Skip to main content

Fraud Analytics with Hadoop

By Sachin Ghai
Fraud analysis has been one of the oft quoted use cases for Hadoop. We look at the topic further to explore usage of Hadoop ecosystem products. 


Per se, the fraud analytics can be divided into 3 further use cases:
1- Fraud detection: determining if a fraud is taking place or has occurred in the past and generating appropriate alert for it.
2- Fraud prevention: implementing controls and access to prevent fraud.
3- Fraud reduction: monitoring and predicting patterns to minimize chances of fraud occurrence


Listed below are some of the methods that can be implemented using Hadoop to ensure fulfillment of either of the 3 use cases above.
1- Deduplication -
            a) Entity matching - This could include exact or similar matching of entities like name, father name or contact information (phone, e-mail id, street, city) or phonetic matches using the deduplication methods. Since this is a data intensive exercise and requires matching previously built index, there cannot be better technology fit than Hadoop.
            b) Social network identity matching - Not very commonly used, but emerging off late, is a tendency to match social network profiles with customer identity. While this technique could be quite effective provided you have the right social network data feeds, please be aware of privacy laws that may be applicable.

2- Outlier detection -
            A usual outlier will be a deviation from a common usage pattern of a customer or transaction set. Using custom machine learning algorithms or available libraries, we would tend to combine data to see any outlier points. Clustering, probabilistic distributions along with visualization techniques are more common methods to derive outliers.
These may be used in conjunction with techniques like path analysis, sessionization, tokenization and attribution. Regression, co-relation, averages and graph analysis may also be employed based on functional requirement.

3- Workflow -
            Transaction streaming, monitoring, alert forwarding, alert disposal and transaction blocking could be among a few steps that a custom workflow may implement in fraud management system. Considering the massive volume of transactions, a custom DSL workflow may be implemented on top of Hadoop.

Some of the key advantages, that we see with Hadoop usage in fraud management systems include, but not limited to:
1. Quick loading of data with tools like Flume
2. No need of defined schema and instead using custom scripts/ programs to explore data
3. Reducing need for Data warehouse to use raw multi structured data as-is
4. Faster processing of data which reduces fraud detection time frame
5. Elimination of DB overheads like index, backups


Further implementation evidence is needed to see if a Rule Engine can also be built on top of a DSL framework. Overall, we expect a hybrid architecture involving engine, streams, workflow, dashboard, portal and Hadoop based analytics in a comprehensive Fraud management system. Implementations will vary based on current architecture in the organization and tool set preference.

----------------------------------------------------------------------------
top image: wolf in sheep clothing; source: freedigitalphotos.net
Labels:

Comments

Post a Comment

Popular posts from this blog

In-memory data model with Apache Gora

By Sachin Ghai
Open source in-memory data model and persistence for big data framework Apache Gora™ version 0.3, was released in May 2013. The 0.3 release offers significant improvements and changes to a number of modules including a number of bug fixes. However, what may be of significant interest to the DynamoDB community will be the addition of a gora-dynamodb datastore for mapping and persisting objects to Amazon's DynamoDB. Additionally the release includes various improvements to the gora-core and gora-cassandra modules as well as a new Web Services API implementation which enables users to extend Gora to any cloud storage platform of their choice. This 2-part post provides commentary on all of the above and a whole lot more, expanding to cover where Gora fits in within the NoSQL and Big Data space, the development challenges and features which have been baked into Gora 0.3 and finally what we have on the road map for the 0.4 development drive.
Introducing Apache Gora Although there are var…
4 comments
Read more

Amazon DynamoDB datastore for Gora

By Sachin Ghai
What was initially suggested during causal conversation at ApacheCon2011 in November 2011 as a “neat idea”, would soon become prime ground for Gora's first taste of participation within Google's Summer of Code program. Initially, the project, titled Amazon DynamoDB datastore for Gora, merely aimed to extend the Gora framework to Amazon DynamoDB. However, it seem became obvious that the issue would include much more than that simple vision.

The Gora 0.3 Toolbox We briefly digress to discuss some other noticeable additions to Gora in 0.3, namely: Modification of the Query interface: The Query interface was amended from Query<K, T> to Query<K, T extends Persistent> to be more precise and explicit for developers. Consequently all implementors and users of the Query interface can only pass object's of Persistent type. Logging improvements for data store mappings: A key aspect of using Gora well is the establishment and accurate definitio…
1 comment
Read more

Data deduplication tactics with HDFS and MapReduce

By Desk Editor
As the amount of data continues to grow exponentially, there has been increased focus on stored data reduction methods. Data compression, single instance store and data deduplication are among the common techniques employed for stored data reduction.
Deduplication often refers to elimination of redundant subfiles (also known as chunks, blocks, or extents). Unlike compression, data is not changed and eliminates storage capacity for identical data. Data deduplication offers significant advantage in terms of reduction in storage, network bandwidth and promises increased scalability.
From a simplistic use case perspective, we can see application in removing duplicates in Call Detail Record (CDR) for a Telecom carrier. Similarly, we may apply the technique to optimize on network traffic carrying the same data packets.
Some of the common methods for data deduplication in storage architecture include hashing, binary comparison and delta differencing. In this post, we focus on how MapReduce and…
Post a Comment
Read more