The Psychology of fraud fighting
Predator and Prey: What Nature can Teach us About Fraudsters
If there’s one thing that every fraud industry veteran will agree with it’s that when it comes to fighting fraud the battle never ends. Fraud is a classic adversarial problem - the fraudster vs. the provider of goods/services. As each side's strategy evolves the other adjusts - ad infinitum.
As we assess fraud prevention strategies we might draw on another adversarial scenario that’s been playing out for 3.7 billion years: Life on earth. The never ending ‘arms race’ of competition between predators and prey has produced many lessons on successful traits and behaviors.
At Sardine we’ve derived mental models from nature to help you fight fraud - here are a few traits that you can use to be successful:
- Develop a diverse and sophisticated sensory system
- Pattern recognition is key to spotting danger
- Use poison to lower the expected value of predation
- Protect yourself against ambushes
- Develop a network ‘alarm system’
1. Develop a diverse and sophisticated sensory system
Sight, smell, hearing, touch - these are all rich sources of data that are used in nature to detect predators and identify danger. As a merchant or fintech you need to do the same to efficiently detect fraudsters. At Sardine we help collect rich device, behavioral, identity, and transaction data and put it all back together nicely into a ‘brain’ for decision making.
2. Pattern Recognition is Key to Spotting Predators
Pattern recognition is the detection of characteristics of data that uncover information about a given data set or system. For instance humans are incredible at taking visual data and detecting predatory cats vs. harmless herbivores - in the same way, effective fraud prevention means taking as many signals as possible and determining what is safe vs. fraudulent. There are two primary ways to build a system that recognizes fraudulent patterns:
- Rules can weed out obvious fraud patterns like “Email Doesn’t Have History + IP is a VPN + Browser is in Incognito Mode + VOIP Phone”. This would be a classic example of a fraudster obfuscating identifiers so as not to leave a trail of breadcrumbs to their actual identity.
- Models built using supervised machine learning can detect more subtle patterns that strongly correlate with fraud and can be more accurate than rulesets. Building models for fraud prevention is very nuanced and we’ll cover this in a post soon!
3. Use poison to lower the expected value of predation
Species ranging from Hemlock to Pufferfish employ poison as a means to deter predation. A common strategy for predators is to preferentially attack prey with the lowest levels of defense. Combat opportunistic predation by signaling to predators that ‘hey I am actually dangerous or poisonous, you don’t want to try and eat me’. This adaptation has a wide range of analogies to fraud prevention but the most obvious is to employ strong KYC or step-up frictions to show fraudsters that you’re taking them seriously.
4. Protect yourself against ambushes
It’s 2 AM and your fraud team is asleep. When they wake up the next morning it’s code red - there was a massive bot attack overnight. Accounts were compromised and the saved payment methods used to purchase digital goods. You were ambushed.
In the fraud world attacks are coordinated in Telegram - they’ll inundate you, often in the middle of the night when defenses are low. At Sardine we’ve developed tools to detect ambushes - ‘offline’ anomaly detection built from non-supervised ML models that scan for statistically significant changes in a population of data. We pair this with alerting in Slack channels to help you detect and quickly respond to ambushes.
5. Develop a network ‘alarm system’
In the treetops of rainforest in Brazil a series of high-pitched squeaks are the alarm calls of the black-fronted titi monkey. The cries carry information about the type and location of a threat to other monkeys in the pack. In order to beat fraudsters, merchants, fintechs, and banks need to work together and build a network alarm system just like the Titi monkeys. This is why we’re building SardineX, a consortium leading the charge to unite everyone in the fight against fraud.
Hopefully the principles here spark ideas as you continue to hone your fraud prevention program. Would love to hear your thoughts on other analogies to nature and your fraud stories!