Machines are growing as capable as humans with the help of enabling technologies like artificial intelligence and machine learning. Businesses are increasingly adopting machine learning across almost all areas. Some of these include customer churn prediction, identifying market trends, credit scoring, in offering recommendations that meet customer’s preferences (E.g. Amazon and Netflix), among others.
Today machines can drive cars, read texts and understand hidden sentiments, even more so, compose music and write novels. This write-up explains how one of the most disruptive technologies of the digital era, machine learning, is enabling businesses to detect and prevent fraud.
Types of internet fraud
Let’s quickly get an idea about the different kinds of cybercrime before understanding how machine learning can help in preventing these crimes.
Email phishing
This kind of cybercrime involves spreading of fake messages and sites to deceive users into sharing their data. Email phishing is an easy and fast way to steal confidential data. If the user is unaware of the repercussions of email phishing, he or she may end up sharing their vulnerable data, thereby putting themselves at a great risk of being compromised. The easiest way to not be a victim of email phishing is to ignore messages from unknown or suspicious sources. This could be tricky as fraudulent emails may look pretty legitimate often.
Payment fraud
In the banking industry, this is the most common type of fraud that is tackled using AI. Some of the typical payment frauds are stolen cards, lost cards, card ID theft, counterfeit cards, and card non-receipt. However, the advent of EMV cards (cards with a chip) has greatly helped in reducing such card-present payment frauds.
In the case of card-not-present frauds, transactions happen in numerous ways. A user is prone to various types of attacks like email phishing, hacking of online accounts, loan frauds, acquiring information from mobile providers, etc. In most cases, once the confidential information is gathered, fraudsters get in touch with the credit card company to apply for a new card in the name of the card holder.
Identity theft
Valuable information like a person’s name, bank details, passwords, email address, passport, or any other identification details, is the key to gain complete access to a user’s account. Identity theft results in unpleasant consequences for both enterprises and individuals. The three types of identity theft are synthetic theft, real name theft, and account takeover.
ID document forgery
Until a few years ago , people had to spend a large amount of money to buy a fake ID in the black market. But things have changed now. Many eCommerce and other websites are now offering forging services for as cheap as $100 and as costlier as $3000 per document. However, the quality of the fake document depends on the price of the service availed. Fake IDs are fabricated so neatly that it becomes almost impossible to verify the legitimacy of the IDs.
Some of the common fraud scenarios
Following are some of the real-life scenarios that help in understanding how fraudsters carry out their illicit activities:
Advanced Privacy Software
Experienced fraudsters put to use special software programs to hide user information from browsers. For instance, user location can be hidden from the browser. Software programs like Kameleo and Anti-Detect are employed to create multiple instances of virtual machines in a browser window.
Location Spoofing
Fraudsters use location spoofing to dodge the in-built rule-based security system of a site. With the help of the compromised card details, fraudsters can stimulate the location typical of the card owner. To get a clear understanding, let’s say a scammer has obtained the card details of a victim, who is based out of the US. The scammer can place an order on any eCommerce site like Amazon, Alibaba, Flipkart, etc, from any corner of the world, but spoof his location to look like he is in the US, which is the location of the card owner.
Phone Number Spoofing
When the fraudster obtains the card details, he can typically impersonate the card owner to buy the victim’s phone number online. Once he gets the victim’s phone number, he can contact the victim’s phone provider and request them to redirect all the purchase information from the card to a new phone number. This means the fraudster can purchase anything using the victim’s card without his/her knowledge.
Replicating customer’s behavior
There are times when the fraudsters let their guard down when committing credit card frauds. For example, many transactions were identified as fraud attempts, when there was a huge money transfer or purchase of expensive products, which seemed very unusual of the card owner. Therefore, to perfect this imperfection, many fraudsters tend to copy the purchase behaviours of the real card owner. For example, if a card user has a habit of removing some items from the cart before making the final purchase decision, the fraudster would do the same to avoid getting caught.
Enhanced customer information
While trying to comprise the credit card of a user, fraudsters go to extra miles to appear more convincing. Therefore, they buy and sell driver’s licenses, device IDs, etc, on the Dark Web. This enables the fraudster to use the victim’s valuable information to build new fake IDs or accounts.
Why machine learning is important in fraud detection
Rapid advancements in technology have made online frauds more sophisticated. Therefore, companies must stay one step ahead of the fraudsters to successfully prevent fraudulent attempts. This is where machine learning comes into the picture. While a skillful analyst can analyze 10-20 pieces of information, machine learning models enable systems to analyze thousands of features within seconds.
Also, with machine learning, businesses can overcome the limitations of the traditional approach, i.e., rules-based systems in fraud detection. Following are some of them:
- Statistics rules-based systems are highly dependent on manual labour. This is cost-prohibitive, particularly when companies plan to expand to new markets; as they will have to hire more risk analysts to assess market-specific patterns
- Humans create rules based on their knowledge, experience, and analytical skills. But, in current times, when fraud attacks have become more advanced, these rules also have become error-prone and ineffective
- Finally, with every detected fraud scheme turned into a new rule, the size of the rules system is becoming uncontrollable. As a result, companies are left with a myriad of rules that need to be analyzed before adjusting to the fast-changing reality
With machine learning, companies can perform tasks that are beyond human capabilities – say, handle data growth, identify sophisticated fraudulent traits, and much more.
Many businesses are using machine learning today to tackle payment fraud. For example, one of the popular online travel agents based out of Latin America, Almundo has scaled-down chargebacks, fraud, and manual reviews by 70% with the help of machine learning. Consequently, the company was able to provide better customer experiences, optimize operational costs, above all, witnessed a significant upsurge in revenue.
Having discussed about the capabilities of machine learning in payment fraud detection, let’s now address a crucial question – Is machine learning here to replace risk managers?
No. Not all. It’s quite the opposite. Machine learning is here to help risk managers be more efficient at their jobs.
How to use machine learning to predict fraud
Step 1: Identify project objectives
Determine the key business objectives upon which the machine learning model will be built. This helps in identifying the appropriate machine learning framework to build your machine learning model effortlessly. For instance, your goal may be like:
- Reduce false alerts
- Minimize estimated chargeback ratio
- Keep operating costs at a controlled level
And so on.
Also, brainstorm to figure out answers for the queries related to Step 1. For example:
- What is the success criterion for the project?
- What is the primary need of the company?
- What are revenue sources and revenue blockers?
For now, to understand the role of machine learning in detecting and preventing payment fraud, let’s say, the main goal is to predict whether a transaction is a fraud attempt or is part of the revenue.
Step 2: Data preparation
Whenever a person wants to learn a new skill or polish his/her skills, s/he would read books, articles, connect with experts, etc. In short, the person would look for educational information to achieve his goal. The same applies to machines. To create fraudster profiles, machines need to study about previous fraudulent events from historical data. The more the data provided, the better the results of analyzation.
The raw data garnered by the company must be cleaned and provided in a machine-understandable format. This usually takes some time as it covers 60-80% of the entire machine learning process. This also demands a certain level of technical expertise. So, it is better to assign this project to an internal team rather than outsourcing it to an external vendor.
Step 3: Constructing a machine learning model
The machine learning model is the final product of the entire ML process. Once the model receives data related to a new transaction, the model will deliver an output, highlighting whether the transaction is a fraud attempt or not. However, building the appropriate ML model requires data scientists with proper technical and domain expertise.
The below is a sample output of an ML model built to predict fraud transactions:
In the above image, each transaction is briefed by a set of attributes. The last column – Target- indicates whether the transaction is a fraud attempt or not. If ‘1’ represents a fraud attempt, ‘0’ represents the opposite. However, the accuracy of the ML model depends on the quantity as well as the quality of the input data.
Step 4: Data Scoring
So, what’s the next step after building the machine learning model?
Deploy the ML model and integrate it with the company’s infrastructure.
For instance, whenever a customer purchases a product from an e-store, the respective data transaction will be sent to the machine learning model. The model will then analyze the data to generate a recommendation, depending on which the e-store’s transaction system will make its decision, i.e, approve or block or mark the transaction for a manual review. This process is known as data scoring.
But, data scoring is not the end of the process. During a manual review, if the marked transaction is identified as a legitimate one by the members of the fraud detection team, the machine learning model will have to study the details to improve itself and make a more accurate and better decision next time.
Step 5: Upgrading the model
Just like how humans learn from their mistakes and experience, machine learning models should be tweaked regularly with the updated information, so that the models become increasingly sophisticated and detect fraud activities more accurately. For example, providing detailed information about the device, such as connection type, processing power, GPU capabilities, VPN connection, etc, will help the ML model to gain new insights into the customer and make more accurate predictions.
Final Thoughts
Machine learning makes payment fraud detection cost-effective and easy. Besides converting data-intensive information into easy-to-digest insights, machine learning enables risk managers to evaluate large number of transactions in real-time and act with more confidence.