AI in financial services: From data fragmentation to data orchestration

We are gaining ground in the fight. “Twenty years ago, most FIs were resigned to lose one to two percent to card-not-present fraud. It has come to the point that most institutions seem to think if it’s not .01 percent fraud, they’re not doing the right thing,” says Sudhir Jha,  EVP Mastercard and Head of Brighterion. But the health of the entire digital ecosystem is dependent on collaboration, removing data silos and sharing intelligence across disciplines and industries.  

In this post, we will look at how data silos develop, layered security, how data orchestration helps to solve the growing cybersecurity threat — and the role of the C-Suite in setting those priorities. 

Is AI in the wrong hands a match for AI in financial services?  

Sophisticated fraudsters are finding opportunities to act using sophisticated AI. They’re capitalizing on consumers who practice bad password security or share their lives on social media, leaving trails of breadcrumbs for fraudsters to make seemingly authentic connections. They’re also empowered by organizations that leave themselves vulnerable to direct and third-party breaches, enabling sophisticated fraud to flourish.  

Criminals have access to more data, tools and technologies than ever before and innovate quickly to stay ahead of detection. They test, learn and apply technology to probe the vulnerabilities of digital ecosystems and their users. It’s a booming business. According to Moody’s, the global cost of fraud is $3.7 trillion annually. The massive scale of financial loss resulting from fraud can be exacerbated by data fragmentation. So, while we’re gaining ground, there’s more work to do in mitigating potential risk.  

Data fragmentation: a problem for optimal use of AI in financial services  

Data fragmentation occurs when an organization’s data assets are located in places, such as a various solutions and databases. This creates silos of information, increasing with each solution or function added. The result is an incomplete view of all data assets across the digital ecosystem. 

Data fragmentation costs financial services organizations millions of dollars in redundant technology and missed opportunities. Up to 20 different solutions are used amongst an FI's many departments. Usually, half a dozen parties are involved in each transaction using six or more payment channels. Credit card transactions, for example, include an issuer, a merchant, an acquirer and/or a payment services processor (PSP). Throughout the transaction, no single entity has access to a full picture of the customer or the merchant. 

AI in financial services: common use cases and opportunities for advancement 

The rapid advancement of payment technologies and the wide range of fraud vectors result in dispersed data. Consider an FI’s different departments and various technology needs. The range may include transaction fraud monitoring (TFM), chargeback prevention, A2A transfers, onboarding, lending, merchant risk monitoring (acquirers and payment service providers), compliance, AML, customer service, marketing and accounting. Often, different solutions are deployed for each function and many of them are not AI or machine learning-based, depending on human intervention for updates. These solutions have evolved at different times, so they have different protections, different stacks, and even different vendors. “Now you add different fraud types to that and the solution landscape quickly becomes unmanageable,” says Jha.  

Multiple opportunities are missed because of this approach. A complete picture of good customers and bad actors is required to advance in the fight against fraud and protect consumers. Robust profiles of customers can assist with better risk assessments, customer experience, marketing opportunities and close monitoring of high-risk customers or merchants. 

Data fragmentation and silos within the digital ecosystem 

Beyond an organization's internal structure lies the broader digital ecosystem. In this ecosystem, each industry and each player possess valuable intelligence. If this intelligence is used with the collective goal of combating fraud, significant advancements can be achieved.  

Within each need, or technology use case, there may be a layered approach to solving problems. For example, some acquirers layer TFM at a transaction's pre-authorization or post-authorization stages to protect themselves against fraud. 

Data sources from outside entities also contribute to greater fragmentation yet have valuable intelligence to share. For example, a fraudster may use social engineering tactics to gather information from social media and use the data to target victims. Telecommunications and web hosts, merchants, governments, and cybersecurity companies all have valuable but fragmented insights that will contribute to more robust profiles.  

The key to AI’s success in financial services is careful data orchestration  

The road to optimizing financial services data 

Leaders must take a holistic view of data and provide the budget and tools to overhaul data collection and fragmentation.  

When solutions are layered with an orchestrated approach, intelligence can be shared and used to power AI decisioning. When multiple solutions operate in departmental silos, however, there's a missed opportunity to enhance them with the learnings from all the other solutions.  

“It is going to require a cultural change within financial institutions, as well as retailers, from the top down,” Jha says. “The C-suite has to understand that this is a customer service issue — unless you take steps to protect them, you’re going to lose customers.”  

Banks must collect enough and the appropriate data to protect their customers. In doing so, they can merge data silos, orchestrate workflows and create overall profiles.  

One benefit is economies of scale. Fewer solutions will be required, resulting in fewer duplicate profiles. FIs will reduce tech expenditures and fraud losses while achieving business KPIs such as optimal product pricing and marketing opportunities. 

Use privacy-enhancement technologies to extract insights from data  

Data security is first and foremost when dealing with sensitive customer information. Robust encryption protocols and authentication methods must ensure that only authorized personnel can access confidential information stored within the system. These are the cornerstones of a robust data management program. 

For example, following Mastercard’s privacy by design principles, we aggregate and anonymize data to capture patterns of behavior, not individual data that might infringe upon personal privacy laws or create bias within the model. The derived data intelligence is used to build solutions and train AI models. 

Privacy-enhancement technologies (PETs) allow organizations to generate insights and train AI models from data without the need to access the raw data itself. This preserves the security and individual rights of data owners by limiting who can access the data and how it can be used. Data intelligence containing the attributes of trustworthy transactions from across a global payments ecosystem, for example, is what determines risk scores for transaction, A2A or merchant fraud. 

How does data orchestration work? 

An orchestration tool integrates data intelligence from various solutions deployed across an organization’s digital ecosystem. It can also include intelligence from other data sources outside the organization. 

Returning to our earlier example of using a layered approach to predict the likelihood of transaction fraud. Within the Mastercard ecosystem, customers often use a combination of digital tools for pre-auth, authorization and post-auth monitoring.  

The Brighterion AI Rules Management module integrates the various intelligence sources, including biometric, device and identity knowledge. Any data element can be incorporated into the scoring process. These identity sources can influence the overall recommendations from the solution’s rules and the AI model.   

Another example is scoring for likely fraud in account-to-account payments. The Rules Management module combines A2A transaction fraud risk scores with scores from behavioral biometric solutions. While an A2A scam is in progress, the biometric data might indicate the payor is under stress or exhibiting uncharacteristic activity. The data from the payee (potential scammer) account can be assessed during the transfer for risky signals, such as dozens of new accounts opened, physical location and more. 

“Biometric behaviors are difficult for a cybercriminal to mimic,” Jha says. “Banks can use some of those back-end behavioral biometrics in tandem with device identification and the amount of the transaction to detect fraud.”  

Data orchestration for all the right reasons: security, privacy, robust crime intervention   

Financial services customers are looking for protection from fraud and data leaks while experiencing more approvals with less friction. They have never been asked to do so much while making things faster and safer while trying to break the fraud cycle from data breaches and multitudes of attack vectors.  

Working across organizations to combine data into one smoothly orchestrated system helps achieve those goals while freeing up the budget allocated to redundant solutions and tasks. Integrating fragmented data into one scoring engine will result in cost-effective, high-quality data profiles to streamline operations, reduce financial crime and save money.  

No matter the speed of technology-led change over the next decade, the changing face of fraud motivates us to stay ahead of the fraudsters through cybersecurity innovation and engineering. At Mastercard, we aim to defend the digital ecosystem and ensure digital payments remain trusted, safe and secure for everyone. 

To learn more, listen to Sudhir Jha discuss generative AI’s role in changing the payments fraud landscape and what we should expect in the coming year.