AWS for Industries

How FSIs are combating fraud and financial crime with AWS in real-time

Financial transactions are based on trust, and consumers continue to seek easier ways of transacting and garnering greater financial inclusion for the 2 billion unbanked globally. Conversely, the acceleration of digital transformation initiatives, sustained growth in the number of internet active consumers, and advancements in web3 technologies are causing an explosion of financial transactions across different channels. This growth also brings an increase in nefarious players looking to exploit the trust that consumers place in their transacting channel of choice. PWC’s most recent global economic crime and fraud survey reported that external perpetrators were responsible for the most disruptive incidents in 70% of organizations that had experienced fraud. The top external perpetrators were hackers and organized crime, while in prior years it was customers and vendors. Financial service institutions (FSIs) have a duty of care to secure their customers’ transactions. However, unfortunately traditional efforts to combat fraud and financial crimes are largely reactive, only detecting after the transaction has happened, with manual interventions required to investigate and recover funds. Manual interventions arise because compliance operations prioritize the deployment of artificial intelligence (AI), automation, and analytical technologies to detect incidents, over supporting downstream investigation and reporting.

A holistic approach to combating fraud and financial crime necessitates that FSIs manage and analyze the available data (real-time and historic), apply machine learning (ML) techniques, and leverage scalable architecture and infrastructure as depicted in the following figure.

holistic approach to using data

Figure 1: Holistic approach to using data to combat fraud and financial crime

In this post, we’ll cover the challenges that financial institutions are facing, some of the approaches being taken to innovate and transform their fraud and financial crime protections, and finally which AWS services are being utilized to help organizations in their journey toward real-time defense.

Current challenges

The challenges facing financial service providers include the following: 1) Increasing the prevalence and sophistication of criminal behavior (which diminishes the effectiveness of rules-based defenses), 2) Increasing data volumes without the commensurate increase in data quality, 3) Increasing the cost of continuous compliance, and 4) Increasing customer expectations for transacting quickly and securely. These multi-faceted challenges require a holistic approach to combating fraud and financial crime by focusing on shortening the feedback loop from threat to response.

Rules-based implementations to detect suspicious transactions are ineffective and can do more harm by adding friction to the customer experience. FSIs are actively pursuing ML solutions to help with behavioral analysis, threat detection and reducing false positives. However, these efforts aren’t a silver bullet due to the growing volumes of data that must be received, cleaned, and prepared for analysis. According to the IDC, there will be more than 175 zettabytes (that’s 175 trillion gigabytes) of data generated per year by 2025 and FSIs are battling to harness the value of this data for combating fraud and financial crime.

Growing volumes of data are inevitable when building a complete profile of the customer to determine what would constitute suspicious activity. 52% of fraud is perpetrated by people inside of the organisation – according to a PWC global economic crime and fraud survey. Therefore, it’s not only the customer’s transaction data that’s important, but also related data points such as the customer’s credit or claims history, any past convictions, transactions with other financial service providers, interaction history with other service agents, as well as entity relationships between customers and financial service provider employees.

In 2021, FSIs spent an estimated $213.9 billion on financial crime compliance. This was within the context of increasing layers of regulation being implemented across jurisdictions to strengthen the fight against money laundering, drug trafficking, terrorist financing, and other financial crimes. There was also a 250% increase in attempted online banking fraud detected that was fuelled by the rapid growth of mobile banking that was itself catalysed by the pandemic. The net effect of these headwinds is increasing enterprise risk and rising IT spend for FSIs as they strive to mitigate growing fraud losses and rising costs of financial crime compliance.

Digital wallet and real-time payment adoption is rapidly growing. According to McKinsey, over 56 countries now have active real-time payment rails, a fourfold increase from just six years earlier. A batch-driven fraud detection strategy is incongruent with consumers’ real-time demands. Customer expectations for transacting quickly and securely are also driving regulations to protect consumers. In turn, this contributes to the aforementioned increase in costs to comply for FSIs.


Approaches adopted by FSIs

ML Augmentation

Business rules look for specific conditions or behaviors and can be easily explained and validated. To mitigate the challenge of rapidly evolving criminal behavior, FSIs are deploying ML models to their detection patterns, as supervised learning ML models learn more general patterns by looking at numerous past examples. When fraudsters make small tweaks, the model still recognizes them as suspicious, since it’s unlike anything that it’s seen from legitimate customers. ML models are not only good at finding the risky patterns, but also much less brittle than rules. These ML models can augment the rules that are in place that may not be performing well. ML models are also being deployed further downstream in the process to triage the alerts raised and flag false positives. This allows organizations to optimize their specialist resource allocations for investigators and case managers to focus on high-value cases.

Real-time, all the time

The ML augmentation approach is at the mercy of batch-based components in the end-to-end solution that don’t support real-time integration. FSIs are deploying real-time detection and response mechanisms, all while balancing the amount of friction introduced into customer journeys, such as onboarding and payments. FSIs are leveraging the availability of streaming data and scalable data lake architectures to detect fraud and data errors much earlier and within the data stream for that interaction. This proactive approach lets the organization flag suspicious interactions before the customer sees them. In turn, this minimizes fraud losses and focuses customer communications on proactive remedial actions, such as changing passwords, ordering a new card, or contacting the organization for assistance.

How FSIs are doing this on AWS

FSIs typically start with the decision of whether to build or buy solutions to support their fraud and financial crime mitigation approach. With cloud, FSIs have the flexibility to choose whether to build using cloud services, buy software as a service, or leverage a combination of both, depending on their context.

Faced with the challenges of rapidly evolving criminal behavior and processing growing volumes of data, organizations are deploying analytics and ML to enable solutions that learn new behaviors as fast as the data is available. For analytics and ML, organizations are building with the rich suite of AWS services, such as Amazon SageMaker which provides notebooks, built-in algorithms, and tools to augment or build new solutions. This post shows how to use this service with a Deep Graph Library (DGL) to train graph neural network models and detect malicious users or fraudulent transactions. Other services used are Amazon Textract and Amazon Rekognition for document, image, and video analysis. Customers with a buy inclination are leveraging solutions such as Amazon Fraud Detector (a fully-managed AWS service) to leverage off-the-shelf models and implement quickly.

In conjunction with putting in place the data pipelines that handle high velocity transactions and large volumes of reference data, organizations are also investing in technology that enables quick analysis of data to discover patterns and potential criminal syndicates. This enables organizations to tackle the challenge of the rising volume and sophistication of attacks. Graph databases, such as Amazon Neptune, are being deployed to perform queries and network analysis. Graph databases are commonly used in AML use cases because they can represent a multi-connected network of parties and transactions. They are as effective as they are able to perform queries and calculations simultaneously, further shortening the feedback loop and enabling rapid financial crime discovery.

For managing data at scale to feed into the analytics and ML solutions, Amazon customers are leveraging data lakes and purpose-built data stores deployed as lake house architectures or as data mesh architectures. There is also a need to enrich existing data with external data, such as politically exposed persons (PEP) lists, watch lists, or stop lists for the AML process to drive more accurate insights and predictions. FSIs leverage AWS Data Exchange, which makes it easy to find, subscribe to, and use third-party data in the cloud. An added benefit of having adaptable architectures and easy access to external data enrichment services is that it becomes easier for organizations to adapt to evolving regulations and thereby reduce the cost and effort to comply.

Customer expectations for fast and frictionless transacting give rise to real-time requirements. For this challenge, organizations are using Amazon Managed Streaming for Apache Kafka (Amazon MSK), which is a fully-managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data. In this related post, you can learn how to build and visualize a real-time fraud prevention system that combines Amazon MSK with Amazon Fraud Detector.

Lastly, for customers with a bias for buying solutions, FSIs are leveraging solutions from AWS partners and regtechs across the detection and investigation lifecycle. Available solutions span investigations workflows and lifecycle management (Nice Actimize, Fernego, Fico, Delta Capita), data enrichment (Refinitiv, LexisNexis, Dun&Bradstreet), transaction monitoring and risk evaluation (Comply Advantage, FIS, Fico, Feedzai, Quantexa), and identity verification services (Veriff, Onfido, Jumio, Socure).

Business value impact

Financial services organizations that are winning the battle against fraud and financial crimes are focused on key operational impact metrics, such as absolute fraud rate (percentage of approved transactions that turned out to be fraudulent), percentage of false positive alerts (proportion of fraudulent alerts from the total number of declined transactions), proportion of alert volumes to investigator headcount, percentage recovery of fraud losses, as well as cycle time to implement and deploy changes to the fraud and/or financial crime platform. It’s also important to track ML model performance metrics so that teams can proactively make adjustments to either retrain models or deploy new ones.

As a result, organizations are seeing benefits in the following key areas:

  • Reduction of absolute fraud losses (and time-to-detect): Respondents in KPMG’s global banking fraud survey noted that over half of them recover less than 25% of fraud losses. FSIs can increase fraud caught proactively by over 400% by leveraging real-time solutions that minimize the time to detect fraud and financial crime attempts. Therefore, this mitigates the total amount of money lost through approved transactions that turn out to be fraudulent.
  • Increased investigator productivity: Using ML to reduce false positives enables investigator teams to optimize their resource allocation, focus on true positives, and increase the time available for investigation and recovery activities. Customers such as Capital One continue to leverage AI/ML to reduce false positives, all while balancing the need to minimize friction for their customers when interacting with the bank.
  • Scalable infrastructure platform to adapt to changing customer behavior and transaction volumes: Amazon’s buyer fraud service achieved simpler scaling and lower costs while handling over 2000 real-time and historical data points. Meanwhile, customers such as Truevo are able to deploy a prototype model within 30 minutes. As consumer preferences shift toward digital interactions, it’s critical for organizations to support trusted interactions with their customers.
  • Growth in new account sign-ups and enterprise risk reduction: A key benefit of a well-architected, real-time fraud and financial crime prevention platform is the positive impact of reducing customer friction during sign-up. FSIs can grow sales by being able to confidently approve new account applications and reduce the lead drop off rate associated with onerous anti-fraud steps in the process (drop-off can be as high as 63% in digital banking applications). From an enterprise risk perspective, fines for the non-reporting of suspicious financial crime matters are becoming more stringent. This results in financial and reputational risk. Real-time and automated defenses are enabling enterprises to reduce the percentage of time and revenue spent on compliance (a third of global banks spend 5% of revenue on compliance), all while strengthening enterprise risk management capabilities.


This post discussed the challenges FSIs face today in building responsive defenses for fraud and financial crimes. This post also looked at the two different approaches that organizations are taking to address these challenges, the key AWS services being utilized, and the business benefits being realized. Regardless of the chosen approach, AWS has the services, mechanisms, and partner network to help you build and implement new capabilities quickly. Contact your Account Manager for further details if you need help developing a full-scale fraud and financial crime solution.

Related posts:

Alfred Mukudu

Alfred Mukudu

Alfred is the lead Financial Services Specialist at AWS for South Africa. He works with customers to develop and execute on strategic initiatives that drive their digital transformation journey on the cloud. Prior to AWS, Alfred spent more than a decade working with financial services customers across Africa and North America to execute on digital transformation initiatives in the front, middle, and back offices.