Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Link Analysis
We believe that graph networks in fraud detection, when used correctly and with consideration to the network’s limitations, are an unequivocally powerful technique.
Share this article:
That fraudsters often collude is well-known. If a merchant has poor security, that information is shared at rapid speed; making a small problem very large indeed. And fraudsters will often operate across a number of merchants taking whatever goods they can, with as large a value as they can. Therefore having access to data across a number of merchants should be invaluable for detecting fraud: as you stop a fraudster for one merchant, you can stop them for all. Right?
Well, it is certainly a compelling idea but as someone who has built their own graph network not once but twice – at a merchant and now at Ravelin – I am not so sure a cross-merchant network is as useful as it appears at first pass - read more about this here.
For Ravelin, a network is made up of user accounts linked by shared characteristics. These links may have differing strengths, from the tentative (shared temporal behaviour), to the intermediate (shared locations, similar email patterns, shared ip addresses), to the strong (shared cards, shared devices).
We love networks and have developed networks as part of our fraud detection technologies from the outset. Used correctly and with consideration to the network’s limitations, graphing a network is an unequivocally powerful technique, melding the best of computer processing (linking millions of data points and displaying patterns), with human processing (visually detecting and judging meaningful patterns).
Once we have identified a clear network, we test each node in the network for fraudulent patterns. Many networks display collective fraudulent attributes distributed across many or several nodes – a clear indication of fraud. In such cases we move swiftly to disable or suspend that network, which may or may not be apparent to the members, depending on the strategy we deploy.
Some networks may appear to contain only a few fraudulent nodes, the rest appearing to be normal customers. In such cases we can put the entire network on an alert list and monitor the collective behaviour closely until the tolerance threshold is breached.
We have found on many occasions that networks of accounts linked by various characteristics (shared credit cards, shared locations, shared behaviour) are actually describing real groups of people who know each other in real life. This is not surprising – criminal activity is frequently social and credit card fraud even more so. We have uncovered networks of criminals in Toronto, London, Singapore, Dublin and elsewhere, in which credit card fraud was just a small part of the criminality – yet still detectable by this technique. It is always a thrill to discover a real group of people using data science!
In uncovering these networks, the counterintuitive conclusion we have reached is that the best dataset is often a single merchant’s own network. The simple reason for this is that fraudsters often return to a merchant to exploit a weakness they’re now familiar with. Also the weakness itself is a pattern that we can quickly detect and stop as it is shared throughout a fraud network. So we can stop a repeat offender and we can stop fraudsters connected to that user. It’s the 21st century version of the aphorism that the thief always returns to the scene of the crime!
You would think therefore that extending this capability across merchants should be incredibly effective. The truth is that it can be but there are significant caveats.
Firstly, it assumes that a fraudster with one merchant will be a fraudster with all others. This is possibly (although not completely) accurate for a certain type of criminal fraudster – the one who actively buys stolen card data to make online purchases. However is It is equally possible (and common), that some fraudsters conduct some business with stolen cards, while making legitimate purchases with their own. One may argue that such people should be denied all rights to online purchasing but this casts merchants and fraud providers into an uncomfortable position of labelling someone as a criminal even when they are not in the act of committing a crime.
A second, more troubling problem with this approach is that it can potentially lead to blacklisting the wrong person, i.e. the victim of the fraud, rather than the perpetrator. This can be mitigated to some extent by use of techniques such as device and behavioural fingerprinting. However you need to be very confident of having the right tools in place to detect this and even then, the risk of false positives is higher than many of our growth-focused clients would like to bear.
A third flaw in unfettered network effect fraud detection is that it is inadequate to address the complexities surrounding first-party (or “friendly”) fraud. This is an interesting mix of the two scenarios outlined above. Rather than mitigated by device fingerprinting, the problem is compounded by it, because there is no third party, and the fingerprinting describes the actual customer. Moreover, we are again cast in the role of ethical judge – should we block Customer A with Client X because Customer A charged back some transactions with Client Y, citing fraud?
In summary, network analysis is a fantastic technique that delivers results. However, it is not a panacea and across networks it has a very high potential for false positives and for weak connections to be mistaken for strong. It’s easier to recommend within a single merchant’s network where it provides astonishing insight into their data by matching the best of computing power with human insight, resulting in a fantastic fraud detection strategy.
To learn more about link analysis visit our insights page.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?