Background

Credicard is a Brazilian card processor. It operated as a partnership between Brazilian banking giants Itau, Citi and Unibanco until 2013, and is now fully owned by Itau.

Credicard had enjoyed considerable success in Brazil with well-run operations and broad functionality supporting a wide range of cards and features. Their security and fraud controls included industry standard solutions and procedures. This approach served Credicard well for many years, but card transaction fraud abruptly increased 8X over a 3-week period. Concerned that public awareness would undermine trust in the system, Credicard and Banco Central do Brasil began a discreet search for a solution.

Challenge

  • Little was known about the vulnerabilities that led to the increase in fraud
  • Remediation was urgent and needed to be deployed within weeks
  • The solution needed to be discreet to avoid alarming the public
  • Credicard sought a machine learning system to adapt as fraud evolved

Solution

A big data, ML approach was deployed to identify sources of fraud and appropriate remedies. We first merged card and bank account holder information with cardholder and merchant transaction records, and then added POS and ATM activity data. This was further augmented with geospatial data and geocoded economic and demographic data. The total set contained records spanning several years, within transaction times measured to the minute and geocodes with a few meters. 

We combined machine learning and expert development (CAD) to attack three fronts. 

  1. Find the point of compromise – how was criminal activity empowered?
  2. Triage and deploy quick fixes within days, with little false positive disruption.
  3. Deploy an efficient long-term, ML-based system.

Results

We intervened in a rapidly growing fraud event by slowing, then reducing losses.

  • Cut fraud by 75% in 2 weeks
  • Advanced ML models reduced fraud to historic lows in 2 months
  • We found that employees allowed data to flow to organized crime and that criminals were capturing POS data via compromised merchants. With this insight, Credicard closed its data center and addressed merchant vulnerabilities.
  • POS/ATM rapid deployment model launched in 2 weeks and reduced fraud by 75% 
  • ML based systems were deployed in 2 months, reducing fraud to historical lows