Machine learning sees success in holiday fraud fight
Technology companies have pushed machine learning as a way to combat a fraud threat that's increasing in size and sophistication, and there are signs emerging security innovation is making a difference.
NuData Security, a Mastercard company, reports its system prevented 408 million attacks on global retailers during the 2018 holiday season, saving more than $500 million in potential losses.
There were more than one billion irregular digital activities in December alone, according to NuData Security, which also reports crooks are getting better at figuring out retailer defenses.
“We have seen for the last couple of years fraudsters going about the creation of accounts in advance for the holidays. They will slowly start to build up accounts and let them age as they have learned retailers are wary of new accounts opened during the holidays,” said Robert Capps, vice president of partnerships at NuData Security.
NuData uses machine learning to study how its clients’ new accounts are opened. It also studies how data is input into a digital application, the time used to key in the individual letters, the pause between filling in lines and whether a mouse or keyboard is used to navigate a screen. These unique measurements of behavioral and biometric, coupled with location information about the applicant, allow NuData to identify if a new account application is being completed by a human or a computer.
This past October, using its machine learning algorithms, NuData identified 37 percent of its clients’ new applications as high risk, warranting further review by fraud analysts. Normally, the annual average of accounts flagged for a secondary review is 14 percent.
“The scale is staggering at this point. It’s almost a digital arms race,” commented Capps. “The advent of cloud computing makes it easier to use automation.”
Fraudsters are benefiting from a growing amount of legitimate data. Phishing attacks are on the rise and becoming more sophisticated. By luring victims into divulging confidential financial information, fraudsters can use the data to open new accounts. Data breaches such as the recent incident at Marriott expose millions of personal records such as birth dates, passport numbers, account information, logins and passwords that can also be used for fraudulent purposes.
One ray of hope in stopping fraud is the crooks' need for scale, which leads to the use of computers and automation. Since computers don’t act like human beings, it can be easy to spot a rudimentary attempt to mimic human behavior. Fraudsters are making a counter move, using machine learning to determine what computer behavior gets caught, and changing their programs.
“They have learned you can’t fill out an application in seconds, so they put in a pause between line completions. We’ve learned to study keystroke cadence to determine if it’s a human or a machine entering the data,” Capps said.
In studying patterns of access, velocities of transactions and how new accounts are opened, NuData creates a baseline of what is expected or common human behavior. Once activities fall out of the expectation they are flagged for further review.