Tags
Introduction – The Fraud Analysis Landscape
Using data analytics for fraud detection is not just a fad. With computing power prices falling, companies can access scalable real-time analytics solutions at a reasonable cost. [1]
However, in general, most eCommerce companies (a.k.a. merchants) lack the expertise to implement sophisticated solutions. To address this, several companies (analytics vendors) provide fraud detection services while some large companies build their own solutions internally.
The network effect helps these data vendors catch fraud across a large set of merchants. For example, if 1000 merchants contract with a vendor, the 1001th merchant has the great benefit of knowing if one of their customers was implicated in fraud schemes elsewhere. Data vendors also do fraud scoring, and may claim to have “machine learning” algorithms. Despite this, many vendors have very simple models behind their scores. Typically, they specialize in analyzing one area – device IDs, IPs, phone numbers, etc. Others will actually take ALL the merchant’s data and outsource the entire machine learning process to a third party. They’ll build models on your data, combine it with other merchant’s data, and give you back a customized risk score.
Some big companies don’t want their data helping competitors, so they keep their data in-house. These larger companies are more likely to employ sophisticated algorithms to detect fraud. These can include neural networks, classification, random forests, logistic regression, unsupervised clustering, etc. Link analysis and graph theory is also extremely useful in identifying fraudsters.
The biggest challenge for fraud detection is to build models that return results in less than one second. Data needs to be accounted for and all models should be ready ahead of time. Validating models on large data sets can also be time intensive, which requires parallel computing. Because of these problems, analytics can be a 5-10 person job, which for a merchant of less than 200 people is a lot to dedicate to risk analysis. [2]
Notable fraud detection companies:
ThreatMetrix
ThreatMetrix identifies users’ devices by MAC address and build models to assess risk. [3] They are the fastest growing context-based security provider. [4] Their models track and evaluate user behavior to assess deviation from the norm and use classifiers to compare current transactions to past accept/reject/review outcomes of related transactions. [5] It leverages data across their entire customer base to build a more generalizable model.
One of their principal strengths is “device fingerprinting” that tracks info from the device and browser session. This gets around the problem of fraudsters hiding behind proxies to conceal their true location.
Similarly this technology can help people whose computers are being unknowingly used as part of a swarm of ‘botnets’, although it is not obvious if ThreatMetrix is pursuing botnets. [6]
ReD (Retail Decisions)
ReD uses machine learning and graph analysis to detect fraud. They specialize in assessing many small transactions for the risk of fraud automatically. [3] Their service combines neural networks with customizable association rules. They rely on third party services for client device identification, blacklists, and accessing public records. [7]
Guardian Analytics
This company specializes in wire-fraud for banks. Their risk engine dynamically adapts to user behavior to detect new fraud attacks. Bank’s internal data sets are used for their algorithms.
Behavioral analytics and anomaly detection is used for fraud detection. When an account is compromised a fraudster’s activity often deviates from a normal user’s behavior. As the number of individual anomalous actions (e.g. suspicious login activities, account reconnaissance, adding users, and suspicious transactions) accumulate, an alarm can be raised. By proactively detecting a fraud, response could take place even before problems arise. Anomaly detection sorts accounts by risky activity. [8]
Visa
Visa stores examples of valid purchase transactions to train their detection models. Each time an authorization request is processed it is compared against an individuals transaction history. When changes in typical spending patterns are detected, such as change in billing address, large purchase, or change in personal data (e.g. SSN), Visa increases a transaction’s potential risk and notifies the financial institution. [9] Visa Europe uses mobile phone location as an attribute as well in a partnership with ValidSoft Limited.
Vindicia
Runs an integrated billing solution for digital retail. It identifies the most profitable uses to extend their lifetime value. They aim to avoid involuntary churn by customer payment failures. [10]
“False positives” — where businesses incorrectly refuse a valid transaction — are critical to your online economics. When the cost of goods sold is almost zero and margins are high, false positives cost digital businesses much more than an individual fraudulent transaction.
Risky transactions are either fulfilled after they are paid, or a company can be alerted and decide for itself whether to ask for more information or reject the transaction.
Features that Vindicia uses include:
- Distance from IP address geolocation to billing address
- Whether or not the user is behind a proxy
- Whether the bank and billing address are in the same country
- Checking if an email comes from a free email provider or not
These features are compared against a database of previous chargebacks processed by Vindicia.
Honorable Mentions
MaxMind – An IP database to identify where users are paying from
Accertify (bought by American Express) – Similar to other companies
iOvation – Device identification, proxy piercing
Bluecava
Kount
Ethoca
Telesign
References
[1] Ruotolo, James. “Big Data for Fraud Detection.” Insurance and Technology. Insurance and Technology, 16 May 2013. Web. 04 Apr. 2014. http://www.insurancetech.com/claims/big-data-for-fraud-detection/240155020
[2] Philip McCanna, Boku.com
[3] “What Are the Leading Fraud and Risk Management Companies?” Quora. N.p., n.d. Web. 04 Apr. 2014. http://www.quora.com/What-are-the-leading-fraud-and-risk-management-companies
[4] “ThreatMetrix Enters Online Gaming Market to Protect Casinos and Consumers from Cybercrime.” PRWeb. N.p., 04 Mar. 2014. Web. 04 Apr. 2014. http://www.prweb.com/releases/2014/03/prweb11636100.htm
[5] “Persona ID.” ThreatMetrix. N.p., n.d. Web. 04 Apr. 2014 http://www.threatmetrix.com/technology/persona-identification/
[6] Device fingerprinting defends against online fraud. Networkworld.com (2009-04-20). Retrieved on 2013-08-16.
[7] “Fraud Prevention and Payment Processing.” Fraud Prevention and Payment Processing Solutions from ReD. N.p., n.d. Web. 04 Apr. 2014. http://www.redworldwide.com/
[8] “Online Banking Security Research & Resources – Guardian Analytics.” Online Banking Security Research & Resources – Guardian Analytics. N.p., n.d. Web. 04 Apr. 2014. http://www.guardiananalytics.com/researchandresources/anomaly-detection-infographic-video.php
[9] “Fraud Monitoring.” Digital Payments for Individuals, Businesses & Governments. N.p., n.d. Web. 04 Apr. 2014. http://usa.visa.com/personal/security/fraud-monitoring.jsp
[10] “The True Leader in Enterprise-Class Subscription Billing.” Vindicia. N.p., n.d. Web. 04 Apr. 2014. http://www.vindicia.com/, http://www.vindicia.com/wp-content/uploads/resources-data-sheet-fraud-screening.pdf