraud threat vectors are updated 

every time a new event, a relevant risk indicator,
occurs. This allows organizations to predict and detect
a compromised account before the transaction is
attempted and suspend the compromised, fraudulent
transaction proactively.
This powerful stream processing capability is delivered
with native stateless and stateful operations through
ksqlDB and Kafka Streams. This capability enables the
reduction of losses and costs by improving fraud
prevention with real-time decisioning.
Stream processing and sharing can also serve as a
real-time data pipeline to machine learning systems
to build, train, and use fraud models.
Immutable Log
Audit Logs
Stateful & Stateless Stream Processing
In Context Logs, Metrics, & Traces
Confluent Data Streaming Platform
Cheap, long-term storageML/AI Tools & Frameworks
Payment Data Application

Traces
Privileged

Access Data
Fraud & Money

Laundering
Authentication

Data
Transaction

Data
API Requests
Log Data
Performance

Metrics
Website &

Mobile Logs
Security Tools
Multiple teams 

speaking the same language
Fraud Detection Tools
Operational Resilience Tools
Observability Tools
Security Operations
Fraud & Financial Operations
IT Operations
Bring context to your data Automate risk scoring in milliseconds
Connect data, tools, 

and people for shared insights

04 fend off fraud with confluent
16
Build
Create ready-to-use data products for downstream
consumption. Confluent’s architecture is uniquely
suited to scale the processing of huge volumes of real-
time structured and unstructured data with already
mastered data, such as historical customer activity, in
a common data backplane. And with Confluent, this
aggregate data can be made available for downstream
consumers however they need it. Shifting to a data-as-
a-product mindset with data aggregated by Confluent
allows you to make sure everyone has access to the
data they need at all times.
This capability is aided by the ability to store historical
data as an immutable sequence of data records
supported by Confluent’s infinite storage subsystem.
This allows teams to understand a complete threat
history with a full audit trail giving them a way to learn
from the past.
Share
In order to make the best use of gathered fraud detection data, one needs to share a consistent view 
 of that data everywhere it's needed. Share it with your applications, systems, and cybersecurity and fraud teams to maximize data reusability, agility, and informed collaboration. This capability is delivered through Confluent’s decoupled architecture enabling the consumption of data as a self-service product, as well as Confluent’s governance capabilities, and connectors to third-party systems.
Confluent makes it easy for different teams to
produce, share, and consume a consistent view of the
data so all your data-dependent systems can
continuously act upon, and react to, the most up-to-
date enriched datasets.
Demand became infinite for Instacart’s grocery delivery service nearly overnight when the pandemic shut down much of public life in 2020. The company gained half a million new customers in mere weeks— and needed to serve each of them with real-time availability. Instacart improved fraud detection and enabled faster execution during the time of pandemic- driven explosive growth by implementing Confluent.
“When I think of our first few wins that we’ve got 
 with Confluent, the one that stands out to me is fraud.” 
 —Nate Kupp, Director of Engineering at Instacart
customer story

Fraud is big business, an ever-
evolving industry that continues to
threaten every organization, every
individual, in every location.
Conclusion
05
5
While known fraud losses for some firms have been reported
to run into multi-billion dollars, the real magnitude of its
damages are rarely disclosed outside board rooms and can
have a devastating impact on a firm’s reputation and bottom
line. To acknowledge how damaging it is can be seen as an
admission of your firm’s vulnerabilities.
To err is human and savvy fraudsters will always be on the
lookout to manipulate those weakest links in your processes,
the disconnects between your teams, no matter how
impervious your vulnerability management technology may
appear to be.
You can turn the tables on bad actors by getting a step ahead
of them with the deployment and monitoring of real-time
fraud threat scores powered by always-on streaming data.
Use technology to your advantage to detect and prevent fraud
and save your organization and your customers money and
heartache. Be the fraud prevention hero that your team needs!
Check out the 10 ways that Confluent drives
transformation in financial services firms.
Explore our online fraud detection resources
Want to learn more?
Leading digital native bank EVO Banco needed an advanced
fraud detection system that could apply behavior analysis,
data analytics, and predictive modeling to its customers’
accounts, without adding friction to the customer
experience. Using Confluent Cloud, the bank is able to
combine high-fidelity, real-time data with historical
transaction data for accurate in-stream fraud detection
and predictive machine learning. As a result, the bank
successfully protects more than 500,000 daily transactions
and has decreased its fraud response time to mere seconds.
“EVO Banco has been able to reduce its weekly fraud losses by a staggering 99% thanks to the help of Confluent. This is an
incredible feat that speaks to the power of data streaming
technology.… Imagine the impact this has on customer trust
and the bank's reputation.” 

— Jose Enrique Perez, Chief Data Officer & Manager of
Innovation at EVO Banco
customer story