One million dollars in fraud lessons
from the past 5 years

John Nellen
Josh Hixson

© Next Jump, Inc. 2014

1
Who is Next Jump and what do they do?

© Next Jump, Inc. 2014

2
Next Jump Overview

Consumer
Banking

Investment
Banking

Accounting/
Consulting

Insurance

Retail

Technology

Telecomm....
Platform overview
Marketplace & WOWPoints

 Designed to help employees
save time, money and earn
rewards.
 Exclusive emp...
Fraud over the years
Key events & product changes

Introduction
of gift cards

Fraud

Introduction of
Overwhelming
Offers
...
Top 3 lessons learned

© Next Jump, Inc. 2014

6
Auth-ing cards isn’t just useful to you…

1

Registered card product

 Began collecting credit cards for payment and poin...
Some people are working on holidays…

2

Fraudsters go to work when you aren’t

 One of the biggest fraud cases took plac...
Not everything has to be black and white…

3

 Riskier products introduced – cancellable
travel and gift cards
 Fraud re...
Fraud prevention

© Next Jump, Inc. 2014

10
Hypothesis
Protecting the perimeter will be the best way to ultimately reduce
overall fraudulent activity

Registration

A...
Our answer

How to protect the perimeter? Work backwards
Lock down
transactional
fraud

Less fraudulently
earned points to...
Transactional Fraud Prevention
Vision: Inline, real-time, fraud prevention
 Inline check between card auth and payment pr...
3 Key Components

 Who really wants to manage rules and manually analyze
patterns all the time?

 Secondary goal - Colle...
Requirements for Inline Checking

Speed

 Response times must be minimized
– Cannot be a significant impact on
checkout f...
Requirements for Inline Checking

Agility

 Rules must be easily added/modified
– Must remain responsive to changing frau...
Requirements for Inline Checking

Scalability

 System must be able to handle heavy load
– Thousands of checks per hour f...
Decision Tree Generation

Scalability

ID3 Algorithm

Order

R1

R2

R3

Class

3430612

0

0

1

NOT FRAUD

3430619

1

1...
Insights from ID3

Scalability

 Value of decision trees when not used as the model
 Helps weight rules – root rule shou...
In closing

Scalability

 Effective analysis of fraud data better positions
ourselves to prevent future fraud

 Inline c...
Question and Feedback

Contact us:
John Nellen – john@nextjump.com
Josh Hixson – jhixson@nextjump.com

© Next Jump, Inc. 2...
Upcoming SlideShare
Loading in …5
×

Fraud Meetup

207
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
207
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Fraud Meetup

  1. 1. One million dollars in fraud lessons from the past 5 years John Nellen Josh Hixson © Next Jump, Inc. 2014 1
  2. 2. Who is Next Jump and what do they do? © Next Jump, Inc. 2014 2
  3. 3. Next Jump Overview Consumer Banking Investment Banking Accounting/ Consulting Insurance Retail Technology Telecomm. © Next Jump, Inc. 2014 3
  4. 4. Platform overview Marketplace & WOWPoints  Designed to help employees save time, money and earn rewards.  Exclusive employee pricing and discounts at thousands of brands.  Earn WOWPoints on almost every purchase.  1,000 WOWPoints = $10.00 8.4MM WOWPoints earned last year © Next Jump, Inc. 2014 4
  5. 5. Fraud over the years Key events & product changes Introduction of gift cards Fraud Introduction of Overwhelming Offers Introduction of WOWPoints Time © Next Jump, Inc. 2014 5
  6. 6. Top 3 lessons learned © Next Jump, Inc. 2014 6
  7. 7. Auth-ing cards isn’t just useful to you… 1 Registered card product  Began collecting credit cards for payment and points credits  On the backend, cards were authorized upon registration.  Goal: Check if the customer's account is valid Lesson: Fraudsters will use your auth system. Fix: Combination of limiting number of auths by account, and IP info © Next Jump, Inc. 2014 7
  8. 8. Some people are working on holidays… 2 Fraudsters go to work when you aren’t  One of the biggest fraud cases took place over memorial day last year.  Easy to get into the vacation mind set before a long weekend.  Fraudsters leveraged a weakness in our gift card product to steal about 10,000 gift cards over a 12 hour period. Lesson: Protect yourself on the days off Fix: Ensure alerting will be alerting and someone is on standby. If you're not monitoring continuously, you’re not monitoring at all. © Next Jump, Inc. 2014 8
  9. 9. Not everything has to be black and white… 3  Riskier products introduced – cancellable travel and gift cards  Fraud response: Turn it off, fix, turn back on  ON/Off features frustrated users and hurt the UX. Lesson: Segment users & products to reduce risk Fix: Created risk profiles for users limiting products that they can access. © Next Jump, Inc. 2014 9
  10. 10. Fraud prevention © Next Jump, Inc. 2014 10
  11. 11. Hypothesis Protecting the perimeter will be the best way to ultimately reduce overall fraudulent activity Registration Account Fraud Checkout Points Fraud Transactional Fraud Family Groups © Next Jump, Inc. 2014 11
  12. 12. Our answer How to protect the perimeter? Work backwards Lock down transactional fraud Less fraudulently earned points to move around Lock down points fraud Less incentive to create fraudulent accounts Lock down account fraud “Why bother?” asks the fraudster It all starts with stopping transactional fraud © Next Jump, Inc. 2014 12
  13. 13. Transactional Fraud Prevention Vision: Inline, real-time, fraud prevention  Inline check between card auth and payment processing Begin cart checkout Authorize card Check for fraud Process payment  Score based: User and transaction info returns a score  Rules are built off identified fraud attributes – EX: Order amount greater than double the average order amount  The score acts as a confidence measure that the transaction is fraudulent © Next Jump, Inc. 2014 13
  14. 14. 3 Key Components  Who really wants to manage rules and manually analyze patterns all the time?  Secondary goal - Collect and analyze data effectively to help automate fraud ops  Inline checking is key to keep this real-time  Three keys to an efficient system: Speed Agility Scalability Optimized for inline checking © Next Jump, Inc. 2014 14
  15. 15. Requirements for Inline Checking Speed  Response times must be minimized – Cannot be a significant impact on checkout flow  Implemented fraud system as an internal RESTful API – Removes checks from application layer – Concurrently evaluates rules  Now, response times averaging ~80ms – Down from ~1sec when checking through the application © Next Jump, Inc. 2014 15
  16. 16. Requirements for Inline Checking Agility  Rules must be easily added/modified – Must remain responsive to changing fraud vectors – Who knows when the house is going to burn down?  Developed rule creation tool and dashboard to manage rulesets – Hardcoded rulesets required code release to modify – Shouldn’t need to be able to code to run fraud ops  Now, updating a ruleset takes a matter of seconds © Next Jump, Inc. 2014 16
  17. 17. Requirements for Inline Checking Scalability  System must be able to handle heavy load – Thousands of checks per hour for different fraud risks  Checks could require dozens of rules – Large random access rulesets become unruly and inefficient  Organizing our rulesets on decision trees allows us to only check the rules we need to – Number of rules evaluated increases logarithmically with scale © Next Jump, Inc. 2014 17
  18. 18. Decision Tree Generation Scalability ID3 Algorithm Order R1 R2 R3 Class 3430612 0 0 1 NOT FRAUD 3430619 1 1 1 FRAUD 3430624 1 1 0 NOT FRAUD 3430631 0 1 1 FRAUD 3430635 0 1 0 NOT FRAUD The ID3 algorithm uses a historical dataset of fraud cases to produce a decision tree that classifies vectors R3 Entropy: Information Gain: NOT FRAUD R2 System takes each transaction and works down the decision tree to arrive at the class the transaction belongs to © Next Jump, Inc. 2014 18 FRAUD NOT FRAUD
  19. 19. Insights from ID3 Scalability  Value of decision trees when not used as the model  Helps weight rules – root rule should have the most weight  Shows which rules you can get rid of to shrink your ruleset  Automating the analysis and tree generation takes the work out of the hands of fraud ops  However, ID3 doesn’t handle continuous data well  What exactly should be our threshold for order amount?  Newer algorithms (C4.5 and C5.0) can! © Next Jump, Inc. 2014 19
  20. 20. In closing Scalability  Effective analysis of fraud data better positions ourselves to prevent future fraud  Inline checking allows for immediate collection and analysis while protecting us in real-time  A fast, agile, and scalable system means we can implement many different fraud detection capabilities across our platform © Next Jump, Inc. 2014 20
  21. 21. Question and Feedback Contact us: John Nellen – john@nextjump.com Josh Hixson – jhixson@nextjump.com © Next Jump, Inc. 2014 21

×