Part 2: Counting on supervised machine learning to combat account takeover


Crafting a holistic picture

How about data from airlines specifically? Lee said this is a crucial area. There are signals that fraud prevention specialists lookout for. And this is just not related to transactions, but also about buying pattern, post booking behavior etc. With the data collected, one can churn the data through various permutations and combinations to identify potential fraud patterns that may be left behind by fraudsters, who have made micro-changes between transactions in one coordinated fraud attack to trick the system. Using real time pattern recognition, even micro-changes can be proactively identified and tagged to the same fraud pattern group.

The data that Sift Science leverages includes attributes associated with the identity of a user,  behavorial (browsing patterns, keyboard preferences etc.), location data, device and network data, transactional data, decisions (business actions taken), 3rd party data (geo data, currency rates, social data etc.) plus custom data that is specific to a particular merchant.

A couple of examples:

·          On-site behavior: Site data including mouse cursor movements or every single step of that journey is collected and analyzed to reveal insights into users’ traits. It can all be relevant information collected and used. “With enough data it can be observed that the average person – when they redeem gift cards or loyalty points, most likely that’s not their first time. People tend to take their loyalty program or points/ miles seriously. Even before the transaction takes place, with machine learning one can map the holistic behavior. So one keeps on checking a particular redemption option and when they have enough currency, they go for it. It might take them months to complete this. So these are all good indicators. On the other these are missing in account takeover (instances),” said Lee.

·          Post transaction behavior: So let’s say if a ticket from an airline or an OTA has been bought or redeemed, a legitimate user can email the same or share itinerary with their family or friends. “But in case of a fraudster this generally doesn’t happen,” said Lee.

“A city pairing, time of the day, seasons…there could be a flight booking that might be risky, and another might not be risky at all. So a combination of factors can come into play,” said Lee.

The team has also worked on a set of capabilities that enables one to build custom fraud processes with less code.  

Types of machine learning

The power of machine learning is still in the supervised state, asserts Lee. Typically, supervised machine learning focuses on a cycle of training, predicting, and acting stages. “(The industry) is still sometime away from functioning in an unsupervised way,” he said. When you have humans involved or there are known “bads” such as chargebacks, the system can learn quicker in such supervised environment. “Unsupervised machine learning tends to be less accurate (in comparison). It is lower maintenance of course.” Sift Science uses an array of predictive models, including ones specific to a business plus network models because spotting bad behavior on one site helps to identify it on other sites as well.

As for not being vulnerable to new types of fraud attacks, companies like Sift Science look at how fraudsters are trying to break existing system controls and rules. So with reference to finding a way to attempt a fraud via email id or address by to circumventing the controls enforced, data normalization coupled with n-gram analysis extracts the key substrings in the data field to identify repeatable data patterns. And that’s one example of how machine learning plays it part.


For Ai’s 2018 Events, check –

Follow Ai on Twitter: @Ai_Connects_Us