FraudBuster: Temporal Analysis and Detection of Advanced Financial Frauds Michele Carminati 1 , Alessandro Baggio 1 , Federico Maggi 1,2 Umberto Spagnolini 1 , and Stefano Zanero 1 1 DEIB, Politecnico di Milano, Italy 2 Trend Micro Inc. {michele.carminati,federico.maggi,umberto.spagnolini,stefano.zanero}@polimi.it [email protected] Abstract Modern financial frauds are frequently automated through specialized malware that hijacks money transfers from the victim’s com- puter. An insidious type of fraud consists in repeatedly stealing small amounts of funds over time. A reliable detection of these fraud schemes requires an accurate modeling of the user’s spending pattern over time. In this paper, we propose FraudBuster , a framework that exploits the end user’s recurrent vs. non-recurrent spending pattern to detect these so- phisticated frauds. FraudBuster is based on a learning stage that builds, for each user, temporal profiles and quantifies the deviation of each in- coming transaction from the learned model. The final output is the ag- gregated score that quantifies the risk of a user of being defrauded. In this setting, FraudBuster detects frauds as transactions that are not simply “anomalous”, but that would change the user’s spending profile. We deployed FraudBuster in the real-world setting of a national bank- ing group and measured the detection performance, showing that it can outperform existing solutions. 1 Introduction Financial frauds have been steadily increasing over the past few years, result- ing in billions of dollar losses [1]. Malware seems to be evolving through the collaboration between malware creators, growing by 16% since 2016. In 2016 fi- nancial malware infected about 2,8 million personal devices, a 40% increase since 2015 [2]. Despite financial institutions rely on fraud-analysis systems, fraudsters keep refining their techniques to remain unaccountable. Automated frauds are typically implemented via specialized malware, sold in underground markets, that can be easily customized to perform and/or hijack money transfers. An in- sidious type of fraud consists in keeping a “low profile” by stealing small amounts of funds in multiple rounds over time. Due to their stealthiness and recurring nature, we call these attacks as salami-slicing frauds, referring to the well-known fraudulent technique [3]. Moreover, Internet banking seems like the perfect venue for this type of attacks, due to the increasing adoption of micro-payment systems, with direct debit on the bank account. Detecting these sophisticated schemes re- quires a robust modeling of the end user’s spending patterns to exclude false
FraudBuster: Temporal Analysis and Detection of Advanced Financial Frauds
Jul 06, 2023
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Related Documents
![Joint Event Detection and Description in Continuous Video ...lsigal/Publications/wacv2019xu.pdf · Spatio-temporal activity detection [28, 34] localizes activities within spatio-temporal](https://static.cupdf.com/doc/110x72/5f14a3adb7d996309b195fd6/joint-event-detection-and-description-in-continuous-video-lsigalpublications.jpg)
