Payments and commerce fraud has its own ecosystem, one that includes criminals, servers and other computing devices, IP addresses, compromised payment cards and stolen personal data, and even houses and other physical locations. The various parts come together to produce a nefarious whole, one that targets personal and payment data to enable product or identity theft, account takeovers and other illegal activities that, left unchecked, can ruin lives and take down companies.
What if that ecosystem were attacked, though, via a method that was inspired by decades of research into the deepest parts of human biology? That’s what Feedzai is trying to do — it is using machine learning (ML), artificial intelligence (AI), human expertise and link analysis techniques to, in a way, map the genome of digital fraud so as to prevent it. In a new PYMNTS interview, Paulo Marques, Feedzai’s co-founder and chief technology officer, spoke with Karen Webster about how that process works and how to create a sophisticated view of fraud.
The Biology Of Fraud
Talk of biology, genomes and DNA — though well-suited to industries in which “ecosystem” is a common and often useful metaphor — might spark bad memories of certain high school and college classes (or that vile monster of a subject known as organic chemistry). However, according to Marques, his company’s new product, Feedzai Genome, operates on a simple concept.
“It’s about combining insight and connecting the dots” when it comes to fraud, he told Webster.
Fraud prevention is getting more sophisticated, and at a fast clip.
Humans are still involved, and likely always will be (more about that in a bit). However, retailers, financial institutions (FIs) and payment services providers are increasingly turning to machine learning, artificial and augmented intelligence, risk management software and the algorithms that power them to gain early warning of potential fraud attacks and identify the source of those criminal activities. The financial and reputational damage that fraud can cause is enough to cause existential anxiety for countless corporate executives.
The idea behind Feedzai Genome is to offer those executives — or, perhaps more accurately, their security- and IT-focused employees — a visual picture or graph of the larger fraud ecosystem. This technology seeks to detail fraud relationships based on such attributes as the machines being used to commit it and the location from which it originates. According to Marques, the goal is to look beyond specific instances of fraud to spot “the bigger picture,” which in turn can lead to better defenses.
“It’s all about the connections, and recognizing them,” he said.
This type of fraud prevention relies on “identifying anomalies compared to normal behavior,” he said. For example, the existence of 20 addresses or houses linked to a single person provides reasonable suspicion of fraud — those addresses might be locations to which products bought with stolen identities are shipped. The data being visualized, or being graphed by the technology, can include information from public and private sources, including third-party service providers and the so-called Dark Web.
“Some dots represent healthy relationships,” he said, and spotting those patterns resembles mapping out the healthy parts of the human genome. “But if you find something new and strange, that is like a warning light flashing. It becomes like a glowing beacon compared to what you normally see in the background.”
These warnings can lead to finding large and highly distributed types of fraud attacks, including bots and money laundering networks. To further the biological metaphor: Such technology can also determine what fraud threats, like a bad cell, could pop up again and become new dangers to payments and commerce operators, he said.
It’s not all about the machines. Just as studying the human genome requires well-trained and experienced scientists to weigh in their expertise, a good fraud prevention system also needs that human insight, Marques said. A computer can highlight a danger area on that fraud graph, but it often takes a fraud analyst to “determine if this is a new type of behavior and then tell the computer, in a sense, that something is wrong with the immune system.” After that process is completed, the computer will then be able to spot that type of specific behavior on its own.
A successful defense — of a country, a home or a company — requires not only a sophisticated idea of the capabilities and habits of the opposing force, but the ability to see and understand those capabilities, and the flexibility to respond to opponents’ moves. Fraud prevention technology keeps working toward that ideal as the criminals it chases keep along the cutting edge of the digital economy.