“Show Me What’s Wrong!”: Enhancing Fraud Detection Analysis by Combining Charts and Text

Every year, millions of people fall victim to financial fraud. In 2023, the losses tied to this type of crime were estimated at US$159 billion just in the US, with some people losing all of their retirement savings to scammers.

However, the impacts of this issue stretch beyond someone’s finances. It can also impact a victim’s life in many dimensions. Detecting and quickly acting upon suspicious transactions is essential to tackle this problem.

Finding Fraud Through Data Tables

To review the data of alerted transactions, analysts look at information in tabular format (similar to what is presented in Figure 1), scrolling through it to assess past activity patterns of the alerted person and comparing those with the alerted event. “How much money was spent on average on past transactions?” or “Is that significantly different from the amount on the current alert?” are some questions they might try to answer during their review.

Figure 1: Image of a table that analysts typically use to review the data of alerted transactions.

The issue with this approach is that finding groups of patterns and anomalies in tabular data can be overwhelming since it requires an increased cognitive load from analysts to interpret the data effectively. This becomes even more complex since these professionals must review and classify the alerted transaction in a short time — between 1 and 5 minutes.

Revamping the analysis

To solve this problem, we present a tool that combines charts and text to guide the analysis of financial transactions.

As presented in Figure 2, the tool (populated with synthetic data) is divided into three regions that provide different levels of information detail — from the most high-level to the most detailed. The goal is that the analyst can scan the charts and prioritize their review towards specific areas of the alert.

Figure 2: Proposed interface composed of multiple regions: the Knowledge Area Console (A) to detect suspicious areas of the analysis; the Knowledge Area Text Summary (B) to understand those areas broadly; and the Knowledge Area Graphical Representation (C) to explore them in detail. The data presented above is synthetic and thus does not correspond to real data.

Identifying Investigation Areas

To assess suspicious areas of the alert and gain a general understanding of the data, analysts first look at the Knowledge Area Console (A), where they see all the areas that compose an alert — which are dynamic and use case dependent. For the considered use case, the analyst is presented with the alerted person demographics (A.1), transaction location (A.2), alerted person’s incoming and outgoing transactions (A.3), card used (A.4), counterpart (A.5), and alerted person’s activity (A.6). They are also pointed to the areas that have suspicious information and thus that might require more attention (in this case, A.5, the counterpart).

To gather more details about a specific alert area, analysts can click on its corresponding icon. This selection will be reflected in the other regions of the tool (B and C, as presented in Figure 3), which will then present insights about the data of the area. In the example illustrated in Figure 2, the analyst is interested in knowing more details about the alerted person’s balance between incoming and outgoing transactions (A.3) and thus selects that area for further investigation.

Narrowing the Investigation Focus

After selecting an area, analysts can understand more details about it in the Knowledge Area Text Summary (B). This is an LLM-generated summary of the most relevant insights of the data where relevant and suspicious information is pointed, giving analysts a broad understanding of the selection data. Through the summary of area A.3, analysts can quickly assess how much money the alerted person sent and received in the past three months and how many counterparts were involved in those transactions.

Digging Deeper into the Data

Upon reading the text summary, analysts might still feel like they need more information to understand the data. For that, they can look at the Knowledge Area Graphical Representation (C). This region is composed of one or more graphs tailored to the data and analysis needs of the selection. Here, all the data points of the selected area are represented, allowing analysts to perform an exhaustive evaluation of the data and to confirm the insights that were given in the other regions of the tool.

By looking at the graphical representations designed for area A.3, the analyst is able to gather insights about the entities the alerted person sent to or received money from. They can also see how those transactions occurred through time. As confirmed in the summary, they verify that no data regarding this area seems to be suspicious or out of the ordinary.

User feedback on this tool indicates that it could transform the way analysts perform their reviews. They mentioned that it improves their efficiency and “enables the most basic review to be almost automatic, allowing … time and effort to [be invested only in] more advanced cases.” Analysts also mentioned that the tool makes it easier to “get an overview of the behaviors of the alerted person” and thus “to identify what is wrong or what is not common to the person’s activity,” facilitating the identification of risky analysis areas and information.

Figure 3: Proposed interface with two different analysis area selections (person who performed the alerted transaction, and the balance between incoming and outgoing transactions). The data presented above is synthetic and thus does not correspond to real data.

For more details about this work, refer to our paper and video.

If you have any questions or feedback, feel free to reach out to data-viz@feedzai.com.