Traditional online fraud prevention techniques have high rates of false positives. That means they identify as fraudulent, and turn away, a large number of good customers. You can increase your sales by simply using some of the newer, more accurate tools.

1. TRADITIONAL FRAUD PREVENTION
IS COSTING YOU CUSTOMERS
Alex Kilpatrick, PhD
CTO, BeehiveID

2. Let’s say you are a banker

4. • $9,999.99 - Definitely suspicious
• $9,999.00 - Definitely suspicious
• Asking about limits - suspicious
• $9,875.21, $9,923.12, $9,782.97 -
Maybe suspicious
• $5,000, $5,000, $5,000 – Maybe
suspicious
• 16 year old depositing $8,768 in cash -
Maybe suspicious
• Paranoid behavior – Maybe suspicious
• Corporate check – Definitely not
suspicious
• $102.32 – Definitely not suspicious

5. Binary Classification
Conservative / Liberal
Rich / Poor
Good Guy / Terrorist
Athletic / Sedentary
Male / Female
Young / Old
Healthy / Sick
Good customer / Scammer
-3 + x1 + x2 >= 0

6. Reality

7. REAL-WORLD CLASSIFICATION
IS NEVER
AS CLEAN AS WE WANT
Remember

8. Positive - ScammerNegative – Good customer
False Positive – We classify someone as a
scammer when they aren’t
Lose customers
False Negative – We classify someone as a good
customer when they are a scammer
Lose money

9. New Disease - Alexitis
• Very rare – only affects 1 in a million
people
• Luckily, we have a test that is 99%
accurate
• If they have Alexitis, test is positive 99% of
the time
• If they don’t have Alexitis, test is negative
99% of the time

10. I’ve just tested positive for
Alexitis. What are the
chances I actually have
it?

11. 99%, right? I’m screwed!
Would you believe .01%?
Has
Alexitis
Does not have
Alexitis
Total
Test Positive 1
(true positive)
10,000
(false positive)
10,001
Test Negative 0
(false negative)
989,999
(true negative)
989,999
Total 1 999,999 1,000,000
Paradox of the False Positive

12. Conditional Probability
If you live in the United States, you
probably speak English
If you speak English, you probably don’t
live in the United States

13. IF YOU ARE TESTING FOR
SOMETHING THAT RARELY OCCURS,
YOUR TOOLS HAVE TO BE
REALLY, REALLY GOOD
Remember

16. THE INTERNET IS BUILT
ON PACKETS,
NOT CONNECTIONS
Remember

17. IP Geo-Location
Nigeria
I am worried about scams, so I won’t accept
mail from Nigeria

18. IP Geo-Location
891889-11
But the mail only has codes, not country
names

19. IP Geo-Location
891889-11
No problem! I can look it up in a table
891888 United States
891889 Nigeria
891890 France
891891 Luxemborg

20. IP Geo-Location
891889-11
Problem 1: Database gets stale
891888 United States
891889 Germany
891890 France
891891 Luxemborg

21. IP Geo-Location
891889-11
Problem 2: Mail Forwarding
891888 United States
891889 Nigeria
891890 France
891891 Luxemborg
891890-19

22. IP Geo-Location
891889-11
Problem 2: Other Carriers
891888 United States
891889 Nigeria
9999 FedEx
891891 Luxemborg
9999
9999
9999
9999
9999
9999
9999
9999

23. IP Geolocation
• With “honest” users, IP Geolocation can be
somewhat accurate
• Nation: 95% - 99%
• City: 50% - 80%
• In terms of fraud prevention, it will only
catch the most clueless of fraudsters
• Essentially useless for mobile data

24. Proxy Detection
891889-11
I’ll make a blacklist
891888-12 REJECT
891890-19 REJECT
891891-12 REJECT
891890-19

25. Proxy Detection
• Can catch known proxies
• Suffers from same database issues as
IP Geolocation
• ANY machine on the internet can be a
proxy

26. Cookies
Once I find out your are a scammer, I sneak
into your house and put an X on your
envelopes, with invisible ink
891889-11
891899-11
X
X

27. Cookies
• Will work if the scammer does nothing to
prevent it
• Can be prevented with a single click
• Useful for tracking customers, almost
useless for tracking fraudster

28. Behavior Detection
Scam mail usually comes in between 3:45
and 4:00
3:45
3:52
3:55

29. Behavior Detection
• Very difficult to measure accurately
• Highly subject to false positives
• Almost any behavior that appears
suspicious can also have a legitimate
purpose as well

30. Browser Fingerprinting
I am going to measure the unique
characteristics of the paper, so I can
recognize the bad letters

31. Browser Fingerprinting
• Somewhat effective technique for tracking people
online
• Measures unique characteristics of your browser
(fonts, plug-ins, etc.) that are reported to web server
• Not well known among general public
• Generally not completely unique
• Will lead to false positives
• Not useful for mobile
• Trivial to circumvent
• Clean browser install
• Virtual machine

32. TRANSACTIONAL DATA:
DATA THAT IS CONTEXTUAL TO A
SINGLE TRANSACTION

33. Transactional Data Strengths
• Does not require user involvement or
knowledge
• Usually quick
• Can encompass many data points
• Does not affect the user experience
• Can be tested on sample data

34. Transactional Data Weaknesses
• Generally easy to workaround
• Significant false positive rate
• Difficult to aggregate across platforms

35. WITH TRANSACTIONAL FRAUD
PREVENTION, YOU ARE RELYING ON
INFORMATION THE SCAMMER
ULTIMATELY CONTROLS
Remember

36. Identity-Based Fraud Prevention
• In the real world, we want to know who we
are dealing with
• Personal recommendations are extremely
important
• Social context is extremely important
• However, online we have no identity
framework to leverage

37. FUNDAMENTALLY WE HAVE
BEEN SOLVING THE WRONG
PROBLEM
WE DON’T HAVE A TRANSACTION
PROBLEM, WE HAVE AN IDENTITY
PROBLEM
however

38. “No man is just of his own free
will [...] he will always do wrong
when he gets the chance. If
anyone who had the liberty [of
the ring of Gyges] neither
wronged nor robbed his
neighbor, men would think him
a most miserable idiot.”
- Plato

39. SOCIAL ACCOUNTABILITY
BREEDS POLITENESS
AND GOOD BEHAVIOR
Short Version

40. Anonymous Comment Facebook Comment

41. Source: David Kelts

42. Extreme Identity: DoD Top Secret
Clearance
• Takes 1-2 years
• Involves ~ 40 pages of
documentation
• Leverages numerous federal
databases
• Involves dozens of interviews
with people who have known
you for

43. Privacy
Identity
Friction
Identity
Strong identity means lower privacy and higher friction
Both bad…

44. Identity Farms
Cost of a phone-
verified Facebook
profile: $0.70-
$1.50
Global market for
fake identities:
$800M
http://www.newrepublic.com/article/121551/bot-
bubble-click-farms-have-inflated-social-media-
currency

45. Identity Reputation Trust

46. Genuine UserFake User

47. Solution: Federated Identity
User1234
Verified Identity
• John Smith
• 123 Main Street
• Single
• (212) 555-1212
BeehiveID
Website

48. One Identity
Per Person
No Information
Sharing
Transportable
Owned by
User
Federated
Identity

51. BeehiveID Advantages
• Ultra-low friction
• Selfies are easy!
• Uniqueness through biometrics
• NO private information whatsoever
• Supports trust through
connections between people
• One-step integration

52. Summary
• Classification problems are inherently fuzzy
• When the thing you are looking for is rare, you have to
be really precise
• Transactional data is dependent upon data effectively
provided by the scammers
• Results in high false positives, losing customers
• Is easy to circumvent by scammers
• Identity is the foundation of trust in the real world, and
can be used from trust online, with the right tools
• Must be low-friction
• Must preserve privacy

53. QUESTIONS?
INFO@BEEHIVEID.COM