Fraud Detection

Detecting anomalies and fraud on bank statement documents

What is Fraud detection?

Fraud detection on bank statements involves identifying and flagging documents that may contain fake or manipulated data. This process helps ensure that only genuine documents are processed, thereby preventing potential fraud and maintaining the accuracy of financial records.

The document might have been tampered with malicious intentions, which could be detected by authorities to differentiate between genuine bank statements and fraudulent ones.

Fraud checks on bank statements

  • To enable the fraud check to be triggered when the document is uploaded, add the additional parameter detect_fraud:true in the pre-processing settings.

  • Enable the Fraud Check field in the Edit Fields section of the document type.

    • To apply this change to the actual field being populated, the documents must be manually retried.

The Fraud Check field is a table grid representing two tables.

  1. All the checks that have been applied to the document
  2. All the checks that failed (i.e. which might indicate that it is a probable fraud) in in-depth with description/position

Fraud Table

Table 1: All the checks applied on the document

Fraud CheckName of CheckDescriptionResult
exif_analysisis_date_modifiedPassed
exif_analysisis_author_blacklistPassed
exif_analysisis_creator_blacklistPassed
exif_analysisis_producer_blacklistPassed
exif_analysisis_trailer_tamperedPassed
exif_analysisis_checksum_invalidPassed
transaction_analysistally_checkTransaction Tally failedFailed
transaction_analysishigh_amount_checkHigh Amount transactions detectedFailed
transaction_analysiseod_balance_checkThe calculated and the actual balance don't matchFailed
transaction_analysisfrequent_transactionsPassed
transaction_analysisrepeated_transactionsPassed
transaction_analysisfailing_transactionsPassed
transaction_analysiscircular_transactionsPassed
transaction_analysisinconsistent_trailing_digitsPassed
transaction_analysisdaily_transactions_above_thresholdPassed
amount_layout_analysisamount_alignmentInconsistent transaction amount alignment detected.Failed

Table 2: All the checks that failed

Fraud CheckName of CheckDescriptionResult
transaction_analysistally_checkTransaction Tally failedFailed
transaction_analysishigh_amount_checkHigh Amount transactions detectedFailed
transaction_analysishigh_amount_checkHigh Amount transactions detectedFailed
transaction_analysishigh_amount_checkHigh Amount transactions detectedFailed
transaction_analysiseod_balance_checkThe calculated and the actual balance don't matchFailed
transaction_analysiseod_balance_checkThe calculated and the actual balance don't matchFailed
amount_layout_analysisamount_alignmentInconsistent transaction amount alignment detected.Failed

The second table will display individual checks and indicate the exact position where tampering or anomalies may have occurred.

There won't be a position for generic checks like tally_checks or document meta-data checks like EXIF analysis.

Transaction-level checks are conducted on the extracted transaction tables in the document. These checks include verifying the account information, such as opening and closing balances, and the start and end dates.

The amount layout alignment check also uses the OCR data from the extracted transaction tables.

Checks

There are 3 categories of checks currently implemented into the Bank statement API, in all, there are 17 individual fraud checks as follows:

  1. EXIF Analysis: This analysis examines the document's metadata for signs of tampering or suspicious values. It checks metadata fields such as author, producer, and creator against a known set of whitelisted and blacklisted terms and keywords. If any match is found, the check is marked as fraud. Additionally, it verifies PDF trailer tampering and validates the checksum from the trailer.
  2. Transaction Analysis: This analysis identifies anomalies or patterns in transaction table data extracted from the bank statement document. It includes basic checks on the tally, daily balance, repeated or overly frequent transactions, anomalies in transactions (such as inconsistent trailing digits or high amounts), circular or round trip transactions, and invalid dates.
  3. Amount Layout Analysis: This analysis detects position-related anomalies in the amount/debit/credit columns. If a row deviates in position range from other rows, it is flagged as a suspicious transaction.

🚧

There might be erroneous fraud detection

There might be instances where the document might not be fraud per se, but there might be fraud checks failing for that document, those could be for a few justifiable reasons:

  • The image quality in the document is low due to which the extraction and analysis might not have been accurate enough.
  • The document might have such a structure that might cause fraud checks giving false positive analysis of the layout or data.
No.CheckNameDescription
1EXIF Analysisis_date_modifiedThe metadata of the document had the created and modified dates as different dates
2is_author_blacklistThe metadata of the document had the author field as a suspicious name from the whitelisted source of bank names
3is_creator_blacklistThe metadata of the document had the creator field as a suspicious tool from the blacklisted software used to create the document
4is_producer_blacklistThe metadata of the document had the producer filed set as a suspicious tool from the blacklisted software used to create the document
5is_trailer_tamperedThe trailer present in the metadata of the document seems to be tampered
6is_checksum_invalidThe checksum present in the metadata of the document has an invalid hash
7Transaction Analysistally_checkThe balance of the amount in the transaction table does not tally with the opening and closing balances
8high_amount_checkThere is a transaction with an amount having a very high value than the rest of the transactions
9eod_balance_checkThe balance amount for the day is calculated to be negative
10frequent_transactionsThere are a lot of frequent transactions with the same description
11repeated_transactionsThere are a lot of transactions with the same description and the same amount
12failing_transactionsThere is a transaction that is either a failed transaction(NSF, Bounced cheque, Overdraft, etc)
13circular_transactionsThere are transactions with a similar description and with debit and credit as the same amount
14inconsistent_trailing_digitsThere is an inconsistency in the number of trailing digits in the amount values
15daily_transactions_above_thresholdThe day in the statement has too many transactions compared to the rest of the days
16date_checkThe date is either invalid or incorrect in the context of the statement
Out of range from the start and end dates
Invalid date or format (31st Feb, etc)
17Amount Layout Analysisamount_alignmentThe transaction has an inconsistent position of the amount column from the rest of the rows in the table

In case of an error from the fraud module, the fraud check table will be a row table with the description marked as Error during fraud analysis or Fraud check timed out. in case of a timeout issue from the processing of data.