Alerts are notifications presented to the user of an application to tell them of something occurring in the system. But behind the notification, there are usually a set of rigid business rules that govern when alerts are triggered. These rules, or conditions, can be as simple as “over 100 banking transactions crossed a threshold in 5 minutes”. They can be complex: “tell me when 10 transactors with prior claims are related to other transactors by phone numbers that are involved in an existing claim”. Or they can be specific: “tell me when the risk score of account number 1234 goes above 75”. Either way, with the flexibility of a graph, alerts can be powerful tools to aid graphML based fraud detection systems.
Of course, you can imagine using alerts to notify users of phishing attacks, fraud, or anything suspicious. Real time alerts are important for escalating and properly mitigating threats. They can even be preventative, declining fraudulent transactions (or enabling unusual, but non-fraudulent, ones) as they occur, before they escalate into full on fraud or successful attacks.
Alerts by themselves can also distract. Having an overabundance of alerts can do more harm than good, by pushing systems and investigators to focus on unusual but otherwise harmless activities. One way around this is to prioritize alerts to surface the most pressing issues. If you know that a particular pattern is more indicative of fraud than another, you might prioritize the alert for that pattern higher than the other. You can also re-prioritize alerts that have been more successful at finding suspicious activity. But fraud changes; fraudsters learn and adapt and so should you. With graph technology and machine learning, we can predict which entities are more likely to be indicative of fraud or anomalies, strengthening your alerts by pointing you toward the most likely scenarios. So instead of building completely static rules based alerts, we can have an adaptive alert such as: “Tell me when a transaction above $10,000 is possibly fraudulent”.
Used internally, alerts can also notify companies to be on the lookout when certain patterns are detected. For example, being alerted to an increase in phishing attempts can be an impetus to retrain employees about phishing attacks and how to avoid them.
Alerts are a powerful tool for real time fraud detection systems. Alerts can be used to surface things one normally wouldn’t see in real time. It’s important, however, to remember that every application is different. Understanding your data and use cases will help you build more powerful alerts to track the most important changes within your system. As you continue to adjust and adapt to what works and what doesn’t work, your system will only get better at picking up those suspicious patterns. Being able to track these alerts within a fraud detection system, such as the Expero Connected Toolkit, provides you with the necessary tools in one package.