4. How do we battle the situation?
Find
suspicious
elements
Investigate
Find linked
elements
Block the
fraudsters
5. Data points
Account Order Service
Device ID
Credit Cards
Time and Date
Login Data
Payment Information
IP address
Call Destination
Billing Address
Shopper IP
Client IP
Order IP
Linked Accounts
Issuer Country
E-mail
Caller ID Usage Summary
Profile Information
Contact List
6. What kind of data we use?
Statistics for call by IP
IP Events Cost Duration First Last Users/Blocked users
194.101.26.28 10 500 125,7 10:28:56 2016-09-13 00:15:08 2016-10-11 10:20:00 1178 / 101
Linked users by call IP
Username IP Events Cost Duration First Last
fraudulent_user1 27.11.105.23 273 10,8 02:15:00 2016-09-13 00:15:08 2016-10-11 10:20:00
fraudulent_user1 194.101.26.28 15 2,7 00:45:00 2015-12-01 00:00:08 2015-12-13 00:15:00
7. So what’s the problem?
Big DBs
Batch Jobs SQL
User interface
IP User Creations Callers
194.101.26.28 160/50 35/10
9. Why not use DWH or materialized views?
Bob
Powerful DWH
USER
IP
PSTN
PostreSQL
materialized views
10. Aggregation types
• Total stats over whole history
• Never expires
• Long-term storage only for non-personalised data
Whole history
• Last X days/hours stats in realtime (ie 30 days)
• Expiration (deaggregation) of old events
• Ability to implement velocity checks / data flow rules
X days back from
current moment
• Hourly/daily statistics
• Destruction of old data
• Ability to monitor data trends
Time series