If you’ve ever seen the movie Fight Club, then you know that the first rule of Fight Club is, “You do not talk about Fight Club.”  The second rule of Fight Club is, “You do not talk about Fight Club.” Apparently, they didn’t trust that people would follow the first rule, so they made the second rule the same as the first.  While I’m not sure that doubling the rule would actually doubly enforce the rule, it did effectively send the message that Fight Club members were forbidden to talk about Fight Club.

Fight Club Wallpaper courtesy of Jessica Pereira, on Flickr
Fight Club Wallpaper courtesy of Jessica Pereira, on Flickr

When it comes to the Fraud Fighting Club, the first rule is, “Rules fail.” Channeling my inner Brad Pitt, I will also say that the second rule of Fraud Fighting Club is, “Rules fail.”

So why don’t rules work when fighting fraud? First, let’s define what we mean by rules. The first generation of online fraud management systems were essentially rule-based engines or systems that allowed fraud managers to manually compile a list of static if-then statements that defined whether to consider an order “good” (and process normally) or whether to consider an order “bad”.  If the order was “bad”, then the fraud management system could either block the order or send it over to the fraud team for further review.

On the surface, rule-based systems seem pretty effective at detecting and preventing fraud. However, let’s take a look at an example to understand the inherent flaws of using rules to fight fraud:

Let’s say someone tries to buy shoes online from vendor We Sell Shoes Online and the customer order information reveals that the customer’s last name is “Fraudster” and he is trying to purchase a pair of kicks for $199.

Unfortunately, We Sell Shoes Online experienced fraud in the past from someone with the last name “Fraudster”. In response, they created a rule that automatically blocks all orders from customers with the last name Fraudster. Boom – problem solved, right?

Not so fast.  As it turns out, the last name “Fraudster” is actually quite common and this particular shopper was actually a good customer!  And because his order was blocked, Mr. Fraudster took his business to competitor We Sell Shoes Online Cheaper.

When Mr. Fraudster checked out with his $179 order from We Sell Shoes Online Cheaper – his purchase went through in no time and he saved a $20. Looks like We Sell Shoes Online Cheaper just got themselves a repeat customer!

Did We Sell Shoes Online Cheaper take on more risk? Not at all. They use a new technology to fight fraud called Machine Learning. With this powerful technology, they are able to proactively analyze thousands of attributes about each and every order in real-time. They too have experienced fraud from people with the last name “Fraudster”. But based on other attributes about the above example’s specific order (e.g. shipping and billing addresses, number of users per device, structure of the email address, etc.), their Machine Learning technology identified that this was in fact a good order.

Now imagine that another customer tries to buy the same shoes from We Sell Shoes Online and his last name is “Fraudster123”.  Since We Sell Shoes Online never previously encountered a customer with that last name, they process the order quickly and a month later get a chargeback because this guy used a stolen credit card. Dang it – rules failed again!

Mr. Fraudster123, feeling confident from successfully stealing from We Sell Shoes Online, decides to try his luck again – this time buying shoes from We Sell Shoes Online Cheaper. Lo and behold, nobody with the last name of Fraudster123 previously purchased from We Sell Shoes Online Cheaper either. However, our merchant blocks Mr. Fraudster123’s order immediately.  Why? Because their Machine Learning technology analyzed other attributes about this order – not just the customer’s last name. And as it turns out, there were many red flags, clearly marking this order as fraudulent.  For example, We Sell Shoes Online Cheaper customers with a last name ending in 123 are 90% more likely to be fraudsters. This data, plus thousands of other signals, gave We Sell Shoes Online Cheaper the information they needed to block this order with confidence.

Let’s tally up the results:

We Sell Shoes Online just lost $998:

– $199 (by canceling a good customer’s order)
– $199 (by selling shoes to a fraudster)
– $100 (chargeback fee due to fraudulent activity)
– $500 (future lost revenue from losing a good customer)

We Sell Shoes Online Cheaper just earned $679 and saved $279 for a total gain of $958:

+ $179 (for selling shoes to a good customer)
+ $500 (future revenue from gaining a good customer)

Saved: $179 (for not selling shoes to a fraudster)
Saved: $100 (for not getting a chargeback fee)

It’s pretty clear that We Sell Shoes Online Online Cheaper did a better job of fighting fraud and providing good service to good customers.  And they made more money while doing it. Triple Bonus! Now, you must be thinking to yourself, “I want to be like We Sell Shoes Online Cheaper, but Machine Learning sounds awfully complicated and I’m sure it’s ridiculously expensive.”

That’s where we come in. Sift Science has created the world’s best fraud prevention system based on our advanced machine learning technology. Learn more about Sift Science and Machine Learning at siftscience.com!

  1. If you are really serious about battling fraud, the adoption of "push" transaction technology ( where you dont expose your account to fraudulent and stolen ‘pull’ transactions because you have disclosed your private key on-line ) is essential.

    Our current purchase system is based on 50 year old mechanisms and is out-of-date. Credit Card and Bank transfers require a whole raft of verification to ensure the payment is valid, comes from an account where the money is available, and requires whole layers of transaction intermediaries to keep the system intact. Each step on this process ( because you have "given away’ your security protection which Visa calls CVV2, MasterCard calls CVC2. JCB call it the CAV2: etc etc ) requires mulit-layer encryption ( thus costs ) and relies on the security of that merchants network intergrity. ( often very weak )

    If , at any stage, that security breaks down a "bad actor" can simply draw money from your bank account – often in large quantities and very rapidly. Fraud in C/C transactions is growing at 18% year-on-year , and very soon the costs of protection, investigation , and reimbursement will prove unacceptable.

    Hacking, by sophisticated cyber criminal gangs ( often based in jurisdictions outside legal redress ) is going to be the key problem of this coming decade. Hackers, by their very definition, are always one step ahead of counter-measures. Very soon, the costs of ‘protecting’ the current money-transfer financial network will prove to expensive for the average user to absorb.

    The answer is already being built. Financial transactions must move away from ‘pull’ technologies into ‘push’ technologies. The old arguments against push transactions ( ie how can you be sure the money is ‘real’, wont be ‘refused’ when presented etc ) no longer apply when you use ‘blockchain protocol push technologies’

    the bitcoin blockchain protocol ensures validity and provenance of the funds – and no longer requires third party confirmation and over-sight. Being a ‘push’ transaction – from a specified account to a specified account – there is no mechanism by which the funds can be intersected or falsified. You can actually broadcast the transaction over a completely open network because the ledger of the decentralised blockchain will reject any transaction that has been ‘tampered with’ – so all the costs of the mutli-layers of security and over-sight are unnecessary.

    The absence of the need for all these third party costs will make the ‘push’ system vastly superior and cheaper to operate, and it for this reason – efficiency – that push systems will prevail in the next decade.

    Forget all the hype and misinformation that you may have heard about "bitcoins’ – do your own research and due diligence

    the blockchain is a truly innovative technology ( recognised as such in Q3 report 2014 from the Bank of England ) and is going to revolutionise how financial transactions are implemented in the coming decade