Banks are using technology developed by search engines to cheaply sort through vast amounts of consumer data to identify potential fraud.
Fraudsters try to hide their tracks by moving from channel to channel, business line to business line and bank to bank. Many of products that use a method called link analysis help banks track fraudster behavior by using open-source code called Hadoop, which is an Apache Foundation Software project.
Hadoop, which is free to use, was largely built by programmers from search engine giant Yahoo Inc. and related to Google Inc.'s MapReduce platform. MapReduce is a distributed file system that allows the search giant to return quick answers to the many search requests it receives.
"We have hundreds of devices and systems generating event information and transaction information and network information, and all that data is useful to make security decisions," says Preston Wood, chief information security officer at Zions Bancorp. of Salt Lake City, Utah.
This year, Zions began using a link analysis tool provided by vendor Zettaset Inc. of Mountain View, Calif. It uses the Hadoop-based software to identify fraud and security risks in real time as well as to study emerging fraud trends, Wood says.
Many banks rely on large and costly data warehouses and relational databases to store and analyze consumer and business data. The amount of data is quickly growing to huge proportions.
"As the investments required to manage financial crimes activities increase, the use of an open standards framework like Hadoop to connect to the structured and unstructured information needed to anticipate, detect, analyze, and prevent fraudulent transactions from money laundering to employee misconduct should be considered as a viable option," Michael Versace, research director for global risk services at IDC Financial Insights, said in an email.
Without an open-source option, banks would potentially have to spend millions of dollars on dedicated hardware and software to get the same results, industry experts say.
"Link analysis is a great way to get your arms around all your data and look for strange relationships, not only for fraud, but insider activity and inefficiency in business processes," says Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc.
Such tools can also help compare both structured and unstructured data from disparate data sets, making it possible to expand beyond simple "apples to apples" comparisons, she says.
"The issue for banks is that their mortgage data is all over the place," Litan says. "Their systems are meant for servicing loans. They are not meant for data analysis."
Palantir Technologies Inc., for example, has been working with some of the largest mortgage lending banks to identify billions of dollars stolen by fraud rings collaborating to force sales of homes at artificially low prices in the aftermath of the recent mortgage crisis, she says.
Palantir has helped some top banks discover that over 1% of current subprime sales on portfolios between $100 billion and $2 trillion were lost to fraud, Litan wrote in an Aug. 10 blog post. (Palantir did not make an executive available to comment for this story.)
Detica Group Plc., Informatica Corp. and SAS Institute also provide link analysis tools, though not all are based on Hadoop.
SAS, for example, offers two different products lumped under the name Social Network Analysis. Neither is based on Hadoop. One is associated with real time events, such as credit card, automated clearing house and wire transactions. It checks across multiple databases, such as internal bank and external credit files, to make a split-second decision on whether a transaction should be allowed.
The other SAS tool examines social networks and relationships to help bankers identify something called "bust out" crime, says Ellen Joyner, global financial services marketing manager for SAS.
This type of fraud is typically orchestrated by scammers who steal a valid customer's identity, then set up multiple credit accounts at different banks. The fraudsters build good credit and even pay bills on time. Then, all at once, they take cash advances against every credit line, leaving the banks on the hook.
"Link analysis is helpful to visualize where there is a strong link to other people out there who already had an account closed for" a bust out crime, Joyner says.
But banks need to be careful about whether they violate any regulations when they share data to detect fraud, says Julie Conroy McNelley, senior risk and fraud analyst at Aite Group LLC.
Link analysis systems can also create false positives, flagging activity that is completely legitimate, McNelley says. The best tools provide a scoring mechanism that rates activity for suspiciousness.
"You can get a lot of noise [that behavior is criminal], when in fact the linkages you find between people are completely normal," McNelley says.