大海捞针:一种用于支付系统异常检测的机器学习框架(英)
BIS Working Papers No 1188 Finding a needle in a haystack: a machine learning framework for anomaly detection in payment systems by Ajit Desai, Anneke Kosse and Jacob Sharples Monetary and Economic Department May 2024 JEL classification: C45, C55, D83, E42. Keywords: payment systems, transaction monitoring, anomaly detection, machine learning. BIS Working Papers are written by members of the Monetary and Economic Department of the Bank for International Settlements, and from time to time by other economists, and are published by the Bank. The papers are on subjects of topical interest and are technical in character. The views expressed in them are those of their authors and not necessarily the views of the BIS. This publication is available on the BIS website (www.bis.org). © Bank for International Settlements 2024. All rights reserved. Brief excerpts may be reproduced or translated provided the source is stated. ISSN 1020-0959 (print) ISSN 1682-7678 (online) Finding a Needle in a Haystack: A Machine Learning Frameworkfor Anomaly Detection in Payment Systems*Ajit Desai1,‡, Anneke Kosse2and Jacob Sharples11Bank of Canada2Bank for International SettlementsMay 13, 2024AbstractWe propose a flexible machine learning (ML) framework for real-time transaction monitoring inhigh-value payment systems (HVPS), which are a central piece of a country’s financial infras-tructure. This framework can be used by system operators and overseers to detect anomaloustransactions, which—if caused by a cyber attack or an operational outage and left undetected—could have serious implications for the HVPS, its participants and the financial system morebroadly. Given the substantial volume of payments settled each day and the scarcity of actualanomalous transactions in HVPS, detecting anomalies resembles an attempt to find a needle ina haystack. Therefore, our framework uses a layered approach. In the first layer, a supervisedML algorithm is used to identify and separate ‘typical’ payments from ‘unusual’ payments. Inthe second layer, only the ‘unusual’ payments are run through an unsupervised ML algorithmfor anomaly detection. We test this framework using artificially manipulated transactions andpayments data from the Canadian HVPS. The ML algorithm employed in the first layer achievesa detection rate of 93%, marking a significant improvement over commonly-used econometricmodels. Moreover, the ML algorithm used in the second layer marks the artificially manipulatedtransactions as nearly twice as suspicious as the original transactions, proving its effectiveness.Keywords:Payment Systems, Transaction Monitoring, Anomaly Detection, Machine LearningJEL Codes:C45, C55, D83, E42*The views expressed in this paper are solely those of the authors and do not necessarily reflect those of the Bank of Canada,the Bank for International Settlements (BIS), the BIS Committee on Payments and Market Infrastructures (CPMI), or its members.We would like to thank Leonard Sabetti for his contribution during earlier stages of the work. We also thank Segun Bewaji, AlessioBrini, Narayan Bulusu, Ricardo De Avillez, Laura Felber, Marc Glowka, Tarush Gupta, Constanza Martinez, and Ellen van derWoerd for their detailed comments. In addition, we thank participants of the following conferences for their comments and sugges-tions: BIS Research Webinar Series (2022), Economics of Payments XI Conference (2022), DNB Central Bankers Go Data DrivenConference (2022), Canadian Economics Association Annual Conference (2022), RBI Global Conference on Financial Resilience(2023), International Conference on Economic Modeling and Data Science (2023), the Bank of Canada and the Bank for Interna-tional Settlement’s Seminar on Granular Data (2023), the Second CEMLA Regional Conference of Payments and Financial MarketInfrastructures (2023), and the AEA Annual Meeting Poster Session (2024). ‡Corresponding author: adesai@bankofcanada.ca.1 1 IntroductionHigh-value payment systems (HVPSs), such as Lynx in Canada, Fedwire in the US, Chaps in the UK, andTarget2 in the Eurozone, are vital components of jurisdictions’ financial systems. Typically, these are real-time gross settlement (RTGS) systems that process large-value transactions between financial institutions,often requiring settlement by a particular time. As such, the safety and efficiency of HVPSs are key tofinancial stability and economic growth. If not properly managed, an HVPS can be a source of a shock,such as payments fraud, a cyber attack, market stress, or operational problems (Chapman et al. 2015; BIS-Report 2019; FED-Report 2019; Kotidis and Schreft 2023). Moreover, as HVPSs provide a link betweentheir participating financial institutions, they could become a channel through which shocks are transmittedacross domestic or even international financial markets (Kosse and Lu 2022; Kotidis and Schreft
