Finding a needle in a haystack: a machine learning framework for anomaly detection in payment systems

BIS Working Papers  |  No 1188  | 
15 May 2024

Summary

Focus

High-value payment systems are a central piece of a country's financial infrastructure. We propose a novel machine learning framework for real-time transaction monitoring in these systems. Given the substantial volume of high-value payments settled each day and the scarcity of actual anomalous transactions, detecting anomalies in high-value payment systems is like trying to find a needle in a haystack. Our framework uses a layered approach. First, a supervised machine learning algorithm identifies and separates "typical" payments from "unusual" payments. Second, only the unusual payments are run through an unsupervised machine learning algorithm to detect anomalies. We test this framework using artificially manipulated transactions and payments data from the Canadian high-value payment system.

Contribution

The key strength of our proposed framework is that it can identify anomalies in high-frequency payments data, particularly when anomalies are unknown a priori. The framework derives its strength from its novel layered approach and can be used for different applications in finance. Payment system operators and overseers may use it to detect cyber attacks or operational outages that, if left undetected, could have serious implications for the financial system. The framework could also be used to detect early signs of financial stress at individual financial institutions or for screening transactions as part of countering money laundering and the financing of terrorism.

Findings

Our proposed framework is a promising approach for transaction monitoring and anomaly detection. The machine learning algorithm employed in the first layer achieves a detection rate of 93%, which is a significant improvement over commonly used econometric models. The algorithm used in the second layer marks the artificially manipulated transactions as nearly twice as suspicious as the original transactions. Scenario analyses demonstrate that the framework is flexible enough to be applied to different payment system designs.


Abstract

We propose a flexible machine learning (ML) framework for real-time transaction monitoring in high-value payment systems (HVPS), which are a central piece of a country's financial infrastructure. This framework can be used by system operators and overseers to detect anomalous transactions, which - if caused by a cyber attack or an operational outage and left undetected - could have serious implications for the HVPS, its participants and the financial system more broadly. Given the substantial volume of payments settled each day and the scarcity of actual anomalous transactions in HVPS, detecting anomalies resembles an attempt to find a needle in a haystack. Therefore, our framework uses a layered approach. In the first layer, a supervised ML algorithm is used to identify and separate 'typical' payments from 'unusual' payments. In the second layer, only the 'unusual' payments are run through an unsupervised ML algorithm for anomaly detection. We test this framework using artificially manipulated transactions and payments data from the Canadian HVPS. The ML algorithm employed in the first layer achieves a detection rate of 93%, marking a significant improvement over commonly-used econometric models. Moreover, the ML algorithm used in the second layer marks the artificially manipulated transactions as nearly twice as suspicious as the original transactions, proving its effectiveness.

JEL classification: C45, C55, D83, E42

Keywords: payment systems, transaction monitoring, anomaly detection, machine learning