Artificial intelligence and machine learning are terms that are used so frequently these days, it’s not clear what they even mean anymore, what’s real, and what’s not… and this is coming from someone who’s worked in the space for quite some time.
Artificial intelligence and machine learning are terms that are used so frequently these days, it’s not clear what they even mean anymore, what’s real, and what’s not… and this is coming from someone who’s worked in the space for quite some time. My goal for these two blog posts is to explain why these things matter for a financial institution like yours – at least in the context of cyber compliance, security, and fraud.
First, let’s get one definition out of the way: for this blog post, machine learning (ML) is a subset of artificial intelligence (AI) meaning that anything that is ML, is, by definition, AI. Also, if you’ve heard of anything like “deep learning” or “supervised/unsupervised learning” or “neural networks”, these are specific techniques used within the AI world that we’ll not get into for this post – but they can be applied to most things described below.
Now that we’ve gotten definitions out of the way, let’s discuss why it feels like every company these days is talking about ML – starting with fraud. Historically, the way to identify fraud was fairly straightforward: you might have a report that something weird happened, and you’d have some analysts that would do some research to see if anything was fraudulent. And it wasn’t really a hard problem, because until recently – at least in the context of how long banking has existed – most transactions were made via cash or check and there was significantly less regulation. Then computers and ACH came along. And credit cards. And subscriptions. And microtransactions and PayPal and Venmo. And now, to look through data for just one customer takes a huge amount of time – even if you have a system with some rules setup to identify “abnormal” behavior… whatever that means. And on top of that, both consumers and your balance sheet expect you to prevent fraud before money actually leaves an account.
While I focus on fraud above, it’s a similar story for AML and security. With AML, you’re using the same data discussed above, though to solve for a separate set of concerns. And with security, to look through millions or billions of cyber events (70 million per day for our average client – and much, much larger for our biggest ones) is frankly impossible no matter how large your team is. If that’s the case, then how do you prove to yourselves and your regulators that…
A. you have a handle on your risk profile
B. you’re monitoring changes to your internal key metrics
C. you’re continually improving your security posture to an acceptable degree
D. you’re doing these things effectively?
This is why you hear so many companies talking about machine learning. Sifting through vast amounts of data to either automate tasks or provide additional insight to people is where it shines. Applying this technology allows you to react quickly to – or even prevent – a fraudulent transaction or potential security incident, which enables you to maintain the trust between you and the communities you serve.
The takeaway for this first post is that machine learning gives you a way to quickly look through data and make sense of it. But it’s not easy to get right, and it’s not easy to validate or prove you’re making the right decisions. That’s why anything we build follows three general guidelines:
If you’re interested in learning more, stay tuned. In my next post, I’ll dive deeper into why these principles matter for FIs when building or using products that are enabled by machine learning.