Deutsche Bahn, the largest railway operator and infrastructure owner in Europe, is a complex operation stretching across 14 different business units. The firm’s treasury team worked with banking partner Deutsche Bank to create an effective anti-fraud approach to its payments. Dr Gerd Berghold, Head of Treasury Operations and Digital Treasury, Deutsche Bahn, explains the system to TMI.
The treasury department of Deutsche Bahn is kept busy overseeing more than 100,000 payments each day. These are a mix of treasury payments that are typically low volume, high value, and operational payments that are high volume but relatively low value.
Dr Gerd Berghold Head of Treasury Operations and Digital Treasury, Deutsche Bahn
For operational payments, successful fraud attacks are relatively uncommon for Deutsche Bahn – although they do still happen. To date, the company has seen around 10 fraud cases with an overall loss in the lower five-digit euro range. On the treasury payments side, however, the risk of fraud is an ongoing concern. “While lower in number, a single fraud attack here would have a much more significant impact,” notes Berghold.
Deutsche Bahn leverages its Treasury Intelligence Solutions (TIS) platform to optimise the management of these high-value flows. To address the concern of fraud, Deutsche Bahn opted to build its own solution from scratch so that payment data is automatically extracted from TIS and fed into the in-house solution through a fully integrated API. This enables close monitoring and a timely response to those flows.
“Building our own in-house solution that leverages information extracted from TIS meets our current needs and is more cost efficient,” explains Berghold.
On a practical level, he says the daily volume of payments Deutsche Bahn processes meant that it was impossible to perform manual checks. “Our tool sought to find a way to automate this – and to make fraud detection and prevention much easier for our treasury staff.”
Key components
All functionalities of Deutsche Bahn’s solution were set up internally using open-source components, such as REST API and the Python programming language. In practice, the in-house system evaluates the contextual data of payment instructions to determine a risk profile. Patterns around the amount, timing and frequency of the payments are analysed, providing an alert based on the level of risk detected from each. These alerts, which are emailed to the team each day, are split across three categories:
Because the output of the fraud prevention tool needs to be interpreted by the team, full process automation will not be possible, says Berghold. “Choosing and executing the process to follow in case a payment is stopped due to a positive fraud attempt, or ensuring we contact the right person to confirm a suspected false positive, will still need the human touch,” he notes. “Our use of IT is a matter of improving the route to this decision-making step.”
As such, a key element of Deutsche Bahn’s system is the insight and awareness of its staff. Berghold explains: “You can have the most robust anti-fraud procedures in place, but if your employees do not understand the purpose of these or how to implement them effectively, mistakes can be made.” With the nature of fraud attacks evolving constantly, he believes that refresher training courses for all “are an absolute must”.
Collaboration works
Of course, payment fraud is not just an issue for Deutsche Bahn, it is an issue for all corporates, banks, and technology providers. “In this context, it simply does not make sense to fight fraud alone,” states Berghold. “We need to put up a united front – and collaboration is one of the easiest ways of doing this. By combining our expertise – and sharing our experiences of fraud – we are better able to identify weaknesses in our processes and rectify them.”
This is something with which Ole Matthiessen, Global Head of Cash Management, Deutsche Bank, is in full agreement. “Payment fraud prevention is a major challenge for corporate treasurers globally. No one is safe, with criminals targeting corporations of all sizes, across all industries,” he comments. “By working together, corporates, banks, and technology providers can create an ecosystem that is more efficient, streamlined and, ultimately, implement strategies that work to prevent fraud.”
This is why Deutsche Bank has developed a unique anti-fraud framework to help clients such as Deutsche Bahn tackle this threat as efficiently and cost-effectively as possible. The bank’s model consists of three key pillars: advisory support, preventative measures, and fraud detection. For Deutsche Bahn, Deutsche Bank acted as an adviser pointing to typical fraud scenarios and functionalities that could help address the weaknesses in the process.
The reason this works so well for the bank’s clients, explains Matthiessen, is that it provides them with protection across the entire life cycle of a payment – from educating clients on the latest fraud patterns, providing counsel on their anti-fraud strategy and putting the right preventative measures in place, to detecting fraud as soon as it happens and ensuring any stolen funds are returned as quickly and efficiently possible. “The comprehensive nature of our framework – combined with the in-depth expertise of our staff –means it can work hand in hand with our clients to ensure they have the best possible set-up in place to tackle fraud.”