AI/ML based Card Payment Fraud Detection on AWS using replicated data from mainframe

00:00

in this video we are going to show you

00:01

how you can build an AIML based card

00:03

fraud detection Solution on

00:07

AWS in this use case the card payment

00:10

authorization application is running on

00:12

zos mainframe system and using static

00:14

business rules to approve or decline the

00:17

Legacy application is enhanced to make a

00:19

real-time call to AWS to get a fraud

00:21

score generated by Amazon fraud

00:23

detection service or any other AIML

00:25

model built using sag maker the model is

00:28

trained with attributes such as as

00:30

customer purchase history for example

00:32

number of purchases in last 48 hours and

00:34

Merchant sales history for example

00:36

reported frauds in last 24 hours during

00:39

inference of the score same attributes

00:41

are passed to the model to generate

00:42

optimal

00:44

score let us review the solution

00:47

architecture when a customer swipes a

00:49

card at Terminal or makes an online

00:51

purchase the bank will receive the

00:53

authorization request on the mainframe

00:54

system the application will make a

00:57

real-time call to AWS the process

00:59

running on AWS will get the customer and

01:02

Merchant history details from relational

01:04

database and provide to the AIML scoring

01:06

model running on say Amazon fraud

01:09

Detector service the model will return a

01:11

score higher score will indicate

01:13

potential fraudulent transaction the

01:16

Mainframe application combining with the

01:18

other business rule will make a decision

01:20

to approve or decline the transaction

01:23

detail is inserted on Mainframe database

01:25

either vsam db2 or IMS the record will

01:29

be captured and rep applicated to AWS

01:31

near real time using precisely the

01:33

precisely publisher agent is running on

01:35

Mainframe and the apply agent is running

01:37

on an Amazon ec2 instance the apply

01:40

agent converts raw database logs

01:42

received from publisher agent to Json

01:44

format using the copy book and publishes

01:46

the messages to Amazon managed streaming

01:48

for cofco or msk several service will

01:51

consume the message from msk a kovka

01:54

connect process can pull the messages

01:56

from msk and right to RDS database the

01:59

history detail details are read from

02:00

same database during the scoring process

02:03

MSG will stream the messages to Amazon

02:05

S3 using no code integration with fire

02:08

hose the data on S3 will be used offline

02:11

to train the AIML models along with

02:13

other internal or external data sources

02:16

for analytics and business intelligence

02:18

the messages from msk can be pulled to

02:20

Amazon red shift business users can run

02:22

query against the database using natural

02:25

language similarly other integration may

02:28

be built using Amazon event Bridge pipe

02:30

to stream data to services like Amazon

02:32

SNS or pinpoint for notification and

02:34

alerting in this demonstration there are

02:37

several AWS resources created some of

02:40

them are pre-built using cloud formation

02:42

template this includes VPC subnets IAM

02:46

roles AWS Key Management Service

02:51

Etc on AWS console we can see there is a

02:54

VPC created with three

02:58

subnets PR private link end points are

03:00

created for access to seress services

03:03

such as secret manager STS event Bridge

03:05

pipes

03:10

Etc a msk cluster is defined in the VPC

03:13

with three Brokers and three different

03:18

subnets both I am and sasl a

03:21

password-based authentication is

03:24

enabled the credentials are stored in

03:26

secret manager the bootstrap servers

03:29

detail for both IM am and sasl

03:31

authentication types are available in

03:33

client

03:38

information RDS posters database

03:41

instance would DB name as card payments

03:47

fraud a Lambda function is created to

03:50

pull the messages from Ms and insert RDS

03:52

posters

03:56

database the function will be running in

03:58

the same VPC

04:01

the environment variables are set for

04:03

RDS database connection

04:07

details a SNS topic messages from msk

04:10

will be streamed to SNS using an event

04:12

Bridge pipe the SNS topic is configured

04:15

to send email notification first we are

04:17

going to obtain the Mainframe data

04:19

replication software from Marketplace

04:22

from AWS console search for

04:26

Marketplace click discover products

04:32

type AWS Mainframe migration with

04:34

precisely on search

04:36

bar click on data replication for IBM

04:41

zos then click continue to subscribe

04:44

button follow the instructions to

04:46

complete subscription next we are going

04:48

to set up the amazon ec2 instance once

04:51

you have completed the subscription come

04:53

back to AWS Marketplace console and

04:55

click manage subscriptions then click

04:58

launch new instance click continue to

05:00

launch through

05:04

ec2 provide a name for the ec2

05:08

instance scroll down to network settings

05:10

and click

05:12

edit select the VPC created for this

05:14

solution select one of the

05:17

subnet click on select existing Security

05:20

Group and from the drop down on common

05:22

Security Group select the security group

05:24

created for the

05:26

solution expand the advanced details and

05:29

click existing I am roll and select

05:31

instance profile created by cloud

05:36

formation paste the script in the user

05:38

data text box the script first installs

05:41

the required software such as Liber

05:43

kofka poster SQL client Etc then it

05:47

creates a Kafka folder downloads and

05:49

extracts the Java Kafka libraries inside

05:52

the Kafka Libs folder downloads the msk

05:55

am jar file it creates an I am

05:58

authentication client properties file

06:00

the jar and the properties file are used

06:02

by the javascripts runs the kofka topic

06:05

script to create the kofka topic

06:07

precisely publisher will publish the

06:09

records to this topic then runs the

06:12

kofka consumer group script to create a

06:14

consumer group to be used later by the

06:15

even Bridge pipe andc broker details

06:18

have to be passed as one of the

06:19

parameter for the scripts next it

06:22

creates a precisely folder and then the

06:24

sasl producer configuration file for

06:27

precisely sets the path variable to

06:29

include precisely B directory and runs

06:31

the school key gen command to create the

06:33

private and public key file for

06:34

precisely the content of the public key

06:37

file has to be copied to Mainframe and

06:38

added in key file for demon for

06:41

authentication click launch instance to

06:43

launch a new ec2 instance with precisely

06:45

software installed next click on the

06:47

instance ID to open the details page for

06:50

the ec2 created click the connect

06:54

button type ec2 user for

06:57

username then click connect

07:02

this will open the ec2 command line the

07:05

ec2 user data script created the public

07:08

private key files for precisely the

07:10

naacl directory contains the public key

07:13

file to be copied to

07:16

Mainframe the software agent folder

07:18

contains software components to be

07:20

installed on Mainframe is zip file a

07:22

system administrator access is required

07:24

to install the software log into the

07:27

main frame in this use case we

07:29

considered the card payments

07:30

authorization history is stored in a

07:32

vsam

07:36

database the screen shows the Cobalt

07:38

copy Book used to define the layout of

07:40

the message the precisely software is

07:43

already installed and UI is available

07:45

using the ispf panel to perform admin

07:49

works the demon process in the publisher

07:52

is already created in started as a batch

07:55

job in this demonstration the demon job

07:58

is running on Port 90 5 DD name sqd off

08:02

refers the keys file the content of the

08:04

public key file created within the ec2

08:07

instance is pasted in this file and will

08:09

be used to authenticate the apply engine

08:11

when connection request is

08:13

made here's the publisher

08:16

job from the ispf panel for precisely

08:19

select option

08:21

three vssm to msk is the name of the

08:24

publisher engine and the configuration

08:26

is stored in cab mentioned the screen

08:28

shows the stats such as records captured

08:31

records published The Source log stream

08:33

shows the log stream name configured to

08:35

Stage the database changes in our

08:38

scenario the log stream is a vsam based

08:40

file but in production coupling facility

08:43

based log stream is

08:45

recommended One Source object is

08:47

configured which is identified by vsam

08:49

pure C this will capture the logs from

08:52

the card payments authorization V Sam

08:54

file switch back to ec2 command prompt

08:58

we will create the RDS posters table

09:01

connect to the RDS database using the

09:03

psql

09:04

command then run the create table

09:07

command the table columns corresponds to

09:09

the fields in the vsam copy book run a

09:12

select query to validate the table next

09:15

create a cpy subfolder inside precisely

09:17

folder create a file named cardor

09:20

payments and paste the Cobalt copybook

09:23

layout save the copy book

09:27

file create the apply engine script file

09:29

named script.

09:32

sqd The Script has the job name vs Sam

09:34

to msk is identifier the description

09:37

section refers to metadata referring to

09:40

the Cobalt copybook location the Sam

09:42

perk is the name of source object

09:44

identifier set by publisher Source data

09:47

store points to Mainframe IP address and

09:49

port for demon on Mainframe vssm to msk

09:52

is the publisher name vam CDC is data

09:55

source

09:57

type Target data store points to topic

10:00

name of the msk messages will be

10:02

distributed to kofka partitions using

10:04

key Json is the record format both

10:07

source and Target data source use cardor

10:10

payment SRC to describe the message

10:13

metadata the script used the replicate

10:15

function to convert raw ebcc log to Json

10:18

format with key fields from

10:22

copybook next we are going to set up the

10:24

msk S3 delivery via fire hose and

10:27

integration with SNS via event Bridge

10:29

pipe

10:30

MSG provides no code integration with

10:32

various AWS services on the MSG S3

10:35

delivery tab click create fire hose

10:38

stream some of the details are

10:41

pre-populated such as Source destination

10:43

msk

10:45

cluster paste the topic

10:47

name enter a name for the

10:51

stream select the S3 bucket created by

10:54

cloud formation template

10:59

add

11:00

prefixes click create fire host stream

11:03

to

11:04

create once the creation is complete you

11:06

will see the status is

11:09

active next click integration Tab and

11:12

then click connect Amazon msk cluster to

11:14

pipe enter a pipe

11:17

name paste the topic name in the

11:20

consumer group created

11:23

earlier for demonstration we are not

11:25

adding any filtering or enrichment

11:29

on the target page click in Target

11:31

service dropdown you can see the

11:34

different Services you can integrate

11:35

with select SNS then the topic expand

11:39

Target input Transformer on the sample

11:41

event select msk click on the value to

11:44

select the field for output click create

11:47

pipe to create the event Bridge pipe

11:49

once successfully created the status

11:51

will show is running now let's start the

11:54

apply engine and insert some record in

11:55

the vsam database on the ec2 command

11:59

prompt start the apply engine using the

12:01

sqdg command the process displays

12:04

valuable information about the data

12:05

sources and message layouts it's

12:08

connected to publisher engine on

12:09

Mainframe and waiting for data

12:12

now switch to Mainframe this PS file

12:16

contains records that will be inserted

12:17

to the vsam database the records map to

12:20

the layout of the copy book we saw

12:22

earlier in this demonstration we will

12:24

use the precisely batched differ

12:26

functionality to replicate data online

12:29

Sam or db2 IMS follow the same capture

12:32

publisher architecture with some

12:33

differences in setup and

12:35

configurations we are going to use the

12:37

job to copy the PS file to the current V

12:39

Sam and then run the sqd DFC DC utility

12:43

the utility compares the base and

12:44

current files and updates the change

12:46

records in the log stream submit the

12:50

job switching to the ispf panel we see

12:53

the engine is connected now the capture

12:55

and publish record counts have gone up

12:59

ec2 command prompt also shows records

13:02

ingested let's switch to another

13:04

terminal and let's run the select query

13:06

on RDS posters again we see the records

13:08

in the

13:10

table the metrics on Lambda console

13:12

shows the invocations it picked up the

13:15

messages from msk and inserted them to

13:17

RDS let's look at the other data

13:20

pipelines created from msk on S3 console

13:23

let's navigate to data folder and then

13:25

to the subfolders select one object and

13:28

click query with S3 select on the page

13:31

select Json as input and output format

13:34

then run SQL query we see the Json

13:37

message that was published to MSG by

13:39

precisely apply agent the change

13:41

operation is an insert in this case you

13:44

will denote an update and D delete

13:46

operation after image contains the new

13:48

values of the key Fields corresponding

13:50

to copybook fields and their respective

13:52

values an update database operation will

13:54

have both before and after image the

13:57

object stored in S3 will be aggreg ated

13:59

and used offline to train and update the

14:01

AIML

14:03

models the even Bridge pipe also

14:06

consumed the messages and sent email

14:08

notification with the Json messages body

14:10

here's a sample

14:12

email now let's experiment how we can

14:14

use generative SQL from Red shift to

14:16

query using natural language on the red

14:19

shift console page click on query data

14:22

click on plus sign and select notebook

14:25

select the cluster run SQL to create

14:28

schema directly from the msk topic and

14:31

then a materialized view with the data

14:33

from the

14:35

topic then click on generative SQL a

14:38

chatbot window is opened on right hand

14:40

side type in plain language for example

14:43

show top five states by purchase Amazon

14:45

qbed by large language model or llm

14:48

generates the SQL query to be executed

14:51

click add to notebook and then click run

14:53

we see the SQL

14:56

results let's try something little

14:58

complex

14:59

let's ask show top five Merchants with

15:01

highest single purchase ask to include

15:04

state of purchase and output also ask to

15:06

show the purchase amount in currency

15:08

format using generative AI red shift is

15:11

able to understand the request written

15:13

in natural language search the database

15:15

and generate the SQL you can do lot more

15:18

ask complex business Insight on the data

15:21

here's the

15:22

result in case you are looking for the

15:24

code sample to build the fraud detection

15:26

section check the sample code in GitHub

15:30

thanks for watching