Fraud Detection
Detecting anomalies and fraud on bank statement documents
What is Fraud detection?
Fraud detection on bank statements involves identifying and flagging documents that may contain fake or manipulated data. This process helps ensure that only genuine documents are processed, thereby preventing potential fraud and maintaining the accuracy of financial records.
The document might have been tampered with malicious intentions, which could be detected by authorities to differentiate between genuine bank statements and fraudulent ones.
Fraud checks on bank statements
-
To enable the fraud check to be triggered when the document is uploaded, add the additional parameter
detect_fraud:truein the pre-processing settings. -
Enable the
Fraud Checkfield in theEdit Fieldssection of the document type.- To apply this change to the actual field being populated, the documents must be manually retried.
NOTE: For older and existing document types, you need to reset the document type to enable the fraud table field to be visible on the
Edit Fieldspage.
The Fraud Check field is a table grid representing two tables.
- All the checks that have been applied to the document
- All the checks that failed (i.e. which might indicate that it is a probable fraud) in in-depth with description/position
Fraud Table
Table 1: All the checks applied on the document
| Fraud Check | Name of Check | Description | Result |
|---|---|---|---|
| exif_analysis | is_date_modified | Passed | |
| exif_analysis | is_author_blacklist | Passed | |
| exif_analysis | is_creator_blacklist | Passed | |
| exif_analysis | is_producer_blacklist | Passed | |
| exif_analysis | is_trailer_tampered | Passed | |
| exif_analysis | is_checksum_invalid | Passed | |
| transaction_analysis | tally_check | Transaction Tally failed | Failed |
| transaction_analysis | high_amount_check | High Amount transactions detected | Failed |
| transaction_analysis | eod_balance_check | The calculated and the actual balance don't match | Failed |
| transaction_analysis | frequent_transactions | Passed | |
| transaction_analysis | repeated_transactions | Passed | |
| transaction_analysis | failing_transactions | Passed | |
| transaction_analysis | circular_transactions | Passed | |
| transaction_analysis | inconsistent_trailing_digits | Passed | |
| transaction_analysis | daily_transactions_above_threshold | Passed | |
| amount_layout_analysis | amount_alignment | Inconsistent transaction amount alignment detected. | Failed |
Table 2: All the checks that failed
| Fraud Check | Name of Check | Description | Result |
|---|---|---|---|
| transaction_analysis | tally_check | Transaction Tally failed | Failed |
| transaction_analysis | high_amount_check | High Amount transactions detected | Failed |
| transaction_analysis | high_amount_check | High Amount transactions detected | Failed |
| transaction_analysis | high_amount_check | High Amount transactions detected | Failed |
| transaction_analysis | eod_balance_check | The calculated and the actual balance don't match | Failed |
| transaction_analysis | eod_balance_check | The calculated and the actual balance don't match | Failed |
| amount_layout_analysis | amount_alignment | Inconsistent transaction amount alignment detected. | Failed |
The second table will display individual checks and indicate the exact position where tampering or anomalies may have occurred.
There won't be a position for generic checks like tally_checks or document meta-data checks like EXIF analysis.
Transaction-level checks are conducted on the extracted transaction tables in the document. These checks include verifying the account information, such as opening and closing balances, and the start and end dates.
The amount layout alignment check also uses the OCR data from the extracted transaction tables.
Checks
There are 3 categories of checks currently implemented into the Bank statement API, in all, there are 17 individual fraud checks as follows:
- EXIF Analysis: This analysis examines the document's metadata for signs of tampering or suspicious values. It checks metadata fields such as author, producer, and creator against a known set of whitelisted and blacklisted terms and keywords. If any match is found, the check is marked as fraud. Additionally, it verifies PDF trailer tampering and validates the checksum from the trailer.
- Transaction Analysis: This analysis identifies anomalies or patterns in transaction table data extracted from the bank statement document. It includes basic checks on the tally, daily balance, repeated or overly frequent transactions, anomalies in transactions (such as inconsistent trailing digits or high amounts), circular or round trip transactions, and invalid dates.
- Amount Layout Analysis: This analysis detects position-related anomalies in the amount/debit/credit columns. If a row deviates in position range from other rows, it is flagged as a suspicious transaction.
There might be erroneous fraud detection
There might be instances where the document might not be fraud per se, but there might be fraud checks failing for that document, those could be for a few justifiable reasons:
- The image quality in the document is low due to which the extraction and analysis might not have been accurate enough.
- The document might have such a structure that might cause fraud checks giving false positive analysis of the layout or data.
| No. | Check | Name | Description |
|---|---|---|---|
| 1 | EXIF Analysis | is_date_modified | The metadata of the document had the created and modified dates as different dates |
| 2 | is_author_blacklist | The metadata of the document had the author field as a suspicious name from the whitelisted source of bank names | |
| 3 | is_creator_blacklist | The metadata of the document had the creator field as a suspicious tool from the blacklisted software used to create the document | |
| 4 | is_producer_blacklist | The metadata of the document had the producer filed set as a suspicious tool from the blacklisted software used to create the document | |
| 5 | is_trailer_tampered | The trailer present in the metadata of the document seems to be tampered | |
| 6 | is_checksum_invalid | The checksum present in the metadata of the document has an invalid hash | |
| 7 | Transaction Analysis | tally_check | The balance of the amount in the transaction table does not tally with the opening and closing balances |
| 8 | high_amount_check | There is a transaction with an amount having a very high value than the rest of the transactions | |
| 9 | eod_balance_check | The balance amount for the day is calculated to be negative | |
| 10 | frequent_transactions | There are a lot of frequent transactions with the same description | |
| 11 | repeated_transactions | There are a lot of transactions with the same description and the same amount | |
| 12 | failing_transactions | There is a transaction that is either a failed transaction(NSF, Bounced cheque, Overdraft, etc) | |
| 13 | circular_transactions | There are transactions with a similar description and with debit and credit as the same amount | |
| 14 | inconsistent_trailing_digits | There is an inconsistency in the number of trailing digits in the amount values | |
| 15 | daily_transactions_above_threshold | The day in the statement has too many transactions compared to the rest of the days | |
| 16 | date_check | The date is either invalid or incorrect in the context of the statement Out of range from the start and end dates Invalid date or format (31st Feb, etc) | |
| 17 | Amount Layout Analysis | amount_alignment | The transaction has an inconsistent position of the amount column from the rest of the rows in the table |
In case of an error from the fraud module, the fraud check table will be a row table with the description marked as Error during fraud analysis or Fraud check timed out. in case of a timeout issue from the processing of data.
Updated 6 months ago