Gilit Saporta - Practical Fraud Prevention

• 2021-03-05: First Release
• 2021-06-22: Second Release

With Early Release ebooks, you get books in their earliest formthe authors raw and unedited content as they writeso you can take advantage of these technologies long before the official release of these titles.

This will be the 2nd chapter of the final book.

If you have comments about how we might improve the content and/or examples in this book, or if you notice missing material within this chapter, please reach out to the editor at ccollins@oreily.com.

If you were trying to pin down the main difference between an analyst who works extensively with data, and a data scientist, youd likely touch on the concept of domain expertise as a key value that analysts bring to the table. Data is enormously valuable, but it wont get the results youre looking for without a deep understanding of the context. This is particularly important with fraud fighting, since youre fighting an enemy that actively fights back, changing its techniques and patterns to evade detection and trying to reverse engineer and thus avoid the traps youve created to catch them. You dont want to wait until you have a lot of data about a new attack type or new fraud ring; you want to catch it before that.

Fraud domain experts are often the ones to provide the secret sauce, those impactful variables that really boost the performance of a fraud prediction model. If we had to narrow down that secret sauce, that domain expertise that every fraud analyst should hone to perfection, wed say that it ultimately comes down to fraudster profiling. A good analyst helps her team understand that not all fraudsters are created equal. Some of them are amateurs; others are pros. Some of them are native speakers of the language of their victims; others rely on auto-translate. Some are very tech-savvy, so trying to beat them with checkout barriers would be futile (e.g. if theyre using brute force bots, captcha would be counter-productive).

Therefore, its essential to learn how to group fraud attacks based on the guesstimated profile of the human being behind them. Its worth mentioning that user profiling in general is a powerful analytic practice. Many departments seek to better understand their target audience by breaking down the group theyre speaking to into approximate groups, each one of which has specific characteristics, behaviors and pain points. Discussing the groupings theyre using with marketing, sales or product teams can actually be a good, regular touchpoint for fraud teams to get together with other departments and build lasting, mutually beneficial relationships. It can also help your team work to avoid false positives.

That said, a fraud teams key target audience is rather different. A fraud analyst is primarily focused on fraudsters. Breaking down the types of fraudsters your team is facing, and which characteristics each is likely to show, helps the team to identify and block each type, working out which ones most regularly attack your business. This should contribute to your strategy for how to prevent fraud both now and in the future, may help you work out where to invest most research, resources or new tools, and can even lead to insights about how and why your business is most vulnerable to fraud - and, therefore, what you could do to make yourself a less attractive target.

In this chapter, we cover some of the most common fraudster archetypes. We hope that this will provide you with a useful mental framework for understanding the online criminals you work against, as well as the practical strategic help as described above. Some will be more or less relevant to you depending on your industry (banks are more likely to be targeted by Psychological Fraudsters than by Amateur Fraudsters, for example) but there are no hard and fast rules for this, and we encourage you to be aware of all of these archetypes so you can protect against them should they attack you.

It is important to bear in mind, however, that these are archetypes, not actual people, that were discussing; so dont expect every single fraudster to conform to type in every single way, every time. In particular, you need to remember that these days fraudsters rarely work alone, so you may often have more than one archetype in play as part of a large coordinated attack. Even amateur fraudsters work in groups or spend time on online forums learning from and sharing experiences with other fraudsters-in-training, and they benefit from guides and burnt cards made available by more experienced fraudsters. Mechanical Turk style fraudsters are only really a threat because they operate as cogs in a larger fraud machine, guided by managers and fueled with data stolen by other criminals.

Many fraudsters, particularly those for whom fraud is their profession, work as part of an organized criminal initiative, with colleagues who specialize in areas such as botnets, phishing campaigns or design (to create convincing fake websites and ads), to name just a few. Larger organizations boast their own financial and even HR officers. There are also consultants who can be hired. Online fraud is a big business.