[WSO2Con EU 2017] Fraud Prevention and Compliance in Financial Sector with WSO2 CEP Solution
By WSO2 Team
- 7 Nov, 2017
Finam is the leader in the brokerage sector in Russia, and they enable investors to work with national and international stock exchanges. This business has high demands in client security and compliance, and fraud prevention. These requirements include working in realtime with very intensive data streams from different data sources, like stock exchanges, client terminals, etc. It needs to find correlation between events in different streams with short time windows, down to tens milliseconds. A CEP framework was chosen as the best solution for these tasks, and WSO2 CEP was selected for a pilot solution.
The key reason to choose WSO2 CEP was because it open source; it helped Finam to quickly make changes and adopt and integrate it with existing streams and systems and implement the solution at low cost. Testing also showed a high level of readiness of the platform; it has an in-build ability to work with streams by leveraging the user-friendly Siddhi language, has the ability to work with events within millisecond timeframes, and has proven stability to expand the technology to realtime risk management and algorithmic trading.
The story will be useful for organizations that want to get started with WSO2 CEP, and specifically looking for a business tasks solution with low cost implementation.
My name is Pavel, I work in Finam and I successfully implemented such technology as messaging middleware, enterprise service bus, business process management, complex service processing, enterprise electric to practice. And today, let me present how we are using WSO2 CEP solution in our company for fraud prevention. 00:00 ▶
What is Finam? Finam, is an investment holding that consists of several broker companies, bank Investment company. It is a national leader and global broker in the flight of investment services. It operates in Russia, USA, Europe, India, China, and other countries. It has over three hundred thousand clients in forty countries, of which financial instruments market turnover is more than one point two trillion dollars. 0:42 ▶
As a company, we give the client opportunities to be an investor and to make orders and transactions in most global exchanges. The client can be anywhere at home, at work, or traveling. From anywhere he can successfully to make a deal on any stock exchange using a mobile application or a desktop application. Apart from clients, brokers, and stock exchange there are two other parts that can influence the business. One part is fraud, this is people who want to steal money from client accounts. And second one is regulators, who describe the rules on the financial markets. 1:24 ▶
About Fraud. Most attacks are targeted to claim terminals. Some attacks try to steal passwords or keys of trade/client terminals, and start using them from another device. For this case it is possible to detect parameters of claimed device and information about changing it. Another attack strike tried to get control on trade terminals on a claimed device and make operation directly from it. In most cases when somebody obtains access to change trade account, he will try to move money from one account to another account. In this case we can detect changes in trading in unusual volume, instruments or frequency. If you combine this to detections, we can improve signal about safe activity. 2:26 ▶
Regulatory rules. This list mostly refers to the company because all brokers must observe the financial rulings of a national regulatory rules. Stock market manipulation and insider trading are the biggest groups of illegal trading practice. Some sets of illegal orders can be done within milliseconds. You can see spoofing, pump and dump, and other algorithms. Some of the illegal practices can be done within hours or days. 3:42 ▶
We have several basic data sources, from exchange, from trade platforms and other data sources. From exchange we get information about market data and orders and trades. From trade platforms we can get information about clients, even such as access or orders. And from other systems we get information about any other events, such as the news. So we have up to one million stock data change per second and up to twenty five thousand deals per second. All events need to be analyzed before, to be analyzed to get an alarming signal. 3:42 ▶
For this task, I choose to use the CEP decision because it works in real time, it can work with many streams, and it can correlate even between streams. After we have chosen this type of solution, we had combined several CEP platforms, and we have chosen WSO2 because it has very good performance tests, very good documentation, it is an open source decision. We represented it to management and decided to start the power project. 5:17 ▶
In the first task, what you need to do when you start using this solution, you need to integrate your data with this solution. In our company we have two transport for market data. One transport is gRPC, and the second transport is JMS. gRPC is a google remote protocol, it allows organized fast point market integration between applications overridden in different languages such as C++, Java and Java Script. For gRPC we wrote a small convertor, it transforms gRPC protocol to thrift protocol. It works fast and doesn’t create any essential delay. CEP has several inbuilt transport adaptors. The JMS and thrift adaptor are a two of these adaptors. So events from the JMS channel can be automatically sent to WSO2. 6:05 ▶
Access data stream comes from any other data source types, such as database files and other messaging systems. In this case, what ESB does is eavesdrop. It integrates all types of incoming data, in which data with any additional information such as your IP data, your location, and sends data to complex processing using JMS transport. 7:32 ▶
When CEP generates an event, it sends it to the same JMS transport. These *EuroAds are hired to the right system, it can be CRM, BPM, a disc system or a trade platform system. 8:09 ▶
Before CEP will generate a signal, all incoming data must be analyzed. Any CEP solution provides such functionality such functions as transformation, filter, correlated data between several streams, aggregation events from several streams to one event. 8:30 ▶
WSO2 provides the same functionalities but with easy inbuilt language, Siddhi. As analyzed can be done very quickly. Some of the best files of Siddhi, when we found started using it, are skilled like language and the time intervals window and my property is very easy to loan for any software developer. 8:58 ▶
Some words about learning. WSO2 has a very good detailed documentation. So we spent only three days to connect our data stream to a JMS transport, three days to do gRPC transport, and we spent only five days to sit here and write our filed scripts. So after eleven days we had good connection for our fraud detection project. 9:32 ▶
So let me tell about several use cases where CEP is used now or will be used in the nearest future. First example is market manipulation type. One type of market manipulation is spoofing. In this case, a client places first a small order, after he places it technical big order in opposite direction to first order. Then he waits for the execution of the first order, and immediately closes technical order after execution of first order. In this case, we have three actions from client or from one group of clients to win one security term. And time between these actions can be several or tenths of milliseconds. And we successfully find such type of market manipulation. 10:08 ▶
Second use case is about access event. Clients can generate several access events. For example, from internet banking access, from trade terminal access, from bank card usage. Each event comes with an IP address. Using the IP we can determine the location, and if we find that a user had two or more access activities from different places with long distance between them in a short time period, we will generate alert signal. For example, user can not have a speed more than one thousand kilometers per hour. 11:15 ▶
Our next case, like I showed above, CEP can detect the connection from unusual device or from an unusual time or location. Also CEP can detect unusual order properties such as an unusual big volume of data operations, unusual instruments. And when CEP detect spots, it generates an alert for our operators. 12:08 ▶
Another type of use case is correlated data from stock market data streams and from news. For example, complex server processing framework can detect price changing of any company and at the same time it can detect increases of the reference count of the company in the blocks, in the news channels in the last 20 minutes. Combination of these events might generate a signal to trader to help him in choosing a right tactics. 12:41 ▶
With CEP we can simplify by maintaining use channels to detect negative information about our company and prevent it in the start. For example, we can find messages from news channels with our company name and negative words, and if you found several times messages, you know in the last hour, we can send signal our marketing department. 13:26 ▶
Conclusively, I’ve have shown you how using CEP, ESB and BPM solutions, and we have decisions. You can help your business improve using existing data, and open new perspectives and possibilities and to do it quickly. Thank you. 14:03 ▶
Since 2011, Pavel has been working with the Finam Group as Chief Process and Innovation Officer. In his role, he explores new business and IT technologies and incorporates these into the company based on the benefits and value these offer. Some of these technologies include business process management, enterprise integration, and fraud prevention. among others. The implementation of these helped to improve business work performance up to four times. Previously, he worked as a system and solution architect, as the CTO in the bank department, and as the CIO in the group’s information services company.