Fraud Analytics: a Survey on Bank Fraud and Fraud Prediction Using Unsupervised Learning Based Approach

Fraud in banks has been steadily growing over the past years and is a challenge to banks worldwide. The complexity involved in detection of such fraudulent activities further adds to the problem. A thorough examination of fraud and its possibilities is necessary to pinpoint and distinguish the few fraudulent cases within the vast volumes of banking data. In this paper we have discussed various scenarios in which fraud could take place and applied unsupervised learning approaches to detect fraudulent acts in areas such as credit cards, money laundering and financial statements. We have keenly analyzed various attributes which would be necessary in detection of culprits who may cause a loss to the banks/organizations. Our analysis assists in discovering anomalous behavior among peer groups to more consistently uncover frauds with lesser amount of false positives. INTRODUCTION With the evolution of internet in the banking sectors, people have changed the way they used to bank. But this digital evolution is also creating new opportunities for fraudsters to hack into personal accounts. Banking sector frauds have been in existence for centuries, with the earliest known frauds pertaining to insider trading, stock manipulation, accounting irregularity/ inflated assists etc. Fraud is a dominant form of white collar crime that continues to extract a significant toll not only on the organizations, but also on investors, financial institutions, and the economy in general. There are many issues that make effective fraud management a challenging task. These include: enormous and ever-expanding volumes of data, the growing complexity of systems, changes in business processes and activities and continuous evolution of newer fraud schemes to bypass existing detection techniques. Detecting fraudulent financial statements is a difficult task when using normal audit procedures due to limitation in understanding the characteristics of financial statements, lack of experience and dynamically changing strategies of fraudsters. According to the Basel II definition, Fraud is a part of operational risk and has been classified as Internal and External fraud. Internal Fraud is the risk of unexpected financial, material or reputational loss as the result of fraudulent action of persons internal to the firm. Losses are due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involves at least one internal party. It includes misappropriation of assets, tax evasion, intentional mismarking of positions, bribery. The Basel Committee is the primary global standard-setter for the prudential regulation of banks and provides a forum for cooperation on banking supervisory matters. Reserve Bank of India has defined fraud as “All instances wherein Banks have been put to loss through misrepresentation of books of accounts, fraudulent encashment of instruments like cheques, drafts and bills of exchange, unauthorized handling of securities charged to NOVATEUR PUBLICATIONS INTERNATIONAL JOURNAL OF INNOVATIONS IN ENGINEERING RESEARCH AND TECHNOLOGY [IJIERT] ISSN: 2394-3696 VOLUME 3, ISSUE3, MAR.-2016 2 | P a g e banks, misfeasance, embezzlement, theft, misappropriation of funds, conversion of property, cheating, shortages, irregularities etc.” According to a survey done by EY which included more than 2,700 executives across 59 countries, the risks businesses are facing are not receding. More than 1 in 10 executives surveyed reported their company as having experienced a significant fraud in the past two years. This implies that there is a 5-7% chance of occurrence of fraud cases within a year. Also, according to a Delloite survey, 93% respondents indicated that there has been an increase in fraud incidents in the banking industry in the last two years. There are dozens of ways in which an individual can commit bank fraud. Some of these schemes are more complex, and affect more people or institutions, garnering harsher penalties than others do. Typically, fraud in banks can be categorized into 3 main categories: Corruption, Asset Misappropriation and Financial Statement Fraud (Fig 1). Corruption includes cases of conflict of interest, bribery, illegal gratuities and extortions. Asset misappropriation may be embezzlement or inventory related fraud. Financial statement fraud involves overstating or understating the assets or revenue generated. Below listed are some typical fraud scenarios in the financial domain: Fraud cases involving theft of identity are a serious and growing problem in the era of internet banking. With so many transactions done online, hackers have the ability to frequently access bank account and credit card information from unwitting consumers. Fraudsters can also use obtained names and addresses to apply for fraudulent accounts, credit cards and loans.  Embezzlement could occur when a bank employee misappropriates funds from customers or from the bank itself. Banks usually guard rigorously against embezzlement in a variety of ways, since this type of bank fraud can be extremely harmful to the institution's reputation. Bank fraud cases involving internal theft usually are managed by people with considerable power within a bank branch, since they have the most access and opportunity and are generally perceived as trustworthy. Fig. 1 Types of Common Fraud Schemes  Bank Impersonation is where one or more individuals act as a financial institution, often by setting up fake companies, or creating websites, in order to lure people into depositing funds. NOVATEUR PUBLICATIONS INTERNATIONAL JOURNAL OF INNOVATIONS IN ENGINEERING RESEARCH AND TECHNOLOGY [IJIERT] ISSN: 2394-3696 VOLUME 3, ISSUE3, MAR.-2016 3 | P a g e  In the context of bank fraud, internet fraud occurs when someone creates a website for the purpose of presenting themselves as a bank or other financial institution, to fraudulently obtain money deposited by other people or get the login credentials of the customers of the bank.  A fraudulent loan is one in which the borrower is an individual or a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a nonexistent entity and the loan simply a deception to conceal a theft of a large amount of money from the bank. An individual who takes out a loan, knowing that he will immediately file bankruptcy, has committed bank fraud.  When money is obtained from criminal acts such as illegal gambling or drug trafficking, the money is considered “dirty” in that it may seem dubious if deposited directly into a bank or other financial institution. Since the criminal needs to create financial records ostensibly showing where the money came from, the money must be “cleaned,” by running it through a number of legitimate businesses before depositing it, hence the term “money laundering.” Because the act is specifically used to hide illegally obtained money, it too is unlawful. A lot of work has already been done in the field of fraud analytics where most researchers have used supervised classification methods like logistic regression, decision tree, neural networks and SVM. In these kinds of methods there is the need for the model training process where the class labels of the cases in the sample to be used to train should be known first. But in practical scenario, where the probability of occurrence of a fraud is less, it is very difficult to find the train dataset from an organization’s database. Also, being dependent on the train set to predict the future activities as fraudulent is a naïve approach and the probability of detecting a fraudulent attack is low. As the probability of occurrence of the next consequent attack to follow the same pattern as of the previous attackers is also very less, the supervised trained model won’t be as effective as unsupervised technique. In this paper we have discussed various scenarios in which an individual could commit a fraud. We have adopted an unsupervised clustering based approach (Self organizing map) in combination with association rule mining to predict fraudulent activities as this approach does not need the class labels of the cases in the sample.