Ai Editorial: Real examples of how optimized fraud risk algorithm works

First published on 25th August, 2016

Ai Editorial: Airlines are counting on machine learning to make decisions designed to optimize sales while keeping fraud and chargeback rates under control, writes Ai’s Ritesh Gupta 


How efficiently machine learning is coming to grips with blocking fraudulent transactions automatically? And how does it work?

As I initiate my conversation with Justin Lie, who has built CashShield, a SaaS based self-learning fraud prevention solution for ecommerce, from scratch, I am eager to know how the industry is trying to combat fraudsters.

The first remark is sharp enough to grab attention. “In recent years, online fraud syndicates are increasingly using machines to mask their online transactions as genuine, and they are well ahead in the technology that they are using as compared to what the travel industry is currently deploying. Therefore, it is imperative for companies in the travel sector to move towards using big data and machine learning to deal with fraud more effectively.”

As this tactic has been around for a while, where do cracks emerge then?

Singapore-based Lie, Group CEO, Founder, CashShield, says when we talk of machine learning, it is important to differentiate between the different types of machine learning deployed. Many fraud solutions in the market now tout their use of machine learning, but they are usually only using one form of machine learning – predictive analytics – which allows the solution to predict future fraud based on historical data.

Not just predictive analytics  

So this method of fraud prevention is good, but problems arise when completely new transactions with no historical data are submitted into the system, and there is no way for the machine to predict whether or not the transaction is genuine or fraudulent.

“For instance, when a fraudster uses a new program to carry out a fraud attack, there would be no records of the new program, making it difficult for the machine to detect the suspicious behaviour until the fraudulent transactions were accepted and later recorded in the system as fraudulent,” explains Lie.

He says to increase the effectiveness of the fraud system, another form of machine learning must be used as well – pattern recognition.

“With pattern recognition, even without any prior historical data, the machine is able to detect patterns across different transactions and diagnose if the transaction exhibited bot behaviour or human behaviour,” Lie asserts. Using big data, the system collects information from the merchant’s website, such as the user’s web movement behaviour, social media accounts, likes or comments on the website, e-newsletter subscription or alternative payment methods. Combined with pattern recognition, the system draws patterns (for both positive and negative behaviour) to map the DNA profile of the user, and determine if other incoming transactions exhibit the same (fraudulent) behaviour or not. The large quantity of information collected from big data makes it difficult for fraudsters to cover all of their tracks, therefore increasing the effectiveness of preventing fraud.

Apt blend

We also dwelled on what different types of machine learning are there for an apt blend of chargeback protection and fraud prevention.

Lie explained: pattern recognition, deep learning and stochastic optimization are also necessary for combining millions of test results to be crunched for an optimized yes or no decision in real time. “Predictive analytics falls under the branches of supervised learning in machine learning, and is important to predict if a fraudster will use the same attack again in the future. However, other forms of machine learning – unsupervised learning – are also important, especially when new attacks with no previous data happen. Unsupervised machine learning is able to seek patterns and correlation amidst the new data collected, which helps to identify positive and negative behaviour, and is effective in identifying genuine customers as much as identifying fraudsters,” he said.

He further explained: Statistical modelling provides test results, while probability modelling assigns weighting. When we apply this to fraud screening, using probability modelling only gives you a risk score based on the information collected about the transaction. The merchant still has to rely on a team of manual reviewers to look at the risk score and decide whether or not to accept the transaction. The problem here is that fraud officers are often risk averse and their main KPI is to bring the fraud rate as close to zero as possible, which results in many borderline genuine transactions rejected. Consequently, sales suffer tremendously since many genuine customers are turned away. Therefore, it is more useful and effective to rely on an algorithm – what we call an optimized fraud risk management algorithm – to make decisions designed to optimize sales as much as possible while keeping fraud and chargeback rates under control.

Optimized fraud risk algorithm

 As for how such algorithm functions, Lie referred to two examples:

·         The first example: It is not uncommon for a sibling to use another sibling’s online shopping website account to accumulate more loyalty points easily or for the former to use the latter’s accrued loyalty points for discounts. The problem occurs when the former sibling ends up signing in from a different IP address, uses a different device (different device fingerprint) and pays with a different payment account. Immediately, this will be flagged as suspicious behaviour, as it seems like a fraudster is hacking into the user’s account. However, through identity mapping, powered by machine learning, with the algorithm, the machine is able to use data to identify positive behaviour, rather than focus on all the negative behaviour only to pull this genuine customer away from the pool of flagged transactions.

·         The second example: Small signs may be used to point out signs of fraudulent activity, even if they seem insignificant. Perhaps we have a user who, every time he makes a transaction, will be conscious to unselect the field to subscribe to the merchant’s newsletter. However, a fraudster that has hacked into his account has programmed his attack to select the field to subscribe to the merchant’s newsletter. With small signs like this, the machine is able to see how this fraudulent transaction does not match the user’s purchasing pattern of behaviour, and is therefore able to reject this transaction as fraudulent rather than genuine.


Follow us on Twitter: @Ai_Connects_Us

        Justin's profile:  LinkedIn