PSCU: Elastic reduces risk by blocking millions of dollars in credit union fraud

For years, the organization's Enterprise Risk Office had been operating under a legacy Jade Database platform. This architecture restricted PSCU to only being able to ingest logs from just a few curated data sources for the purpose of detecting insider threats like theft of funds by PSCU staff, vendor partner staff, and credit union employees. To say the least, it was difficult to comprehend the siloed data in Excel spreadsheets and to visualize in Power BI. And, over time, as the database grew, ingesting data became more challenging as it took a day to load the previous day's data.

A 24-hour ingest delay is simply too long, especially when it comes to ferreting out financial fraud. So, one of the organization's contractors suggested that PSCU migrate those logs into Elasticsearch because it's well suited for any amount or type of data. Following this advice, PSCU transitioned to the Elastic Stack in 2018 and began adding more and more data sources such as member online logins, IP and home addresses, and their contact center call history — to name just a few—to better monitor and visualize logs to combat financial fraud.

Within days of deploying Elastic, PSCU blocked $35,000 in fraudulent activity. Now, PSCU has prevented $35 million in fraud just 18 months after deploying their Elastic-powered system dubbed "Linked Analysis."

After the transition to Elastic, Jonathon Robinson, manager of Fraud Intelligence at PSCU, discovered that Elasticsearch could handle as many data sources as PSCU could throw at it — with ease. So, he expanded the Elastic use case from the original insider fraud detection solution and added more logs from a growing number of financial-related data sources for the purpose of preventing external fraud at its 1,500 member credit unions across the United States.

With an expanded number of data sources, a new, first-layer of fraud prevention was created: one that stops financial fraud before it occurs. Previously, PSCU didn't know about fraudulent activity until after it occurred or when it was occurring. "Thanks to Elastic, now we see fraud before it's committed so we can stop it," Robinson says.

Later on, the PSCU Elastic journey would evolve. Since PSCU already had the data in its system, it was a natural progression for PSCU to provide operational insights for its contact center operations. In addition, Elastic paved the way to a new PSCU emergency management protocol that harnessed Kibana and Elastic Maps to alert credit unions to pending natural disasters. During events like hurricanes or wildfires, they could adjust their localized customer support accordingly to make sure members can access their money and credit.

All the while, PSCU has remained committed to the original pursuit of fraud detection, prevention, and mitigation. To date, that ongoing mission has saved its owner credit unions tens of millions of dollars.

Robinson explains how Linked Analysis brought a recent credit card fraud ring to light that initially appeared to involve two credit cards from one credit union. Robinson noticed it when a machine learning job reported anomalies.

In one particular instance, while checking in on an alert, Robinson's team used the graph features of Elastic to find 35 additional cards that were linked via phone numbers and amalgamations of the original billing address on file with those two cards. The team realized that several credit unions, not just the original one where the alert originated from, were being scammed by the same fraud ring. So the PSCU team was able to quickly notify the affected credit unions, disable the cards, stop any of them from being used to make purchases, and also save their end members the frustration and inconvenience of having to replace a compromised credit card.

As a result, this combination of addresses, phone numbers, names, and other identifying information was blacklisted, and PSCU would be alerted to any future activity from this fraud ring no matter where it happened in their credit union network.

"The intel Elastic provided us was instantly used to protect the acutely impacted credit unions, but due to the blacklist we established, we also used it to protect any of the credit unions we service moving forward," Robinson says. "Without being able to correlate this data between credit unions, we would never have been able to see the patterns, even though we would have been fighting the same fraudulent actors across multiple fronts."

"There's something satisfying," Robinson adds, "about cracking down on fraud. That's because the fraudsters still try to use credit cards after PSCU has blacklisted them."

For the Fraud Intelligence team, machine learning is making it possible to deliver on the needs of 1,500 credit unions. Machine learning and alerting gives the team instant insights that otherwise wouldn't be immediately available when manually sifting through reports.

When it comes to fraud prevention, machine learning jobs at PSCU monitor activity that happens before a credit card is swiped at a checkout terminal. That's how PSCU took down that fraud ring. Activity PSCU is monitoring includes a combination of data center calls, online activity, and "a bunch of different data sources that give us a clue to what's going on with a card," Robinson says.

For example, if a customer typically logs in from their home computer, machine learning helps PSCU identify anomalous login attempts, or discover similar email addresses, phone numbers, IP addresses, Social Security numbers, and physical residential addresses being used to open or access accounts across different credit unions. With machine learning and alerting, once a customer appears to veer outside their normal behavior, the team is notified and can take measures to contact the individual member and, if necessary, shutter a card or account to stop fraud in its tracks.

Additionally, with the graph features available in Kibana, Robinson and PSCU can now crack down on the fraud by visualizing and exploring the connections and relations in the data in a quick way that wouldn't have been possible in a spreadsheet or any other parts of their legacy solution.

About half a dozen departments have access to different datasets that are visualized in Kibana. Some of the data might be essential to one group but not to another. With Kibana Spaces and role-based access control provided by the security features of the Elastic Stack, staff members can be assigned access to certain visualizations and be blocked from others unrelated to their work. It is a crucial feature that is important within the highly regulated industry in which PSCU exists.

"So, if somebody from the contact center is logging in, I don't want them to see the tab for monitoring or for almost anything else. I only want them to see what they're permitted to access and what's relevant to them, and I can do that with Spaces."

Spaces, Robinson adds, also keeps data "looking nice and tidy too, which is important to leadership."

Sometimes, however, things get messy. Mother Nature, for example, can cause as much or more financial havoc than credit union fraudsters. PSCU cannot prevent hurricanes, wildfires, or other environmental catastrophes. But with Elastic, it can make sure credit union members in the path of destruction have access to their money.

When Hurricane Dorian was projected to slam into the east coast of Florida in late summer 2019, Robinson harnessed Elastic Maps and added a weather layer from the United States National Oceanic and Atmospheric Administration (NOAA) in addition to home address data from members who were in the hurricane's path. The results provided a visualization to credit unions about which of their card holders could be impacted. With this information, the credit unions could adjust their fraud prevention measures and not automatically block purchases that appeared outside a user's normal activity—like suddenly buying expensive generators, lumber, or an outsized number of canned goods.

This emergency management practice has now become the norm ahead of or during disasters, including recent wildfires in California.

In addition, because credit unions in the path of destruction likely will be closed, this type of preparedness allows PSCU to take over contact center operations for the affected credit unions to handle a deluge of expected calls.

PSCU is using Elastic in the contact center context for more than just emergencies, but for other use cases including business analytics and operational management purposes.

The Contact Center handles phone calls on behalf of hundreds of credit unions, which requires incredible coordination of resources and monitoring of events across all financial institutions. Their use of real-time machine learning lets them spot issues buried in a sea of data before they become a problem.

For example, operational logs visualized with Kibana give managers at credit unions a real-time look as to why there might be too many calls coming in to their contact centers at one time. The Kibana visualizations might show if there's an internal issue, a promotion, or a business matter that is prompting an overload of calls.

With this data, contact center staffing operations can be adjusted as necessary, even before a deluge of calls. And it gives managers at the individual credit unions the ability to visualize operational insights in Kibana without having to call PSCU to find out what's going on at a contact center.

In short, the competitive advantage of observability through Elastic gives PSCU insights that it never had or could provide to credit unions before.

"With these Kibana dashboards, we're showing credit union managers the answer instead of showing them the path to the answer with Excel spreadsheets," Robinson says. "They don't need to have any technological know-how, either."

Eighteen months into their Elastic journey, Robinson says there's been a whopping 48,000% return on investment. That figure combines the millions of dollars Elastic has saved member credit unions in fraud, minus how much PSCU has spent on infrastructure and an Elastic subscription over that same period.

In addition, Robinson says his bosses "were thrilled" with how much fraud the Elastic Stack has prevented—$35 million and counting.

"Any additional layer of protection we can offer our credit unions is always good. So, when a credit union has to pay out fraud losses, that means that the dividends that go to the credit union members are lower," Robinson says. "With the tools we've been using over the last 18 months, the credit unions are now saving members money and are investing in new services for their members."

In addition to the hard dollars and cents saved, Elastic has also helped PSCU increase customer satisfaction for their credit union members.

"When we call the individual credit union member, we're not saying, 'Hey, someone has spent $1,000 on your credit card.' That's not a great feeling. Instead, we're calling in and asking if they have logged in from a certain place and letting them know that nothing has been stolen. In the end, the cardholder knows that the credit union, and PSCU by extension, is watching out for them," Robinson says.

As far as fraud-prevention data goes, Robinson says there is seemingly an endless supply of data sources to be ingested into Elastic to feed this project. Given that, PSCU will continue this real-time data centralization project with Elastic by adding more data sources and by modifying existing sources.