قوانین اعمال شده اتحادیه برای تشخیص کلاهبرداری کارت اعتباری

Association rules are considered to be the best studied models for data mining. In this article, we propose their use in order to extract knowledge so that normal behavior patterns may be obtained in unlawful transactions from transactional credit card databases in order to detect and prevent fraud. The proposed methodology has been applied on data about credit card fraud in some of the most important retail companies in Chile.

Competitiveness in the retail industry is continuing and it is becoming increasingly aggressive as revealed by recent events in the sector and specialist studies such as (Zarufe, 2005). One of the leading businesses in this sphere is hire purchase and one of the main commercial strategies is the emission of department store credit cards to clients, as evident from the publications (Zarufe, 2005) which indicate that three companies lead the retail industry in the Latin American Southern Cone (Argentina, Chile, Peru, Colombia). In Chile, they compete for 95% of retail industry sales, which in 2003, according to these same publications, exceeded the three thousand, three hundred million dollar mark with market shares of 60.29%, 18.26% and 15.63%, respectively. By the end of 2003, they had issued 3.0, 2.7 and 2.6 million credit cards, and in Chile alone 16 million credit cards had already been issued by the different retail distribution chains. This form of payment was 7 times higher than the number of bank-issued credit cards, which were responsible for on average 65% of the sales of their issuing houses, represented almost 20% of Chile’s consumption debt in total, and there were over 11,000 establishments who did not issue this type of card but which traded with them. Within the retail industry, the predominant trade component are financial services and the distribution of clothing and furnishings through department stores with sales in 2005 reaching US $3,194, sales which are distributed among the four major chain stores with the profile in Table 1. Table 1. Distribution of sales between the four major chain stores in Chile Indicator Falabella Ripley Paris La Polar Total No. of stores 30 31 19 26 106 Sales surface area m2 177,538 227,909 154,544 81,000 640,991 Surface area/stores 5,917 7,352 8,134 3,115 6,048 Sales (US$M) 1,178 871 782 360 3,194 % market 36.90% 27.30% 24.50% 11.30% 100 Sales/m2 3.55 2.6 2.6 2.3 Cards issued (M) 3.3 2.6 3.0 1.9 10.8 Active cards (M) 2.6 1.4 1.2 1.4 6.6 % card sales 67% 63% 67% 80% Projected investment (US$M) 1130 551 1200 100 Table options For years, both from the academic and the technological advisory or consultancy perspective, it has been observed and in this case confirmed that in three of these four large companies, the level of technological support used as part of their computerized management systems in their decision-making processes is very different from the level of use of information technologies used in the operational transaction systems, and these computerized management systems may therefore be classified according to the following levels of computing maturity: Level Zero (non-computerized systems): No incorporation of computer technology in computerized management systems, i.e. information for decision-making is obtained manually. Level One (semi-computerized systems): Incipient use of technological resources in computerized management systems for decision-making, e.g. the use of spreadsheets to prepare the information. Level Two (departmental computerized systems): Use of departmental information systems as the nucleus of the computerized management system for decision-making, and data is usually gathered from transactional processes associated to a specific function within the value chain. Level Three (integrated computerized systems): Use of the company’s integrated administrative information system (ERP) as the main element to supply the computerized management system (CMS) for decision-making. These CMS are supplied by data from all the processes supporting the company’s value chain. Level Four (controlled or synchronized computerized systems): These computerized management systems (CMS) integrate the use of control boards or control panels, enabling decisions to be made as the need arises by having online information for the fulfillment level of the objectives associated with the management indicators. Level Five (predictive computerized systems): Data mining models are incorporated into the previous level to extract non-explicit information from the records of transactions from daily operation. These enable new behavior patterns to be determined which reinforce, confirm or modify management indicators and allow trends to be recognized for decision-making. Level Six (automatic computerized systems): The previous level of computerized management systems is reinforced and combined with daily operation through the use of expert systems with knowledge bases and inference engines to support decision-making, thereby incorporating intelligence into the operational systems so that given certain management parameters and indicators they activate, restrict or modify business rules. From the critical or strategic decision-making processes for the business in question, two areas were chosen, which are the most representative in this industry: operational risk control, and corporate management and planning. In this article, we present the first work into operational risk control, whereby we worked with the area of the company with available data and with a Level Two computerized management system (the others were ruled out on account of them not having any available data for confidentiality reasons or having a Level Zero or Level One computerized management system). In our next publication, we will present our work into the area of corporate management, studying the case of one of these leading companies which also has a Level Two computerized management system. The objective of both these works is to transform the computerized management systems of these decision-making processes from their current computerization levels with their reactive decision-making processes to computerization levels with proactive decision-making processes. This first publication therefore presents the result of applying cutting edge information technologies to one of the operational risk control processes and transforming it from Level Two to Level Five or Six. In particular, the work focuses on the process for controlling the risk of fraud through the use of corporate credit cards as a form of payment. In this respect, the selected process supports one of the widest used differentiation and sustained growth strategies in this industry for obtaining client loyalty. While it is true that the mass issue of credit cards by department stores has been successful as a marketing project, it is equally true that this has increased the risk of exposure to illegal activity, as demonstrated by the growing tendency for fraud which is highlighted in specialist publications (e.g. the latest Cybersource report, Sponsored by CyberSource Corporation Conducted by Mindwave Research, 2006). Diversification of the client portfolio with this mass issue of credit cards and aggressive marketing plans which encourage the diverse use of this payment method, combined with the lack of efficient techniques and intelligent systems to enable effective detection and prevention of their illegal use, without inconveniencing genuine credit card users, involve the challenge of seeking more efficient methods. This effort is reflected in various articles, in particular in specialist publications which offer different approaches for detecting and preventing this illegal behavior. Nevertheless, all of these concur with Bhatla’s observations in 2002 (Bhatla, Vikram, & Dua, 2003) that the evaluated systems are prone to guaranteed effectiveness and that none of the reviewed tools and technologies can alone eliminate fraud. Furthermore, since each technique contributes to the ability to detect fraud, he believes that the most successful option would be a combination of several of these techniques, since the results of the Cybersource survey (Sponsored by CyberSource Corporation Conducted by Mindwave Research, 2006) seem to indicate that manual control is still the most used method for detecting and preventing fraud. A summary of the state of the art in the techniques and methods used in fraud detection and prevention, and a review of various relevant publications over the last three years confirms the effort employed to obtain useful knowledge from the transaction databases or repositories using different techniques and methodologies. In the light of the results obtained, we have decided to use fuzzy logic-based data mining techniques for these purposes and to apply some of the soft computing methodology explained in the publications (Delgado et al., 2000 and Delgado et al., 2003) and the concepts explained in Au and Chan, 1998, Berzal et al., 2001, Berzal et al., 2002, Berzal et al., 2003, Sánchez et al., 2008, Bra and Paredaens, 1983, Calero et al., 2004, Chan and Au, 1997, Chen and Wei, 2002, Cubero et al., 1994, Delgado et al., 2003, Dubois et al., 2003, de Graaf et al., 2001, Gyenesei, 2001, Hullermeier, 2001, Kaya et al., 2002, Kivinen and Mannila, 1995, Kuok et al., 1998, Hong et al., 1999, Luo and Bridges, 2000, Pedrycz, 1998 and Pfahringer and Kramer, 1995, using in particular the fuzzy association rules presented by Sánchez (1999) and the logarithms presented by Serrano (2003). This article extracts a set of fuzzy association rules from a data set containing genuine and fraudulent transactions made with credit cards and compares these results with the criteria which risk analysts apply in their fraud analysis processes. The methodology used overcomes the difficulties relating to minimum support and confidence and optimizes the execution time and the excessive generation of rules, with more intuitive results than the methodologies analyzed in Bhatla et al. (2003). In the second section of this article we present the main concepts related to the methodology of these fuzzy association rules used in this work. Section 3 explores the results of the first data mining stages, i.e. selection, organization, exploratory analysis of the sample and its results. Section 4 details the process to obtain the association rules with fuzzy logic, by defining the linguistic labels obtained with the methodology presented in Serrano (2003) and by searching for the association rules by applying the FuzzyQuery 2+ (Serrano, 2003) tool first to the client information table (achieving certainty factors of 92.66%) and then to both the client and transaction tables (achieving certainty factors of 80.06%). Finally, we conclude by analyzing the work carried out and we propose the future challenges which have emerged in the light of the good results obtained.

The main requirements for obtaining useful knowledge from large repositories can be resolved by using soft computing techniques, contributing with practical solutions to the new competitive scenario which requires online actions in order to mitigate the risk of undesired activities or actions using such forms of payment as credit cards. 2. Intelligent tools are prevented from obtaining good results due to the heterogeneity of the systems for processing and representing the information and because of the imperfections in the data as a result of the traditional model supporting these systems. Fuzzy logic-related data mining techniques enable this risk to be reduced. 3. The applied methodology overcomes the difficulties of minimum support and confidence, optimizes the execution times, reduces the excessive generation of rules, and helps make the results more intuitive, thereby facilitating the work of fraud analysts. 4. Finally, the sharp increase in the complexity of commercial management as a result of globalization requires for there to be intelligent tools which integrally solve the problems of extracting knowledge from operational databases to support decision-making. For this, there must be intuitive and efficient interfaces such as those presented in this article. Fuzzy logic is presented as a valid current alternative for this purpose, particularly since the proposed methodology seeks to simplify the results, reduce the number of associations, using algorithms to discount the irrelevant ones and making the results more intuitive through the use of linguistic labels which the human expert finds more natural. We can therefore conclude that it is possible to provide a more comprehensive, proactive online solution to provide knowledge for commercial decision-making (e.g. as in the case of fraud prevention and detection) by extracting knowledge using fuzzy logic techniques which are applied to operational databases and other strategic decisions for the organization.