Fraud Meetup

1© Next Jump, Inc. 2014

One million dollars in fraud lessons from the past 5 years

John NellenJosh Hixson


Who is Next Jump and what do they do?


Next Jump Overview

Consumer Banking

Investment Banking

Accounting/Consulting

Insurance

Retail

Technology

Telecomm.


Platform overview

Designed to help employees save time, money and earn rewards.

Exclusive employee pricing and discounts at thousands of brands.

Earn WOWPoints on almost every purchase. 1,000 WOWPoints = $10.00

8.4MM WOWPoints earned last year

Marketplace & WOWPoints


Fraud over the yearsKey events & product changes

Frau

d

Time

Introduction of WOWPoints

Introduction of Overwhelming

Offers

Introduction of gift cards


Top 3 lessons learned


Auth-ing cards isn’t just useful to you…

Began collecting credit cards for payment and points credits

On the backend, cards were authorized upon registration. Goal: Check if the customer's account is valid

Registered card product

1

Lesson: Fraudsters will use your auth system.

Fix: Combination of limiting number of auths by account, and IP info


Some people are working on holidays…

One of the biggest fraud cases took place over memorial day last year.

Easy to get into the vacation mind set before a long weekend.

Fraudsters leveraged a weakness in our gift card product to steal about 10,000 gift cards over a 12 hour period.

Fraudsters go to work when you aren’t

2

Lesson: Protect yourself on the days off

Fix: Ensure alerting will be alerting and someone is on standby. If you're not monitoring continuously, you’re not monitoring at all.


Not everything has to be black and white…

Riskier products introduced – cancellable travel and gift cards

Fraud response: Turn it off, fix, turn back on

ON/Off features frustrated users and hurt the UX.

3

Lesson: Segment users & products to reduce risk

Fix: Created risk profiles for users limiting products that they can access.


Fraud prevention


Hypothesis

Registration Checkout

Family Groups

Account Fraud

TransactionalFraud

PointsFraud

Protecting the perimeter will be the best way to ultimately reduce overall fraudulent activity


Our answer

How to protect the perimeter? Work backwards

Lock down transactional

fraud

Less fraudulently earned points to

move around

Lock down points fraud

Less incentive to create fraudulent

accounts

Lock down account fraud

“Why bother?” asks the fraudster

It all starts with stopping transactional fraud


Transactional Fraud Prevention

Inline check between card auth and payment processing

Score based: User and transaction info returns a score Rules are built off identified fraud attributes

– EX: Order amount greater than double the average order amount

The score acts as a confidence measure that the transaction is fraudulent

Begin cart checkout

Authorize card

Check for fraud

Process payment

Vision: Inline, real-time, fraud prevention


3 Key Components

Who really wants to manage rules and manually analyze patterns all the time?

Secondary goal - Collect and analyze data effectively to help automate fraud ops Inline checking is key to keep this real-time

Three keys to an efficient system:

Optimized for inline checking

Scalability

Agility

Speed


Requirements for Inline Checking

Response times must be minimized– Cannot be a significant impact on

checkout flow

Implemented fraud system as an internal RESTful API– Removes checks from application layer– Concurrently evaluates rules

Now, response times averaging ~80ms– Down from ~1sec when checking through

the application

Speed



Rules must be easily added/modified– Must remain responsive to changing fraud vectors– Who knows when the house is going to burn down?

Developed rule creation tool and dashboard to manage rulesets– Hardcoded rulesets required code release to modify– Shouldn’t need to be able to code to run fraud ops

Now, updating a ruleset takes a matter of seconds

Agility



System must be able to handle heavy load

– Thousands of checks per hour for different fraud risks

Checks could require dozens of rules

– Large random access rulesets become unruly and inefficient

Organizing our rulesets on decision trees allows us to only check the rules we need to

– Number of rules evaluated increases logarithmically with scale

Scalability


Decision Tree GenerationID3 Algorithm

Order R1 R2 R3 Class

3430612 0 0 1 NOT FRAUD

3430619 1 1 1 FRAUD

3430624 1 1 0 NOT FRAUD

3430631 0 1 1 FRAUD

3430635 0 1 0 NOT FRAUD

R3

R2

FRAUDNOT

FRAUD

NOT FRAUD

The ID3 algorithm uses a historical dataset of fraud cases to produce a decision tree that classifies vectors

System takes each transaction and works down the decision tree to arrive at the class the transaction belongs to

Entropy:

Information Gain:

Scalability


Insights from ID3

Value of decision trees when not used as the model Helps weight rules – root rule should have the most weight

Shows which rules you can get rid of to shrink your ruleset

Automating the analysis and tree generation takes the work out of the hands of fraud ops

However, ID3 doesn’t handle continuous data well What exactly should be our threshold for order amount?

Newer algorithms (C4.5 and C5.0) can!

Scalability


In closing

Effective analysis of fraud data better positions ourselves to prevent future fraud

Inline checking allows for immediate collection and analysis while protecting us in real-time

A fast, agile, and scalable system means we can implement many different fraud detection capabilities across our platform

Scalability


Question and Feedback

Contact us:

John Nellen – [email protected]

Josh Hixson – [email protected]

mailto:[email protected]

mailto:[email protected]