Justin Lie, CashRun: "In the face of new fraud trends, rule-based fraud solutions are becoming obsolete"

Tuesday 29 September 2015 09:47 CET | Author Melisande Mual | Interview

With big data and machine learning, merchants are in a better position to block coordinated fraud attacks without blocking genuine customers

Big data and analytics have recently stood out as being great means to better understand and predict where fraud might occur, thus, making rule-based fraud solutions obsolete. How can merchants use these new tools to mitigate fraud and increase acceptance rates?

With big data and machine learning, it is now possible to not only identify fraudulent transactions; it is also possible to recognize good transactions studying the patterns of good transactions and comparing them to coordinated fraud attacks. More importantly, in the advent of big data and machine learning, rule-based fraud solutions will become obsolete due to their continued reliance on manual decision; whereas big data and machine learning have allowed us to fully automate the fraud review process. A fully-automated fraud review process is not only more efficient, it cuts down fraud costs and is much more effective in detecting fraud than manual review.

Fraudsters often leave traces of fraud patterns as they automate and repeat their fraud attempts to maximize the amount of hits in the least possible time needed. Machine learning can be used to identify these fraudulent transactions based on historical data. When a transaction comes through to a fraud system that is designed with big data and machine learning, the system will analyse in real-time the transaction based on unlimited custom fields, such as the customer’s previous purchase behaviour, account logins, social media and more. All these customer profile information and transaction details passed through the fraud system are clues that may be used to indicate whether or not a transaction has been linked to recent fraud coordinated attacks.

With big data and machine learning, merchants are in a better position to block coordinated fraud attacks without blocking genuine customers. Without any need for rigid rules, the shopping experience for genuine customers will also be smooth, and big spenders will not be blocked by amount-based or time-based buying limits. As such, acceptance rates will increase significantly while fraud rates are kept low.

What are the main limitations of rule-based fraud prevention measures and how can they be overcome?

Many fraud solutions on the market are rigid rule-based solutions (otherwise known as mass market solutions) that attempt to filter out fraudsters by setting in place certain rules and parameters to block fraud. These rules build a rigid wall that does not deter fraud entirely and, worse yet, prevents the business from growing when it keeps out genuine customers. For instance, some solutions advise their merchants to use amount based or time based buying restrictions as one of the methods of keeping fraudsters out. However, it is extremely easy for fraudsters to detect the limits and commit fraud within the limits set, and yet at the same time genuine customers are affected as they are discouraged from making more purchases or large ticket purchases.

Unfortunately, traditional rule-based systems are unable to accept unlimited custom fields to analyse transactions like solutions with big data and machine learning, but rely on limited fixed fields such as IP, fingerprint, customer addresses and blacklists/whitelists. They are also usually overly reliant on only 1-2 fraud detection tools, such as blocking IP mismatches or fingerprint blacklisting, which can cause good customers to be rejected.

Technology has evolved, and so has fraud. In the face of new fraud trends and patterns, rule-based fraud solutions are becoming obsolete and ineffective. Rather, merchants should quickly switch to fraud solutions designed based on big data and machine learning to mitigate fraud easily and successfully while at the same time increasing their sales conversion rates.

CashRun’s fraud prevention solution is also aimed at identifying fraud via big data and predictive analytics, could you share with our readers how it works and what sets it apart from other offerings that are currently available on the market?

CashShields fraud system is based on a combination of fraud detection technology, big data, machine learning that are optimized through a risk management algorithm. With big data and predictive analytics, the CashShield fraud system is able to crunch much more data and analyse unlimited custom and dynamic fields to make predictions based on the available data. This is partnered with our unique optimized fraud risk algorithm, which makes the decision of whether a transaction is fraudulent or not based on calculated risks.

Most mass market fraud solutions are designed with the sole purpose of detecting threats. These solutions assess each transaction by seeking out potential threats and are keen to find reasons to reject an order. Any activity that is deemed “abnormal” is almost always seen as a threat and quickly banned. As a result, these risk-adverse solutions will always fail 50-60% of borderline transactions, resulting in low acceptance rates and revenue. 

Instead of just focusing on detecting threats and blocking transactions based on these threats, CashShield is designed for sales optimisation. Our unique optimized fraud risk algorithm is programmed to look for positive aspects in transactions, or reasons to accept transactions rather than to reject them. Consequently, genuine borderline transactions can be passed by our fraud system, allowing for significantly higher acceptance rates and revenue growth.

With large amounts of personal data now being routinely collected and stored, privacy breaches are almost inevitable. What are some of the best practices when it comes to collecting, storing and using big data to ensure that any data that is collected remains secure?

Earning the trust and confidence of acquirers, PSPs and merchants that one’s system is secure to protect personal data has become a pre-requisite for doing business these days. It is thus very important to attain PCI DSS Compliance whether or not credit card sensitive information is stored which will provide a high level of security both against internal and external threats.

There is a common misconception that using big data means that more personal data will be collected and stored and exposed to privacy breaches. However, a deeper understanding will show that the correct application of big data for fraud prevention does not involve storing additional sensitive personal data (which is more of a practice used by compliance officers). Instead, big data and machine learning rely on consumer behaviour to look for traits of coordinated fraud attempts. For example, non-personal or non-sensitive data fields like how a user surfs from webpage to webpage or whether or not a user has subscribed to the newsletter or not will be used to differentiate a transaction behaviour or pattern from recent coordinated fraud attempts.

From your experience, how many good ecommerce orders in get rejected and what is the cost of declining good orders? How can machine learning lower false positive rates?

In our experience, merchants who use manual reviews or rule-based fraud solutions have significantly higher rejection rates as compared to merchants who have switched to solutions designed with big data and machine learning. When genuine orders are rejected, not only do merchants suffer the cost of the valid order rejection rates, they will also lose further revenue from these customers who will no longer return to make more purchases.

Many solution providers often flaunt false positive rates to attract merchants but in reality, it is extremely difficult to provide accurate false positive figures. Many assumptions are required to project false positive numbers, since is it easy for solution providers to insist that rejected orders are fraudulent even if it was in fact genuine. Good fraud solutions with machine learning can help merchants achieve acceptance rates as high as 95-99%; with acceptance rates that high, false positive rates do not matter anymore.

Rather, we often like to show in our frequent catered reports to our merchants the increase in our CashShield Rescue Rate as evidence of a growth in acceptance rates. The Rescue Rate show the number of transactions that would have been rejected by rule-based solutions or a merchant’s prior fraud matrices, but have been passed by our fraud solution. For instance, risk adverse mass market solutions will almost definitely reject any pre-paid top up transaction that is made in Africa but with non-African credit card, even if a genuine customer (who is touring Africa) made the transaction. In comparison, solutions with big data and machine learning can approve these orders by comparing the transaction details against recent fraud coordination attempts.

How important is to tailor the fraud prevention matrix to each merchant?

While it is important to tailor the fraud prevention matrix to each merchant, there is a difference between having the merchant self-configure it or fully managed service by the service provider. Most solutions available in the market make merchants configure their own risk template. This means that the responsibility of the risk decisions that their solutions take are passed back to the merchants, since they are required to configure the risk template themselves. As a result, merchants are usually left with a pile of rejected transactions that they need to further manually blacklist on behalf of their protection provider.

Instead, fully-managed services react faster and more efficiently towards the fraud attacks (especially with big data and machine learning), and update all their merchants’ systems with the latest patch while ensuring that the patch does not affect the merchants’ sales. Moreover, since these systems can analyse and add to the matrix unlimited data points, they usually achieve higher customisation rates for their merchants, which in turn results in better KPIs and higher sales.

About Justin Lie

Justin Lie is the CEO and co-founder of CashRun Group. As a student, Justin was already an entrepreneur, setting up various ecommerce websites. It was when his websites were attacked by fraudsters that Justin devised his own fraud system, which would later develop into the more sophisticated CashShield system today.


About CashRun

Established in 2007, CashRun was launched to support businesses’ needs for effective and affordable online payment solutions. CashRun has had tremendous success with key industries in the ecommerce environment, and aims to continue to be at the forefront of online payment technology and ecommerce solutions.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: fraud prevention, web fraud, fraud mitigation, online security, cybercrime, cyber security, Justin Lie, interview, CashRun, rule-based fraud prevention, big data, machine learning
Countries: World