How to adapt to new attacks without a suitable pre-existing data set: interview with Hubert Rachwalski, Nethone

What are the fraud trends and challenges when it comes to real-time payments?

Preventing online fraud is a constant arms race with way too many civil casualties. Namely, online merchants often do lack appropriate tools to exhaustively understand their visitors and users and, consequently,their evaluation of transaction risk can be suboptimal. By leveraging rules-based systems they tend to systematically make mistakes and reject legitimate users. Given the ever-experimenting nature of fraudsters, merchants react by multiplying rules, which are supposed to address the issue. Over time, it leads to a deterioration of the system’s precision and even further increased false positives number.

Furthermore, it is crucial to understand the modus operandi of the other side of the barricade – fraudsters – whose actions could be generalised by three main motivations:

• anonymise – try to avoid being caught, if you want to make a living off it;
• automate – extract the value from stolen cards as quickly as possible as the Expected Value decreases over time, as well as innovate and experiment;
• modify your conduct to test for thresholds, as the most systems are rule-based, so modifying parameters can expose a system’s vulnerability.

We observe a growing trend of cookie hijacking of trusted machines(as an effect of PSD2) and increasing ratio of mobile frauds. That’s why we developed mechanisms that monitor cohesion of sessions in all possible domains. We focus on advanced raw behavioural analytics– widely untapped source of additional insights about users,leading to less friction for them, and higher conversion rates for the company.

To reach such accuracy, we leverage machine learning (ML), and we put special effort into making it a ‘white-box’ and explaining how it works to our clients. Without their trust in ML, we wouldn’t have the full buy-in from them.

Can these issues be tackled with unsupervised machine learning? If so, how do you apply this technology to detect real-time fraud?

each other the most, and so that the distinguished groups are as dissimilar from each other as possible.

Of course, the concept itself can be used for fraud prevention and we use it, for instance, to distinguish malicious fraudsters from friendly fraudsters. Unsupervised methods are especially helpful while having problems with assigning a reason code for a fraud or a chargeback and more intricate labelling.

However, we believe relying solely on fraud labels is not enough, and supervised ML models are also important. You can teach a model to understand similarities of the session profiles of users and correlate them with the fact that spikes in similarity often point to a fraud attack. Thanks to ML you are able to compare those similarities with 5000+ attributes per each session and compare them to the historical ones in real time, while being able to piece multiple similarities to various parts of past sessions.

What is the best strategy to avoid false positives with unlabelled data, especially when there is little transaction data available?

Start out with blocking transactions that stem for suspicious activity. We provide a list of almost 100 signals (interpretable occurrence of a suspicious activity or characteristics, e.g. ‘mobile emulation on a desktop device’ or ‘connection associated with TOR network’) to the client that we set up from day 0. As a next step, we set up models that detect events easy to correlate to fraud – similarity model, industry-based model.

However, we have to remember that unlabelled data leads to a suboptimal situation that we have to deal with, and the reception of labelled data or feedback is something we should strive for. We believe it’s important to bring the power of supervised models to reach the pinnacle of performance with a hybrid setup.

What striking facts or anomalies did you discover while applying unsupervised machine learning?

Friendly fraudsters are far more similar in terms of behaviour and data to genuine customers than to malicious fraudsters. A strong difference between these first two groups is that friendly fraudsters seem to have gone through the process many more times than the genuine customers, which is reflected in their raw behaviour (the way they type on the keyboard, how they use the mouse, how they scroll/tap etc.). Also, promo days are more interesting to the fraudsters than to the genuine customers – the ratio between fraud group and other group grows in favour of malicious transactions.

What product developments and services does Nethone have in the pipeline?

We believe that raw behavioural analytics is a great source of knowledge about users. We take account takeover prevention to another level with Nethone ATO, our passive biometrics solution, by providing an end user with the highest possible security, while not compromising their identity privacy.

Nethone is all about transparency – delivering a platform for both merchants and clients and trying to explain the way our ML models work in a clear, visual way. We also look into further automation of manual reviewing process. We want to limit the number of repeatable tasks and, as a result, decrease operational costs of our clients. As ML is being developed to the levels where it’s more efficient than humans (e.g. in face recognition), our ambition is to bring such performance to the fraud prevention industry.

This editorial was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Hubert Rachwalski

About Nethone