Uncovering the enemy; what military intelligence taught me about tackling fraud

Uncovering the enemy; what military intelligence taught me about tackling fraud

Immediately prior to joining Ravelin, I worked as a Commando and a military Special Intelligence Officer. This role took me all over the world, supporting multiple different operations, conducting a myriad of different tasks and achieving a variety of outputs. One of these such tasks was High Value Individual (HVI) targeting of terrorist networks.

HVI targeting is the process of identifying enemy networks, and then slowly, methodically and precisely selecting the key “players” within that network. It is extremely time consuming, with a whole team spending days, weeks or even months watching, surveilling and building an investigation against the individual.

It requires multiple intelligence streams such as signals intelligence, imagery intelligence and human intelligence, further combined with thorough understanding of terrorist tactics and doctrine, tempered with cultural insight, and all then fused together in order to build an accurate and coherent assessment of the HVI. It requires aircraft, satellites, surveillance teams, investigators, computer experts and even spies. It is hugely manpower, time and asset intensive.

It is also completely unsuitable for fraud prevention. In the 8 weeks since joining Ravelin it has become abundantly clear that finding the fraud in a merchant’s transactions requires taking a completely different tack.

Fraud is in the Aggregate

The issue arises when you acknowledge that obvious fact that fraud is not a small and localised problem. It is so widespread and so inherent to e-commerce, that its prevalence is an unavoidable inevitability of the digital marketplace. As such, a merchant is not required to pursue tens or even hundreds of fraudsters, but instead thousands and tens of thousands, each going to great lengths to defeat detection, each probing defences to find weaknesses and each sharing their knowledge with a community of like-minded peers.

To say it lightly, this is not an easy problem to overcome. Even if fraudsters make up just 0.1% of the world’s online population, then that is still 4 million people actively attempting to take advantage of merchants on a daily basis.

As such, it is the objective of merchants to prevent fraud in the aggregate. They need to stop the largest number of fraudulent customers as possible, in the most effective and efficient way possible and in order to achieve the lowest cost to the business overall. But how best to go about this?

My new role: Investigations Analyst

Let’s return again to HVI targeting. HVI targeting relied on having a clear understanding the underlying characteristics of a terrorist. The use of the various intelligence assets (satellites, aircraft, spies etc) was simply to collect raw information. The intelligence officer’s role was to process this raw information into useful intelligence, assessments from which decisions could be made.

So, what is important in identifying a terrorist? Probably who they are interacting with, maybe other known persons of interest? Maybe where they have been seen, such as known hideouts, weapon stores, command centres? Possibly even the tactics they employ, such as changing vehicles regularly or avoiding using mobile phones?

It is these features that the intelligence officer slowly begins to understand as key identifiers of nefarious behaviour. It is these features that assets are then tasked against in order to collect the raw information from which then to make an assessment.

We can then take this understanding and apply it to e-commerce. A fraud investigator has a clear understanding of the underlying characteristics of fraud. They know exactly WHAT fraud is, they know exactly WHY fraudsters employ certain methods and tactics, and they know exactly HOW fraudsters interact with and take advantage of specific merchants.

Just like the intelligence officer, it is the fraud investigators role to understand what features are important for fraud detection, and then ensure that they collect raw information from these features so that they can fully evaluate and make an accurate decision. Potentially this is the time a fraudster spends selecting the product? Maybe it is their location, or the relationship between their location, the order location and their IP address location? Maybe it is the number or type of products they ordered, and their average cost?

It is the investigator’s role to understand which features are important, then to scale this understanding to tackle the millions of fraudsters attacking merchants every day. How to do this? Machine learning.

Machine Learning

Machine Learning (ML) is the tool that will extrapolate the investigator’s understanding to the aggregate. It is the tool that can process unfathomable reams of information to assess the underlying and fundamental characteristics of fraudulent behaviour.

ML occupies three separate entities. It collects information, assesses intelligence and acts on those assessment all at once. This occurs in a seamless process, scaled to be effectively infinite, and guided by human insight to achieve the most effective prevention outcome. A investigator’s role is to identify the features that are important in detecting fraud, then to ensure that a machine collects the relevant raw information to make an accurate prediction.

I have quickly come to understand that when it comes to tackling fraud, ML is the weapon of choice.

Subscribe to the Ravelin Blog

For the latest in fraud prevention, machine learning, artificial intelligence and graph databases, subscribe today.