Elastic{ON} 2018 - Ferreting out Financial Fraud with the Elastic Stack at Discover Financial

Transcript

1. Confidential and Proprietary | © 2018 DFS Services LLC 0

   PRESENTED BY JINGSI XIA, RAJESH HARI MAR 1, 2018 THE OPINIONS EXPRESSED IN THIS PRESENTATION ARE THOSE OF THE PRESENTERS, IN THEIR INDIVIDUAL CAPACITIES, AND NOT NECESSARILY THOSE OF DISCOVER Transaction Abnormality Detection Using ELK Software Stack

2. Confidential and Proprietary | © 2018 DFS Services LLC 1

   • Discover® Payment Network • Fraud Problem Statement • Abnormality Detection Tool – Functional View • Initial Solution Architecture • Revised Solution Design • Stage 1 – Initial Architecture • Stage 2 – Improved Architecture • Stage 3 – Robust Architecture • Why ELK is Adopted • Business Results and Next Step Agenda

3. Confidential and Proprietary | © 2018 DFS Services LLC 2

   Discover® Global Network At-a-Glance Discover® is the third-largest global card network 1in4 U.S. households has a Discover Card* 10% growth in CNP volume, year-over-year Serves millions of loyal, high-spending cardholders across more than 185 countries Continues to add more network-to-network partnerships as part of overall growth strategy Discover shows 15% growth in CNP transactions and * TNS State of the Card Market Report, November 2015

4. Confidential and Proprietary | © 2018 DFS Services LLC 3

   MANIC Model Network Acquirer Issuer Cardholder Merchant

5. Confidential and Proprietary | © 2018 DFS Services LLC 4

   New Payment Methods Are Transforming the Industry Consumers have more ways to pay—dramatically altering the payments landscape. Contactless Payments EMV Technology Hybrid Online-Mobile System Digital Wallets

6. Confidential and Proprietary | © 2018 DFS Services LLC 5

   2020 The Growing Threat of Fraud As EMV increases the security of Card-Present (CP) transactions, fraudsters are increasingly turning their attention to CNP transactions. * iovation and Aite Group. ** Javelin Advisory Services, Future Proofing Card Authorization, August 2015 32% of falsely declined customers say "goodbye" to that merchant forever— resulting in losses 13x greater than actual card fraud** 2015 A 225% increase in CNP fraud is predicted from 2015 to 2020* 32%

7. Confidential and Proprietary | © 2018 DFS Services LLC 6

   Where CNP Fraud Is Heading Credit card fraudsters are nothing if not predictable, as they always migrate to the path of least resistance. With EMV protecting in-store transactions, online fraud can be expected to expand rapidly. CNP fraud in the U.S. is expected to grow from $4.0 billion in 2016 to $7.2 billion in 2020* Online commerce accounts for 8.5% of total U.S. transaction volume—but 49% of fraud** 2016 2020 $7.2 B $4.0 B 8.5% 49% U.S. eCommerce Transactions U.S. Credit Card Fraud * Aite Group, EMV: Issuance Trajectory and Impact on Account Takeover and CNP, May 2016 ** Javelin Strategy & Research: Fixing CNP Fraud, October 2014

8. Confidential and Proprietary | © 2018 DFS Services LLC 7

   Multi-layer Approach to Detect Abnormality Analytics Dashboards to Support Investigation Process Business Case: Transaction Abnormality Detection Business Rules Baseline Setup Alerting & Notifications Case Generation Initial Assessment Fraud Review Further Assessment Fraud Confirmation

9. Confidential and Proprietary | © 2018 DFS Services LLC 8

   Abnormality Detection Tool – Functional View Application Layer Data Warehouse Layer Record Data Analysts Threshold Algorithm Additional Analysis and Review Record Business Rules Threshold Alerting Switch Transactions Internal / External Business Users User Managements Application Monitoring Transaction Search Analytics Dashboards Machine Learning Business Users Technology Users Investigators Data Scientist

10. Confidential and Proprietary | © 2018 DFS Services LLC 9

    Initial Solution Architecture – Legacy System DN Issuers Internal Users Data Warehouse Feeds Messaging System Data Storage Alerts and Threshold Engine MQ Manager Cache Manager Discover Network® Transaction Feed User Interface API Franchise Users Alerts and Threshold Engine MQ Manager Cache Manager Diner’s Club® Transaction Feed User Interface API

11. Confidential and Proprietary | © 2018 DFS Services LLC 10

    Revised Solution | Initial Design Inbound / Outbound Data Feeds UI Applications Kibana Java Client Elasticsearch Master Node Data Node Internal APIs DN® Transactions Diners® Transactions Logstash

12. Confidential and Proprietary | © 2018 DFS Services LLC 11

    Revised Solution | Improved Design Kibana VIP Kibana 1 Kibana 2 Coordinating VIP Coordinating 1 Coordinating 2 Java Client Batch Logstash Elasticsearch Data 1 Data 2 Data 3 Master 1 Curator Master 2 Curator Master 3 Curator Shared SAN

13. Confidential and Proprietary | © 2018 DFS Services LLC 12

    Revised Solution | Robust Architecture UI Application Java Client Batch Logstash Transaction Feeds Data Feeds DB Coordinating 4 (write) Coordinating 5 (write) Coordinating 6 (write) Coordinating 7 (write) Coordinating VIP 2 Batch Logstash Elasticsearch Data 1 Data 2 Data 3 Master 1 Curator Master 2 Curator Master 3 Curator Active / Passive Elasticsearch Data 4 Data 5 Data 6 Master 4 Curator Master 5 Curator Master 6 Curator ML1 ML 2 Kibana VIP Active DR Kibana 1 Coordinating 1 (read) Kibana 2 Coordinating 2 (read) Kibana 3 Coordinating 3 (read) Kibana 4 Coordinating 4 (read) Coordinating VIP !

14. Confidential and Proprietary | © 2018 DFS Services LLC 13

    • Existing Tool and Deficiency • Open Source • Secure, Reliable and Scalable • Production Support • Rich Feature Set • Machine Learning • Link Analysis Why ELK Solution is Adopted

15. Confidential and Proprietary | © 2018 DFS Services LLC 14

    Business Results & Next Step • New Solution was built in 5 months • Very Positive Feedback from business o Speed to alert o False positive ratio o Additional events detected • Legacy system will retire in early Mar • Scale solution for broader transaction monitoring • Machine Learning POC • Further Integration with other Internal Systems

16. Confidential and Proprietary | © 2018 DFS Services LLC 15

    Thank You