Business Case: HSBC Combats Fraud in Split-second Decisions

With billions of dollars, corporate reputations, customer loyalty, and criminal penalties for noncompliance at stake, financial firms must outsmart fraudsters.

Detecting and preventing fraudulent transactions across many lines of business (checking, savings, credit cards, loans, etc.) and online channels require comprehensive real time data analytics to assess and score transactions. That is, each transaction has to be analyzed within a split second to calculate the probability that it is fraudulent or legitimate.

A big part of a bank's relationship with customers is giving them confidence that they are protected against fraud, and balancing that protection with their need to have access to your services.

HSCB Overview

HSBC is a commercial bank known by many as the "world's local bank." HSBC is a United Kingdom-based company that provides a wide range of banking and related financial services. The bank reported a pre-tax profit of $6.8 billion in the first quarter of 2014 (1Q 2014). It has 6,300 offices in 75 countries and over 54 million customers.

Fighting Fraudulent Transactions

HSBC was able to reduce the incidence of fraud across tens of millions of debit and credit card accounts. The bank implemented the latest Fraud Management software from SAS. The software includes an application programming interface (API) and a real time transaction scoring system based on advanced data analytics.

Using the Fraud Management app, HSBC has reduced its losses from fraudulent transactions worldwide and its exposure to increasingly aggressive threats. The antifraud solution is live in the United States, Europe, and Asia, where it protects 100 percent of credit card transactions in real time.

Scenario

Consider this scenario. A credit card transaction request comes in for the purchase of $6,000 in home appliances. The bank has a moment to decide to approve the transaction, or reject it as potentially fraudulent. Two outcomes are possible:

• Legitimate purchase rejected: When a legitimate purchase is rejected, the customer might pay with another card. The bank loses the fee income from the purchase and the interest fee. Risks of account churn increases.

• Fraudulent purchase accepted: When a fraudulent purchase is accepted, a legitimate customer becomes a victim of a crime. The bank incurs the $6,000 loss, the cost of the fraud investigation, potential regulatory scrutiny, and bad publicity. Chances of recovering any losses are almost zero.

With trillions of dollars in assets, HSBC Holdings plc is a prime target for fraud. Fighting all forms of fraud-unauthorized use of cards for payment and online transactions, and even customer fraud-has risen to the top of the corporate agenda. Fraud losses are operating costs that damage the bottom line.

As required by regulations, HSBC has implemented policies to segregate duties, create dual controls, and establish strong audit trails to detect anomalies. In addition, the bank has antifraud technology, which includes SAS Fraud Management, to monitor and score the millions of daily transactions. It is the cornerstone of these efforts.

Fraud Management

In 2007 HSBC's first SAS implementation went live in the United States, which was their largest portfolio with 30 million cards issued there. All transactions were scored in real time.

Detection rates on debit ATM transactions have been very effective. HSBC has updated its Fraud Management solution multiple times as newer technology and threats emerged.

Of course, financial fraud morphs to avoid new detection methods so antifraud models have a very short shelf life. Once HSBC closes up one loophole, thieves devise new threats to exploit other potential vulnerabilities. To counteract threats, fraud-monitoring algorithms and scoring models require constant refreshing

Sources: Business Wire (2011), SAS.com (2014), Reuters (2014), YouTube video "HSBC Relies on SAS for Comprehensive Fraud Detection."

Questions

1. Analyze the reasons to invest millions of dollars to detect and prevent fraudulent transactions. In your evaluation, do a cost-benefit analysis to show why the investment cost is worthwhile.

2. Review the two outcomes of the fraud scenario. Assess the business implications of each of the following two goals. Explain why these goals are conflicting.

a. To minimize rejecting legitimate purchases by authorized customers

b. To minimize the risk of making customers victims of fraud

3. The Fraud Management solution is based on a scoring model. For example, assume the scores range from 1 to 10, with 10 being the highest probability that the transaction is fraudulent.

What cutoff score would you use to decide to approve a purchase? What cutoff score would you use to decide not to approve a purchase? If those cutoff scores are not the same, how do you suggest those falling between scores be treated?

4. Why are approval decisions made in a split second? Would customers tolerate a brief delay in the approval process if it reduced their risk of identity theft? Explain your answer.

5. Research ATM or other banking transaction fraud. How has a financial firm been defrauded or harmed?