Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Aspects of Modeling Fraud Prevention of Online Financial Services
KTH, School of Architecture and the Built Environment (ABE), Transport Science. (Center for Safety Research)ORCID iD: 0000-0001-5427-7548
2015 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Banking and online financial services are part of our critical infrastructure. As such, they comprise an Achilles heel in society and need to be protected accordingly. The last ten years have seen a steady shift from traditional show-off hacking towards cybercrime with great economic consequences for society. The different threats against online services are getting worse, and risk management with respect to denial-of-service attacks, phishing, and banking Trojans is now part of the agenda of most financial institutions. This trend is overseen by responsible authorities who step up their minimum requirements for risk management of financial services and, among other things, require regular risk assessment of current and emerging threats.For the financial institution, this situation creates a need to understand all parts of the incident response process of the online services, including the technology, sub-processes, and the resources working with online fraud prevention. The effectiveness of each countermeasure has traditionally been measured for one technology at a time, for example, leaving the fraud prevention manager with separate values for the effectiveness of authentication, intrusion detection, and fraud prevention. In this thesis, we address two problems with this situation. Firstly, there is a need for a tool which is able to model current countermeasures in light of emerging threats. Secondly, the development process of fraud detection is hampered by the lack of accessible data.In the main part of this thesis, we highlight the importance of looking at the “big risk picture” of the incident response process, and not just focusing on one technology at a time. In the first article, we present a tool which makes it possible to measure the effectiveness of the incident response process. We call this an incident response tree (IRT). In the second article, we present additional scenarios relevant for risk management of online financial services using IRTs. Furthermore, we introduce a complementary model which is inspired by existing models used for measuring credit risks. This enables us to compare different online services, using two measures, which we call Expected Fraud and Conditional Fraud Value at Risk. Finally, in the third article, we create a simulation tool which enables us to use scenario-specific results together with models like return of security investment, to support decisions about future security investments.In the second part of the thesis, we develop a method for producing realistic-looking data for testing fraud detection. In the fourth article, we introduce multi-agent based simulations together with social network analysis to create data which can be used to fine-tune fraud prevention, and in the fifth article, we continue this effort by adding a platform for testing fraud detection.

Abstract [sv]

Finansiella nättjänster är en del av vår kritiska infrastruktur. På så vis utgör de en akilleshäl i samhället och måste skyddas på erforderligt sätt. Under de senaste tio åren har det skett en förskjutning från traditionella dataintrång för att visa upp att man kan till en it-brottslighet med stora ekonomiska konsekvenser för samhället. De olika hoten mot nättjänster har blivit värre och riskhantering med avseende på överbelastningsattacker, nätfiske och banktrojaner är nu en del av dagordningen för finansiella institutioner. Denna trend övervakas av ansvariga myndigheter som efterhand ökar sina minimikrav för riskhantering och bland annat kräver regelbunden riskbedömning av befintliga och nya hot.För den finansiella institutionen skapar denna situation ett behov av att förstå alla delar av incidenthanteringsprocessen, inklusive dess teknik, delprocesser och de resurser som kan arbeta med bedrägeribekämpning. Traditionellt har varje motåtgärds effektivitet mätts, om möjligt, för en teknik i taget, vilket leder till att ansvariga för bedrägeribekämpning får separata värden för autentisering, intrångsdetektering och bedrägeridetektering.I denna avhandling har vi fokuserat på två problem med denna situation. För det första finns det ett behov av ett verktyg som kan modellera effektiviteten för institutionens samlade motåtgärder mot bakgrund av befintliga och nya hot. För det andra saknas det tillgång till data för forskning rörande bedrägeridetektering, vilket hämmar utvecklingen inom området.I huvuddelen av avhandlingen ligger tonvikten på att studera ”hela” incidenthanteringsprocessen istället för att fokusera på en teknik i taget. I den första artikeln presenterar vi ett verktyg som gör det möjligt att mäta effektiviteten i incidenthanteringsprocessen. Vi kallar detta verktyg för ”incident response tree” (IRT) eller ”incidenthanteringsträd”. I den andra artikeln presenterar vi ett flertal scenarier som är relevanta för riskhantering av finansiella nättjänster med hjälp av IRT. Vi utvecklar också en kompletterande modell som är inspirerad av befintliga modeller för att mäta kreditrisk. Med hjälp av scenarioberoende mått för ”förväntat bedrägeri” och ”value at risk”, har vi möjlighet att jämföra risker mellan olika nättjänster. Slutligen, i den tredje artikeln, skapar vi ett agentbaserat simuleringsverktyg som gör det möjligt att använda scenariospecifika resultat tillsammans med modeller som ”avkastning på säkerhetsinvesteringar” för att stödja beslut om framtida investeringar i motåtgärder.I den andra delen av avhandlingen utvecklar vi en metod för att generera syntetiskt data för test av bedrägeridetektering. I den fjärde artikeln presenterar vi ett agentbaserat simuleringsverktyg som med hjälp av bland annat ”sociala nätverksanalyser” kan användas för att generera syntetiskt data med realistiskt utseende. I den femte artikeln fortsätter vi detta arbete genom att lägga till en plattform för testning av bedrägeridetektering.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2015. , xii, 30 p.
Series
TRITA-TSC-PHD, 15:007
Keyword [en]
Online banking, fraud, incident response, metrics, incident response tree (IRT), value at risk (VaR), simulation
National Category
Other Civil Engineering
Research subject
Transport Science
Identifiers
URN: urn:nbn:se:kth:diva-176298ISBN: 978-91-87353-76-5 (print)OAI: oai:DiVA.org:kth-176298DiVA: diva2:866517
Public defence
2015-11-24, F3, Lindstedtsvägen 26, KTH, Stockholm, 13:00 (English)
Opponent
Supervisors
Note

QC 20151103

Available from: 2015-11-03 Created: 2015-11-03 Last updated: 2015-11-03Bibliographically approved
List of papers
1. Using Incident Response Trees as a Tool for Risk Management of Online Financial Services
Open this publication in new window or tab >>Using Incident Response Trees as a Tool for Risk Management of Online Financial Services
2014 (English)In: Risk Analysis, ISSN 0272-4332, E-ISSN 1539-6924, Vol. 34, no 9, 1763-1774 p.Article in journal (Refereed) Published
Abstract [en]

The article introduces the use of probabilistic risk assessment for modeling the incident response process of online financial services. The main contribution is the creation of incident response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful incident response process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the incident response process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented.

Keyword
Event tree analysis, fraud, incident response, online services, risk management
National Category
Economics and Business
Identifiers
urn:nbn:se:kth:diva-158847 (URN)10.1111/risa.12195 (DOI)000345321000015 ()
Note

QC 20150116

Available from: 2015-01-16 Created: 2015-01-12 Last updated: 2017-12-05Bibliographically approved
2. Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk
Open this publication in new window or tab >>Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk
2015 (English)In: the Proceedings of the International Conference on Availability, Reliability and Security, IEEE , 2015Conference paper, Published paper (Refereed)
Abstract [en]

Authorities like the Federal Financial Institutions Examination Council in the US and the European Central Bank in Europe have stepped up their expected minimum security requirements for financial institutions, including the requirements for risk analysis. In a previous article, we introduced a visual tool and a systematic way to estimate the probability of a successful incident response process, which we called an incident response tree (IRT). In this article, we present several scenarios using the IRT which could be used in a risk analysis of online financial services concerning fraud prevention. By minimizing the problem of underreporting, we are able to calculate the conditional probabilities of prevention, detection, and response in the incident response process of a financial institution. We also introduce a quantitative model for estimating expected loss from fraud, and conditional fraud value at risk, which enables a direct comparison of risk among online banking channels in a multi-channel environment.

Place, publisher, year, edition, pages
IEEE, 2015
National Category
Economics and Business
Identifiers
urn:nbn:se:kth:diva-176308 (URN)10.1109/ARES.2015.17 (DOI)000380572600016 ()2-s2.0-84961671375 (Scopus ID)
Conference
10th International Conference on Availability, Reliability and Security (ARES), Toulouse, France, 2015
Note

QC 20151103

Available from: 2015-11-03 Created: 2015-11-03 Last updated: 2016-09-20Bibliographically approved
3. IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud
Open this publication in new window or tab >>IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud
2015 (English)In: Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349, Vol. 9417, 172-187 p.Article in journal (Refereed) Published
Abstract [en]

IncidentResponseSim is a multi-agent-based simulation tool supporting risk management of online financial services, by performing a risk assessment of the quality of current countermeasures, in the light of the current and emerging threat environment. In this article, we present a set of simulations using incident response trees in combination with a quantitative model for estimating the direct economic consequences. The simulations generate expected fraud, and conditional fraud value at risk, given a specific fraud scenario. Additionally, we present how different trojan strategies result in different conditional fraud value at risk, given the underlying distribution of wealth in the online channel, and different levels of daily transaction limits. Furthermore, we show how these measures can be used together with return on security investment calculations to support decisions about future security investments.

Keyword
Risk management, Online fraud, Incident Response Tree (IRT), Value at Risk (VaR), Simulation, Return on Security Investment (ROSI)
National Category
Computer and Information Science
Identifiers
urn:nbn:se:kth:diva-176310 (URN)10.1007/978-3-319-26502-5_12 (DOI)2-s2.0-84951871321 (Scopus ID)
Conference
20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015
Note

QC 20151103

Available from: 2015-11-03 Created: 2015-11-03 Last updated: 2017-12-01Bibliographically approved
4. RETSIM: A shoe store agent-based simulation for fraud detection
Open this publication in new window or tab >>RETSIM: A shoe store agent-based simulation for fraud detection
2013 (English)In: 25th European Modeling and Simulation Symposium, EMSS 2013, 2013, 25-34 p.Conference paper, Published paper (Refereed)
Abstract [en]

RetSim is an agent-based simulator of a shoe store based on the transactional data of one of the largest retail shoe sellers in Sweden. The aim of RetSim is the generation of synthetic data that can be used for fraud detection research. Statistical and a Social Network Analysis (SNA) of relations between staff and customers was used to develop and calibrate the model. Our ultimate goal is for RetSim to be usable to model relevant scenarios to generate realistic data sets that can be used by academia, and others, to develop and reason about fraud detection methods without leaking any sensitive information about the underlying data. Synthetic data has the added benefit of being easier to acquire, faster and at less cost, for experimentation even for those that have access to their own data. We argue that RetSim generates data that usefully approximates the relevant aspects of the real data.

Keyword
Fraud detection, Multi-Agent based simulation, Retail store, Synthetic data, Agent based, Agent based simulation, Multi-agent based simulations, Sensitive informations, Transactional data, Computer simulation, Retail stores, Social networking (online), Crime
National Category
Computer and Information Science
Identifiers
urn:nbn:se:kth:diva-140018 (URN)2-s2.0-84886941815 (Scopus ID)9788897999225 (ISBN)
Conference
25th European Modeling and Simulation Symposium, EMSS 2013; Athens; Greece; 25 September 2013 through 27 September 2013
Note

QC 20140122

Available from: 2014-01-22 Created: 2014-01-16 Last updated: 2015-11-03Bibliographically approved
5. Using the RetSim simulator for fraud detection research
Open this publication in new window or tab >>Using the RetSim simulator for fraud detection research
2015 (English)In: International Journal of Simulation and Process Modelling, ISSN 1740-2123, E-ISSN 1740-2131, Vol. 10, no 2Article in journal (Refereed) Published
Abstract [en]

Managing fraud is important for business, retail and financial alike. One method to manage fraud is by detection, where transactions, etc. are monitored and suspicious behaviour is flagged for further investigation. There is currently a lack of public research in this area. The main reason is the sensitive nature of the data. Publishing real financial transaction data would seriously compromise the privacy of both customers, and companies alike. We propose to address this problem by building RetSim, a multi-agent-based simulation (MABS) calibrated with real transaction data from one of the largest shoe retailers in Scandinavia. RetSim allows us to generate synthetic transactional data that can be publicly shared and studied without leaking business sensitive information, and still preserve the important characteristics of the data. We then use RetSim to model two common retail fraud scenarios to ascertain exactly how effective the simplest form of statistical threshold detection could be. The preliminary results of our tested fraud detection method show that the threshold detection is effective enough at keeping fraud losses at a set level, that there is little economic room for improved techniques.

Keyword
privacy, anonymisation, multi-agent simulation, MABS, ABS, retail stores, fraud detection, synthetic data, RetSim simulator, multi-agent systems, agent-based systems, fraud management, shoe retailers, agent-based modelling, synthetic transactional data, public sharing, data sharing, retail fraud, fraud losses
National Category
Computer and Information Science
Identifiers
urn:nbn:se:kth:diva-176311 (URN)10.1504/IJSPM.2015.070465 (DOI)2-s2.0-84949668640 (Scopus ID)9788897999225 (ISBN)
Note

QC 20151103

Available from: 2015-11-03 Created: 2015-11-03 Last updated: 2017-12-01Bibliographically approved

Open Access in DiVA

Thesis(386 kB)462 downloads
File information
File name FULLTEXT01.pdfFile size 386 kBChecksum SHA-512
34aa840c9f3eddb99cb4068028f8aa08266957cb14570f62a62d310b35e65bc898bf3bab41fc4d306a4b5164c3d4a2ff36da363e3fc5841f29e644ae53e9b2e6
Type fulltextMimetype application/pdf

Authority records BETA

Dan, Gorton

Search in DiVA

By author/editor
Dan, Gorton
By organisation
Transport Science
Other Civil Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 462 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 521 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf