Case Study

Federal bank of India improves fraud mitigation

The challenge

Despite the shift to chip-based cards (EMV), it has been estimated that debit and credit card fraud will grow to about $10B (USD) a year by 2020. Furthermore, the banking business has fundamentally changed; it’s no longer a secondary consideration to prevent malicious actions around the banks or its customers’ money. Against this backdrop, Federal Bank wanted to empower its customers to be a part of the intelligence that helps identify fraud attempts and malicious actions.

Traditional rules-only fraud detection systems are adequate at detecting known threats, but are not as effective or efficient at uncovering new criminal fraud strategies or zero-day attacks, which puts the bank and its customers at risk. Federal Bank required a counter-fraud solution for both its cardholders as well as its merchants with the following mission-critical features:

  • Ease of deployment: quick to deploy and to make changes
  • Responsiveness: works at the speed that fraudsters innovate
  • Cost reduction: massive savings due to fraud prevention

The solution

Federal Bank has relied on ACI since 2015 for its core switching infrastructure – BASE24-eps. BASE24 is an integrated software solution used to acquire, authenticate, route, switch and authorize financial transactions across multiple channels. Given that the bank was already using BASE24 – part of ACI’s Consumer Payment Processing solution – with excellent uptime and dependability, it was a logical step to expand its relationship with ACI to cover risk management. Since it’s a direct plugin and the deployment time for existing BASE24 customers was very short, Federal Bank was able to quickly customize ACI Proactive Risk Manager to meet its requirements. Proactive Risk Manager was customized for Federal Bank on two action levels:

Cards

Proactive Risk Manager for card transactions

The solution has two aspects: real time and near-real time. In real time, it authorizes the transactions, hence the end decision to accept or reject a transaction rests with the solution, based on rules defined by the bank. With the near-real-time facility, as soon as a transaction has occurred and the customer’s account is debited, an alert is generated. Based on this alert, an analyst can initiate various actions. The actions include blocking the card, marking it as fraud, white-listing it, putting a watch on it, etc. The bank’s risk team can process these alerts and take appropriate action based on the rules and the situation.

Moreover, near-real time has an additional facility called “auto-action.” In auto-action, the bank can ask the system to take an action as soon as a rule is triggered. Federal Bank required that an SMS be sent to the customer whenever the rule was triggered. To address this, ACI built a “customer-specific module” (CSM) called auto SMS message. This functionality captures the details of anomalous transactions in a table format, which is defined within its instance of the solution. The SMS vendor of Federal Bank then pulls these details from the table in near-real time and alerts the customer to review the transaction.

Merchants

Proactive Risk Manager for merchants

Merchant acquiring is outsourced by Federal Bank. Hence, a third-party vendor shares a file in batches in near-real time. Like card transactions, a set of rules are defined for merchant transactions and when an anomaly is detected, the rule is triggered.

The results

After deploying Proactive Risk Manager for real-time monitoring of card transactions, Federal Bank has seen a considerable drop in fraudulent transactions, especially through vishing fraud. The solution aired warning indications as well as declined potential fraudulent transactions in over 2.7K cards in a period of six months. Especially, the auto SMS feature has helped in creating awareness on a case-by-case basis and is edifying the customers of the risks. Federal Bank has thus been able to reduce the fraud loss for their customers to a major extent; and they have also slowly started noticing that the fraud loss has been nil in most of these incidents.