Fraudsters are like those wanton drivers running red lights while they text or granting themselves the right of way in a rotary when the law says they have to yield. These people drive by their own set of rules, which are often known to no one but themselves.
They are one of the reasons that self-driving cars may struggle outside of a controlled test setting – because no matter how smart those machines are, they can’t read subjective context. They can detect another car nearby, but they can’t see another driver waving them through a four-way stop or a telltale blue glow in the next car that means its driver is looking at their phone.
In the same way, fraudsters don’t play by the same rules as everybody else, so an artificial intelligence designed to catch them is bound to miss some things. KC Fox, Radial VP of payments, tax and fraud, told PYMNTS’ Karen Webster that it’s tempting to think of humans as obsolescent when it comes to catching fraud because they simply aren’t as fast as machines, but he believes machines can’t do the job alone yet, either.
Machines can’t understand nuances and behaviors the way a person can understand a fellow person, said Fox. Therefore, when machines are the only line of defense, some good customers get thrown out with the bath water – and Fox said two thirds of them never come back.
According to his numbers, merchants falsely declined $8.6 billion in sales in 2016 – which is $2 billion more than the fraud they prevented. By declining 15 percent of transactions, those merchants didn’t just lose money. They insulted their customers.
A merchant focused on stopping fraud at all costs may indeed stop fraud from striking their business almost entirely, but just how expensive is “at all costs?” And have they actually rendered fraud attempts “harmless?” Fox would argue no – significant damage is still being done, even if fraud attacks are being thwarted.
What Do Machines Do Best?
Fox noted that people mean different things when they talk about “machines.” Machine learning and artificial intelligence (AI) are the biggest categories, but machines can also do things like fingerprint and whitelist devices, identify regular buying patterns (so irregular ones become easier to spot), and perform velocity checks to identify when transactions are coming through at a rate that is heavier than normal.
There are two kinds of machine models, and Fox says both have their place in the fraud fight.
Static models have been around for a while, but just because they’re older doesn’t mean they’re obsolete. They are good at assessing patterns and flagging activity that deviates. While they require human intervention to learn rules and assess trends, they are a quick and dirty way to take the pulse of a transaction and pull out some of the more obvious fraud attempts with minimal cost and effort.
Self-learning models can identify new patterns without human help and adapt extremely quickly to changing rules – which is key since, if fraud is a game of chess, then fraudsters are looking for ways to move the pawns diagonally.
But the lack of transparency in self-learning models can prove challenging. They make bad decisions just as quickly as good ones, and it’s not always clear why the machine has made the call it’s made. Plus, because they work so fast, it can be hard to get ahead and stop the machine from making further incorrect calls based on the first wrong decision.
In the end, said Fox, a blend of both is the most powerful first line of defense. The pros of a machine-only defense system are lower cost and higher speed. But if machines are the only line of defense, then merchants will continue to see lower approvals and higher rates of insult.
That’s why he says a man-plus-machine (rather than a man-versus-machine) solution is the way to go. People are slower, but more adaptable and able to analyze gray areas. They can’t look at as many simultaneous variables as machines, so machines are better for the “heavy lifting” part of fraud detection, but once an exception case is found, it’s time for human eyes to take a look.
Man Plus Machine In Action
A merchant recently handed a transaction over to Radial for review. It had all the trappings of fraud; any machine would have immediately flagged it as a bad transaction.
A new customer whom Radial had never seen with any of its clients over the last 15 years, placed a $9,000 order on a clothing website using a U.S. credit card. He asked for the order to be sent via overnight shipping to an address in Indiana, but his billing address and browser were located in the U.K. His card failed the address verification check.
Yet when Radial’s forensics experts took a closer look, they discovered that the customer was legitimate. He was very wealthy and owned multiple homes around the world. Having humans take a closer look saved that merchant a $9,000 transaction and, potentially, a long-term, repeat high-ticket buyer.
The moral of the story? “Stop insulting your customers!” said Fox. “It’s bad for your business. It’s bad for your brand. If you focus on the negative, then you’ll stop all the negative, but at the detriment of the positive. Every merchant’s goal should be to win customers, keep good customers and increase sales.”
Radial found that customers who were not insulted by apparently baseless declines made an average of six additional orders per year from that merchant compared with those who had been insulted. And on average, each of those orders totaled $220. That’s more than $1,000 in a single calendar year, not to mention over the customer’s lifetime – all sacrificed to eCommerce competitors because a merchant wanted the fastest, cheapest machine solution to fraud.
“Getting humans involved is expensive, but necessary,” said Fox. “There’s millions of dollars worth of difference between just stopping fraud and stopping fraud while increasing sales.”
Back in the 1980s and 1990s, there was chess-playing AI named Deep Blue made by IBM. It was smart enough to crush the average player, but a couple of the world’s trickiest thinkers were able to find a way around and beat Deep Blue. Today, said Fox, even the greatest of chess masters are unable to beat the smartest chess AI, Komodo.
“When people think of fraud protection, they think of Komodo – that it’s infallible,” said Fox. “But technologically, we’re at Deep Blue. Some of the thinkers can still get around it.”
Unless or until that changes, said Fox, live fraud experts won’t become obsolete. And as long as fraudsters keep getting trickier, there will always be a place for human discernment. The troubling trend is that fraud is on the rise, and no matter how much security companies beat it down, the fraudsters just keep coming back with new ideas.
Committing fraud isn’t as easy as it used to be, said Fox. Fraudsters have given up on cloning cards and have moved almost entirely to card-not-present (CNP) fraud. Yet even that has become more challenging as eCommerce merchants recognize the need for better defenses.
There was a time when thwarting an online fraud attempt would send criminals packing. Now, they know they can’t afford to give up just because they’ve been thwarted once; they’ll find the exact same situation anywhere they go. So the new trend is persistence. When an attack happens, said Fox, it goes on a lot longer.
“It’s a good trend that people are beating it down, but fraudsters are creative, so they’ll just adapt and people need to change their behaviors to adapt with it,” said Fox. “We don’t stop fraudsters. They’ll keep doing this as long as they’re making money. Our job is to frustrate the heck out of them. When they find a vulnerability, you jump on it right away and you stop them. And you stop them. And you stop them.”
“It sounds like fraudsters are those house guests that never leave, even though you really want them to,” Webster observed. “You stop feeding them, but they still stay.”