PayPal discusses challenges related to payment fraud, and the technology they use to stop it faster

1. Stopping Fraud Early
Ouyang Ming
Interviewed by
Distinguished Scientist
Carole-Ann Matignon
Co-Founder & CEO
Sparkling Logic
© 2013 Sparkling Logic, Inc. company confidential

2. How big of a problem is Fraud at PayPal?
• PayPal attempts
• 50% invalid browser finger print
• Fraudsters are probing PayPal system
• Losses upticks whenever we have tech issues: for bigger
issues, the loss could easily double or triple
© 2013 Sparkling Logic, Inc. company confidential

3. What are the different type of risks?
• Account taken over: online world
• ID theft: more a credit issue, real world
• CC risk
• ACH risk: stolen vs. credit
© 2013 Sparkling Logic, Inc. company confidential

4. Where are the “fraudsters” coming from?
• Phishing
• Malware, spyware and botnet
• Data/security breach
• Shared passwords: 40k out of 200k matched w/ PP
• Unintentional issues: recycled emails
• Underground market
© 2013 Sparkling Logic, Inc. company confidential

5. How do you identify Fraud?
• Customer claims
• CC charge back
• Merchant reports
• ACH returns
• Agents review
• Loss monitoring
© 2013 Sparkling Logic, Inc. company confidential

6. How do you stop Fraud?
• Manual review vs. data driven
• Data
• Point-in-Time notion
• Decision Management tools
• SAS
• Knowledge Seeker
• Sparkling Logic SMARTS BluePen
© 2013 Sparkling Logic, Inc. company confidential

7. definitions
set '__is_WH' to boolean to string( ( CtrlActions number of actions "180" + CtrlActions number of actions "181" + CtrlActions number of actions "182" ) is more than 0 ) ;
set '__true_cc_idi' to all of the following conditions are true :
- _VAR value of variable ( "IS_CAM_ATTEMPT" ) equals "1"
- _VAR value of variable ( "IS_CAM_PLUS" ) equals "1"
- _VAR value of variable ( "MODEL_SEGMENT_CAM" ) to integer is more than 0 , ;
set '__attempt_amt' to Transaction USD amount USD amount ;
set '__cam2013_score' to iif ( _VAR value of variable ( "CAMNNMODEL_SCORE2" ) is not empty ? True _VAR value of variable ( "CAMNNMODEL_SCORE2" ) : False "0" ) to decimal ;
set '__p_value' to iif ( __cam2013_score is at least 1 ? True "0.54" : False iif ( __cam2013_score is less than 0.03 ? True "0" : False decimal number to string( __cam2013_score * __cam2013_score
* __cam2013_score * 0.5841 - __cam2013_score * __cam2013_score * 0.305 + __cam2013_score * 0.2333 + 0.0032 ) ) ) to decimal ;
set '__sim_qp_scr' to __p_value * __attempt_amt * 100 * 10 ;
if
__true_cc_idi
and _VAR value of variable ( "CAMNNMODEL_SCORE2" ) is not empty
and integer to string( User account number ) right 6 chars left 2 chars to integer is between 80 and 99
and none of the following conditions are true :
- Transaction is dcc
- Transaction is virtual terminal
- Transaction is hss ,
and none of the following conditions are true :
- Transaction is eBay customized end of auction
- Transaction is eBay express payment
- Transaction is eBay immediate payment
- Transaction is eBay marketplace payment
- Transaction is eBay motors deposit ,
and none of the following conditions are true :
- FundingActions number of actions "98" is more than 0
and __is_WH equals "0"
- FundingActions number of actions "29" is more than 0
and __is_WH equals "0"
- FundingActions number of actions "16" is more than 0
and __is_WH equals "0" ,
and any of the following conditions is true :
- _VAR value of variable ( "CAMNNMODEL_SCORE2" ) to decimal is at least 0.03
and __attempt_amt is at least 250
- _VAR value of variable ( "CAMNNMODEL_SCORE2" ) to decimal is at least 0.1
and __attempt_amt is at least 150 and less than 250
- _VAR value of variable ( "CAMNNMODEL_SCORE2" ) to decimal is at least 0.3
and __attempt_amt is at least 100 and less than 150
- _VAR value of variable ( "CAMNNMODEL_SCORE2" ) to decimal is at least 0.4
and __attempt_amt is at least 50 and less than 100
- _VAR value of variable ( "CAMNNMODEL_SCORE2" ) to decimal is at least 0.7
and __attempt_amt is at least 25 and less than 50
- _VAR value of variable ( "CAMNNMODEL_SCORE2" ) to decimal is at least 0.8
and __attempt_amt is at least 0 and less than 25 ,
and __sim_qp_scr is at least 40,000
and none of the following conditions are true :
- 'User counterparty' has ALF ( alf_digital_content ) active on account
- 'User counterparty' has ALF ( alf_digital_content_olg ) active on account
- _RADD Misc 03 exists with keys ( "ARS_TRUE_INDUSTRY" , "ARS_TRUE_INDUSTRY" , "ARS_TRUE_INDUSTRY" , integer to string( 'User counterparty' account number ) )
and _RADD Misc 03 string variable "CAT" with keys ( "ARS_TRUE_INDUSTRY" , "ARS_TRUE_INDUSTRY" , "ARS_TRUE_INDUSTRY" , integer to string( 'User counterparty' account
number ) ) equals "gaming"
- _RADD Misc 03 exists with keys ( "ARS_DG_SELLER_LIST" , "ARS_DG_SELLER_LIST" , "ARS_DG_SELLER_LIST" , integer to string( 'User counterparty' account number ) )
and _RADD Misc 03 integer variable "IS_DG" with keys ( "ARS_DG_SELLER_LIST" , "ARS_DG_SELLER_LIST" , "ARS_DG_SELLER_LIST" , integer to string( 'User counterparty'
account number ) ) equals 1 ,
then
the BREFundingActions flag hold the current transaction of User ;
What does a
Flash Fraud
rule look like?
© 2013 Sparkling Logic, Inc. company confidential

8. How big is the solution?
• Events through rules engine:
over 110 million requests/day
• Machines we have for rules engine: 360 boxes
© 2013 Sparkling Logic, Inc. company confidential

9. How do you know how well you do?
• Business Metrics and Business Objectives
• Hit rate / Catch rate
• Financial objectives
© 2013 Sparkling Logic, Inc. company confidential

10. How do you track performance over time?
• Flash Fraud is an Endless Game
• Technology evolvement: proxy, VPN, Remote Desktop
• Interactive game: you change, they change accordingly
• Control Groups
© 2013 Sparkling Logic, Inc. company confidential

11. Let’s end with an anecdote…
© 2013 Sparkling Logic, Inc. company confidential