Ai Editorial: Counting on supervised machine learning to combat account takeover

First Published on 25th January, 2018

Ai Editorial: Companies can defend themselves adequately by using a tool like machine learning, and at the same time there needs to be reliance on rules and the human component as well, writes Ai’s Ritesh Gupta

 

Data breaches and compromised credentials are on the rise, and the task of a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) is becoming more challenging to safeguard against takeover of loyalty accounts.

According to a recent study by Connexions Loyalty, travel accounts could be quite valuable on the dark web (airline loyalty accounts: $3.20-$208 each).

As Sift Science highlighted in one of our recent articles, in most likelihood, every one’s credentials have already been compromised, and it is imperative for e-commerce companies to strengthen the “authentication” aspect, and damage can be controlled as far as account takeover (ATO) or gaining access to a loyalty account is concerned.

And one of the main tools for the same today is machine learning.

Kevin Lee, Trust & Safety Architect, Sift Science says finding unknown unknowns is a key to making machine learning powerful. “If you are creating a rule, it is typically being created because there has been a mishap in the past. So rules are created with certain parameters. It is very tough to create one-off rule – say number of clicks on a particular item, over $100, with a particular contact number, email id and block it or allow the user to redeem it, then one can get buried in such circumstances and gets difficult to figure out the performance. The trouble with that is fraudsters are literally being financially incentivized to reverse engineer those systems. In the case of machine learning, it creates a more complex scenario making it more challenging to reverse engineer.”

Lee, a speaker at the recently held Loyalty Fraud Workshop in Palm Springs, California, added that machine learning can look at the entire span of an account and look for anomalies. A human analyst’s capabilities are restricted, evaluating a certain number of signals at a time and come up with a verdict. “But there is enough data out there and that’s really when machine learning comes into play. With thousands or tens of thousands of members in a loyalty program, machines become smarter and identify anomalies (in usage of accounts or user behavior).” So by identifying anomalous areas within large data sets, one makes intelligent judgments accordingly.

Efficacy of machine learning

Companies can defend themselves adequately by using a tool like machine learning, and at the same time there needs to be reliance on rules and the human component (intervention and feedback) as well. “All of this works together in conjunction to deliver the best results,” said Lee. Other than putting in place strong measures for authentication (related to accessing accounts), Lee recommends that there needs to be analysis to assess whether there is any problem with the system yet. What is the current level of account takeover on the platform? “What sort of data are companies tracking and measuring? And this isn’t related to fraud or ATO purposes, but in general. So many organizations don’t have grasp over their own data. So it becomes tough to assess how big the problem is. So the first area that needs to be assessed is around data quality and data volume in terms of how clean that is,” he said. Once a virtuous data pipeline is in place, it can be built upon with machine learning models, with rules, and create tools to help the team analyze the ATO problem.  

Crafting a holistic picture

How about data from airlines specifically? Lee said this is a crucial area. There are signals that fraud prevention specialists lookout for. And this is just not related to transactions, but also about buying pattern, post booking behavior etc. With the data collected, one can churn the data through various permutations and combinations to identify potential fraud patterns that may be left behind by fraudsters, who have made micro-changes between transactions in one coordinated fraud attack to trick the system. Using real time pattern recognition, even micro-changes can be proactively identified and tagged to the same fraud pattern group.

The data that Sift Science leverages includes attributes associated with the identity of a user,  behavorial (browsing patterns, keyboard preferences etc.), location data, device and network data, transactional data, decisions (business actions taken), 3rd party data (geo data, currency rates, social data etc.) plus custom data that is specific to a particular merchant.

A couple of examples:

·          On-site behavior: Site data including mouse cursor movements or every single step of that journey is collected and analyzed to reveal insights into users’ traits. It can all be relevant information collected and used. “With enough data it can be observed that the average person – when they redeem gift cards or loyalty points, most likely that’s not their first time. People tend to take their loyalty program or points/ miles seriously. Even before the transaction takes place, with machine learning one can map the holistic behavior. So one keeps on checking a particular redemption option and when they have enough currency, they go for it. It might take them months to complete this. So these are all good indicators. On the other these are missing in account takeover (instances),” said Lee.

·          Post transaction behavior: So let’s say if a ticket from an airline or an OTA has been bought or redeemed, a legitimate user can email the same or share itinerary with their family or friends. “But in case of a fraudster this generally doesn’t happen,” said Lee.

“A city pairing, time of the day, seasons…there could be a flight booking that might be risky, and another might not be risky at all. So a combination of factors can come into play,” said Lee.

The team has also worked on a set of capabilities that enables one to build custom fraud processes with less code.  

Types of machine learning

The power of machine learning is still in the supervised state, asserts Lee. Typically, supervised machine learning focuses on a cycle of training, predicting, and acting stages. “(The industry) is still sometime away from functioning in an unsupervised way,” he said. When you have humans involved or there are known “bads” such as chargebacks, the system can learn quicker in such supervised environment. “Unsupervised machine learning tends to be less accurate (in comparison). It is lower maintenance of course.” Sift Science uses an array of predictive models, including ones specific to a business plus network models because spotting bad behavior on one site helps to identify it on other sites as well.

As for not being vulnerable to new types of fraud attacks, companies like Sift Science look at how fraudsters are trying to break existing system controls and rules. So with reference to finding a way to attempt a fraud via email id or address by to circumventing the controls enforced, data normalization coupled with n-gram analysis extracts the key substrings in the data field to identify repeatable data patterns. And that’s one example of how machine learning plays it part.

 

For Ai’s 2018 Events, check - www.aieventdates.com

Follow Ai on Twitter: @Ai_Connects_Us