A service-oriented architecture application orchestrated by Oracle BPEL Process Manager places a business rules engine on the backend and a Web 2.0 UI out front to help stop fraud while dramatically
Speaking from Oracle Open World, Jan Shook, principal architect for the fraud team at Verizon Wireless, noted that J2EE coders may be disappointed because he has re-architected the fraud detection application using Oracle Business Process Scripting Language, so there is no Java code left.
He also explained how a BPEL-based application is reducing hardware and power consumption while providing the fraud detection team with better information for decision making.
He inherited a traditional J2EE application with Informix online processing working with three large databases sorting through two-and-a-half billion records a day, which a team of 100 people had to sort through looking for exceptions that might indicate fraudulent cell phone usage, such as making calls on a stolen subscriber's account.
"We rebuilt the application as a BPEL-based solution, so we really don't have any J2EE stuff anymore," Shook said. "We ended up with a pure BPEL solution with a single Shockwave file and one JSP page. The UI from Flex makes Web services calls into BPEL, and we use BPEL to broker the processes. It goes off and does all the orchestration with the other enterprise systems."
Working with a development team of six people, Shook wrote custom business rules on the database side that sifts through the two-and-a-half billion records a day to get the few thousand transactions that have suspicious characteristics.
"Then we pass that to the BPEL manager and it does the case management for fraud for our users," the architect said.
The user interface is Web 2.0 based on Adobe Flex and Flash that gives the users a Windows-like look and feel, Shook said.
Dave Chappell, Oracle's vice president and chief technologist for SOA, noted on his blog: "It is often said that the best line of code is one that you never have to write. The new implementation is 0.5% of its original size. This is directly attributable to using Oracle BPEL Process Manager and the rules engine instead of their custom code."
Besides reducing the amount of code, Shook and Chappell point out that it also dramatically reduced the amount of hardware and thus the amount of energy consumption.
The less code intensive BPEL-based SOA implementation eliminates six E-class Sun Microsystems boxes using 192 processors and replaces them with a single eight core processor on a Sun UltraSPARC T1 using the Niagara chip architecture, Chappell noted.
The database storage requirements have gone down from 20-plus Terabytes to 64 Gigabytes storage, according to the Oracle executive. Chappell estimates the change in software and hardware reduces energy consumption by 99.5%.
Chappell credits this example of greening IT to the use of SOA standards including BPEL and an enterprise service bus (ESB). He said this allows "Verizon to extend the reach of their systems so that they don't have to store their 'golden record' call detail data locally. They can get the data remotely and on the fly, and use enrichment services along the way to get the data in the proper form to make decisions about fraud and overage, and generate detailed reports about the business exceptions that are identified. This is huge for them in that they no longer have to replicate the data warehouse, but are able to pull call records and other information directly from external heterogeneous systems."
Based on event-driven architecture, data on cell phone usage coming from the Verizon switches is analyzed and checked for business exceptions, Chappell explains. He site examples of possible fraud including business exceptions such as the detection of excessive data thresholds. This might indicate that someone is doing "phone cloning" to make calls by stealing a customer's account information. When this sort of exception is detected, an event starts a BPEL process.
With the SOA implementation, Chappell explains "the BPEL process invokes a number of services, which includes going out directly to the source of the call detail records to get the information necessary to enrich the event data. It is then fed into a rules engine to check for violations, make decisions based on policy, and then on to generate more detailed reports."
Using this services approach rather than data warehousing to retrieve and process the required information reduces the storage requirements.
Shook is matter-of-fact about what his team has accomplished with SOA, BPEL and EDA. "We're not doing anything fancy," he said. It just makes it metadata-based and flexible. Instead of having to hard code C, we have three pages of script."