Fast forward to our times. Not only has fraud become much more prevalent now compared to historic times, but the frequency and the ubiquitous nature of today's fraud means that fraudsters don't necessarily meet the end they deserve. Financial institutions are forced to fight fraud all the time. If fraud is not fought effectively, fraud losses can threaten to derail entire institutions. Some of this is because there are so many more human beings inhabiting the world today, and this results in interactions with institutions becoming more and more impersonal, thus opening up a rich environment for committing fraud. Fraudsters have become so sophisticated that they don't need to be present and make personal sacrifices like Hegestratos to carry out their plans. Fraud can be completely impersonal as far as the fraudsters are concerned.

Banks are especially vulnerable to fraud. Why are they so vulnerable? I am reminded of a conversation alleged to have occurred between Willie Sutton, a legendary and prolific bank robber, and a reporter, Mitch Ohnstad. Sutton is said to have robbed more than $2 million and spent over half of his adult life in prison. The reporter Ohnstad asked Sutton, “Why do you repeatedly rob banks?” to which Sutton replied, “Well, that is where the money is.”³ That statement pretty much sums up why banks are so popular with fraudsters. In most cases of fraud that banks experience, the fraudsters are never caught. All that the banks are able to do is to stop the bleeding by stopping fraud as soon as they can ; they have little hope of recouping the money lost.

In the good old days, when there were fewer customers and banks were for the most part local, they had the luxury of having face-to-face relationships with customers. In the last 40 or 50 years, this has been changing. Not only are there more and more (too many) customers to keep up with, but there also are many customers simply not available for face-to-face interactions. As banks got bigger and the pressure to get bigger and more profitable grew, they were forced to innovate in terms of customer acquisition as well as ways in which customers transact with the bank. As interactions with banks became more and more impersonal, the resulting anonymity also helped the fraudsters to exploit the system.

As we all know, lending money has been the business of banks almost from when they started. However, the amount of risk a bank is willing to take to lend money has changed dramatically in the last 50 years. Gone are the days when customers had to appear personally at the banker's office and show the assets on which a loan is requested. In those days, not only were assets showing the customer's ability to pay back the loan needed, but there was also the need to have third parties assure the bank that the money would be paid back if the borrowing customer was unable to repay the loan.

Fast forward to 10 or 20 years ago: Pretty much anyone who had an account with the bank and the semblance of a job could walk in and get a loan'not secured, but an unsecured loan like a credit card and/or other types. Even though it seems to be a pretty risky path for banks to take, as long as they could manage the risk/reward equation by exercising decent control on the risk side, it became a very lucrative path for the banks. The reward portion of the equation is generally dictated by the volume of business a bank can generate. Most of the time, the volume of business is proportional to the number of customers. The same volume also helped fraudsters. The higher the number of customers, the more impersonal the relationships become. You can see how the continuum operates.

Even with a rapidly growing customer base, it is possible to keep a decent amount of control on secured lending. In secured lending, there is an asset that the bank has control over that can be used to recoup losses it might incur, especially if the perpetrator is the customer. However, unsecured lending is a totally different beast. Unsecured lending is based on intangibles such as the behavior history of the customer and so on. In addition, since the customer does not have skin in the game, unsecured lending becomes a burden mostly on the bank. Unsecured lending pretty much opened the floodgates in terms of fraud. To a number of customers, it seemed like free money … almost. The biggest proliferation of unsecured lending happened in the area of credit cards. The concept of being able to get money using a small plastic card was not only an amazing idea, but also one that caused a lot of crooks to start thinking about how they could exploit this little plastic card to get the free flow of money going. Due to high interest rates for credit cards, in spite of the fraud losses, running credit card portfolios was and continues to be a very lucrative business for banks. However, if there was a way to control losses, credit card portfolios would be even more attractive for banks. This meant that issuers had to figure out a way to keep fraud losses in check. Various authentication methods such as signature matching were used in the beginning to keep fraud rates under control. Not surprisingly, fraudsters found easy ways around these authentication methods. This is when the realization came that studying the cardholders' behavior and looking for deviations would be a much more effective method of keeping fraud in check than using authentication methods, which the crooks could find ways around. Statistical models started do a better job of understanding the nuances of cardholder behavior and what is normal for a customer, so the automation of the process of detecting fraud as well as improved accuracy became a huge asset to managing fraud.

These days, interestingly, even authentication methods are expected to have some understanding of the customer beyond simply matching a password to the recorded password of the customer. We live in a complex world where customer expectations have grown, and as customers have become more sophisticated, there has been an inherent expectation that the banks should almost magically know the behavior of the customer based on past history.

In unsecured lending, a lot more diligence is needed in combating fraud because fraud directly affects the bottom line of banks, as there is no way to recover losses from the customers. About 15 years ago, the banks started to turn to systems based on technology. Some of these systems could see what the human eye could not. The human eye can see two dimensions and, with some help from the brain, can understand the third dimension. When we start thinking about higher dimensions and interactions, the human eye is simply incapable of seeing odd behavior. If you include the human intellect, it is possible to look a little further. However, no system is going to be as efficient and adept at finding fraudulent patterns that do not fit as statistical models. Technology had helped spearhead the phenomenon of interactions becoming more and more impersonal. Now the same technology (involving behavioral modeling) came to the rescue to address the problem it was partially responsible for creating.

Yogi Berra, the legendary American baseball catcher and manager, once said, “It is hard to make predictions, especially about the future” (the predecessor to this statement was made by physicist Neils Bohr).⁴ This very funny but very insightful quip applies to any prediction problem, and from one point of view, there is a lot of truth to this statement. As Nassim Nicholas Taleb, the author of the book Black Swan, says, it is true that vast portions of the future lie beyond our abilities to predict.⁵ The same argument tends to get used quite a bit against statistical models as well. Since a significant portion of this book is aimed at detailing the evolution of data analysis and statistical modeling and how much both have helped in combating fraud, let me address this at the very beginning. From certain points of view, it might seem that statistical models are not adequate to accurately predict the future. However, from my point of view, statistical models for the most part do a great job of making good predictions about the future even when the predicted situation is not exactly the same as what was observed earlier. Statistical models are very good at limiting the exposure (or fraud risk) and giving us a decent handle on the future. Statistical models have a tremendous ability to understand complex patterns and extrapolate to a decent-sized region not only in but around the values that the models were trained on.

To put it in real terms, let's say that cash deposits of $10,000 or more followed by multiple withdrawals are risky. If a rule or a mathematical algorithm is written to monitor for cash deposits of $10,000 or more, it is simply incapable of seeing risk when a deposit of $9,000 is made followed by withdrawals. However, a statistical model can observe a $9,000 deposit followed by multiple withdrawals and flag the activity as risky even though the model has never seen the exact same type of activity in the data presented to it.

The key here is the proximity of the dollar figure to the original number, and it gets a lot more complex and hard to do as we move away from the number. Statistical models, though, afford us the ability to extrapolate and learn in regions previously unknown, as long as the regions are reasonably close to what has been observed earlier. In a way, this is the way the human race has managed to grow knowledge in any scientific field, isn't it? If you look to the field of medicine, the development of antibiotics was based on repeated scientific experiments where each scientific experiment relied on the previous one and slightly expanded the knowledge space. We learn from the accumulation of knowledge, experiment a bit, observe new results, gain knowledge, extrapolate slightly beyond our previous region of knowledge, and so on. Statistical modeling is no different. While there are certain areas in which the ability of statistical models is more limited than in others, today it is true that without risk management largely driven by statistical models with behavioral...