Finding a needle in a haystack: A machine learning framework for anomaly detection in payment systems

We propose a flexible machine learning (ML) framework for real-time transaction monitoring in high-value payment systems (HVPS), which are central to a country’s financial infrastructure and integral to financial stability. This framework can be used by system operators and overseers to detect anomalous transactions, which—if caused by a cyber attack or an operational outage and left undetected—could have serious implications for the HVPS, its participants and the financial system more broadly. Given the high volume of payments settled each day and the scarcity of actual anomalous transactions in HVPS, detecting anomalies resembles finding a needle in a haystack. Therefore, our framework employs a layered approach to manage the high volume of payments and isolate potential anomalies. In the first layer, a supervised ML algorithm is used to identify and separate ‘typical’ payments from ‘unusual’ payments. In the second layer, only the ‘unusual’ payments are run through an unsupervised ML algorithm for anomaly detection. We test this framework using artificially manipulated transactions and payments data from the Canadian HVPS. The ML algorithm employed in the first layer achieves a detection rate of 93 %, marking a significant improvement over commonly-used econometric models. The ML algorithm used in the second layer marks the artificially manipulated transactions as nearly twice as suspicious as the original transactions, proving its effectiveness.