Utilizing Visual Analytics for Point of Sale Fraud and Compromise Detection

Point of Sale or POS fraud and compromise poses a serious risk to financial institutions and corporations alike. Just examining some of the recent large point of sale fraud and compromise cases over the past couple of years sheds some light on the seriousness and risk exposure involved.

From June 2007 to July 2009, a major U.S. retailer's Point of Sale system exposed data from 45.6 million credit and debit card transactions. In 2011, another U.S. retailer discovered that over 50% of the Point of Sale terminals throughout the chain were compromised.

Aside from the internal risks of Point of Sale compromise and fraud, add the proliferation of skimming devices, some as small as a lighter, can compromise hundreds of accounts per hour without the knowledge of the financial institution or corporation.

The challenge to corporations and financial institutions is early detection of compromised Point of Sale sites and those site which are conducting fraud as quickly as possible to mitigate risk. This can be a monumental task considering the transactions volume generated by POS sites.

For a financial institution, compromised Points of Sale mean millions of dollars of fraud exposure a day. For a corporation, the additional risk is to the reputation of the business and the brand itself.

Visualizing Point of Sale Transactions

By leveraging visual analytics, analysts gain the ability to quickly detect emerging patterns in Point of Sale fraud and compromise by surfacing patterns of potential threats against the thousands of normal transactions. Visually, normal POS activity forms a visual pattern that irregular activity runs contrary to.

Because of this, the visual pattern within as little as two fraudulent POS transactions can surface against large amounts of transaction volume when utilizing visual analytics. Something that may not be possible through traditional data mining as patterns in few transactions may not become statistically relevant enough to surface.

To provide an example of leveraging visual analytics for Point of Sale fraud and compromise, I will utilize SynerScope and import several days of POS transactional activity.

To accomplish the visualization of such a large amount of information, SynerScope utilizes the natural hierarchies which exist within the data. For the credit and debit accounts, we have established a hierarchy based on the card brand and issuing bank. For the Point of Sale location we have established a hierarchy by merchant category, Point of Sale location and terminal identification.

This structure will give us a perspective of relationship, sequence in time and velocities which exist between accounts and Point of Sale locations with a granular perspective of individual accounts and terminal relationships.

From a high level view, we can already establish those accounts and Point of Sale locations which have the highest overall velocity of activity. These areas of "low hanging fruit" are potential targets of further analysis to determine why the activity is occurring.
Within the visualization, we can see specific high velocities from a Point of Sale location in Jakarta with a specific POS terminal identification number as well as a corresponding high velocity from a Visa card type from a specific issuing bank.

To get a better understanding of the activity, I will drill down into the segment time to get a more granular detail of the activity involved.

From this view, SynerScope is indicating increased velocity through bundle size or linearization to indicate increase velocity in relation to the other objects within my visualization. As the visualization between the relationship view and the sequence view are interactive, those entities with enlarged hierarchies and increased bundle width correspond to the activity within the time span selected when I drilled into the data.

Also within the sequential event viewer I am noticing several blocks of structured "bursts" of transaction volume which is in contrast to the normal transaction flow present within Point of Sale transactional data.

By hovering over the connecting bundle I can see that this particular Point of Sale location is involved in the all the structured blocks within my sequential event view. Another important observation is that this Point of Sale location is almost exclusively utilizing the connecting card type and issuing bank to conduct the transactions.






To confirm my suspicion of irregular activity, I can surface the underlying data within SynerScope by right clicking on the highlighted bundle. Once surfaced I can see that this particular Point of Sale location is conducting numerous high dollar transactions against this account seconds apart from each other.





In Conclusion:

By leveraging visual analytics, the analyst was able to import a large amount of Point of Sale transactional data, gain an holistic understanding of the activity present, drill down by time to discover irregular patterns, and confirm my fraud or compromise threat easily and intuitively.

As opposed to traditional data mining and analysis, patterns in irregular activity through visual analytics, can be surfaced in fewer transactions that would be required to become statistically relevant in standard data mining.

Because visual analytics provides a holistic overview of all the data, not just segments of it, a greater understanding into the differentiating patterns between normal activity and irregular activity can be intuitively identified.

For a complete interactive example of leveraging visual analytics for Point of Sale fraud and compliance please view the attached video: