Executive Profile: Justin Lie, CashShield’s CEO on machine-automated fraud management

Real-time machine learning allows the system to identify fraud before it happens and also automates the entire fraud management process to completely eliminate the need for manual reviews, writes Ai’s Ritesh Gupta


Amidst all the talk around fraudsters finding ways to tame the system, one area where progress is made to stop them is machine-automated fraud management.

Airlines are being recommended to consider the prowess of a decisioning algorithm, with the mandate of maximising revenue at an optimal level of fraud risk. This is expected to make the airline’s fraud prevention methods truly agile at maximising revenue while minimising fraud. 

One company that has been making steady progress in this arena is CashShield. The online fraud risk management specialist has been in news for their $5.5 million Series A round.

The machine learning algorithms used in fraud management today can be divided in two types: supervised machine learning and unsupervised machine learning. Supervised machine learning, or traditional machine learning, involves dumping historical data to train the system, while unsupervised machine learning lets the system learn on the fly with real time data collected. 

So how can one rate the efficacy of machine learning in managing fraud today considering 3 metrics - manual reviews, chargebacks and conversion rate?

Today’s fraud management systems use only supervised machine learning, which is a reactive approach to treat fraud, says Justin Lie, CashShield’s CEO.

“It is true that traditional machine learning has improved fraud management to a certain extent – automating some processes, collecting more data to churn and analyse, but it still falls short from real time machine learning. Without real time learning, supervised machine learning is unable to predict and counter unknown fraud attacks, since it is reliant only on the data on historical fraud attacks. Additionally, these systems can only produce probability scores for each transaction, therefore still requiring a great amount of manual reviews. With the three metrics in mind, traditional machine learning systems are scoring only a 3 out of 10, its full potential,” explained Lie.

Lie asserts that unsupervised machine learning, or real-time machine learning, is far more effective as compared to its supervised machine learning counterpart. Its proactive approach to fraud allows the system to identify fraud before it happens and also automate the entire fraud management process to completely eliminate the need for manual reviews while keeping fraud rates low. Conversion rates also improve with the higher accuracy at proactively identifying genuine customers and fraudsters alike without any additional friction or blocks, he added.

“If merchants are simply rooted in relying on supervised machine learning, it is hard for them to move towards real time machine learning,” said Lie. “Many merchants are also still reliant on manual reviews,  which means that even if they were able to improve their machine learning algorithms and systems, they would always still be held back by the end process of manual reviews and human errors.”

Making the shift

So instead of implementing a fraud prevention strategy that requires long gaps in training machines with data sets, travel companies should shift towards real time machine learning (or real time automated) fraud systems to get ahead of the fraudsters.

Commenting on the sort of progress that has been made as far as real-time automated fraud prevention is concerned, Lie said when airlines and travel companies rely too much on traditional machine learning – and the use of historical data, unknown cyber-attacks without any prior information will pass through the system undetected.

Real time machine learning differs from traditional machine learning in its ability to identify the adversary attempting to trick the system, learning on the fly with each incoming transaction of the fraud attack to match the patterns and block the transactions immediately.

He pointed out that most solutions in the market with machine learning are developed by data scientists who are familiar with traditional machine learning, or merely adopting machine learning algorithms to automate traditional fraud screening methods while still maintaining a heavy reliance on human labour for manual reviews on derived probability scores.

“A probability based approach is basically just predictions that are insufficient to help merchants make decisions. On top of that, cyber criminals are constantly trying to trick the system by feeding manipulated data, making probability measures fall short in its accuracy. This reactive fraud screening methods puts travel companies far away from real time automated fraud prevention, which eliminates the need for manual reviews. Fraud prevention should look to combine multiple disciplines of passive biometrics, financial algorithms, behavioural analysis and predictive analytics to be closer in achieving real-time automation,” he said.

Lie spoke about relevant issues that can impact the fraud management as well as the conversion rate:

·          Rule-based systems: Rules-based systems are in general reactive and probabilistic solutions, which is why they are unable to prevent fraud before it happens. Probabilistic frameworks only seek to train the system on historical data, and do not possess the expertise to move beyond probability scoring for fully automated decisions, thus crippling the system on manual reviews. Because of the need for manual reviews, rules-based systems also start to show cracks at high volumes, and reduces the company’s ability scale on demand. Merchants should be realistic about rules-based systems’ flaws and limitations - mainly on their hindrances to scalability and restrictions to instant delivery.

·          Being wary of blacklists: Lie says blacklists rarely work because hackers will never use the same credit card information twice, while whitelists are inaccurate since whitelisted customers can be compromised anytime. Also, historical data (which blacklists are categorised as) lose relevance very quickly in the face of unknown cyber threats, since it is difficult for the machine to predict new fraud attacks without any prior information. Real time machine learning can help against blanket blacklists and whitelists by focusing on the customer’s behaviour instead. It works with real time live data collected on the merchant’s website, where the system trains itself with each incoming transactions to identify fraud patterns instead.

·          Setting right expectations from new developments: Merchants need to gear up for Dynamic 3DS and Dynamic Authentication in an earnest manner. He says the problem with Dynamic 3DS is that it is controlled by card issuers and is therefore still working with the same set of data as before. They are unable to tap on the merchants’ data for more information on fraud and are not as smart and flexible as they tout themselves to be. Therefore, merchants cannot expect Dynamic 3DS to be a be all and end all solution to solving fraud woes. As for Dynamic Authentication, it is very counterproductive, considering the added friction placed on users. On average, only 70% of dynamic passwords delivered are used, while merchants see a 40% reduction in purchase conversion rates after introducing Dynamic Authentication.

·          Measuring false positives: It is a difficult endeavour as there are many assumptions to be made – that all wrongfully rejected customers actually show their unhappiness in some ways to the airline or travel company or that lesser reports of customers’ calls to customer service is necessarily indicative of lowered false positive rates. “To complicate matters further, many fraud detection solutions in the market like to flaunt their false positive rates (or ability to lower it) to airlines and travel companies, based on ‘internal research’. Instead of auto-block thresholds, merchants should shift away from hard rules and move towards utilising behavioural analysis – looking at the permutations of variables and patterns – which is a much more targeted approach to block hackers and yet minimise false positives at the same time,” said Lie.

·         Counting on data: As explained by Lie in a recent interview, there are two general types of data that one can collect – industry data and unique merchant data. Industry data includes information on coordinated fraud attacks, which may be shared across different airlines as all airlines are equally vulnerable to coordinated hackers. Unique merchant data would vary from airline to airline, based on the individual information each airline collects or is able to provide. He recommended that airlines to amplify and triangulate the data, analysing the data through multiple permutations and combinations so as to better understand the fraud patterns left behind by fraudsters. For instance, passive biometrics data including mouse cursor movements, keystrokes, words per minute or activity data including wish lists, purchase history or even seemingly insignificant data points like whether or not the user has chosen to subscribe to the newsletter can all be relevant information collected and used. With the data collected, airlines can churn the data through various permutations and combinations to identify potential fraud patterns

So airlines should direct fraud prevention efforts on behavioural analysis instead, which is compatible with all various payment methods, currencies and devices. A further step in sustaining or even improving conversion rates for airline can be to develop a decisioning algorithm.


Follow Ai on Twitter: @Ai_Connects_Us