Ai Editorial: Trapped in risk-averse fraud strategy? Stop focusing only on rules-based approach!

First Published on 18th August, 2017

Ai Editorial: Airlines need to be realistic about the flaws and limitations of the rules-based systems - mainly on their hindrances to scalability and restrictions to instant delivery, writes Ai’s Ritesh Gupta


The shortcomings of the traditional rules-based approach for fraud prevention continue to get highlighted. At a time when the efficacy of fraudsters and hackers in cracking areas of vulnerability is on the rise, it is imperative for merchants to improvise and sharpen rules on the fly.

Before discussing problems associated with the traditional rule-based fraud method, it needs to be underlined that there are more refined ways of ensuring a genuine travel shopper’s experience doesn’t get hampered. Overall, it is must for merchants to identify user behaviour much more accurately, which is useful not only in turning away fraudulent transactions, but also in identifying positive behaviour (genuine customers, especially big ticket spenders) to allow them to pass through. In addition, taking away rules, buying restrictions, 2FA or other difficult verification procedures increases the shopping experience for users, therefore lowering cart abandonment rates.

Merchants can’t be risk averse

The problem with deploying hard rules and relying on manual reviews is the fact that this method tends to work around evaluating the typical fields.

So how does a fraudster manage to break the rule and find a way out? How do they manipulate and defeat the system?

For instance, a system has been set in a way that it doesn’t allow more than 4 transactions in 60 minutes. In this case, fraudsters have figured out the stipulated rules and one of them being a duration-based rule. Then an attempt is made to craft their program in a way that the same will confront the system and not interfere with the rule.

There are certain rules systems that initially seem easy to comprehend, indicating which orders will be accepted, rejected, and reviewed. These are enough to detect simple, non-changing, known patterns. But as the need arises to add more rules, probably hundreds of them, to be clear with what’s genuine and what possibly could be fraudulent then even an astute executive may find it an arduous, tedious task to sort out the overlap with increasing number of rules and taking time out for manual reviews. The moment more time needs to be spent in curating and arranging rules, how each rule is faring, what sort of permutations and combinations are not working, what is the impact on the average order value, the threshold of the limit set etc. then the job becomes tedious. Even in case a point system is followed for rules, then also it can be a gruelling task.

In one of their blog posts, Accertify asserted that all channels and products aren’t alike when it comes to fraud risk. Citing an example, the team stated: Rules may include IP address velocity but an IP address from a provider of telecommunications services like Verizon isn’t as user-specific when compared with Comcast. So if there is a doubt for one IP address, then velocity could be adjusted, but maybe not for mobile. So there is a need to apply rules specifically for certain channels and product lines while countering threats.

Rules that are based on a single channel behavior don’t pave the way for a complete picture of the shopper’s activity across multiple channels.

Find a way to ensure that erroneous and feebly coded rules don’t end up stepping up manual review queues.  

In this context, the efficacy of machine learning offerings is coming to the fore, when compared with rules-based systems. Predictive analytics is a part of supervised learning in machine learning, and plays a part in predicting whether a cyber-criminal or a fraudster will repeat their act again in the future. At the same time, other types of machine learning – unsupervised learning – also have a role to play.

So what needs to be done?

Even in case of machine learning, it is vital to distinguish between the various kinds of techniques deployed. Rather than just focusing on predictive analytics, there is a need to bank on pattern recognition, deep learning and stochastic optimization. Why? Because, if by focusing only on predictive analytics, there could a gap for the fraudster to capitalize upon. What if a new threat surfaces with no previous data? Unsupervised machine learning is able to seek patterns and correlation amidst the new data collected, which helps to identify positive and negative behaviour, and is effective in identifying genuine customers as much as identifying fraudsters.

To increase the effectiveness of the fraud system, another form of machine learning must be used as well – pattern recognition.

If an entity is heavily following rules-based methodology, then the main KPI would be to cut down the fraud rate as close to zero as possible. At the same time in many borderline genuine transactions would fail to pass through.

Rather the focus needs to be on - rely on an algorithm to make decisions to optimize sales as much as possible while keeping fraud and chargeback rates under control.

Go beyond rule-based prevention

Rules cannot keep pace with the degree of data and variety of always-evolving fraud that exists as of today. Do count on algorithm-oriented modelling. Assess how to make the most of business rules based on input from fraud specialists and machine learning classifiers, and bank on risk scores in real time to identify high-risk transactions. How to track users across identities, devices, IPs and locations? Is there a mechanism to combat proxy detection?

Also, as we highlighted in our recent articles, airlines are being recommended to focus on industry data and unique merchant data to combat fraud.

Rather than hard rules, airlines should direct fraud prevention efforts on behavioural analysis instead, which is compatible with all various payment methods, currencies and devices. And a further step in sustaining or even improving conversion rates for airline can be to develop a decisioning algorithm with the mandate of maximising revenue at an optimal level of fraud risk. This will make the airline’s fraud prevention methods truly agile at maximising revenue while minimising fraud. 


How is machine learning helping in combating fraud? Hear from industry experts at Ai’s 6th Airline & Travel Payments Summit Asia-Pacific, to be held in Bali (29 – 31 August). For more info, click here

Follow Ai on Twitter: @Ai_Connects_Us