fraud meetup
TRANSCRIPT
1© Next Jump, Inc. 2014
One million dollars in fraud lessons from the past 5 years
John NellenJosh Hixson
2© Next Jump, Inc. 2014
Who is Next Jump and what do they do?
3© Next Jump, Inc. 2014
Next Jump Overview
Consumer Banking
Investment Banking
Accounting/Consulting
Insurance
Retail
Technology
Telecomm.
4© Next Jump, Inc. 2014
Platform overview
Designed to help employees save time, money and earn rewards.
Exclusive employee pricing and discounts at thousands of brands.
Earn WOWPoints on almost every purchase. 1,000 WOWPoints = $10.00
8.4MM WOWPoints earned last year
Marketplace & WOWPoints
5© Next Jump, Inc. 2014
Fraud over the yearsKey events & product changes
Frau
d
Time
Introduction of WOWPoints
Introduction of Overwhelming
Offers
Introduction of gift cards
6© Next Jump, Inc. 2014
Top 3 lessons learned
7© Next Jump, Inc. 2014
Auth-ing cards isn’t just useful to you…
Began collecting credit cards for payment and points credits
On the backend, cards were authorized upon registration. Goal: Check if the customer's account is valid
Registered card product
1
Lesson: Fraudsters will use your auth system.
Fix: Combination of limiting number of auths by account, and IP info
8© Next Jump, Inc. 2014
Some people are working on holidays…
One of the biggest fraud cases took place over memorial day last year.
Easy to get into the vacation mind set before a long weekend.
Fraudsters leveraged a weakness in our gift card product to steal about 10,000 gift cards over a 12 hour period.
Fraudsters go to work when you aren’t
2
Lesson: Protect yourself on the days off
Fix: Ensure alerting will be alerting and someone is on standby. If you're not monitoring continuously, you’re not monitoring at all.
9© Next Jump, Inc. 2014
Not everything has to be black and white…
Riskier products introduced – cancellable travel and gift cards
Fraud response: Turn it off, fix, turn back on
ON/Off features frustrated users and hurt the UX.
3
Lesson: Segment users & products to reduce risk
Fix: Created risk profiles for users limiting products that they can access.
10© Next Jump, Inc. 2014
Fraud prevention
11© Next Jump, Inc. 2014
Hypothesis
Registration Checkout
Family Groups
Account Fraud
TransactionalFraud
PointsFraud
Protecting the perimeter will be the best way to ultimately reduce overall fraudulent activity
12© Next Jump, Inc. 2014
Our answer
How to protect the perimeter? Work backwards
Lock down transactional
fraud
Less fraudulently earned points to
move around
Lock down points fraud
Less incentive to create fraudulent
accounts
Lock down account fraud
“Why bother?” asks the fraudster
It all starts with stopping transactional fraud
13© Next Jump, Inc. 2014
Transactional Fraud Prevention
Inline check between card auth and payment processing
Score based: User and transaction info returns a score Rules are built off identified fraud attributes
– EX: Order amount greater than double the average order amount
The score acts as a confidence measure that the transaction is fraudulent
Begin cart checkout
Authorize card
Check for fraud
Process payment
Vision: Inline, real-time, fraud prevention
14© Next Jump, Inc. 2014
3 Key Components
Who really wants to manage rules and manually analyze patterns all the time?
Secondary goal - Collect and analyze data effectively to help automate fraud ops Inline checking is key to keep this real-time
Three keys to an efficient system:
Optimized for inline checking
Scalability
Agility
Speed
15© Next Jump, Inc. 2014
Requirements for Inline Checking
Response times must be minimized– Cannot be a significant impact on
checkout flow
Implemented fraud system as an internal RESTful API– Removes checks from application layer– Concurrently evaluates rules
Now, response times averaging ~80ms– Down from ~1sec when checking through
the application
Speed
16© Next Jump, Inc. 2014
Requirements for Inline Checking
Rules must be easily added/modified– Must remain responsive to changing fraud vectors– Who knows when the house is going to burn down?
Developed rule creation tool and dashboard to manage rulesets– Hardcoded rulesets required code release to modify– Shouldn’t need to be able to code to run fraud ops
Now, updating a ruleset takes a matter of seconds
Agility
17© Next Jump, Inc. 2014
Requirements for Inline Checking
System must be able to handle heavy load
– Thousands of checks per hour for different fraud risks
Checks could require dozens of rules
– Large random access rulesets become unruly and inefficient
Organizing our rulesets on decision trees allows us to only check the rules we need to
– Number of rules evaluated increases logarithmically with scale
Scalability
18© Next Jump, Inc. 2014
Decision Tree GenerationID3 Algorithm
Order R1 R2 R3 Class
3430612 0 0 1 NOT FRAUD
3430619 1 1 1 FRAUD
3430624 1 1 0 NOT FRAUD
3430631 0 1 1 FRAUD
3430635 0 1 0 NOT FRAUD
R3
R2
FRAUDNOT
FRAUD
NOT FRAUD
The ID3 algorithm uses a historical dataset of fraud cases to produce a decision tree that classifies vectors
System takes each transaction and works down the decision tree to arrive at the class the transaction belongs to
Entropy:
Information Gain:
Scalability
19© Next Jump, Inc. 2014
Insights from ID3
Value of decision trees when not used as the model Helps weight rules – root rule should have the most weight
Shows which rules you can get rid of to shrink your ruleset
Automating the analysis and tree generation takes the work out of the hands of fraud ops
However, ID3 doesn’t handle continuous data well What exactly should be our threshold for order amount?
Newer algorithms (C4.5 and C5.0) can!
Scalability
20© Next Jump, Inc. 2014
In closing
Effective analysis of fraud data better positions ourselves to prevent future fraud
Inline checking allows for immediate collection and analysis while protecting us in real-time
A fast, agile, and scalable system means we can implement many different fraud detection capabilities across our platform
Scalability
21© Next Jump, Inc. 2014
Question and Feedback
Contact us:
John Nellen – [email protected]
Josh Hixson – [email protected]