Npower Npower Ltd. Telephone: +44 (0) 161 929 9899 Atlantic Business Centre Fax: +44 (0) 161 926 9520 Broadheath, Altrincham http://www.npower.co.uk Cheshire WA14 5NQ, UK http://www.n-power.net Fuzzy Logic in Fraud Reference Sites Over the past decade, Npower’s partner, INFORM, has deployed about 450 decision support systems in Europe, U.S.A., and Asia. Many systems handle mission-critical applications, such as airports and banking transactions, involving up to 2 million real-time decisions per day. This paper details three reference applications of Riskshield, a fuzzy logic system that aids fraud detection. It will soon be available in Great Britain from Npower Ltd. MasterCard Processing at GZS Credit card abuse prevention is a classical application area for Intelligent Surveillance Systems. Both commercial and in-house fraud detection systems have been developed. When GZS, Germany's primary MasterCard/EuroCard processor, looked for a successor of its neural network based Falcon™ system (by HNC), they decided to select RiskShield from INFORM. The primary reasons for GZS to select RiskShield for their ISS over its competitors were the flexibility of the RiskShield Decision Engine, the adaptability of its rule base and workflows, and its proven reliability record in other applications. RiskShield's Decision Engine enables the GZS abuse analysts to combine expert rules with neural net models and pattern recognition techniques so that the system can quickly d etect and adapt for emerging fraud patterns. GZS's analysts use the RiskShield Supervisory Workflow for the analysis of abuse patterns and the definition of effective countermeasures. Because the Supervisory Workflow fully exploits the Windows/NT 4.0 platform and ties in seamlessly with MS Office 97, training effort for the GZS abuse analysts was kept at a minimum. The RiskShield Investigation Workflow was completely customised to GZS's business processes for the investigation of potential fraud cases. GZS's 22 a buse auditors use the Investigation Workflow for the entire processing of the cases generated by the Decision Engine. All three RiskShield components are completely integrated with the other MVS/IMS, UNIX and Windows/NT computer systems of GZS using custo mised TCP/IP links and protocols. INFORM has worked closely with GZS computing and abuse specialists in the definition of al components of the GZS ISS and its integration within the GZS environment. GZS's authorisation system handles more than 10 million credit cards and each authorisation request must be answered within fractions of a second. Thus, GZS demanded highest reliability of the Decision Engine of its ISS. INFORM was able to demonstrate such performance and reliability in its ground handling systems in London Heathrow airport, where the Decision Engine handles 500000 transaction analyses per hour in real- time. Insurance Claim Surveillance at General Re INFORM, in co-operation with the five major German insurance companies, Allianz, ERGO/Victoria, R+V, Signal, and BVK, developed a complete Intelligent Surveillance System for insurance abuse prevention using the RiskShield software system. Now in use with these companies, the RiskShield's Decision Engine evaluates each insurance claim transaction. In these applications more than 60 criteria are used for RiskShield's evaluation of the likelihood of a claim being fraudy. RiskShield's evaluation on one side analyses the transaction itself, on the other it takes into account previous transactions of the persons involved in the transactions, as well as their interactions in past cases. It also checks for inter-relations between claims within groups of persons that are typical for organised insurance fraud. General Re and its European subsidiary Cologne Re, the third largest Reinsurance Company in the world, selected RiskShield as the platform for their Intelligent Surveillance System because of its easy adaptability to individual corporate business policies for their insurance companies, its easy-to-use Supervisory Workflow, and its rapid implementation time. The analysts that use RiskShield's Supervisory Workflow are non-technical specialists with limited mathematical and computing background. Thus it was important that the data mining and abuse pattern detection features of the Supervisory Workflow were completely predefined. Training of the abuse analysts was thus kept at a minimum Using the embedded data mining capabilities of Supervisory Workflow, analysts detect fraud patterns in past abuse cases. This knowledge, combined with police reports and other intelligence, is used to define the surveillance models in RiskShield's Decision Engine. And because the Decision Engine is configured completely from parameter files the analysts can instantly deploy a new abuse detection strategy by simply pushing a button in the Supervisory Workflow. RiskShield's Decision Engine lets users combine a "universal" abuse detection strategy with individual rules of the company. This was essential for this application, since a consortium of competing insurance's developed the universal abuse detection strategy. Each company later customised this universal abuse detection strategy to its business policies. RiskShield's Decision Engine evaluates each claim transaction and determines to what degree it fits typical abuse patterns. It then applies the company's business policy to determine the best treatment of such a case in the Investigation Workflow. Depending on the decision, the auditors investigate and close the case completely within the Investigation Workflow. Depending on the implementation, RiskShield simultaneously serves up to 350 users of the Investigation Workflow. Since all of the RiskShield components can be freely configured, little or no programming was required to deploy it as an Intelligent Surveillance System. In the case study, the definition of the abuse detection strategy was accomplished in only 3 months by the consortium, and the installation and test period of the software varied from 1 to 5 months, depending on the insurance company's software and hardware environment. From a development project started in October 1998, when a complete abuse detection strategy was defined for motor insurance claims, it is expected that by the end of 1999, a total of ten motor insurance companies will be using with the RiskShield Intelligent Surveillance System. Supplier Surveillance To detect and process abusive transactions by suppliers, INFORM has applied the RiskShield for the intelligent supplier surveillance with multiple customers in Europe, including DaimerChrysler, Volkswagen, Hoechst Marion Roussel, Coop Switzerland, and Metro Retail. In this application, supplier's transactions such as deliveries and invoices are continuously monitored and compared to abuse patterns by RiskShield's Decision Engine. Depending on the result, invoices are either paid or investigated by auditors, and in some installations, the RiskShield's proven detection rate of supplier's abuses is above 99%.