Uncovering the enemy: What military intelligence can teach us about fraud

Terrorists and fraudsters

Immediately prior to joining Ravelin, I worked as a Commando and a military Special Intelligence Officer. This role took me all over the world, supporting multiple different operations, conducting a myriad of different tasks and achieving a variety of outputs. One of these such tasks was High Value Individual (HVI) targeting of terrorist networks.

HVI targeting is the process of identifying enemy networks and then slowly, methodically and precisely selecting the key players within that network. It is extremely time consuming, with a whole team spending days, weeks or even months watching, surveilling and building an investigation against the individual.

It requires multiple intelligence streams such as signals intelligence, imagery intelligence and human intelligence, further combined with thorough understanding of terrorist tactics and doctrine, tempered with cultural insight, and all then fused together in order to build an accurate and coherent assessment of the HVI. It requires aircraft, satellites, surveillance teams, investigators, computer experts and even spies. It is hugely manpower, time and asset intensive.

It is also completely unsuitable for fraud prevention.

In the eight weeks since joining Ravelin, it has become abundantly clear that finding the fraud in a merchant’s transactions requires taking a completely different tack.

Fraud is in the aggregate

The issue arises when you acknowledge that obvious fact that fraud is not a small and localized problem. Fraud is so widespread and so inherent to ecommerce that its prevalence is an unavoidable inevitability of the digital marketplace.

As such, a merchant is not required to pursue tens or even hundreds of fraudsters but instead thousands and tens of thousands, each going to great lengths to defeat detection, each probing defences to find weaknesses and each sharing their knowledge with a community of like-minded peers on the dark web and elsewhere.

To say it lightly, this is not an easy problem to overcome. Even if fraudsters make up just 0.1% of the world’s online population, then that is still 4 million people actively attempting to take advantage of merchants on a daily basis.

As such, it is the objective of merchants to prevent fraud in the aggregate. They need to stop the largest number of fraudulent customers as possible, in the most effective and efficient way possible and in order to achieve the lowest cost to the business overall. But how best to go about this?

Drawing parallels: Key identifiers of behavior

Let’s return again to HVI targeting. HVI targeting relied on having a clear understanding the underlying characteristics of a terrorist. The use of the various intelligence assets (satellites, aircraft, spies etc) was simply to collect raw information. The intelligence officer’s role is to process this raw information into useful intelligence – assessments from which decisions could be made.

So, what is important in identifying a terrorist?

• Probably who they are interacting with, maybe other known persons of interest?
• Maybe where they have been seen, such as known hideouts, weapon stores, command centres?
• Possibly even the tactics they employ, such as changing vehicles regularly or avoiding using mobile phones?

It is these features that the intelligence officer slowly begins to understand as key identifiers of nefarious behavior. It is these features that assets are then tasked against in order to collect the raw information from which then to make an assessment.

We can then take this understanding and apply it to ecommerce.

A fraud investigator has a clear understanding of the underlying characteristics of fraud. They know what fraud is, they know why fraudsters employ certain methods and tactics, and they know how fraudsters interact with and take advantage of specific merchants.

Just like the intelligence officer, it is the fraud investigator's role to understand what features are important for fraud detection, and then ensure that they collect raw information from these features so that they can fully evaluate and make an accurate decision. Potentially, this is the time a fraudster spends selecting the product? Maybe it is their location, or the relationship between their location, the order location and their IP address location? Maybe it is the number or type of products they ordered, and their average cost?

It is the investigator’s role to understand which features are important, then to scale this understanding to tackle the millions of fraudsters attacking merchants every day. How to do this? AI-powered machine learning automation.

Machine learning for fraud prevention

Machine learning models are the tool that will extrapolate the investigator’s understanding to the aggregate. They can process unfathomable reams of information to assess the underlying and fundamental characteristics of fraudulent behavior – and thus assess the threat.

ML occupies three separate entities:

It collects information, assesses intelligence and acts on those assessments all at once. This occurs in a seamless process, scaled to be effectively infinite, and guided by human insight to achieve the most effective prevention outcome.

An investigator’s role is to identify the features that are important in detecting fraud, then to ensure that a machine collects the relevant raw information to make an accurate prediction.

I have quickly come to understand that when it comes to tackling fraud, machine learning is the weapon of choice.