Working with Fraud Detection

Fraud detection is a mechanism to identify fraudulent transactions. In Open Banking, Strong Customer Authentication (SCA) adds an additional authentication step to the authorisation flow. As for an example, a customer may have to go through several authentication steps before performing a low-value transaction from an account, which the customer has recently authorised. Therefore, Transaction Risk Analysis (TRA) is introduced to exempt SCA in some predefined scenarios. SCA-exempted scenarios are described in detail under Transaction Risk Analysis. The Fraud Detection (FD) module calculates the fraud rate for transactions and identifies the scenarios that SCA can be exempted. Moreover, FD in WSO2 Open Banking Business Intelligence (WSO2 OB BI) provides a dashboard to monitor transactions and mark fraudulent users and third-party applications. In this page, you can find information on the following topics:

Fraud detection in WSO2 Open Banking

The FD module in WSO2 Open Banking runs separately from the solution based on the published transaction data. This is how WSO2 Open Banking API Manager (WSO2 OB APIM) and WSO2 Open Banking Identity and Access Management (WSO2 OB IAM) interacts with the FD module in WSO2 OB BI:

The module calculates the fraud rate for transactions as shown in the diagram below:

There are four components of the FD module that store and analyse data in order to determine the fraud rate and exempt SCA.

Click here to find more information about the four components...

Component	Description
End of the Day (EOD) Triggers	EOD triggers are applications that run at the end of each day in order to aggregate and summarize the data recorded daily-basis. FrequencyAggregator - Calculates, and stores usual transaction frequency (per day) of each user. VolumeRateAggregator - Calculates, and stores transaction amount per day of each user. AmountAggregator - Calculates, and stores average transaction amount and the standard deviation. UsualDayAggregator - Calculates and stores the usual day of user transactions and the deviation of the days. UsualTimeAggregator - Calculates and stores the usual time of user transactions and the deviation of the time. FraudRateCalculator - Calculates and stores the fraud rate(RTS[3] Article 19) of the bank by the end of the day.
FraudDetector	Gathers previously stored data of the current transaction, add it to the stream and then determines whether the fraud rate of the bank is within given values. If the fraud rate is within the given values, the transaction data is forwarded to the fraud detection rules.
Business rules	Fraud rules are the different rules that will be run in real-time on the transaction data, in order to determine the risk of the transaction. To see the fraud rules that can be deployed using the Business Rules template, see fraud rules.
FraudResultAnalyzer	Gathers result data of all fraud detection rules and if identified as potential fraud, adds the transaction to the flagged list and then sends the response stating whether the transaction is a potential fraud or not.

The implementation of the components in the WSO2 Open Banking Fraud Detection module is as follows:

[Back to Top]

Fraud rules

The fraud rules determine the fraudulent transactions that exceed the predetermined fraud rate. The following formula is used to calculate the fraud rate:

The calculation runs on a quarterly basis, i.e., data taken from the past 90 days is considered for the calculation.

Let's look at the fraud rules in WSO2 Open Banking ...

Fraud Rule	Description
transaction-frequency-rule	Stores the past transaction frequency of the user (transactions per day) in real-time. Validates the transactions in the past 24 hours against the past frequency value.
transaction-volume-rate-rule	Stores the transaction volume rate of the user (transaction amount per day) in real-time. Validates the transaction volume rate in the past 24 hours against the past volume rate value.
transaction-amount-rule	Stores the past average transaction amount of the user and the standard deviation in real-time. Validates the current transaction amount against the past values.
application-flaggedlisted-rule	Validates the application ID of the current transaction application against the application IDs in the flagged list (flagged fraud).
user-denylisted-rule	Validates the user ID of the current transaction application against the user IDs in the deny list (confirmed fraud or stolen credentials).
user-flaggedlisted-rule	Validates the user ID of the current transaction application against the user IDs in the flagged list (flagged fraud).
application-denylisted-rule	Validates the application ID of the current transaction application against application IDs in the deny list (confirmed fraud).
usual-day-rule	Stores the usual transaction day of the user and the standard deviation in real-time. Validates the transaction day against the past values.
usual-time-rule	Stores the usual transaction hour of the user and the standard deviation in the past in real-time. Validates the transaction hour against the past values.
delivery-location-rule	Validates abnormal delivery location of e-commerce transactions.

[Back to Top]

Setting up Fraud detection in WSO2 Open Banking

When you download the WSO2 Open Banking Business Intelligence (WSO2 OB BI) component, you can enable API Analytics, Transaction Risk Analysis, Fraud Detection, and Data Reporting. For more information about the features and instructions to enable them, see Integrate Open Banking Business Intelligence.

Make sure you have created the databases required for FD. See Configuring databases to find out the required databases.

Enable TRA for FD to work. Follow the instructions given in Enabling Transaction Risk Analysis (TRA).

To enable FD, follow the instructions given in Enabling Fraud Detection.

Working with fraud rules

In the FD module of WSO2 Open Banking, you can work with fraud rules by:

Creating a new fraud rule

The Fraud Detection module is shipped with fraud rule templates. In this method, you can create a new fraud rule using templates. Follow the given instructions to see how you can create and deploy a fraud rule.

Once you enable fraud detection, log in to WSO2 Business Rules Manager at https://<WSO2_OB_BI_HOST>:9643/business-rules/businessRulesManager. Use the credentials for the worker nodes that are configured under wso2.business.rules.manager in <WSO2_OB_BI>/conf/dashboard/deployment.yaml:
Click Create and From Template.
Select fraud-rules.
You can select a fraud rule from the existing rules.

Note that only the UK banks have to create the fraud rule named as consecutive-consent-rejection-rule.
Enter the appropriate information to the fraud rule.
The Exemption Threshold Values (ETV) for the fraud rate is specified according to the Regulatory Technical Standards (RTS). In case you want to change the values:
- Due to a change in a specification
- To set a value not exceeding the ETV
edit the Threshold values in the fraud-detector fraud rule.
Click SAVE or SAVE & DEPLOY.
1. SAVE - You can save the fraud rule and deploy it later. See Deploy an available fraud rule for instructions.
2. SAVE & DEPLOY - You can save and deploy the fraud rule at the same time.
After you save and deploy a fraud rule, you can find the information about it on the home page of WSO2 Business Rules Manager. In order to create more fraud rules, click the add sign on the left-top corner and follow the steps 1-5 for each rule.

Deploying an already created fraud rule

The business rules are available on the home page of WSO2 OB BI. This component is used to create, edit, and deploy business rules as fraud rules. In order to deploy a previously saved fraud rule from WSO2 Business Rules Manager, follow the given step.

Click the redeploy icon as marked in the on the image. As a result, a message appears to inform you that the rule is successfully deployed.

Updating a fraud rule

You can use the Business Rules Template Editor profile in WSO2 Stream Processor to update an existing fraud rule.

Click here to see how it is done ...

Download and update WSO2 Stream Processor (WSO2 SP) using WSO2 Update Manager (WUM) by executing the following commands. For more information about WUM, see /wiki/spaces/updates/overview.
- Initialize WUM:
```
wum init
```
- Download WSO2 Stream Processor:
```
wum add wso2sp-<version>
```
- Update WSO2 Stream Processor:
```
wum update wso2sp-<version>
```
Start the editor profile using the following in <WSO2_SP_HOME>/bin.
```
./editor.sh
```
Access the Business Rules Template Editor via the https://<WSO2_SP_HOST>:<PORT>/template-editor URL.
On the top-right corner, click the icon shown below to open the fraud rules in wso2/dashboard/resources/businessRules/templates/fraud-rules.json.
Choose the fraud rule that needs to be updated and edit.
Once you finish editing the fraud rule, click the save icon on the top-right corner.

Make sure you save the new fraud-rule.json file in the original location and delete the deployed rule in Business Rules Manager of WSO2 OB BI. Redeploy the fraud rule for the changes to take effect.

[Back to Top]

Using the Fraud Detection dashboard

WSO2 Open Banking provides a dashboard for banks to record and monitor transactions. You can use the fraud monitoring dashboard to:

View, filter, and sort transaction data for the past 90 days and beyond.
Mark transactions as fraudulent/not fraudulent.
Add fraudulent users and third-party applications to the deny list.

Log in to the WSO2 FD Dashboard using https://<WSO2_OB_BI_HOST>:9643/portal/dashboards/frauddetectiondashboard/home.
Click the Fraud Analyzer tab on the left sidebar menu.
On the Fraud Analyzer tab, you can filter and sort transactions during the past 90 days, mark transactions as fraudulent, and mark users and third-party applications as fraudulent.

[Back to Top]