Las Vegas: Sift City

We’re back at the Merchant Risk Council’s annual conference in Las Vegas! After winning last year’s METAward “for leadership and innovation in ecommerce payments and fraud”, Sift Science returns to the Aria to showcase some of our exciting new product updates and meet our awesome users.

If you’re at the show, get ready to chat with a few of our incredible Sift Scientists. Among our attendees are Sift CEO Jason Tan, our Head of Marketing Bill Hodak, Head of Sales Zeeshan Yoonas, and Lead Solutions Engineer Katherine Loh. Stop by Booth #222 to meet our team and check out some of our swag.

This is our idea of standard-issue gear for anyone who fights fraud.

This is our idea of standard-issue gear for anyone who fights fraud.

Are you a Fraud Fighter? Then we want to talk to you! Swing by the booth or email us at to set up a phone call or in-person chat.

See you at #MRCVegas15!


Did you know that American Express and Discover cards together make up 35% of U.S. credit card purchase volume? That’s a sizable chunk of the economy that many American individuals and business rely on. Even more concerning, perhaps, is a recent uptick in credit card hijackings that target these two providers.

Never heard of credit card hijacking? Here’s a step-by-step overview:

  1. Fraudsters source and take over credit card accounts through an online banking system, wreaking havoc on the account information on file. (According to some fraud managers in our network, they tend to see this type of fraud hitting AmEx and Discover cardholders more than others.)
  2. Upon account takeover, fraudsters will then access the account details in order to update the billing address and phone numbers associated. The new address and contact information provided is more likely than not the fraudster’s receiving or reshipping location.
  3. Fraudsters will then use the card numbers associated with these hijacked accounts to place an online order to be shipped to the updated address.

Should a merchant get suspicious and decide to manually review such an order, she’ll see that the account billing address matches that of the address on file with the bank account -- by virtue of the fraudster’s earlier account updates. With this information checking out, the merchant would likely go ahead and ship the fraudulent order, opening herself up to a later chargeback when the cardholder realizes that his card has been hijacked.

Other common red flags of fraud include:

  • Phone numbers + billing addresses that do not match
  • Voice over IP (VoIP) number + high-value orders
  • VoIP phone numbers + unmatched addresses

Retailers with fraud review teams should ensure that all Fraud Managers and Analysts are aware of this general trend and employ best practices during phone verifications.

What are some of the other best practices that you or your fraud detection team members use to stop criminals? Have you ever experienced a credit card hijacking case?


When Gift Cards Hit Hard

How many gift cards do you have just lying around? Is your wallet packed with old gift cards that are worth around $.43 or $2.17? Typically, we give little thought to gift cards, especially when their values are comparatively small. However, did you know that shoppers spent over $30 billion buying just gift cards in 2014?! Although it's hard to see the impact of the $5 Starbucks gift cards that Grandma hands out like candy, when you break down the components of the gift card system, it’s easy to understand how every small card adds up to a major industry.

Let’s first take a moment to understand why gift cards are so popular and widely available. The reasons are two-fold:

  1. Gift cards are an easy go-to gift
  2. They help retailers to guarantee business

Gift cards not only offer a convenient, thoughtful, and flexible gift option, but allow merchants to essentially secure some portion of a future purchase. Consider this: merchants that sell gift cards can expect that either the recipient will complete a future, larger transaction (how often do you use the exact amount of a gift card), or the gift card will remain unused, securing the retailer the profit of the gift card with zero cost outside of the transaction or physical card fees.

The demand for these pre-paid cards makes them advantageous for most businesses, but criminals can very easily re-sell or exploit them. Here are some ways that gift cards can hurt a business:

In-Store Gift Card Information Theft

A tactic that criminals may employ is physically visiting brick-and-mortar stores to copy or scan gift card information from not-yet-activated cards. They can then simply wait for money to appear on those cards by using software that constantly checks online for the cards’ activation. When a card is purchased and value added, these fraudsters will be alerted. According to the BBC, the average time between gift card purchase and redemption is two months, which is plenty of time for an information thief to acquire and spend a balance online before anyone notices.

Stolen Credit Card Purchases, a.k.a “Fraud-ception”

Another common type of gift card fraud involves criminals who buy gift cards with stolen credit card numbers (which is incidentally credit card fraud). When siphoning funds through the purchase of gift cards, credit card thieves can extract spendable cash as gift cards, rather than dealing with the bulk and reshipping necessary for physical goods. Purchasing gift cards allows these fraudsters to maximize the funds drained before the credit cards are canceled.

Second-Hand Gift Card Sellers

Sometimes, people receive gift cards for merchants that they just don’t care about -- the bane of every gift-giving situation. Rather than re-gifting, such consumers might decide to sell these cards online. Upon seeing such a listing, a criminal would contact the seller, pretend to be interested in buying the card, and ask to verify the balance on the card. The seller verifies the balance through the store by entering the gift card information online. Meanwhile, by means of special software that can track the online store’s gift card balance checker, a fraudster can steal the card number and PIN. Effortlessly, they can tell the seller that they are no longer interested while removing or using the funds associated with the for-sale gift card number.

Employee Scams

When working behind the counter, committing gift card fraud is almost too easy. All it takes is a busy afternoon at the store, a distraction, or simply a preoccupied customer. While ringing up a gift card purchase, an unscrupulous employee can switch the customer’s gift card number or balance with that of an empty gift card. Customers rarely notice the switch, and by the time they realize that their gift card has a balance of $0, it’s too late. With this simple bait-and-switch, dishonest employees may acquire many loaded gift cards they can use online anonymously.

Countless online businesses incorporate gift card sales into their business strategies. Physical vigilance and intense online scrutiny are essential in maintaining a secure environment for these merchants. Sometimes, however, being careful isn’t enough and a little help from big data can save these retailers time, money, and headache. At Sift Science, our mission is to identify and eliminate all forms of fraud, including gift card fraud.

Have you experienced gift card fraud, either as a merchant or as a shopper? What tactics work for you to stop gift card thieves fast?


The League of Extraordinary Fraud Fighters

The night: A crisp San Francisco eve. Waves crash upon the Embarcadero while ferries slice their way through the harbor. The Bay Bridge provides a few last twinkles, illuminating the faces of the League of Extraordinary Fraud Fighters as they gather atop their tower in relative stealth. You’re welcome here, among a motley crew of rag-tag vigilantes holding forum deliberating on how best to beat villainous fraudsters using their most powerful weapon - The Sword of Sift. With flavorful falafel and a bevy of beers (or wine, for the fancier among our humble crowd) in-hand, so begins Sift Science’s latest Customer Meetup.

If you missed our event -- or don’t live in the San Francisco Bay Area -- we’re so sorry that we couldn’t meet and chat and hear from you on Tuesday. We at Sift Science consider ourselves very fortunate to have such an active community of customers, and strive to provide lots of value through engagement. Ten customer companies were represented, with one bringing 67% of their entire company! The viewpoints were invaluable and the variety of fraud that our guests face sparked much discussion. Amidst all of the great conversation and questions that arose, a key takeaway for everyone was realizing just how universal and diverse fraud is for so many websites. Our customers all have very different businesses, and leveraging data with machine learning offers a trainable, adaptable solution.

We appreciated the candid feedback that our guests provided. In regards to the Sift Science product, we heard that some things, like DeviceID, are extremely useful but not particularly intuitive. Evolving our product to better suit your needs and offer a personalized fraud tool is so important to our team. We hear you loud and clear: being able to send us labels that differentiate between various fraud use-cases would be very useful.

A special feature of the evening was a short presentation by our Product Designer, Tony Chu. Tony walked us through an exciting new product development that Sift Science users can expect in the coming months. Unfortunately, we’re not quite ready to announce these updates yet on the interwebs, but stay tuned! The reactions from our customers were really fantastic, with great questions asked and feedback or insights offered. The voices of our guests will definitely help to guide our roadmap and lead to an even stronger product!

One of the Sift Science features that work really well for our customers -- and that might work well for you -- is the Network Visualization data view in our console. Several even suggested that they’d like to be able to prioritize the connections highlighted. We brainstormed a few ideas for how to make our user pages even more useful --sticky navigation, bulk labeling capabilities, stronger signals to the top -- and our product team is already hard at work weighing these possibilities. We also heard that many Sift Science customers trust our score accuracy and the information that our console provides. We love hearing this success, and want to make every part of Sift Science helpful and intuitive.

It all boils down to this: We love our customers, and hearing from you and facilitating engagement with other folks in the space are the best ways for us to make sure our products work best for you. Given the success of our past two successful meetups, we’d like to continue hosting these events on a quarterly basis, and are excited to invite all customers -- new, old, and returning -- to drop by. We hope to play a role in building an active community - A League of Extraordinary Fraud Fighters, if you will.

So what would you like to see from us? What discussion topics, presentations, or guests would be interesting to you?

We are so excited to continue learning from and growing with you. Sift on!

Thanks, Obama! (No really, thank you. It's a great start.)

In this digital age, online identities and ecommerce orders come and go at the speed of light. Too often, cyber security experts must play catch-up. Effective use of data can shed light on the ever-evolving intricacies of cyber threats, but the decision-makers must understand exactly what needs to be secured in order to protect it. Recent legislative action marks progress and a step in the right direction but does it protect consumers from the biggest threats?

The interwebs are rife with cyber threats, with security breaches and hacking becoming especially rampant in the past 18 months. In light of the recent data breaches at Target, Anthem, and Home Depot, the hacking of multiple Department of Defense sites, as well as the ever-growing losses to online fraud, American policymakers are turning their attention -- and budgets -- to cracking down on digital security. Last week, President Obama signed an executive order to create the Cyber Threat Intelligence Integration Center. The goal of CTIIC is to protect companies that share information about cyber threats with analysis firms. The executive order reinforces a 2014 statement from the Justice Department and Federal Trade Commission that authorizes companies to share information that might help to prevent online criminal activity, even if that information might otherwise be covered by antitrust laws.

But cyber crime includes more than just high-profile data breaches; it spans organized online crime, fake credit cards, and various other misdeeds committed behind a glowing screen. Business Insider estimates that data breaches in 2013 contributed $500 million to payment card fraud. While protecting against breaches is undoubtedly important, the overall fraud ecosystem is much larger. In fact, BI estimates the overall cost of payment card fraud in 2013 was seven BILLION dollars. That's right 7 billion dollars - with a capital B! Let's do some math: $500M divided by $7B equals roughly .07. Now multiply that by 100 and we see that data breaches contribute only 7% to payment card fraud. 

While technology solutions can effectively punch holes in the systems that hackers build, we agree with President Obama -- data is the key ingredient required to connect global fraud fighters, policymakers, and information holders.

The type of data sharing proposed by President Obama offers a viable, scalable, and highly relevant weapon against cyber fraud. Nonetheless, legislation is just one weapon in the arsenal that we must use to combat online criminals. The focus on large-scale data breaches feels short-sighted. The criminals that orchestrate data breaches, steal credit card information, and hack accounts work to keep their attacks under wraps, moving quickly to new victims once succeeding (or failing) with old ones. By safely and responsibly leveraging the information that each site or organization has about known bad users, stolen identities, bad IP addresses, and other characteristics, the better chance we as a society have of defeating cyber criminals.


We're giving the User Details page a minor facelift!

On Wednesday March 4, we'll be rolling out an updated version of the User Details page, making it easier for you and your team to find user information and fight fraud. It's still the same User Details that you're used to - just with some minor tweaks that'll improve your workflow.

Most of the changes are aesthetic (e.g. adding icons, changes in padding), but here are some of the updates that might be useful for your team:

  • Navigating through the Orders tab
    • Orders are now expandable and collapsible, make it easier for your team to find relevant orders and dive into them for further inspection
    • If an order includes multiple items, items and details are scrollable for quick navigation
    • AVS and CVV results are now highlighted and easier to find
  • Use the Signals tab to create a list of users who share a particular attribute
    • If your team is interested in a specific signal that is shared across users (e.g. User Location), you can now create a list of all users who match that fraud attribute directly. This feature essentially lets you create a workflow to easily review all of these users.

You can watch the video below to get a sneak peek of the new User Details before it rolls out next week. Otherwise, if you have any questions about the updates, feel free to reach out to us at!

10 Warning Signs of eCommerce Fraud (Part 4): Money, Money, MONEY!

Hey, you! Take out your wallet for me. Inside that wallet, how many credit cards do you have? Two? Three? Did you know that, on average, Americans have 2.6 credit cards per eligible person. In this final installment of the "10 Warning Signs of eCommerce Fraud" series, we examine the patterns related to credit card and billing data, signals 6, 9, and 10. With that in mind, when merchants encounter IP addresses with more than two credit cards associated, a red flag might be raised. Considering the number of cards that the average American carries, too many credit cards can signal fraud.


Perhaps your shop is the victim of a single fraudster with a stash of stolen credit card numbers. Or is a reshipping service at work? Perhaps it's friendly fraud, with a family member using Mom, Dad, Uncle Roger, and Aunt Linda's cards all at once. It could even be "liar-buyer fraud" (oooh).

There are, however, plenty of explanations for a high credit-card-to-IP-address ratio. Perhaps that IP address is linked to a business in a busy metropolitan area where employees often order personal items. Maybe the IP address belongs to an especially savvy online shopper that only attaches one card to each merchant site to quickly shut down fraudulent activity on his accounts. Regardless, merchants risk off-putting good customers if they hold or cancel an order without seeing the user’s big picture.

Similarly, email age and history contain telltale signs. Quick question: how old is your email address? How about the email address that you use for your Amazon or Netflix accounts? Like most users, chances are good that the email addresses that you use for your purchases and account creations have a history. Not so much for fraudsters.

Sometimes, criminals create email addresses purely for the purpose of creating accounts on merchant sites. Orders from these newly-hatched emails that don’t have attached billing relationships are suspicious.

Big data from a global network offers a solution to this conundrum. Yes, there are basic IP address matching services, but machine learning can also streamline your fraud detection process. In order to quickly sort those fraudulent orders from good ones, allow global data to quickly and accurately pinpoint those IP addresses with a history of fraud.

All in all, fraudsters leave signs of their dirty work. We’ve walked through some of their most common tells, but using rules to fight criminals is too rigid and outdated to work. Cybercrime takes advantage of all the anonymity and internationality that the worldwide web has to offer -- fight back with global data to stay ahead of fraud. Like training a laser-focused guard lion, machine learning can fit your unique needs.

As always, our free Guides and Resources library can provide extra insights into fraud, ecommerce, merchant challenges and solutions. Feel free to check our webinars, and tweet us questions @siftscience.

10 Warning Signs of eCommerce Fraud (Part 3): What's the Rush?

Be honest, how often do you pay for rush shipping? What about for international orders -- when are you willing to pony up the big bucks? Chances are that unless you’re running late on a birthday gift or missed your holiday shopping window, you opt for t he free shipping options. In our third installment of the "10 Warning Signs of eCommerce Fraud" series, we tackle signals 4, 5, 7, and 8 that deal with shipping and address details.


Fraudsters that use stolen credit cards or try to maximize reshipping services don’t sweat those added costs. Taking the time to check addresses and shipping speeds can help you save more than just money and merchandise in the long run.

Several major indicators of fraud that merchants rely upon relate to shipping. Because criminals want to capitalize on their bulk-orders of goods as soon as possible, “rush” or “overnight” shipping and international shipping see higher rates of fraud than their non-special-shipping counterparts. 

Another indicator that many merchants employ is noting inconsistencies between addresses or an inordinate number of addresses used in a transaction. Think about your last online order and the information that you had to provide: email, billing and shipping addresses, telephone number that matches, etc. All of these factors add up to paint a picture. Multiple shipping addresses linked with just one billing address or many orders from multiple customers all shipping to a single location could be indicators of organized criminal activity. Without reviewing such orders, you’ll never know until it’s too late and that chargeback hits.

Finally, in this digital age, people can shop online at all hours of the day or night. Orders at odd hours of the day or night -- in your local time -- should be viewed with a healthy amount of skepticism. Yes, perhaps your customer is a jet-setting insomniac with an online shopping compulsion...but also perhaps not. Take the time to verify these midnight orders - it can net you thousands of dollars or more in revenue and cost-savings by accepting the good orders and avoiding the chargeback costs of accepting orders from these nefarious criminals. 

Thankfully, you’re not alone. These warning signs are around because other merchants have encountered these same scams and lived to tell the tale. And here is where data and shared knowledge come together. The information is out there to help you stop fraud -- and for you to help others stop fraud too. 

While setting a rule that, “Any orders from a new customer (new email address) purchased between midnight and 4 A.M. where billing and shipping addresses don’t match = fraud = cancel order”, might feel rational, unfortunately it also blocks some legitimate customers as well. Imagine the freshman college student: new email address, new shipping address, but credit card still linked to home (and mom and dad’s) info. He’ll probably mistype his information at some point (it is the middle of the night after all) and blunder through countless rules-based red-flags. With a rigid fraud-detection system, that customer would be lost to you, potentially forever.

With an intelligent system, however, access to real-time global fraud patterns help you identify that this suspicious college student’s email address is in fact linked with his personal email, with which he has a long and robust “good” order history. Leverage the data that’s available to prevent fraud and keep your good customers happy!

Questions about our series so far? Tweet us @siftscience or check out our free Guides and Resources library for more information.

Reflections on the Tech Superwomen Summit

Recently, I attended the San Francisco-hosted Tech Superwomen Summit on behalf of Sift Science. Normally, I’m not one to be easily moved by a conference. This event, however, felt different. The diversity of qualified viewpoints and the questions from the audience made for inspiring discussions, and I’m excited to share my takeaways from the day.

The Pipeline

What better way to start a women-in-tech conference than with a conversation centered around entry into the field. The day kicked off with a panel discussion entitled, “The pipeline, does it leak?”. Well, the pipeline of female engineers does in fact leak -- by an alarming 52%.

The pipeline’s source itself is also in a troubling state. In the first panel, I learned that when Julie Elberfeld, CIO of Capital One, graduated from college in 1985, 37% of Computer Science undergrads were female. By 2012,  that number had dropped to 18%. History shows us that engineering was once an attractive field for women. However, the intervening years saw tech and gadget ads targeted at men, with little female presence shown in the making or enjoyment of personal computers, games, and software. Women felt alienated from tech and its products, reflected in the marked decrease of their engagement and enrollment. How do we make tech a popular, diverse field once more? I’ll get to some solutions shortly.

Is Pipeline the Right Word?

One conference participant challenged the very metaphor of “the pipeline”. Despite various sources, pipelines generally carry a homogenous product. Thus far, the engineering pipeline has delivered one population expertly: caucasian males. Sarah Millstein went so far as to describe the pipeline as, “white men [who] will always continue to fall from the sky”. To recruit individuals of diverse backgrounds, knowledge bases, and ethnicities, we need to look to non-traditional sources. Subject experts, conferences, and under-utilized job boards may be easy resources to find diverse candidates. Additionally, with our job postings, we must be wary of language and avoid inadvertently repelling diverse candidates. Check out these useful tips!

Tech Superwo(man)

We can’t make long-term, meaningful change alone. I learned that Capital One’s women in tech program takes an interesting approach. They host a class series, open to anyone company-wide, about “microaggressions.” These classes educate people about the “insignificant” things that people might say or do that wear women/others down. Sometimes something as simple as the tone we take or the words we choose can have a profound effect on others.

I suspect that, in most cases, it is a combination of factors that compel minorities to exit engineering. The onus is on everyone in tech to uphold the respect and dignity that all people deserve. The most highly sought-after companies are those that create a culture where multi-directional, open, and honest feedback is welcome.

Tech Superwoman

To be honest, I didn’t love the name of this conference. I’m confident that no one at Sift Science would think of themselves as either Supermen or Superwomen. I took the job at Sift Science because when I spoke with Sifties, I was learning from them, rather than being taught. We’re committed to continually growing together. After 10 months here, that still remains the case. Sifties do amazing work, but we rarely flaunt it.

Do we celebrate our accomplishments? Heck yes! Do we have a culture of feedback, both positive and negative? Absolutely. Feedback makes us stronger. But any Siftie with his or her nose up in the air would lose respect quickly.

Diverse Perspectives in All of Tech

I'm not an engineer. I am, however, one of 12 women at Sift Science and one of 40-some Sifties passionate about creating a work environment where all people of diverse perspectives and backgrounds feel welcome and appreciated every day. It’s far too easy to create a tech culture where those who don’t code are less valuable than those who do. Those who recruit Sifties, maintain our office, create processes and procedures, plan Sift events, support our customers, negotiate partnerships, market Sift, and sell Sift Science are just as important to Sift Science’s success as those who build and improve our product. I firmly believe that we can make ourselves more productive employees by learning from each other.

What is Sift Science doing?

Sift Science is a startup. We’re young, and by no means experts at building a diverse workforce. But that’s no excuse. I’m proud of our accomplishments as Sift 360 and Sift Science as a whole  work to grow and maintain our diverse and awesome culture.

Here’s an overview:

  • Our Marketing and People Ops teams are revamping our jobs board to highlight our awesome culture and emphasize our commitment to diversity.

  • Sift 360 and People Ops instituted Sift Culture Credit, which gives Sifties the opportunity to designate 4 work-hours per quarter to making a cultural investment in Sift Science. Whether it be volunteering with other Sifties at a local charity or attending a diversity-oriented meetup on Sift Science’s behalf, we’re encouraging greater involvement with our internal and external communities.

  • Sift 360 will soon sponsor a brown bag lunch series, during which we’ll have literature/article-driven discussions about themes relevant to Sifties, such as Professional Development At A Startup and Silicon Valley Bro Culture.

This is ******* hard

To paraphrase Dylan Richard and Harper Reed, it’s really hard to diverge from the norm. We’re going to make mistakes, but we’ll learn from them.

However, to create large-scale change, organizations must create cultures that are welcoming to diverse talent. While we at Sift Science are eager to make change, undoubtedly there are others in tech who think otherwise and prefer the status quo. To that audience, I would echo many conference speakers: diversity is a competitive advantage. Diverse perspectives make for a stronger and more thoughtful team, while homogeneity creates weaker outputs.

So let’s work together to create change.

Have feedback on what we’re doing? I’d love to hear from you! :)

Tax Refunds Rock! Unless They're Stolen and Used for Evil

We’re in the midst of tax season again. Over the past several years, a steadily increasing number of criminals have targeted U.S. online retailers immediately after the tax season, paying for transactions with prepaid debit cards obtained through fraudulent tax returns.

It works like this: Joe Fraud has Susie Taxpayer’s social security number, address, and employment information. He uses a tax preparation service to file Susie’s tax returns on her behalf and chooses to have the refund deposited onto a prepaid debit card. Joe Fraud then uses the prepaid card to buy high-ticket items online.

As a merchant, there are a few reasons to be concerned about this growing threat. Chargebacks can still apply for these purchases, despite the rarity of chargebacks associated with prepaid debit purchases. However, more important is the overall cost of dealing with the fallout from these fraudulent purchases. Having been a fraud agent and manager myself, these scam purchases are frustrating. Although I never drastically restructured my review process to catch the handful of fraudulent purchases using these prepaid debit cards, I did keep a closer eye out for them during tax season. As with all scammers and criminals, these tax return fraudsters leave clues.

Warning Signs

These orders are generally high-dollar orders on new accounts. The shipping and billing addresses likely don’t match, which is typical of fraud in general. The difference comes down to card type: if you look into the card type, you’ll find that it’s a prepaid debit card. The phone number provided is unlikely to be verifiable to the cardholder through online channels, and getting the issuing bank to verify prepaid card information is usually impossible because they often don’t have cardholder information on file. However, if you reverse lookup the provided billing name and/or address, you can sometimes obtain the victim’s phone number, who is generally unaware of the fraud.

As a rule, these signs are excellent barometers of an order’s “badness”. These indicators can also help to detect credit account takeovers for high-limit personal and corporate cards (which we’ll discuss in a future post). As with tax refund fraud, the best way to confirm a bad user’s involvement is by finding a contact number or address outside of the bank’s available verification methods.

Why It Matters

In fraud prevention, many merchants prioritize reviewing orders based on the expected loss versus the cost of preventing it. With purchases made on fraudulently obtained tax refund cards, the expected loss is relatively low due to infrequent chargebacks, while the time and effort required to accurately review these orders is relatively high. So why bother?

Others may disagree, but I think that doing the right thing and stopping this kind of fraud in its tracks is always worthwhile. The victims of this fraud will have a hard time correcting it, and any early notification can help. Giving the victims a heads up and impeding criminals is -- in my opinion -- a worthy task.

More pragmatically, I also believe that anything that makes you a pain for fraudsters will help your bottom line. Criminals value their own time, and they’ll remember your site as one that frustrated their efforts.

Have you encountered this kind of fraud? What do you watch for when reviewing orders? Share your thoughts and feedback in the comments, or tweet us @siftscience!

10 Warning Signs of eCommerce Fraud (Part 2): Beware of first-time shoppers

Fraudsters come in many sizes (individuals with a stolen purse, organized rings of credit card thieves, evil bots) and with many habits. In last week’s original “10 Warning Signs of eCommerce Fraud”, our list covered a wide range of indicators. In this post, we'll cover the first three signals: First time shoppers, bulk orders, and order variance. More often than not, signals indicating a first-time shopper who deserves a second glance. 

Apparent first-time shoppers are risky, because there’s not enough data to confidently determine that that customer legitimately interacted with your site in the past. Criminals are always on the prowl for new victims. Generally, fraudsters are unwilling to wait weeks or months to begin stealing with an account that started off as legitimate. They operate with the knowledge that once their accounts are used to create bad orders, those accounts can no longer be used on the same site. Additionally, merchants should be wary of bulk orders since they could be indicative of purchases with a stolen credit card. In order to maximize their potential profits before credit cards are reported missing or hacked accounts are noticed, criminals may order lots of items from a website rapidly. 

We all probably wish that we could order 5 different Rolex watches or 6 different styles of Louis Vuitton bags, just to try out which look best (or to keep). However, when these kinds of high-end goods are purchased in both a quantity and variety outside of the average shopper’s range, fraud may be present. 

Criminals may attempt to capitalize on bulk ordering while also profiting from a single account -- rather than creating a new user on a new website -- by ordering various iterations of the same item. Especially for high-value goods, minimizing the opportunity for notice is key for fraudsters. These orders in-bulk can be a red flag for fraud detection teams.

New accounts -- especially those quickly created, not linked to historic transactions or credit cards, and used to purchase large orders -- are therefore suspicious. 

Of course, not every bulk order or new shopper is bad. Whether a shopper is simply trying to complete all of his holiday shopping before the rush or plans on "swagging out" his first softball team, merchants should be certain to verify order details before canceling a transaction outright. 

While setting up a simple rule might sound like the solution, blocking all first-time shoppers’ orders will also cancel any potential good users’ transactions. That’s where machine learning comes into the equation.

With a machine learning-based system like Sift Science, merchants can train their fraud detection algorithms to recognize first-time shoppers while weighing the shoppers’ relative newness against thousands of other indicators. These indicators -- signals, in Sift terminology -- combine to offer a holistic view of shoppers, providing a bigger-picture understanding of accounts and their users.

Long story short: save time reviewing first-time shoppers with Sift Science; they may be fraudulent, but you won’t know for sure unless you have the whole picture.

Thanks for tuning into Part 2 of our "10 Warning Signs of eCommerce Fraud" series. For more information about machine learning and fraud, visit our free Guides and Resources library or tweet us questions @siftscience


It’s challenging to build true diversity in the workplace. Regardless of the location or position, some minorities -- by gender, ethnicity, orientation,  background, or other -- must play against a “stacked deck” to break through and succeed against socioeconomic constraints, social taboos, and inequalities. It's counterintuitive to recruit candidates that differ from “the norm”. Our minds favor familiar patterns and avoid change.
In its simplest sense, a business is a function of a group plus their decisions, applied to solving a specific set of problems. Keeping ethics and respect top-of-mind, businesses should strive to make the best decisions possible. A team with a wide range of opinions, backgrounds, and lifestyles can analyze problems from many different angles, likely offering a more diverse set of possible solutions.


A diverse team also cultivates a culture of acceptance and open-mindedness. In our experience, this kind of culture helps with recruiting and retention. Differences cannot simply be boxes to check off, but should be appreciated and celebrated as well. As a team grows its diversity, open, thoughtful, and conscientious communication becomes even more essential. When disagreements occur, respect and timeliness prove vital. We encourage our team to step into one another’s shoes to better understand why others think and act the way they do. Assumptions can be culture killers; presuppositions must be more clearly articulated and disputes handled with dialogue. Through strong empathy and communication, a diverse team can unite to make the best decisions.
When is workplace diversity unproductive? A team should be diverse, but not divided. I regularly remind Sifties to actively challenge the status quo -- I want to hear their opinions and suggestions, even if I might disagree. Intense (and respectful) debate often forges the best decisions. But, once a decision has been made, everyone must lend their full support even if they disagree with the decision. Better to keep moving -- learn from the decision’s outcome, and iterate -- than to stand still. Above all else, a company must march together in one direction.
At Sift Science, two of our core values are Respect and Humility. Clichéd, we know. But we try to live these values, everyday. We believe that the best ideas can come from anyone, no matter their role or background. No idea is stupid. We still have room to grow, and can always improve our diversity. As with tech as a whole, many populations and backgrounds are still sorely underrepresented at Sift; we are, however, excited for the opportunity to learn from everyone in our geographical and industry communities. We’ve started a couple of initiatives, like sponsoring and presenting at the 2014 Grace Hopper Celebration and partnering with New Door Ventures for two intern cycles, but have so much more to do. If you can bring something different, drop us a line – we’re hiring.

EMV and Online Fraud: Is the U.S. About to See Exponential Fraud Growth?

By the end of October 2015, all four major credit card associations will have implemented a new standard in the United States for most brick-and-mortar card transactions. This change will shift fraudulent purchase liability from customers to merchants, requiring that they check eligible transactions for use of EMV, also known as chip-and-signature, or be held financially liable for fraud. What does this mean for merchants fighting fraud online, though?

Ecommerce fraud increased dramatically in the years following EMV’s implementation in Europe. Because of this link, some argue that that the rollout of EMV in the US will shift the prevalence of fraud from counterfeit cards to online theft. However, I am less concerned about a sudden surge in online fraud. Here are a few reasons why:

#1: Scattered Adoption

While Europe very diligently updated terminals and issued cards, thus making life much tougher for card counterfeiters, things will likely play out differently on this side of the Atlantic. To put it mildly, the United States is not great at uniformly implementing new standards. American businesses tend to operate under the worry that their skittish customers will refuse to change how they transact. As a result, the U.S. adoption of new processes occurs slowly .

Additionally, the U.S. version of EMV differs significantly from its European and global cousins. A major difference for U.S. implementation is that the users will provide a signature rather than inputting their PINs. The use of a signature instead of a PIN means that stolen (rather than counterfeited) cards will still be usable at EMV terminals, and will likely offset some of the expected EMV rollout gains. As fraudsters continue to find ways to operate offline, there will be less momentum toward online fraud.

#2: Fraud’s Not Special

Everything is moving online, not just fraud. Part of the post-EMV fraud increase in Europe was due to a general shift toward online transactions across the board. The past decade saw a meteoric rise in online business, and it’s only logical that fraud would follow the money. While some merchants may attribute the increased fraud rates to EMV, much of the surge simply matched increases across the board. The presence of EMV was more correlation rather than causation.

#3: Fraud Is a Skill

Finally, it’s worth noting that committing fraud in-store with counterfeit cards requires a radically different skill set than placing fraudulent orders online. Although the path of least resistance may eventually lead some criminals to change avenues, fraudsters adept at conning cashiers will find another use for that skill in the long run.

Online Fraud Is Still a Growing Problem

With all that said, the fact is that online fraud remains a big issue. October won’t herald an enormous wave of new fraudsters targeting merchant websites, but the trends we’ve seen over the past several years will inevitably continue. Leveraging the industry’s growing, global knowledge of fraud is essential to staying ahead of fraudsters and catching criminals early. The proven best practices that will help merchants fight fraud? Accurate fraud prediction, well-oiled manual review of users and transactions, and accountable metrics to ensure that the fight against fraud helps rather than hinders sales.

10 Warning Signs of eCommerce Fraud

If you’ve been hurt by online fraud, you know firsthand how frustrating and damaging it can be to a business. And, unfortunately, you’re not alone. Merchants lose an estimated $3.5B in online revenue to fraud annually. Fraud can take the form of chargebacks, fake account sign ups, stolen credit cards, identity theft, and more.

Thanks to big data and Sift Science's machine learning technology, we’ve found numerous red flags that point us straight to potential online criminals. While determining a good order from a bad one is rarely simple, data -- especially when used to train machine learning systems -- can help streamline the process and make your decisions more accurate. To kickstart your fraud detecting, Visa’s “Merchant Guide to Greater Fraud Control”  reveals 10 indicators to consider:

  1. First-time shoppers: Criminals constantly search for new merchants to bamboozle, creating new shopper accounts on merchant sites.
  2. Bulk orders: Criminals try to maximize their order sizes because stolen credit cards have unpredictable life spans.
  3. Orders that include variations of the same item: Buying multiple high-value goods -- such as luxury watches, fancy handbags, or expensive tennis shoes -- is suspicious. 
  4. “Rush” or “overnight” shipping: Criminals want to profit off their stolen goods ASAP.
  5. International shipping: Fraudulent transactions are sometimes shipped to criminals outside of the merchant’s country.
  6. Inconsistencies: Differences in billing and shipping addresses, telephone area codes and zip codes, non-legitimate email addresses, and orders at odd times of day are to be considered potentially fraudulent.
  7. Multiple credit cards shipping to the same address: This could indicate a single user with a bundle of stolen cards.
  8. Many transactions with the same billing address, but multiple shipping addresses: Organized criminal activity, originating from a single hub.
  9. More than two cards used from the same IP address: A greater-than-normal number of cards could indicate fraud.
  10. Orders from emails that are not linked to any billing relationships: Bad users may create email addresses purely to purchase.

Unfortunately, this list is not exhaustive. Criminals have become increasingly creative and unpredictable, making fraud difficult to detect if you don’t know where to look. Some indicators (“signals”) are more suspicious than others. Did you know that a buyer with multiple billing zip codes within a week is 30 times more likely to be fraudulent than the normal user?

That’s where machine learning and intelligent, adaptable fraud detection comes in.

Dealing with multiple flags and alerts can be annoying and a huge headache. Traditional fraud detection systems produce a 50-80 percent false positive rate -- meaning that they incorrectly identify a good user or order as fraud up to 80% of the time!

At Sift Science, we combat fraud using real time machine learning technology, custom-tailored to your business that adapts to fraudulent behavior in milliseconds. We sift through millions of fraud patterns like the ones above and understand how to weigh the value of subtle cues that a traditional rule-based system would miss.

Curious about machine learning? Check out our article on How Our Machine Learning Works.

Want to learn more about online fraud? Check out our free fraud education portal.

Stay tuned for our next post in this series on “10 Warning Signs of Fraud”. We’ll dive deeper into each of the 10 signals and give you tips and tricks on avoiding the pitfalls of fraud.  You can always follow us on Twitter at @siftscience.

Now it’s easier than ever to integrate with Sift!

Debugging and fixing errors can be frustrating, especially when you’re unsure what needs fixing! We recently rolled out a new “Integration Health” tool to make it easier for your team to manage and troubleshoot your integration with Sift. Forget finding and debugging errors; now, you can easily monitor and detect all errors for a quick and effective integration.

Why is a successful integration important?

In order for your business to successfully stop fraud with Sift Science, a thorough integration sending valid data and events is necessary. Because Sift’s machine learning system uses your data to detect fraud patterns and fraudsters, the quality of the data that you send is paramount.

Think of it like this: if we can’t interpret the information you send, then we’re unable to effectively use our network to detect fraud or catch fraud patterns specific to your business.

How to use “Integration Health”

You can find  “Integration Health” as a tab in your “Developers” console page. Here, you can easily view all of the events that you send to Sift - sortable by week, day, and hour time windows.

Easily delve into your errors by checking “show errors only”. You can even view errors in more detail by clicking on a specific bar which will take you to the specific errors in your API logs.


Click on a bar to see all of those events displayed in your API logs. Within API logs, you can easily see what errors there might be (if any) as well as all the data that you’ve sent us for a particular event.

Want to learn more about sending events to Sift Science? Check out our Integration guide or our API reference documentation!

Integration Health was built to make it easier for your business to manage its integration with Sift. Have any questions or comments? Feel free to comment below or e-mail us at

The First Rule in Fighting Fraud: Rules Can Fail

If you've ever seen the movie Fight Club, then you know that the first rule of Fight Club is, "You do not talk about Fight Club."  The second rule of Fight Club is, "You do not talk about Fight Club." Apparently, they didn't trust that people would follow the first rule, so they made the second rule the same as the first.  While I'm not sure that doubling the rule would actually doubly enforce the rule, it did effectively send the message that Fight Club members were forbidden to talk about Fight Club.

When it comes to the Fraud Fighting Club, the first rule is, "Rules fail." Channeling my inner Brad Pitt, I will also say that the second rule of Fraud Fighting Club is, "Rules fail." 

So why don't rules work when fighting fraud? First, let's define what we mean by rules. The first generation of online fraud management systems were essentially rule-based engines or systems that allowed fraud managers to manually compile a list of static if-then statements that defined whether to consider an order "good" (and process normally) or whether to consider an order "bad".  If the order was "bad", then the fraud management system could either block the order or send it over to the fraud team for further review.

On the surface, rule-based systems seem pretty effective at detecting and preventing fraud. However, let's take a look at an example to understand the inherent flaws of using rules to fight fraud:

Let’s say someone tries to buy shoes online from vendor We Sell Shoes Online and the customer order information reveals that the customer's last name is "Fraudster" and he is trying to purchase a pair of kicks for $199.

Unfortunately, We Sell Shoes Online experienced fraud in the past from someone with the last name "Fraudster". In response, they created a rule that automatically blocks all orders from customers with the last name Fraudster. Boom - problem solved, right?

Not so fast.  As it turns out, the last name "Fraudster" is actually quite common and this particular shopper was actually a good customer!  And because his order was blocked, Mr. Fraudster took his business to competitor We Sell Shoes Online Cheaper.

When Mr. Fraudster checked out with his $179 order from We Sell Shoes Online Cheaper - his purchase went through in no time and he saved a $20. Looks like We Sell Shoes Online Cheaper just got themselves a repeat customer!  

Did We Sell Shoes Online Cheaper take on more risk? Not at all. They use a new technology to fight fraud called Machine Learning. With this powerful technology, they are able to proactively analyze thousands of attributes about each and every order in real-time. They too have experienced fraud from people with the last name "Fraudster". But based on other attributes about the above example's specific order (e.g. shipping and billing addresses, number of users per device, structure of the email address, etc.), their Machine Learning technology identified that this was in fact a good order.

Now imagine that another customer tries to buy the same shoes from We Sell Shoes Online and his last name is "Fraudster123".  Since We Sell Shoes Online never previously encountered a customer with that last name, they process the order quickly and a month later get a chargeback because this guy used a stolen credit card. Dang it - rules failed again!

Mr. Fraudster123, feeling confident from successfully stealing from We Sell Shoes Online, decides to try his luck again - this time buying shoes from We Sell Shoes Online Cheaper. Lo and behold, nobody with the last name of Fraudster123 previously purchased from We Sell Shoes Online Cheaper either. However, our merchant blocks Mr. Fraudster123's order immediately.  Why? Because their Machine Learning technology analyzed other attributes about this order - not just the customer's last name. And as it turns out, there were many red flags, clearly marking this order as fraudulent.  For example, We Sell Shoes Online Cheaper customers with a last name ending in 123 are 90% more likely to be fraudsters. This data, plus thousands of other signals, gave We Sell Shoes Online Cheaper the information they needed to block this order with confidence.

Let's tally up the results:

We Sell Shoes Online just lost $998:

- $199 (by canceling a good customer's order)
- $199 (by selling shoes to a fraudster)
- $100 (chargeback fee due to fraudulent activity)
- $500 (future lost revenue from losing a good customer)

We Sell Shoes Online Cheaper just earned $679 and saved $279 for a total gain of $958:

+ $179 (for selling shoes to a good customer)
+ $500 (future revenue from gaining a good customer)

Saved: $179 (for not selling shoes to a fraudster)
Saved: $100 (for not getting a chargeback fee)

It's pretty clear that We Sell Shoes Online Online Cheaper did a better job of fighting fraud and providing good service to good customers.  And they made more money while doing it. Triple Bonus! Now, you must be thinking to yourself, "I want to be like We Sell Shoes Online Cheaper, but Machine Learning sounds awfully complicated and I'm sure it's ridiculously expensive."

That's where we come in. Sift Science has created the world's best fraud prevention system based on our advanced machine learning technology. Learn more about Sift Science and Machine Learning at!

Introducing "Unlabeling" - A new word and a new Sift feature!

Have you ever accidentally labeled a user as “Bad” or “Not Bad”? Or perhaps further investigation on a user left you wishing you could undo the label you initially selected? If this describes you - you aren’t alone! In response to popular demand, we're excited to introduce the new and amazing “unlabeling” feature. Starting today, you can fix your labels quickly and easily.  

Why does accurate labeling matter?  

When you mark a user as “Bad” or “Not Bad”, you are training Sift's advanced machine learning system to better find and predict fraud for your business. For example, if you’ve mistakenly labeled a legitimate and good user as “Bad”, then Sift will learn incorrectly and may mistakenly identify other good users as potentially fraudulent.

We understand that labeling errors do happen and that people change their minds. After all, we're all only human.

This new feature lets you remove the “Bad” or "Not Bad” labels for a user - think of it as the undo button for your fraud team! With unlabeling, you don’t have to worry because it’s easier than ever to focus on fighting fraud.

Best of all? Unlabeling is available today! You can either label directly in the console (as shown in the GIF below) or use our Labels API.


New to labeling? No worries - read about it here and start labeling today!

Happy Labeling (and Unlabeling)!

ML Meetup Success!

This is a guest post from ML Meetup organizer Tony Tran.

The SF Bay Area ML Meetup group recently held an event at Sift Science. It was our first time hosting an event at Sift, as well as our first time having Sift engineers present. Overall, it was an excellent event. The food was great, the venue was beautiful, and our hosts were extremely kind. Those of you who couldn’t attend really missed out! But not to worry, I’ll give you a quick run-down of what happened.

“What did I miss with the talks?”

Both of the presentation slides are available online (ml_infrastructure, feature_engineering) and are easy to understand without narration.

Andrey Gusev gave a lightning talk on “Machine Learning Infrasture.” In it he discussed:

  • Data transformations
  • Online and Batch learning
  • Motivations for using HBase

Doug Beeferman gave the main presentation on “Feature Engineering for Real-Time Fraud Detection.” In it he discussed:

  • What “fraud” means
  • Useful features for fraud detection
  • 10 Lessons Learned (this was extremely insightful)

Unfortunately, my above bullet points don’t do the talks justice, so definitely check out the slides (ml_infrastructure, feature_engineering). Also, Andrey gave a similar talk at the HBase meetup that was recorded (link).

“How was Sift Science?”

One of the most common questions that I get from people who didn’t attend the event is, “how was Sift Science?”

There were a total of 15 Sift Science employees at the event including the CEO and CTO. In my opinion, it really says a lot about the company when both the CEO and CTO are present for community events like these -- I haven’t seen this happen too often.

My impression of Sift was that everyone was extremely humble and willing to help. In addition, the team came off as being very serious when it came to engineering quality, yet very light hearted when it came to interacting with one another. I would say that Sift did a great job at building their company culture. It feels like a place where people would genuinely feel happy coming to work (at least that’s what they tell me).

Would I recommend checking them out if you’re an engineer, or even a non-engineer, looking for a place to work? Absolutely.

Just to clarify, I am in no way affiliated with Sift Science. If you have any questions about this event, or want to get my thoughts on Sift Science, feel free to reach out to me on Twitter (@quicksorter) or message me via the meetup group.


Would I recommend checking them out if you’re an engineer, or even a non-engineer, looking for a place to work? Absolutely.

Just to clarify, I am in no way affiliated with Sift Science. If you have any questions about this event, or want to get my thoughts on Sift Science, feel free to reach out to me on Twitter (@quicksorter) or message me via the meetup group.

The Summary of Sift in Fall 2014

It's been a whirlwind of a fall for Sift Science. Twelve-plus events in 3 months -- including incredible tech talk opportunities, university visits, and interesting conferences -- helped us to close out our 2014 push. What are your favorite events to attend? What tech talk should Sift host next?

Join us on this recap of our fall, where we fell in love.... With great new friends, places, potential Sifties, and Sifterns!

Greylock Tech Fair

July 31, 2014

Held in our own backyard at the San Francisco Ferry Building, the Greylock tech fair was a fun event! Sift joined 49 other startups to meet hundreds of CS local students.

HBase Meetup

August 28, 2014

Sift hosted the SF HBase Meetup, welcoming 52 guests and 3 incredible speakers, including Michael Stack of Cloudera and our own Tech Lead for ML Infrastructure, Andrey Gusev! This event was an opportunity to showcase our amazing new office and gather some like-minded individuals, excited about scaling and data management.

PennApps Hackathon

September 12-14, 2014

In our first trip to UPenn’s Fall Hackathon, we encountered some incredible projects and awesome teams. Sift sponsored 2 prizes, one for Best Data Viz and another for Best Use of ML, and the hacks really blew us away.

Doug at Airbnb Nerds

October 1, 2014

Sift’s first engineer, Doug Beeferman, spoke at Airbnb Engineering’s regularly scheduled tech talk night in early October. Feature engineering proved a fascinating topic for his audience, as Doug demonstrated how Sift takes machine learning out of academia and into real-world, real-time fraud detection.

Doug at the event

Micah for APICraftSF

Oct 2, 2014

The very next day, Sift engineer Micah Wylde impressed the API Craft SF crowd with an overview of the evolution our API. His talk provided great insight into the time and effort that Sift dedicated to making its console as user-friendly as possible.

Reflections | Projections

October 2, 2014

For R|P, Sift sent two Illinois alumni to connect with the students and share their sifty knowledge. In addition to setting up a table at the career fair, Andrey and Alex shared their insights with the Illinois SIGMIS group on machine learning in the real world and working at a startup.

Sift at Illinois

Tech Talk, MIT

October 6, 2014

With the help of our summer Siftern Keren, Doug took his tech talk on the road. Four pizzas and 40 cannoli later, we connected with a host of ML-focused students on their home turf.

Grace Hopper Celebration

October 8-11, 2014

Sift’s first official visit to the Grace Hopper Conference was totally awesome. Not only did we meet hundreds of smart, ambitious, and inspired women, but we also spread the word about Sift Science! Our Lead Solutions Engineer, Katherine, presented on “Fraud Detection with Machine Learning: A Case Study from Sift Science", and drew quite the crowd. We can’t wait for GHC15!

Code@Night, Princeton

October 10, 2014

The next stop on Doug’s East Coast tour en route to Start@A Startup was at Princeton’s Code@Night. Very sifty Siftern-emeritus David hosted the event and rounded up fifty Tigers for the event.

Start @ A Startup

October 11-12, 2014

Sift CEO Jason and Doug took NYC by storm with Start@, hosting a few panels and offering key learnings for the cream-of-the-crop student attendees. With another talk in the bag and countless engaging conversations, our second year at Start@ was a great success.

UW Startup Career Fair

October 21, 2014

Ahh, UW. As Jason’s alma mater and the old stomping grounds of many a Siftern, UW holds a very special place in Sift’s heart. We had a table set up at the career fair, and a special talk during the post-event reception. Did you see our twinkling Sift booth?

UW booth 2014

UC Berkeley Startup Fair

October 22, 2014

Sift Science employs several proud Golden Bears, and with Cal right across the Bay, we couldn’t help but join in on the UCB Startup Fair. As expected, we met so many amazing students of all years and emphases.

SF Bay Area Machine Learning Meetup at Sift

December 3, 2014

Our final external event of the year takes place tonight! Will you be there?

What are some of the events that you attend or host every year? Which are on your not-to-be-missed list?

Our biggest release yet - the new Sift Science Console!

Today, we released a new version of the Sift Science Console that makes manual reviews even faster, easier and more accurate.

Here're some new features we've introduced:


With Lists, you can create and save an unlimited number of manual review queues instead of being limited to the Orders, Users and Search tabs. Sharing your Lists with coworkers is as easy as sharing a link in an email.

You can also make decisions faster directly in a List. We now summarize order details and user attributes, like Number of Billing Addresses or Account Age, saving you a trip to User Details to get the same information.

Social Identity Checks

Users who have social profiles tend to be much less suspicious than users without a presence on social media. We now link to profiles on major social networking sites, including LinkedIn, Facebook, Instagram and Twitter, directly from User Details.

Better User Details

We've redesigned User Details to organize Orders, Identity, Network and Social data into dedicated sections. For example, you can now see every order a user has placed all in one section.

A Fresh Coat of Paint

Last, we've redesigned the look-and-feel of the Console to reflect a more modern style we think you'll love.

If you have any feedback, questions or concerns, please reach out to me personally at or contact our support team at

Thanks so much for your support!

Sripad Sriram