Building a no-code fraud and risk decision engine – Business rules engines 101
Nov 12, 2021
Read time: 6 min
This is the final part of our blog post series on business rules engines. Part 1 covered conventional business rules engines in detail; what they are, how they work, and why you might need one. In Part 2 we covered one specific rule engine called Drools and what's missing in Drools. This blog post will go through modern no-code decision engines in relation and its application to one of the most prolific use cases: fraud and risk decisioning.
The rise of modern risk decisioning
With every company becoming a software company, more end user transactions are moving online, thereby increasing the surface area for fraud and corresponding business risks. The total fraud losses in 2020 amounted to 56 billion USD and U.S. businesses will lose an average of 5% of gross revenue to fraud, making fraud mitigation a core area of focus in businesses of all manner.
Transportation services require that customer's location get tracked while on a ride, SaaS tools ask that companies store their sensitive data in the cloud, financial services want their users to send money to each other using their mobile phones, Online marketplaces want their customers to send money to someone they have never met. And e-commerce providers want customers to share and save personal information, including credit card numbers, to enable faster and more personalized purchasing experiences. Digitization is bringing new and transformative user experiences online but at the cost of increased fraud and associated risk.
The cornerstone of modern risk decisioning is detection of fraud and abuse in real-time using automated feature engineering, a decision engine powered by Machine Learning, coupled with no-code automation.
Risk management is about making accurate decisions in the moment
Risk management entails a balancing act between enabling a seamless online user experience and introducing friction in the user experience to stop bad actors.
This isn't a one time static decision. User behaviors change, as do business appetite for fraud losses and risk. Therefore, risk management is about continuously and dynamically altering the user experience to reduce false positives and slow down or stop adversarial patterns.
This capability of dynamic decisioning necessitates speeding up fraud and risk operations in a way that enables organizations to go from discovering new fraud signals to deploying accurate decisions to counter those adversarial patterns in a few minutes vs months.
Why a conventional rules engine approach is not the answer?
Traditionally, risk management was centered around rules engines. Typically, these took the form of a business rules engine that manages a set of policies, expressed as rules, separately from application code. Business rule engines are typically part of a business rule management system that enable registering, defining rules and the relationship between various rules.
Fundamentally, rule engines are a much lower level of abstraction requiring analysts and data scientists to write code in order to design new decisions to manage risk. Thereby, conventional rule engines necessitate a dependence on engineering due to a lack of no-code automation amongst other reasons.
Furthermore, conventional business rules engines are centered around the processing logic alone, leaving the data plumbing required by the rules to the risk teams to figure out. This results in the application bearing the burden of integrating all the data required by the rules before invoking the rule engine, thereby impacting the performance of decisioning.
The result is a decision gap
Drawbacks of conventional decisioning result in a series of unideal tradeoffs involving performance, engineering overhead and iteration speed of fraud and risk operations.
High engineering overhead
Building a lower level abstraction such as a rules engine often means their end users—analysts and data scientists—get blocked on expensive engineering resources to do end-to-end risk management—from integrating appropriate data sources and writing new rules, to pushing them live and monitoring their performance. This reliance on engineering is not ideal for risk teams and an expensive proposition for the company.
Slow response time to new adversarial patterns
Absence of automated out-of-the-box integrations with the right data sources often means significant time spent on data plumbing to discover new fraud and risk signals. Coupled with the lack of no-code automation, this means a delay of weeks to months to respond to rapidly evolving adversarial patterns. This slow response time results in millions of dollars in fraud losses and damage to invaluable brand equity.
Accumulating all the data required by the rules engine as part of one large object passed into the rules often means that applications make several synchronous API calls, some to 3rd party tools and some to internal services, to execute a set of relevant rules. Not only does this increase the latency of rule execution, but it also does not scale and leads to incomplete decisioning due to the skipped rules that are too slow to execute.
What does modern risk decisioning entail?
To answer this question, we must reason about decisions from first principles. A decision is a set of conditions that must be satisfied to trigger the appropriate set of actions to execute the business decision.
Decisions = Conditions + Actions
And conditions require features or signals of interest and often context that might lie in a 3rd party tool or a relational database or a data lake.
Conditions = Features + Context
While the raw features can be assembled, albeit at the cost of performance, the core overhead is the data plumbing that needs to be done in real-time to assemble the context required to enrich the raw features.
A decision engine is a system that takes in features, enriches it with related context, to feed relevant rules and ML models and execute the configured actions.
More importantly, it is a system that enables a complete feedback loop, thereby measuring the performance of rules and ML models along with the actual decisions made. The final decision might be made by a manual reviewer or by the business logic of the application. These decisions are then fed into Machine Learning models that are trained to recognize complex adversarial patterns effectively.
Image 2: Architecture of a no-code decision engine
Accurate risk decisioning is a real-time data integration problem
Raw features are rarely sufficient for good decision making; they almost always require enrichment with context that is itself fragmented across 3rd party tools, databases, internal services, and data lakes. As such, modern risk decisioning is really a real-time data integration problem.
The core need of modern risk decisioning is a platform that integrates context coming from a variety of sources, offers an easy way to enrich features with that context, and do that continuously as new features and signals are generated.
Not just rules, or Machine Learning, but both
The journey of fraud prevention and risk management often starts with rules centered around heuristics and advances to extensive application of Machine Learning.
The first step of this journey starts with high-confidence rules using heuristics. For instance, if the customer has failed to login more than 3 times in the last 10 minutes, then block the account. Tuning rules might work well for incorporating certain high-confidence signals, but might fall short of discerning new multi-dimensional patterns. For example, the billing address used for a credit card transaction different from the card's billing address is a high confidence signal for increased risk of the transaction. So is the location of the user's transaction different from the user's billing address. Those signals coupled with an unsually high transaction amount might signal a high-risk or fraudulent transaction.
As adversarial patterns adapt to human specified thresholds, the rules and corresponding thresholds must adapt quickly as well. Furthermore, a combination of discerning trends across various financial transaction signals such as transaction amount, past transaction trends, GPS location of the transaction, transaction time, merchant name etc quickly limit the effectiveness of human insights driven heuristics.
This is where Machine Learning (ML) for real-time fraud detection comes in. Supervised ML models that get trained on the heuristics used in high-confidence rules and the corresponding decisions—either taken by a human as part of a manual review or by an application—are effective at discerning fraud patterns using a large number of complex and related signals. And unsupervised Machine Learning is more effective at anomaly detection that facilitates discovery of new fraud signals and hence, new and more effective rules or Machine Learning models.
While Machine Learning is good at detecting patterns from the past, rules help stop actively evolving adversarial patterns in the moment. Therefore, the next step in the evolution of modern risk decisioning is about back stopping new ML model risk scores with short-term rules for a holistic and real-time risk decisioning ability.
Finally, the journey of modern fraud and risk decisioning evolves into advanced Machine Learning that trains new ML models on the output of these short-term rules, as well as, other features from other well-tuned ML models.
No-code automation for fraud and risk decisioning
A core gap in rules engines is the inability of performing end-to-end decisioning without reliance on engineering. Increasing the iteration speed of fraud and risk operations necessitates closing this critical gap and bringing down the mean time to recovery.
No-code automation sits at the heart of modern fraud and risk decisioning freeing non-developers like analysts and data scientists from writing code and relying on engineering for core day-to-day decisioning.
Integrated case management with decisioning
Albeit the high degree of automation that Machine Learning lends to risk decisioning, it does not fully remove the role of humans in managing high risk transactions. Streamlining case management by fully integrating it with the decision engine is a necessary capability of modern risk management. Doing that effectively entails assembling all the related data and associated history of user's actions for the reviewer to enable them to take the right action. Equally important is completing the feedback loop and feeding the final decision as labels for training supervised ML models, thereby improving the ability to further reduce the burden on manual decision making.
Image 3: Oscilar, a no-code decision engine for fraud and risk
Oscilar as a modern no-code fraud and risk decisioning solution
Oscilar is the only no-code real-time decision engine that automates custom feature enrichment using out of the box integrations with a variety of 3rd party tools and data systems, and has an in-built no-code decision engine powered by Machine Learning to offer real-time risk decisioning ability. Oscilar also offers integrated case management to complete the decisioning feedback loop and enable risk teams to speed up fraud and risk operations.