To fight credit and debit card fraud, HSBC has developed a new real-time detection solution with SAS (Cary, N.C.). Based on HSBC's initial sucess, SAS will roll out the SAS Fraud Management product to other financial institutions to help put a dent in the $4.84 billion in credit card fraud losses reported in 2006.
London-based HSBC (US$2.15 trillion in assets), which previously relied on Fair Isaac's (Minneapolis) Falcon Fraud Manager for U.S. card fraud detection, began using the SAS solution in the U.S. at the end of June, according to Derek Wylde, head of group fraud risk for HSBC. "The difference is around how much [card] traffic we authorize in real time," he explains, adding that HSBC now is able to authorize 100 percent of card transactions as they occur. "SAS gave us immediate increases in productivity. ... We were able to process more data with less processing power."
The SAS Fraud Management system provides advanced analytics based on multiple data sources within a bank. A universal connector links the solution to banks' transaction systems. In addition to on-demand scoring of transactions, the solution also has a flexible application program interface that enables scoring, decisioning and processing of all card types, SAS says.
Prior to the SAS implementation, HSBC evaluated only about one in 10 transactions, notes Jim Goodnight, SAS president and CEO. By the end of October, HSBC already had seen an 87 percent increase in the number of data items processed with a corresponding reduction of 12 percent in mainframe processing overhead, SAS reports. HSBC also realized a 30 percent decrease in computing resource costs of processing card transactions flagged as potentially fraudulent.
But, "It's too early to determine how much extra fraud we are capturing," HSBC's Wylde points out. "We are not comparing two systems in the same period, so it's difficult to make an exact comparison."
A top priority for HSBC when building the solution with SAS was that it had to do more than just protect card transactions. "It had to give us the ability to screen other payments types," Wylde says. "The priority is to put this in place in cards businesses and protect card transactions," he continues. "In the next three to five years, at the same time, we will be looking to see where we can extend to non-cards."
Putting its debit and credit cards on the SAS detection system is the first step in building HSBC's enterprise risk management platform, Wylde relates. The second step is adding non-card transactions to the system, and step three, he adds, is using the system for credit risk management. "The system has the capability for our own credit risk models or use of SAS model-builders," Wylde says. The final step is to use the system for marketing and customer-retention, he adds.
While HSBC is deploying SAS Fraud Management in the U.K. and Asia, it will not be deployed in every one of the bank's locations, Wylde notes. Smaller businesses will remain on smaller fraud-protection systems, including Falcon, he adds.
Share and Share Alike
SAS says it hopes to create a consortium of financial institutions around the system that will benefit from sharing fraud knowledge. "Sharing data between banks is ranked No. 1 in AML and Basel II compliance," asserts the vendor's Goodnight, who notes that SAS is in talks with about a dozen U.S. and U.K. banks for the system.
A consortium approach "could and should aid fraud detection," HSBC's Wylde adds. "If we can get more data to build models, than that will improve performance."
PAYMENTS T FRAUD TECHNIQUES EVOLVE parallel to banks' new products and defense mechanisms