Counting on supervised machine learning to combat account takeover


First Published on 25th January, 2018

Ai Editorial: Companies can defend themselves adequately by using a tool like machine learning, and at the same time there needs to be reliance on rules and the human component as well, writes Ai’s Ritesh Gupta


Data breaches and compromised credentials are on the rise, and the task of a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) is becoming more challenging to safeguard against takeover of loyalty accounts.

According to a recent study by Connexions Loyalty, travel accounts could be quite valuable on the dark web (airline loyalty accounts: $3.20-$208 each).

As Sift Science highlighted in one of our recent articles, in most likelihood, every one’s credentials have already been compromised, and it is imperative for e-commerce companies to strengthen the “authentication” aspect, and damage can be controlled as far as account takeover (ATO) or gaining access to a loyalty account is concerned.

And one of the main tools for the same today is machine learning.

Kevin Lee, Trust & Safety Architect, Sift Science says finding unknown unknowns is a key to making machine learning powerful. “If you are creating a rule, it is typically being created because there has been a mishap in the past. So rules are created with certain parameters. It is very tough to create one-off rule – say number of clicks on a particular item, over $100, with a particular contact number, email id and block it or allow the user to redeem it, then one can get buried in such circumstances and gets difficult to figure out the performance. The trouble with that is fraudsters are literally being financially incentivized to reverse engineer those systems. In the case of machine learning, it creates a more complex scenario making it more challenging to reverse engineer.”

Lee, a speaker at the recently held Loyalty Fraud Workshop in Palm Springs, California, added that machine learning can look at the entire span of an account and look for anomalies. A human analyst’s capabilities are restricted, evaluating a certain number of signals at a time and come up with a verdict. “But there is enough data out there and that’s really when machine learning comes into play. With thousands or tens of thousands of members in a loyalty program, machines become smarter and identify anomalies (in usage of accounts or user behavior).” So by identifying anomalous areas within large data sets, one makes intelligent judgments accordingly.


Efficacy of machine learning

Ai Editorial Machine LearningCompanies can defend themselves adequately by using a tool like machine learning, and at the same time there needs to be reliance on rules and the human component (intervention and feedback) as well. “All of this works together in conjunction to deliver the best results,” said Lee. Other than putting in place strong measures for authentication (related to accessing accounts), Lee recommends that there needs to be analysis to assess whether there is any problem with the system yet. What is the current level of account takeover on the platform? “What sort of data are companies tracking and measuring? And this isn’t related to fraud or ATO purposes, but in general. So many organizations don’t have grasp over their own data. So it becomes tough to assess how big the problem is. So the first area that needs to be assessed is around data quality and data volume in terms of how clean that is,” he said. Once a virtuous data pipeline is in place, it can be built upon with machine learning models, with rules, and create tools to help the team analyze the ATO problem.