TRADITIONAL FRAUD PREVENTION IS COSTING YOU CUSTOMERS 

Alex Kilpatrick, PhDCTO, BeehiveID

Let’s say you are a banker

• $9,999.99 - Definitely suspicious• $9,999.00 - Definitely suspicious• Asking about limits - suspicious• $9,875.21, $9,923.12, $9,782.97 -

Maybe suspicious• $5,000, $5,000, $5,000 – Maybe

suspicious• 16 year old depositing $8,768 in cash -

Maybe suspicious• Paranoid behavior – Maybe suspicious• Corporate check – Definitely not

suspicious• $102.32 – Definitely not suspicious

Binary Classification

Conservative / LiberalRich / PoorGood Guy / TerroristAthletic / SedentaryMale / FemaleYoung / OldHealthy / SickGood customer / Scammer

-3 + x1 + x2 >= 0

Reality

REAL-WORLD CLASSIFICATION IS NEVER

AS CLEAN AS WE WANT

Remember

Positive - ScammerNegative – Good customer

False Positive – We classify someone as a scammer when they aren’t

Lose customersFalse Negative – We classify someone as a good customer when they are a scammer

Lose money

New Disease - Alexitis• Very rare – only affects 1 in a million

people• Luckily, we have a test that is 99%

accurate• If they have Alexitis, test is positive 99% of

the time• If they don’t have Alexitis, test is negative

99% of the time

I’ve just tested positive for Alexitis. What are the

chances I actually have it?

99%, right? I’m screwed!

Would you believe .01%?Has

AlexitisDoes not have

AlexitisTotal

Test Positive 1(true positive)

10,000(false positive)

10,001

Test Negative 0(false negative)

989,999(true negative)

989,999

Total 1 999,999 1,000,000

Paradox of the False Positive

Conditional Probability

If you live in the United States, you probably speak English

If you speak English, you probably don’t live in the United States

IF YOU ARE TESTING FORSOMETHING THAT RARELY OCCURS,

YOUR TOOLS HAVE TO BE REALLY, REALLY GOOD

Remember

THE INTERNET IS BUILT ON PACKETS,

NOT CONNECTIONS

Remember

IP Geo-Location

Nigeria

I am worried about scams, so I won’t accept mail from Nigeria

IP Geo-Location

891889-11

But the mail only has codes, not country names

IP Geo-Location

891889-11

No problem! I can look it up in a table

891888 United States891889 Nigeria891890 France891891 Luxemborg

IP Geo-Location

891889-11

Problem 1: Database gets stale

891888 United States891889 Germany891890 France891891 Luxemborg

IP Geo-Location

891889-11

Problem 2: Mail Forwarding

891888 United States891889 Nigeria891890 France891891 Luxemborg

891890-19

IP Geo-Location

891889-11

Problem 2: Other Carriers

891888 United States891889 Nigeria9999 FedEx891891 Luxemborg

99999999

99999999

99999999

99999999

IP Geolocation• With “honest” users, IP Geolocation can be

somewhat accurate• Nation: 95% - 99%• City: 50% - 80%

• In terms of fraud prevention, it will only catch the most clueless of fraudsters

• Essentially useless for mobile data

Proxy Detection

891889-11

I’ll make a blacklist

891888-12 REJECT891890-19 REJECT891891-12 REJECT

891890-19

Proxy Detection• Can catch known proxies• Suffers from same database issues as

IP Geolocation• ANY machine on the internet can be a

proxy

Cookies

Once I find out your are a scammer, I sneak into your house and put an X on your envelopes, with invisible ink

891889-11

891899-11

X

X

Cookies• Will work if the scammer does nothing to

prevent it• Can be prevented with a single click• Useful for tracking customers, almost

useless for tracking fraudster

Behavior Detection

Scam mail usually comes in between 3:45 and 4:00

3:45

3:52

3:55

Behavior Detection• Very difficult to measure accurately• Highly subject to false positives• Almost any behavior that appears

suspicious can also have a legitimate purpose as well

Browser Fingerprinting

I am going to measure the unique characteristics of the paper, so I can recognize the bad letters

Browser Fingerprinting• Somewhat effective technique for tracking people

online• Measures unique characteristics of your browser

(fonts, plug-ins, etc.) that are reported to web server• Not well known among general public

• Generally not completely unique• Will lead to false positives

• Not useful for mobile• Trivial to circumvent

• Clean browser install• Virtual machine

TRANSACTIONAL DATA:

DATA THAT IS CONTEXTUAL TO A SINGLE TRANSACTION

Transactional Data Strengths• Does not require user involvement or

knowledge• Usually quick• Can encompass many data points• Does not affect the user experience• Can be tested on sample data

Transactional Data Weaknesses• Generally easy to workaround• Significant false positive rate• Difficult to aggregate across platforms

WITH TRANSACTIONAL FRAUD PREVENTION, YOU ARE RELYING ON

INFORMATION THE SCAMMERULTIMATELY CONTROLS

Remember

Identity-Based Fraud Prevention• In the real world, we want to know who we

are dealing with• Personal recommendations are extremely

important• Social context is extremely important• However, online we have no identity

framework to leverage

FUNDAMENTALLY WE HAVEBEEN SOLVING THE WRONG

PROBLEMWE DON’T HAVE A TRANSACTIONPROBLEM, WE HAVE AN IDENTITY

PROBLEM

however

“No man is just of his own free will [...] he will always do wrong when he gets the chance. If anyone who had the liberty [of the ring of Gyges] neither wronged nor robbed his neighbor, men would think him a most miserable idiot.”

- Plato

SOCIAL ACCOUNTABILITYBREEDS POLITENESSAND GOOD BEHAVIOR

Short Version

Anonymous Comment Facebook Comment

Source: David Kelts

Extreme Identity: DoD Top Secret Clearance

• Takes 1-2 years• Involves ~ 40 pages of

documentation• Leverages numerous federal

databases• Involves dozens of interviews

with people who have known you for

Privacy

Identity

Friction

Identity

Strong identity means lower privacy and higher friction

Both bad…

Identity FarmsCost of a phone-verified Facebook profile: $0.70- $1.50

Global market for fake identities: $800M

http://www.newrepublic.com/article/121551/bot-bubble-click-farms-have-inflated-social-media-currency

Identity Reputation Trust

Genuine UserFake User

Solution: Federated Identity

User1234

Verified Identity• John Smith• 123 Main Street• Single• (212) 555-1212

BeehiveIDWebsite

One IdentityPer Person

No InformationSharing

Transportable

Owned byUser

FederatedIdentity

BeehiveID Advantages• Ultra-low friction

• Selfies are easy!• Uniqueness through biometrics• NO private information whatsoever• Supports trust through

connections between people• One-step integration

Summary• Classification problems are inherently fuzzy• When the thing you are looking for is rare, you have to

be really precise• Transactional data is dependent upon data effectively

provided by the scammers• Results in high false positives, losing customers• Is easy to circumvent by scammers

• Identity is the foundation of trust in the real world, and can be used from trust online, with the right tools• Must be low-friction• Must preserve privacy

QUESTIONS?

INFO@BEEHIVEID.COM