* The 1997 AAAI Workshop on AI Approaches to Fraud Detection and Risk Management brought together over 50 researchers and practitioners to discuss problems of fraud detection, computer intrusion detection, and risk scoring. This article presents highlights, including discussions of problematic issues that are common to these application domains, and proposed solutions that apply a variety of AI techniques.
The Workshop on AI Approaches to Fraud Detection and Risk Management, held in conjunction with the Fourteenth National Conference on Artificial Intelligence (AAAI-97), was held in Providence, Rhode Island, on 27 July 1997. There were over 50 attendees, with a balanced mix of university and industry researchers. The organizing committee consisted of Tom Fawcett and Foster Provost of Bell Atlantic Science and Technology, Ira Haimowitz of General Electric Corporate Research and Development, and Salvatore Stolfo of Columbia University.
The purpose of the workshop was to gather researchers and practitioners working in the areas of risk management, fraud detection, and computer intrusion detection. We sought participants to discuss and explore common issues in the application of AI technologies to these problems, share their experiences in deploying AI approaches and techniques, and develop a deeper understanding of both the complexity of the problems and the effectiveness of various solutions. To our knowledge, this workshop was the first forum bringing together researchers and practitioners doing work in these three related areas.
Risk management, fraud detection, and intrusion detection all involve monitoring the behavior of populations of users (or their accounts) to estimate, plan for, avoid, or detect risk. In his paper, Til Schuermann (Oliver, Wyman, and Company) categorizes risk into market risk, credit risk, and operating risk (or fraud). Similarly, Barry Glasgow (Metropolitan Life Insurance Co.) discusses inherent risk versus fraud. This workshop focused primarily on what might loosely be termed "improper behavior," which includes fraud, intrusion, delinquency, and account defaulting. However, Glasgow does discuss the estimation of "inherent risk, " which is the bread and butter of insurance firms.
Problems of predicting, preventing, and detecting improper behavior share characteristics that complicate the application of existing AI and machine-learning technologies. In particular, these problems often have or require more than one of the following that complicate the technical problem of automatically learning predictive models: large volumes of (historical) data, highly skewed distributions ("improper behavior" occurs far less frequently than "proper behavior"), changing distributions (behaviors change over time), widely varying error costs (in certain contexts, false positive errors are far more costly than false negatives), costs that change over time, adaptation of undesirable behavior to detection techniques, changing patterns of legitimate behavior, the trading of accuracy for timely decisions, and social issues (privacy, discrimination, "redlining"). The following paragraphs amplify a few of these issues.
First, the probability of a bad event is extremely small in certain contexts, ranging from three to four percent of consumer credit delinquencies to fractions of one percent of fraudulent transactions.
Second, unequal, often business-driven weights are given to false positive and false negative predictions. A false negative means that fraud, bad credit, or intrusion passes unnoticed, with potential loss of revenue or security. However, a false positive means a false accusation of fraud or risk that might send away a valuable customer; lose money in challenging what is otherwise a legitimate transaction; or, in extreme cases, be the flash point for litigation.
Third, the patterns of the bad incidents change over time. For example, as fraud-detection systems become more accurate, the perpetrators invent new means of committing undetectable fraud. …