Custom Workflows to Match Your Business

Our customers range from on-demand services like Instacart to online retailers like JackThreads to small stores using platforms like Shopify.

Each of our customers is unique not only in the way that fraud affects them, but also in the way fraud teams work through manual reviews of suspicious orders and users. Many of our customers prefer to review just their most recent orders while others prefer to focus on orders with high order values or have mismatches between shipping and billing addresses.

We’ve listened, and with the latest release of the Sift Science console, we’re really proud to give customers the ability to customize manual review queues in the way that makes the most sense for their business.

 

Custom queues that are personalized for your business 
You can now filter queues by any attribute that you send Sift, including order value or country. Also, you can create queues using attributes our algorithms calculate, like the distance between billing address and shipping address or the number of failed transactions.

You still have built-in Orders and Users queues, but now you’ll have the ability to customize those queues further. Also, you can now build a queue completely from scratch through Search, and share that queue with other analysts by sharing a URL.

 

It’s now easier to train Sift Science to spot fraud
We’ve also made labeling users a one-click experience in Queues and the User Details panel to help analysts understand the labeling process better as well as be more efficient. You can still add a reason (like chargeback or spam) after you’ve labeled a user.

 

Release
We’ll be rolling these changes out to you on August 4, and we won’t be supporting earlier versions of the console moving forward.

 

Help make Sift Science better!
We love feedback! If you have any thoughts you’d like to share, please let us know what you think by emailing support@siftscience.com.

 

Thanks!
The Sift Scientists

TwitterLinkedInFacebookGoogle+Email

Behind the Signal: Doral, FL

What’s up with Doral?

Let’s say you’re going through orders, and you come across one with a high order value where the billing and shipping addresses don’t match. You decide to do a bit of sleuthing, starting with research on the shipping city: Doral, FL.

At first glance, shipping to Doral seems like a no-brainer:

Based on that information, it’d be perfectly reasonable to ship that order.

However, there’s also cause for caution. Sift Science has found that —  despite Doral’s wealth and status as member of the Trump empire — orders shipped there are 8X more risky than normal!

 

What Versus Why

At Sift, insights like these are discovered automatically, and often the signals are subtle and not immediately intuitive. After all, a computer can say “what”, but it takes a human being to say “why”.

For Doral specifically, I did ask “why”, and here’s what I found. Continue reading

TwitterLinkedInFacebookGoogle+Email

How Did My Credit Card Info Get Stolen?

Nobody likes dealing with credit card fraud. It can be embarrassing and difficult to admit that you’ve been a victim. At Sift Science, we often hear from our customers about 2AM nights at the office spent triaging thousands of orders that were placed with stolen credit cards. Today, we thought it would be helpful to understand how it all starts. To do this, we need to go underground deep inside criminal territory. It goes without saying that credit card fraud is malicious and illegal. It can result in felony charges added with several years of imprisonment in jail.

 

Simply put, credit card fraud starts with theft. With determination and time, fraudsters can obtain credit card numbers and information at any price. In fact, an entire underground economy, complete with moderators and reviewers, exists for criminals to buy and sell your information online. Databases of people’s names, credit card numbers, and even complete bank account login information (also known as “FULLINFO” or “FULLZ”) can be sold anywhere from $2 to $50. “Carders” as these thieves are called, even share tutorials and spread information on which sites are vulnerable to attack.

 

The act of the theft itself can take shape in a number of ways. The most common is through hacking databases, sending phony emails (also known as “phishing”), and exploiting security holes. Sophisticated carders usually hoard the information and sell them in bulk to consolidators. The consolidators then sell them on the black market lurking in secret online forums or chat rooms. They even offer flash sales on bulk discounts. Here is a sampling of “products” and prices we found on our own research via Google:

Continue reading

TwitterLinkedInFacebookGoogle+Email

Three Ways Gamers Cheat in Online Poker

As we mentioned before, there are many signals linked to fraud in the digital world. At Sift Science, we use advanced fraud detection technology to help customers identify bad behavior and adapt to tactics in real time. In the online gambling sphere, where regulations and oversight are unclear, gaining player trust by providing a safe and fair environment is paramount. One way to improve game experience is to prevent fraudulent behavior.

Here are three common ways gamers commit fraud in online poker.

1. Bonus Abuse Through Multiple Accounts

Poker sites often give away play money using bonus codes to attract new players. Fraudsters try to take advantage of this and sign up using multiple accounts at the same game table or tournament, causing the poker site to lose money while also providing a bad experience for other players. Usually it’s enough to track account registration by IP address, but for advanced cases, more sophisticated tools are required. The best fraud detection tools use device fingerprinting to find multiple accounts created by a single laptop or computer.

2. Computer Bots in Poker Rooms

Hackers have created computer programs (“bots”) that automate online poker play. Bots are banned from poker sites because they create an unfair advantage–computers have no emotion, so they are not subject to “tilt” (the poker term for player aggression when they play a poor strategy). Fraud rings have been caught colluding and cheating players out of hundreds of thousands of dollars using bots.

So how do poker sites detect bots? While most detection techniques are proprietary and unknown to the general public, some measures include monitoring player reaction time, suspicious mouse movements, and randomized pop-up windows with challenge questions.

3. Chip Dumping in Tournaments or Ring Games

Chip dumping happens when a player intentionally loses chips to another player at the table to give them a better chance to win. It has become a way for players to launder money. Fraudsters use stolen credit cards to deposit funds and then dump chips at a cash table to another account he or she created. In other cases, the fraudster will hijack an innocent player’s account (“account takeover”). Online poker rooms typically check for players making curiously large bets with a terrible hand or folding on a relatively safe bet.

 

Interestingly, most fraud is caught by vigilant human players who report fraudulent behavior. However, cyber criminals can still take advantage of even the most experienced (and most valued) players. One reason is that online poker is still mostly illegal in the US and most sites are physically located offshore. It can be difficult to determine whether sites are legitimate and whether it’s safe to hand over your credit card number. The good news is that there are simple steps players can take to protect themselves from fraud.

To learn more about common methods online poker rooms use to combat fraud, check out Cheating & Collusion at Online Poker Rooms. If you’ve been a victim of online fraud or would like to learn more about us, let’s talk.

TwitterLinkedInFacebookGoogle+Email

What It’s Like to Intern at Sift Science

Editor’s Note: This is part of a series of blog posts by Sift Science’s superstar interns. Today, we hear from Holly Yu, a summer intern on the Marketing team. Holly is currently pursuing a Bachelor’s Degree in Consumer Psychology at the University of Pennsylvania.

 

Sift Science is the best place for interns who want to take initiative on projects while learning from the best and the brightest. All of us are working on projects that will have a direct impact on the company. I often hear interns at huge companies complain that their work is one-dimensional and insignificant to the company’s larger goals. Even at smaller companies, interns are often given menial work, not trusted with important tasks. At Sift, I’ve already felt changes in the company with the work I’ve done so far! But most of all, I think what makes Sift Science great is our tight-knit and welcoming culture.

 

Sift Science Interns Jump Attempt #6

Sift Science Interns Conquer San Francisco’s Angel Island

 

Every day at lunch, we gather to eat catered lunch, share stories, and laugh together. A long-standing tradition here is to play Two Truths and One Lie with new Sifties, interviewees, or just friends visiting the office. Our company has been growing really quickly, so there has been at least one game per day.

 

We also have bi-weekly all-hands meetings where each of us gets the opportunity to contribute ideas to the group and talk openly to Jason, our CEO. Coincidentally, Wednesdays also call for game night —board games!!

 

During the first week of my summer internship, I hit the ground running with a week full of intern bonding events. On a sunny Sunday, our group of seven interns headed over to a Y Combinator BBQ and got to meet and take pictures with Paul Graham, the founder of Y Combinator, and Alexis Ohanian, founder of Reddit. We got to make friends with interns from other Y Combinator companies. Here’s a picture of Sifterns, Pebblers, the Sift Scientist, and Alexis (photobombing):

 

 

Sifterns take over Y Combinator... and then the world!

Sifterns take over Y Combinator… and then the world!

 

Later the same day, we dashed over to a Bay Area Intern meet-up with over a thousand interns lounging, chatting, playing frisbee, eating, or whizzing by on giant inflatable slides. We randomly ran into a former Sift Science intern named Eric and snapped a picture with him.

 

Sift Science Interns at The Intern Project hosted

Hi Eric!

 

We recently had our 3-year anniversary party, where we dressed up as our favorite scientists and ate delectable food, donned lab coats, and danced to music! All of our friends, families, and customers came and had a blast at the science-themed party.

 

Sift Science 3-Year Anniversary Party

“Sifties Luv Bayes”

 

I’m extremely fortunate to have the opportunity to work in such a dynamic environment filled with great people!

 

For updates and more, check us out on Twitter, Facebook and Instagram.

 

TwitterLinkedInFacebookGoogle+Email

Our next chapter

The internet offers unprecedented connectivity, scalability, and anonymity. Unfortunately, it can also be abused. As activity moves from the physical to the online world, so does fraud. Online chargebacks, spam, referral abuse, and account takeovers cause all sorts of headaches for businesses that would rather focus on their core competencies.

At Sift Science, we make world-class online fraud detection easy and accessible to merchants of all sizes. Just over a year ago, we launched our first product: a fraud detection API that empowers online merchants with realtime, large-scale machine learning. This is the same core fraud detection technology used by giants like Amazon and Google.

And boy oh boy, it’s been a busy year. We launched a new version of our API, a real-time fraud console, plugins for Shopify and Magento, and many other exciting changes. We now analyze more than $1.5 billion of transactions and 600 million events each month. We’ve helped customers detect, in realtime, 95% of their fraud with an industry-leading 7% false positive rate. We’ve cut their manual review rate more than sixfold, while enabling them to capture revenue that would have otherwise been rejected. Our customers include retailers of physical and digital goods, financial services companies, marketplaces, mobile-only companies, nonprofit organizations, and online communities on all six habitable continents. They range from high-growth businesses like Airbnb, Uber, OpenTable, Indeed, JackThreads, Kickstarter, and HotelTonight, to mom-and-pop shops collecting their first dollars. We also won the Best Emerging Technology Award at this year’s Merchant Risk Council conference (a key event in the anti-fraud industry). Woohoo!

And now, some exciting news. We recently closed an $18M Series B round of funding led by Spark Capital. We welcome Mo Koyfman to our board of directors, a kindred spirit who shares our passion for great product experiences and big thinking. We’ll use the funds to grow our team and accelerate our sales, marketing, and product development initiatives. We have just begun our mission to make the internet a better place. Our machine learning product improves with more customers and data, and over time we believe that this network can deliver tremendous value across the web.

To our customers and investors – thank you for your continued support. We will work hard to deliver even more value. To our potential customers – don’t hesitate to contact us and learn how we  can help protect your business. To potential candidates – we’re hiring across the board.

Onward!

 

TwitterLinkedInFacebookGoogle+Email

What to do about Heartbleed

Yesterday, the OpenSSL Project released an update to address a vulnerability nicknamed Heartbleed. Heartbleed impacts all websites that use best-practice, bank-level security encryption on its internet sites.

Sites whose web addresses start with “https” (~66% of the internet) and run OpenSSL are impacted. For many sites, the risk posed by Heartbleed is extremely small.

At Sift Science, we are hyper-vigilant about data security. It is our #1 priority. We took internal action immediately upon hearing of the issue. As of Tuesday, April 8 at 4PM PDT, our SSL certificates and infrastructure are updated to protect you against this vulnerability.

For users:

  • If any of the websites that you go to require or have required login via SSL (1.0.1 through 1.0.1f) in the last 2 years, ask them if they’ve issued a fix. You can use this tool as a starting point.
  • Once they have, change your password. For passwords, longer is generally stronger. (Sift uses this xkcd comic to illustrate what a strong password looks like.)

For businesses that use SSL:

  • Upgrade to the latest version of OpenSSL immediately (1.0.1g or 1.0.2-beta2).
  • Contact your SSL certificate authority and reissue your SSL keys.
  • Once your new SSL keys are installed, ask your certificate authority to revoke all old SSL keys.

 

For a non-technical explanation of Heartbleed as a bug, check out gizmodo.You can find technical information on the CVE-2014-0160 vulnerability and on heartbleed.com.

TwitterLinkedInFacebookGoogle+Email

What is Big Data (Part I)

This post is part of a series that discusses, in simple terms, machine learning and big data. Today we’re demystifying big data. To learn about machine learning, check out Machine Learning For Poets.

What is Big Data?

What is big data? Many define it in terms of the computing power it requires. To understand what big data is, however, you first need to know what big data means. In this post, we’ll discuss the implications of big data’s meteoric rise.

What big data means

The excitement around big data isn’t just marketing hype. In fact, it captures a qualitative shift, from model complexity to data complexity.

Answering complicated questions used to require equally complicated models. Despite their elegant mathematical underpinnings, these were usually imperfect, especially when modeling real life. They required many assumptions, which didn’t always hold true (e.g. “Humans are rational”).

Human behavior is more complicated than  E = mc2. Therefore, when making predictions about humans, discovering how things actually work has proven more effective than depending on a caveat-laden model.

In other words, big data frees us to derive insights empirically. With enough information, you can approximate what you want to know by “asking the data directly” rather than relying on assumptions. Fewer assumptions mean fewer places for things to go wrong.

Of course, the quantity of data required to reduce model complexity results in — you guessed it — increased data complexity.

 

Fight fraud with big data

At Sift, we know that big data is critical to staying ahead of fraudsters. Contemplating what I think fraudsters do is less important than discovering what they actually do.  Predicting fraudster attacks based solely on recent trends is less effective than incorporating all information.  Constraining your fraud team to a limited set of variables is less efficient than using every piece of information available.

So now you understand the most important aspect of what big data is: its implications. Next up: the logistical challenges that define it.

For more insight, look at Alon Halevy, Peter Norvig, and Fernando Pereira’s excellent paper The Unreasonable Effectiveness of Big Data. Stay tuned for more explanations, applications, and discussion on machine learning and big data. If there are specific topics you’d like us to cover, let us know at info@siftscience.com or @siftscience!

TwitterLinkedInFacebookGoogle+Email

Five Fun Fraud Facts

As an e-commerce fraud analyst, you’re expected to decide whether a transaction is good or bad, often with ambiguous transaction and customer data. This can leave you feeling like Lucy, especially during the holiday season.

In the absence of a fraud detection system, here are five signals you can use to assess fraud risk. Remember, these are aggregate signals based on data from many companies. Your mileage may vary.
Continue reading

TwitterLinkedInFacebookGoogle+Email

E-commerce fraud: where it hurts

Here at Sift Science, we make powerful fraud detection software available to companies of all sizes. Fraud can mean many things and impact many different parts of these organizations. As noted in our post on global fraud, we detect three main kinds of e-commerce fraud (plus other specialized kinds): payment fraud, new account fraud and account takeover. Below, we’ll take a closer look at each type and whom within a company they hurt. Continue reading

TwitterLinkedInFacebookGoogle+Email