How to Improve Fraud Detection Measures

If my boss asked me to "assess our risk surface area and fraud priorities", this is how I would get it done by 5PM tomorrow. Step by step process. 1 - Pull our last 90 days of fraud data. Not just the obvious stuff like chargeback rates, but the full spread: login attempts, account creation patterns, payment declines... everything. Why 90 days? Because fraudsters love to exploit seasonal patterns, and we need that context. 2 - Map out every single entry point where money moves. I'm talking checkout flows, refund processes, loyalty point redemptions... even those "small" marketing promotion codes everyone forgets about. (Fun fact: I once found a six-figure exposure in a forgotten legacy gift card system) 3 - Time for some real talk with our front-line teams. Customer service reps, payment ops folks, even the engineering team that handles our API integrations. These people see the weird edge cases before they show up in our dashboards. 4 - Create a heat map scoring each entry point on three factors: → Financial exposure (how much could we lose?) → Attack complexity (how hard is it to exploit?) → Detection capability (can we even see it happening?) 5 - Cross-reference our current fraud rules and models against this heat map. Brutal honesty required here – where are our blind spots? Which high-risk areas are we treating like low-risk ones? 6 - Pull transaction data for our top 10 riskiest areas and run scenario analysis. If fraud rates doubled tomorrow, what would break first? (It's usually not what leadership thinks) 7 - Document our current resource allocation vs. risk levels. Are we spending 80% of our time on 20% of our risk? Been there, fixed that. 8 - Draft a prioritized roadmap based on: → Quick wins (high impact, low effort) → Critical gaps (high risk, low coverage) → Strategic investments (future-proofing our defenses) 9 - Prepare three scenarios for leadership: → Minimum viable protection → Balanced approach → Fort Knox mode Because let's be real, budget conversations need options. 10 - Package it all up with clear metrics and KPIs for each priority area. Nothing gets funded without numbers to back it up. ps... Make it visual. Leadership loves a good heat map, and it makes complex risk assessments digestible. Trust me on this one

Being in the fraud prevention industry gives me an insider’s view of how fraud attacks work - including seeing new patterns emerge. Here are recent insights on how fraudsters are increasingly targeting people to take control of their bank accounts and initiate unauthorized wire transfers. 📞 The Phone Call Scam: Scammers exploit the vulnerability in PSTN to spoof caller IDs, making it seem like the call is coming from a trusted bank. A number of well-known VoIP providers make this possible. 🔓 Remote Access: Once they establish contact, scammers mention there is some suspicious activity or other important reason behind their call. They then persuade victims to install remote desktop applications like AnyDesk, or to turn on WhatsApp or Skype's screen sharing. This allows them to access banking apps and initiate transfers. This helps them to intercept login data and one-time passcodes. Banks also don't insure against such scams, leaving victims exposed. 🤖 AI in Voice Scams: Imagine combining voice recognition with GPT-based text-to-speech technology. Scammers scale their operations massively, this is a future risk we must prepare for now. So what proactive measures can banks and digital wallets take? 1. Customer Education: Many banks already do this; keeping their customers informed about official communication channels and the importance of calling back through their verified numbers. 2. One-Time Passcodes for Payments: OTPs aren’t just for logins but also useful for transactions, with detailed payment information included. 3. Being On a Call During Transactions: The top FinTechs are already looking into, or developing technology to detect if a customer is on a call (phone, WhatsApp, Skype) during banking activities. 4. Detect Remote Access: Implement detection mechanisms for any remote access protocol usage during banking sessions. 5. Behavior and Velocity-Based Rules: Sophisticated monitoring should be used to flag activities in real-time based on unusual behaviour and transaction speed. 6. Device, Browser, and Proxy Monitoring: This is a quick win, as there are many technologies available to flag unusual devices, browsers, and proxy usage that deviates from the customer's norm. 7. Multiple Users on Same Device/IP: Ability to identify and flag multiple customers who are using the same device or IP address in one way to detect bots. 8. Monitoring Bank Drops and Crypto Exchanges: Pay special attention to transactions involving neobanks, crypto exchanges, or other out-of-norm receiving parties, to identify potential fraud. Some of them might not ask for ID and even if they do, it can be easily faked with photoshopped templates. Hope you find that useful, and in the meantime, I’d love to hear what other emerging threats you’ve seen or heard of. Fostering these open conversations is what enables us all to unite together against combating fraud 👊 #FraudPrevention #CyberSecurity #DigitalBanking #ScamAwareness #AIinFraudDetection

Here's how Stripe detects frauds with a 99.9% accuracy in 100 milliseconds (that too by checking over 1000 parameters for one transaction) Fraud detection in online payments isn’t just about stopping bad transactions it’s about doing it fast, at scale, and without blocking legitimate users. Stripe’s fraud prevention system, Radar, evaluates 1,000+ signals within 100 milliseconds to make decisions. Here’s how it works and why it’s so effective: 1. ML Models That Learn and Scale Stripe started with simple ML models (logistic regression) but quickly scaled to hybrid architectures combining: –XGBoost for memorization (catching known patterns). –Deep Neural Networks (DNNs) for generalization (handling unseen patterns). –Key Problem: XGBoost couldn’t scale or integrate modern ML techniques like transfer learning and embeddings. –The Solution: Stripe moved to a multi-branch DNN-only architecture inspired by ResNeXt. This setup allowed it to memorize patterns while staying scalable. It reduced training times by 85%, enabling multiple experiments in a single day instead of overnight runs. 2. Learning From Real Fraud Patterns Radar doesn’t just rely on static rules, it learns from data across Stripe’s network. –Engineers analyze fraud attacks in detail, e.g., patterns of disposable emails or repeated card testing. –Features like IP clustering and velocity checks were added to detect suspicious activity. –Fraud insights are shared across the network, so lessons learned from one business protect others automatically. Example: Analyzing IP patterns helped detect high-volume attacks where fraudsters used multiple stolen cards from the same source. 3. Scaling With More Data, Not Just Smarter Models Stripe realized that more training data could unlock better performance, similar to modern LLMs like GPT models. It tested scaling datasets by 10x and 100x. Result? Performance kept improving, confirming that larger datasets and faster training cycles work better than complex rules alone. Key Insight: Bigger datasets help uncover rare fraud cases, even if they occur in only 0.1% of transactions. 4. Explaining Fraud Decisions Clearly Fraud systems often act like black boxes, leaving businesses guessing why a payment failed. Stripe built Risk Insights to provide clear explanations: –Shows features contributing to fraud scores like mismatched billing and shipping addresses. –Displays maps and transaction histories for visual context. –Enables custom rules to fine-tune fraud checks for specific business needs. Result: Businesses trust Radar’s decisions because they can see why a payment was flagged. 5. Constant Adaptation to Stay Ahead Fraud patterns evolve, so Stripe built Radar to adapt in real time: Uses transfer learning and multi-task learning to generalize better. Incorporates insights from the dark web and emerging fraud tactics. Continuously retrains models without disrupting performance.

How a fraudster stole $2.5m from Doordash with a simple 5-minute attack loop: The USAO just revealed how a fraudster stole $2.5m from doordash by posing as a delivery driver Here's how they did it: 1. Create fake customer orders (high-value items) 2. Use stolen employee credentials to access backend systems 3. Assign orders to fraudulent driver accounts they controlled 4. Mark orders as "delivered" (triggering payment) 5. Reset orders to "in process" and repeat hundreds of times Stolen credentials are a weakness we keep seeing appear. It took only 5 minutes per cycle. They ran this loop over and over, eventually stealing $2.5 million before being caught. What keeps me up at night as a fraud prevention leader: - The attack was entirely "mechanical" - no sophisticated hacking - The fraudsters could scale rapidly by repeating a simple process - It exploited a fundamental business logic flaw, not a security weakness This is why rule-based fraud detection often fails against determined fraudsters who understand your system's weaknesses. The most dangerous attacks often don't look like "attacks" at all - they mimic normal business operations. Three critical lessons for protecting your platform: - Monitor anomalies across your entire estate, not just individual transactions - Seeing the same device (or devices) making a high volume of orders should trigger alerts - Seeing the same order recycled multiple times should trigger alerts Look for unusual patterns in HOW your system is being used, not just WHAT is being processed One of the reasons we built our anomaly-to-rule feature, was to close the loop as fast as possible on new attacks and catch them early. What's the most concerning fraud pattern you've seen in your industry? I'd love to hear how you're approaching these challenges.

Fraudulent activities pose a significant threat to many businesses, making it crucial to detect and prevent them to protect both the company's reputation and bottom line. In a blog post by the engineering team from Booking.com, they share their innovative approach to combating fraud using graph technology. The rationale behind leveraging graph technology for fraud detection is straightforward: often, there are hidden links between various actors, identifiers, and transactions. For example, if an email address has been previously associated with fraudulent activity, it provides valuable context for future detection. This interconnected nature makes graph-based features highly effective for identifying fraud. The team at Booking built a graph using historical data, such as reservation requests. In this graph, nodes represent transaction identifiers like account numbers and credit card details, while edges connect identifiers that have been observed together before. When assessing fraud risk, they query the graph database to build a local graph centered around the request identifier, which helps to evaluate the likelihood of fraudulent behavior. One aspect that stands out is the dynamic visual representation of how the graph evolves with customer interactions, making it easier to understand the benefits of graph technology in fraud detection. It serves as a nice introduction to the potential of graph technology in combating fraudulent activities. #machinelearning #graph #datascience #analytics #fraud #detection – – –  Check out the "Snacks Weekly on Data Science" podcast and subscribe, where I explain in more detail the concepts discussed in this and future posts:    -- Spotify: https://lnkd.in/gKgaMvbh   -- Apple Podcast: https://lnkd.in/gj6aPBBY    -- Youtube: https://lnkd.in/gcwPeBmR https://lnkd.in/gQAwSz7D

🚨 KYC Alone Isn't Enough Anymore 🚨 The rise of deepfake technology is making traditional KYC (Know Your Customer) processes vulnerable. A recent demo of a tool called ProKYC highlighted how easily fraudsters can bypass KYC checks with AI-generated identities, allowing them to slip through systems unnoticed. Thanks to Frank McKenna for your article on the topic in this weeks newsletter(link in comments) 💡 So, what’s the solution? While KYC is still essential from a regulatory standpoint, it’s no longer sufficient on its own. Technology like Device intelligence is now even more critical in fraud prevention. By tracking device behavior and unique attributes in real time, companies can detect and block fraudulent activities that KYC will miss due to AI. 🔒 Why is device identification important? Real Time Continuous Monitoring: Unlike KYC, which is a point-in-time verification, device intelligence continually monitors users throughout their sessions. Behavioral Analysis: It detects patterns and flags unusual behavior that deepfake AI tools can’t easily replicate. Anonymity Protection: Device identification makes it harder for fraudsters to hide behind fake identities or manipulated data and it does not require PII data to be effective. 👊 Bottom Line: Fraudsters are becoming more sophisticated. To stay ahead, businesses need to adopt multi-layered security that should start with device intelligence alongside other technologies like KYC. ➡️ Video demo in comments #FraudPrevention #CyberSecurity #AI #DeviceIntelligence #KYC

Fraud detection - it's a big concern for every bank, right? We’ve all seen the headlines: millions lost in fraudulent transactions, and customer trust hanging in the balance. But what if you could stop fraud before it even happens? That’s exactly what we’re doing with Azure Databricks to fight real-time fraud. Here’s how we’re making it happen: - Stream the data in You’ve got loads of transactions happening every second. We pull them in via Azure Event Hubs and stream all that live data. - Clean it up Azure Databricks takes over here filtering, cleaning, and analyzing everything in real time. We’re using machine learning models to flag anything that looks off or unusual. - Train the models Here’s where Azure Machine Learning comes in. We’re feeding historical data into the models to teach them what fraud looks like. Over time, they get better and better at spotting it. - Store and analyze We’re moving the refined data to Azure Synapse Analytics. That’s where you can really dig in and analyze what’s happening. - Dashboards, of course All the flagged transactions show up in Power BI dashboards so the fraud team can see what’s going on in real-time and act fast. Why does all this matter? Because in real-time fraud detection, every second counts. Stopping fraud early doesn’t just save millions- it builds customer trust. P.S.: What’s your go-to strategy for fraud prevention these days? #AzureDatabricks #Banking #FraudDetection #Azure #DataScience #simform 

I saw some troubling behavior on a customer call recently - fraudsters used legitimate salon business practices to rack up $1,000+ in stolen fees from customer credit cards. It's scary how easy it was 👎 The process is simple. 1 - Salon takes a customer for an appointment 📅 2 - They store the customer's credit card in their system 💳 3 - After a few weeks, they make a fake appointment for the customer, cancel it, and then charge the card a "cancellation fee" ❌ 4 - They do this dozens of times, and collect thousands in no-show fees 👎 5 - The software platform facilitating all of this is left holding the bag 😬 Fraud detection is messy! Customers can legitimately create appointments, and legitimately cancel them all the time. This is a seemingly normal business, using normal practices, still scamming platforms 😣 A few signals I would use try to detect this early:🤖 - Unusual spike in no-show fee velocity 🔎 - High ratio of no-shows to actual appointments 👀 - No-show charges from manually created (vs customer-created) appointments 📉 (All possible to detect through Coris BTW 😎) Fraudsters rarely do this for an extra $20 a month - they get greedy, and want more. Those spikes are where I'd look first to start to combat this special fraud. And remember, anywhere a merchant can collect payment, there's a possibility for risk 🧠