How Financial Institutions Utilize Big Data to Reduce Risk

Introduction

The use of Big Data has grown to become an important part of most industries, including the financial industry. This paper will look at how Big Data is used throughout the financial industry to achieve various organizational goals. One goal this paper will examine is how financial institutions have been utilizing Big Data to gain a bigger market share through better customer service. In today’s global economy, customer retention is important to every organization.

With more customers, there is inherently more risk. A financial institution must examine and balance what types of risks it will be taking on. One of the main types of risk for financial institutions is in borrowing money from customers in the form of a loan. Depending on the type and size of the loan, the financial institution could be taking on considerable risk.

Another key business goal that will be examined in this paper will be how financial institutions have been using Big Data to detect and even prevent fraudulent activity. Being able to quickly and accurately detect fraud can help to reduce the overall risk to any financial institution. However, before examining how Big Data is put to work in financial institutions around the world, it is helpful to have a fundamental understanding of Big Data.

Overview of Big Data

The idea of Big Data is not a new concept and has been around for years. There are many facets of Big Data and how it can be used in modern business. As the name implies, Big Data is generally thought of as large amounts of information. Although Big Data is usually made up of large amounts of information, one key characteristic is its ability to take data from multiple different sources and perform search queries across all of it. It is essential that big data can work with data sets that are not traditionally easy to query (Minelli, Chambers, & Dhiraj, 2013). Another key characteristic of Big Data is its ability to help make the data more meaningful through veracity (Tang & Karim, 2019). One way this can be accomplished is by having enough data to help detect the risk factors of fraud.

            Veracity is one of the four V’s that help to define Big Data. The four V’s are represented by volume, velocity, variety, and veracity (Tang & Karim, 2019). Volume represents the large amount of data that Big Data can handle. Velocity is used to discuss how Big Data can process information in real-time. Big Data can also handle information from different data types, hence the term variety. Finally, veracity refers to the quality and value that can be created from Big Data (Fan et al., 2021).

These data sets can be generated from a large number of sources such as online blog posts, social media sites, mobile applications, and cloud storage (Minelli, Chambers, & Dhiraj, 2013). It is estimated that over two exabytes of data are generated every day (Jamar et al., 2017). Furthermore, with the growth of computer hardware, users no longer need to decide on what data to keep and what data to get rid of, so people are saving more data than ever before (Minelli, Chambers, & Dhiraj, 2013). With such rapid growth of data on so many different platforms, it is easy to understand the need to have a Big Data solution capable of dealing with non-traditional data sets.

Another main factor of Big Data is that it must be usable (Minelli, Chambers, & Dhiraj, 2013). Gathering and collecting large amounts of information is meaningless if the data does not help solve a problem. Depending on the data being collected and analyzed, it could help solve several different issues within a wide range of industries.

There are several areas that Big Data can be applied in the financial industry. Some of the areas where Big Data can help are; examining governance issues, making marketing decisions, customer analytics, and even helping to identify and detect fraud (Jamar et al., 2017). With a greater amount of data, companies can have more power to determine how to make their originations more profitable and therefore more successful overall.

Customer Service

The new generation of banking that utilizes Big Data for critical decisions is often referred to as Banking 4.0 (Mehdiabadi et al., 2020). The concept of banking 4.0 stems from the idea of industry 4.0 and how organizations are adapting to business in the new era of information technology. Industry 4.0 is thought of as the next big industrial revolution that involves “cyber-physical systems” (Mehdiabadi et al., 2020), which can be considered as bringing technology into the same world of physical processes such as manufacturing, supply chains, and banking (Mehdiabadi et al., 2020).

Industry 4.0 consists of a wide range of new and innovative technologies. These new technologies of industry 4.0 include the Internet of Things (IoT), Artificial Inelegance (AI), and Big Data (Tam, 2020). Not all technological advances in industry 4.0 are utilized, but each and every organization. An organization needs to determine what type of technology it can leverage to build a better and stronger company. Financial institutions are starting to take advantage of AI and big data systems to build better customer relationships and retain business.

A key aspect of customer retention is keeping systems easy to use for the end-user. Ease-of-use is key for young and old customers alike. The younger population wants an easy way to perform financial tasks such as transferring funds and paying bills while on the go. Older individuals who might not be as comfortable with a technology need an easy-to-use interface so they can perform their needed financial tasks. Both of these different groups can be accommodated online or E-banking.

E-banking has become an expected standard for financial institutions to offer their customers. As customers of financial institutions have grown accustomed to having ease of use through E-banking, there has been an increase in E-commerce in general and an overall increase in online shopping. Unfortunately, this increase in E-banking and E-commerce has led to online fraud of credit cards (Dudin et al., 2018), which will be examined later in this paper.

Big Data can be useful in understanding what customers are looking for and what their future needs might be. One way of building better customer relations for the financial institution is to be able to provide more loans to their customers. Although building customer relationships are important for any organization, lending money can be a risky business.

Risk Management

The fundamental idea behind risk management is to determine and reduce the overall risk to the organization. Big Data analysis can be used to help analyze key aspects of risk through the process of data mining (Md Rashid & Iqbal, 2017). A common data mining practice is to look through big data two determine an individual’s credit score. The credit score is an overall gauge of how reliable the individual is in paying back loans.

The idea of using Big Data to help determine what action(s) an organization should consider taking to help reduce their overall risk (Tang & Karim, 2019). The more information a company has to help make decisions, the better those decisions could turn out to be. This is true in many industries, but especially in finance.

An example of risk management in the financial sector would be conducting informational background checks on individuals requesting large loans. If the financial institution is asked to provide a loan to help an organization startup for the first time, there could be a great amount of risk. The financial institution will most likely do a significant amount of data analysis on the individual(s) requestions the loan for the newly formed company.

Some loans can be risky for banks depending on the customer’s repayment history. Big Data analysis can be used to search through disparate information and better determine if a customer’s loan should be approved. Larger financial institutions have been using Big Data for years to help reduce risk by first determining the likelihood that the individual will pay back the loan (Hassani et al., 2020).

The growth of technology has allowed smaller financial institutions to take advantage of Big Data analysis to be more competitive. By using Big Data analytics over a more traditional loan approval approach, smaller banks can approve more loans with a higher likelihood of being paid back and retaining more of their customer base (Mehdiabadi et al., 2020). In addition, knowing an individual’s credit score can inform the financial institution of their risk when giving out a loan to a specific customer.

Fraud Detection

Fraud can happen in many different businesses, but the financial industry is the number one target for attackers (Dudin et al., 2018). The driving factor of cyber-attacks against financial institutions is to gain access and obtain money from a person’s account. Depending on the type of attack, the malicious actor might go after a single individual’s account in a targeted attack against that person or go after any number of accounts just to make a financial gain.

In the case of a targeted attack, the attacker is singling out an individual for a specific reason. There are many reasons for a targeted attack of this kind, such as political motivation, the possibility of large financial gain, or a personal vendetta against a specific individual. Whatever the motivation for the attack is, the attacker’s goal is to target only one person at a time.

In contrast to a targeted attack against an individual, it is common for attackers to target an organization such as an online retailer that accepts credit cards from multiple individuals. In this attack, the goal of the attacker is to gather as many credit cards as possible. The gathered credit cards are then either used by the attacker or sold on the dark web.

Regardless of the attack and motivation, it is up to the financial institutions to determine when fraudulent activity has occurred on one or more accounts. Big data can be used to help determine when fraud has taken place by correlating the spending patterns of individuals and looking for anomalies. And such normal detection is utilizing hey credit card in different geographic locations where it would be impossible for the individual to be in both places during the transaction.

For example, one transaction at noon took place in New York City, and another transaction took place at 1:00 in California. It would be physically impossible for an individual to be in both cities within one hour. This type of anomaly detection works well for card-present transactions. In a card-present transaction, the individual needs to present the physical card to be swiped at a payment terminal. In the example above, it would be impossible for the individual to physically travel across the country in one hour to make both card-present transactions.

However, with the ever-evolving nature of online purchases, more non-card-present transactions are now happening in recent years than card-present transactions. With a non-card present transaction, the credit card it’s accepted via the Internet through online purchasing portals. Accepting a credit card virtually makes it extremely plausible that a transaction could be made in New York at noon and the purchase in California at 1:00 by the same individual. Detecting anomalies for online credit card fraud it’s much more difficult.

Electronic payments are quick and convenient for the end-user to use on a regular basis. Since electronic payments are used so often, they have become a primary target of attacks. Attackers have found that it is a better return on investment to attack a single organization and steal thousands of credit cards at the same time. These credit cards can then be sold on the dark web and used by other malicious actors around the world. By stealing so many credit cards from a central location and then dispersing them via the Internet two other criminals, it is difficult for financial institutions to define the original breach.

It is a common practice for credit card thieves to hold onto large batches of credit card information for several months before selling them. By holding onto the credit card information before a sale, it becomes more difficult for the financial institutions to determine the point of origin of the original compromise. Determining the original breach location needs to be established so that the credit card customers can be notified that their card(s) have been compromised. Finding the original breach is also important to helping to determine the root cause of the breach to help advance the fight against credit card fraud.

Big Data can help to detect various types of fraud through different types of data analysis (Tang & Karim, 2019). For example, Big Data can be used to track an individual’s spending habits and locate abnormal transactions. As discussed above, this type of analysis is great for card-present transactions but has also been adapted for non-card present transactions. Big Data is key since the information needed comes from a multitude of different sources, and it would be quite difficult to normalize that much information. The velocity aspect of Big Data is critical to the success of fraud detection since the information needs to be processed and acted on as quickly as possible (Tang & Karim, 2019). Without fast action, it would be more difficult to prevent fraud.

Fraud Prevention

As discussed in the previous section, there are multiple attacks that an attacker can use to steal consumers’ financial information, such as credit card details. Dealing with and trying to prevent attacks against financial information systems is a war being waged on several different fronts at the same time. One technique for fighting fraud is to prevent it before it happens.

In the last several years, payment card manufactures have begun to include Near Field Communication (NFC) technology within many banking and credit cards (Dudin et al., 2018). The NFC technology-enabled cards can use a one-time transaction code that is unique for each transaction (Studevent, 2019). The transaction code only contains details about that single transaction. By only having the transaction details and not all the card details, it is more difficult for an attacker to duplicate the card based on a single transaction code.

Chip-enabled cards have been around for many years, but it was not until 2015 that merchants in the United States (US) were required to accept them (Studevent, 2019). All merchants are required to accept NFC-enabled and chip-based cards, or they will need to pay a higher insurance premium.

The majority of merchants across the US now accept chip-enabled and NFC-enabled credit cards at their locations. These technologies can go a long way in preventing credit card fraud for card-present transactions. However, NFC-based cards are not considered a foolproof way to defend against an attack and need to be accompanied by other mitigation techniques (Dudin et al., 2018).

Some of the other techniques used are to monitor a user’s purchasing habits in near-real-time (Wewege et al., 2020). With real-time spending monitoring happening, trends of spending habits can be created quickly so that non-normal transactions will stand out. These suspicious transactions then can be confirmed with the end-user if they made the transaction or not. If the end-user states they did not make the transaction, then the financial institution will consider that particular card compromised.

Conclusion

The use of Big Data in financial institutions has had a positive impact on many different facets. One main area of positive influence has been the ability for banks to pre-determine an individual’s ability to repay a loan. Being able to better predict if a loan will be repaid, a financial institution can reduce the amount of risk they are accepting when borrowing money. The bank can also increase its overall customer satisfaction by approving loans that may have been overlooked in the past.

Big Data has also been used quite successfully in finding and preventing fraud. By determining an individual’s spending habits, a financial institution can better detect abnormal spending in near real-time. The quick detection of fraudulent spending can help reduce the need for customers to dispute a past charge. Today, the financial institution could confirm with the customer if they made a specific transaction via a text message.

Although Big Data has helped financial institutions considerably in areas of customer service and fraud detection & prevention, there is still more work that needs to be done. One such area is to expand the input data sources to help make the analytics more accurate and reliable. Accuracy and reliability can be a big challenge when attempting to detect fraud since most individuals now shop online and can quite easily make a purchase in different countries on the same day.

As discussed throughout this paper, Big Data plays a critical role in helping financial institutions make decisions and avoid risk on a daily basis. By taking advantage of real-time data analysis, financial institutions of all sizes can help reduce their business risk.

References

Dudin, M. N., Zasko, V. N., Frolova, E. E., Pavlova, N. G., & Rusakova, E. P. (2018). Mitigation of Cyber Risks in the Field of Electronic Payments: Organizational and Legal Measures. Journal of Advanced Research in Law and Economics, 9(1(31)), 78-88. http://dx.doi.org/10.14505/jarle.v9.1(31).11

Fan, X., Li, X., Lu, W., Webster, C. J., Chen, Z., & Lin, L. (2021). Big Data-Driven Pedestrian Analytics: Unsupervised Clustering and Relational Query Based on Tencent Street View Photographs. ISPRS International Journal of Geo-Information, 10(8), 561. http://dx.doi.org/10.3390/ijgi10080561

Hassani, H., Huang, X., Silva, E., & Ghodsi, M. (2020). Deep Learning and Implementations in Banking. Annals of Data Science, 7(3), 433-446. http://dx.doi.org/10.1007/s40745-020-00300-1

Jamar, R., Javan, R., Churi, P., & Lekhrajani, S. (2017). DATA ANALYTICS IN BANKING. International Journal of Advanced Research in Computer Science, 8(9). http://dx.doi.org/10.26483/ijarcs.v8i9.4927

Md Rashid, F., & Iqbal, N. (2017). Effectiveness of Data mining in Banking Industry: An empirical study. International Journal of Advanced Research in Computer Science, 8(5), 827-830. http://dx.doi.org/10.26483/ijarcs.v8i5.3441

Mehdiabadi, A., Tabatabeinasab, M., Spulbar, C., Amir Karbassi, Y., & Birau, R. (2020). Are We Ready for the Challenge of Banks 4.0? Designing a Roadmap for Banking Systems in Industry 4.0. International Journal of Financial Studies, 8(2), 32. http://dx.doi.org/10.3390/ijfs8020032

Minelli, M., Chambers, M., Dhiraj, A. (2013). Big Data, Big Analytics: Emerging Business Intelligence and Analytic Trends for Today’s Businesses.

Studevent, L. A. (2019). Consumers perceptions of the security of personal information in bank card transactions [D.Sc., Robert Morris University]. ProQuest Dissertations & Theses Global. Ann Arbor.

Tam, P. T. (2020). Impacting industry 4.0 on the banking service: A case study of the commercial banks in dong nai province. Journal of Entrepreneurship Education, 23(6), 1-8. https://coloradotech.idm.oclc.org/login?url=https://www.proquest.com/scholarly-journals/impacting-industry-4-0-on-banking-service-case/docview/2513612431/se-2?accountid=144789

Tang, J., & Karim, K. E. (2019). Financial fraud detection and big data analytics – implications on auditors’ use of fraud brainstorming session. Managerial Auditing Journal, 34(3), 324-337. http://dx.doi.org/10.1108/MAJ-01-2018-1767

Wewege, L., Lee, J., & Thomsett, M. C. (2020). Disruptions and Digital Banking Trends. Journal of Applied Finance and Banking, 10(6), 15-56. https://coloradotech.idm.oclc.org/login?url=https://www.proquest.com/scholarly-journals/disruptions-digital-banking-trends/docview/2463171819/se-2?accountid=144789

Adding Images to a CTU Post

I wanted to make a quick post for anyone attending Colorado Technical University (CTU) that would like to know the “trick” to add images directly into your discussion board posts. I use the word “trick” lightly since it is really just editing a bit of HTML code. It should be noted that this will require you to host your image someplace online so you can reference the image from your post. In my case, I just host the images on my site, but really any Internet-accessible repository will due.

The following steps may help other people at various universities, but I can only say that I have tested it successfully at CTU.

Step 1. Write your post
Write your discussion board posts as normal and past the text into the online form. After the text is posted, I like to enter in a keyword that I can quickly identify within the HTML code, such as IMAGEHERE.

Step 2. Edit the HTML
Next, find the button along the toolbar that looks like a less than symbol, a forward slash, and a greater than symbol. This button allows you to edit the HTML code of your post. Once you are editing the HTML, find the keyword you placed in your post.

Step 3. Add the Image Tag
Now, you will want to replace your keyword with the image tag in the HTML. You can get away with just using the src attribute within the image tag to directly load the image. If you feel like being more creative, I would recommend you check out W3Schools for HTML examples (https://www.w3schools.com/html/html_images.asp).

Step 4. View your Image
Finally, click on the </> button again to go back to the standard editing mode. In normal mode, you will be able to view your image before you submit your post. You can go back into the HTML editor and tweak anything you would like before you post to the discussion board. If you are a CTU student, you most likely already know that once you post, you cannot edit it. So I highly recommend you check the image prior to posting.

That’s it! You have successfully edited the HTML code of your discussion board post to display the image inline. I hope this helps!

– Michael

IDS/IPS Considerations

Network security is an important consideration when working with enterprise security. Using an intrusion detection system (IDS) or an intrusion prevention system (IPS) can aid in detecting and blocking network attacks. A typical installation of an IDS/IPS system should include sensors to collect information, a management server, and a management console that can be used to view information (Longe Olumide, Lawal, & Ibitola, 2014). The placement of the sensors is a critical design step that needs upfront thought and consideration. The first thing to consider with sensor placement is to determine what the overall goal is for the IDS/IPS system (Longe Olumide et al., 2014).

In a traditional network environment, an IDS or IPS would be placed in-line with all egress points to the Internet (Longe Olumide et al., 2014). Besides connections to the Internet, direct links to partner organizations should also have an IDS/IPS sensor to monitor inbound and outbound traffic (Longe Olumide et al., 2014). Another consideration is remote employees that could be connecting into the enterprise from an unknown network. The point that remote employees come into the network should be treated as an unknown source, and the traffic should be monitored with an IDS/IPS sensor.

Moving beyond brick and mortar networks, many organizations now host systems within cloud environments (Sakr, Tawfeeq, & El-Sisi, 2019). Although there are multiple different ways to deploy an IDS/IPS system within a cloud environment, one common technique is to use a host-based IDS/IPS sensor (Sakr et al., 2019). Along with placing an IDS/IPS sensor at the connection to the Internet, a host-based sensor can help monitor traffic between each host. Much like a traditional network, it is important to monitor traffic in and out of sensitive systems. A cloud environment is commonly used for sensitive systems only, so having a sensor on each host would not be considered excessive.

Regardless of the environment is a more traditional layout or cloud-based, it will be essential to determine what technique will be used to detect attacks. Most IDS/IPS systems use signature-based or anomaly-based technologies to determine when an attack is taking place (Sakr et al., 2019). It is difficult to say if signature-based or anomaly-based systems are more effective at detecting attacks, which is why it is common to utilize both techniques in a hybrid-based approach (Sakr et al., 2019).

It is difficult to give a generic answer to how an IDS/IPS system should be set up in an organization without first understanding where the sensitive information is stored (Longe Olumide et al., 2014). It is safe to state that an IDS/IPS sensor should be placed on the Internet connection, connections between partners, and on the access, the point used by remote workers. It is also important to remember to consider an IDS/IPS system for cloud-based environments as well as the traditional networks within your organization.

References

Longe Olumide, B., Lawal, B., & Ibitola, A. (2014). Strategic Sensor Placement for Intrusion Detection in Network-Based IDS. International Journal of Intelligent Systems and Applications, 6(2), 61-68. doi:10.5815/ijisa.2014.02.08

Sakr, M. M., Tawfeeq, M. A., & El-Sisi, A. B. (2019). Network Intrusion Detection System based PSO-SVM for Cloud Computing. International Journal of Computer Network and Information Security, 10(3), 22. doi:10.5815/ijcnis.2019.03.04

Motion Sensor Lights

This is a short post to follow up on a video we made showing how to add a motion sensor to a strip of LEDs so they will automatically turn on for you. Since the video, I have mounted the components under the shelf and found that the system works quite well.

The stairs into the lab are an approvement 14 feet away from the sensor. I have the sensor set to the maximum sensitivity setting and the LED strip turns on as soon as I walk down the stairs. These lights also turn on prior to the motion lights I have on the ceiling which were purchased.

The hardest part of the installation was laying on my back so I could work under the shelf. If I was going to install these again I would turn the shelf over so I could have looked down on the shelf and done a better job. Since I had already installed the shelf I did not feel the need to pull them out to install the lights, but hindsight is always 20/20. Another factor is that I installed this sensor in my lab and I was not overly concerned about making the wiring look nice. You can not see the wires when you stand in front of the shelf, and that was really all I cared about.

As I said, the install is not much of a “looker”, but it gets the job done.

The circuit is not complex and consists of the following parts:

Voltage regulator – LM2596
Relay – Keyes_Relay
Motion sensor – HC-SR501
Arduino – Nano
Power supply – 12v



The Arduino code is simple, but we posted on GitHub if you would like to look at it.

I hope this helps someone out there.

– Michael

RFID Implants 101

Maybe you have heard about an implantable radio frequency identification (RFID) chip but you are not sure what it is. In that case, you came to the right place. In this post, I will look at what RFID is and what the different types of implants are and what they can be used for.

what is RFID?
RFID is a general term used to talk about devices that can be accessed wirelessly (using radio frequency) to read the contents of a tag. RFID can be chopped into different sub-categories. We will look at the following three in this post.

Low Frequency (LF) between 125-134 kHz
High Frequency (HF) at 13.56 MHz
Ultra-High Frequency (UHF) between 856-960 MHz



Each sub-category of RFID has different advantages and disadvantages that you would want to look into depending on your needs. For this post, I will be focusing on LF and HF, since this is the most common types of implantable chips.

What we normally refer to as an “RFID tag” is in the LF part of the spectrum around 125 kHz. A Near Field Communication (NFC) tag operates in the HF part of the spectrum at 13.56 MHz.

What makes up an RFID System?
An RFID system is comprised of two main parts, a reader and a tag. A common example is a wall-mounted unit you might see at your office when you enter the building. Most organizations in the United States utilize the HID access card system and provide a small white plastic card to their employees. The card is scanned by the reader when the employee wants to use the door.

The typical range for an LF or HF tag is less than three feet. In practice, I have observed a range of a few inches. The implantable RFID tags that are on the market today are LF and HF tags and have an even shorter range.

It is worth noting that UHF tags can have a read distance of up to 328 feet (100 meters). To accomplish the longer read distances, the tag is typically larger and is powered by a battery. To the best of my research ability, I am not able to locate an implantable UHF tag.

What is an RFID Implant?
An RFID implant is typically housed in a small glass capsule that can be implanted under the skin using a syringe. Depending on the chip you select, they can range in size between 11-13 mm long and 2 mm in diameter.



I personally have obtained my RFID implants from Dangerous Things and Cyberise. Both sites sell RFID implant kits that come with the chip already in a sterilized injection, gloves, and other items needed during the procedure.

It has been my experience that it takes a few days for the implant to be usable. This is due to the irritation of the tissue caused by the needle during the implant process. That should give you some indication of how sensitive these chips are if a small amount of irritation to the surrounding tissue can cause the implant to not function correctly.

Why get an implant?
Getting an implant is definitely a personal decision. I purchased my first implant along with a friend who was interested in the process. Since my first implant in 2016, I have recieved three more for a total of four chips. Each chip serves a different purpose.

The first implant is used to replace my HID door access card to my office so I do not need to carry around a badge all day. The others are NFC chips. As we talked about earlier, NFC is a sub-set of RFID. One NFC is a Vivo key which can be used as an online authentication token. The other two NFC chips are for the storage of data. Each chip can old 1,868 Bytes. When I purchased the NFC storage chips in 2018/2019 they were the larges capacity chips on the market. I think it will be some time before we are able to carry large amounts of data on a chip implanted in our hands.

-Michael