Machine Learning and Fraud Prevention Need Humans: Here’s Why
May 11, 1997, was a watershed moment. Gary Kasparov, then the no. 1 ranked chess player in the world, lost a match in under 20 moves to IBM’s supercomputer Deep Blue. Despite a temporary rally, the match ended with a 3.5-2.5 win to the machine, reversing Kasparov’s triumph just 15 months earlier.
The famous match was seen as a sign that Artificial Intelligence (AI) was catching up to human intelligence. IBM’s then-CEO Louis Gerstner announced, “what we have is the world’s best chess player vs. Gary Kasparov.” The Weekly Standard summed up the event with an article titled “Be Afraid.”
A quarter of a century later, AI is used to improve almost every aspect of modern life; from virtual assistants and search engines to managing production lines in factories and healthcare databases, and even the recent (and still in the works) development of autonomous cars. In recent months, headlines abounded with stories of the intrusion of AI into once fully-human domains such as painting and writing.
But we’ve yet to reach the point where machine intelligence could replace human intelligence completely. One such field where we see human expertise as critical is fraud prevention. Let’s look at the reasons why even the most powerful AI requires human input for fraud prevention to operate at its full potential.
Machine learning enables fraud prevention, but it’s not enough on its own
In 2021, 46% of global businesses used some form of machine learning to detect and fight fraud, according to Statista, up from only a quarter just the year before. The fact that machine learning-powered fraud prevention is the core technology that enables merchants to fight sophisticated fraudsters on equal ground, at scale, is no longer up for debate.
In a constantly changing fraud landscape, machine learning offers the capabilities to categorize, track, and analyze millions of data points in seconds in a way the human brain will never be able to rival. It’s proactive, designed to self-optimize, and can adapt to and pick up on complex patterns like fraud rings fast. Combined with a rich data network, for example, a network of merchants all contributing anonymized but impactful data about the fraud MOs and patterns they are experiencing, machine learning seems almost like a superpower.
But machine learning is also shaped, constrained, and biased by various factors, such as the data the models are pre-fed and the features that guide them.
More than that, machine learning can only respond to the information made available to it, meaning it can only make inferences based on the past, looking to transactions and patterns that have already occurred to make predictions. That might work well for a chess game where you have an immense but finite number of possible moves. But fraud is an open system, creating unavoidable blind spots for machine learning.
“Fraudsters are always looking for an angle. They’re always looking to better their capabilities according to the challenges they’re facing. That’s where we, as fraud analysts, come in: to recognize where our fraud understanding needs to evolve so we can face these fraudsters on the same level,” says Nimrod Dvir, a Senior Fraud Analyst at Riskified.
What are machine learning features?
When talking about machine learning, features refer to an individual, measurable characteristic or property. In online fraud prevention, this could include, but isn’t limited to:
- Email address maturity: When was the email address created? Typically, the older the email the safer it is.
- User’s shopping behavior: Did the user browse for 10 minutes before adding an item to their cart, or did they immediately add the most expensive item in the store and head to checkout?
- AVS mismatch: Do the billing and shipping addresses match? In certain situations, mismatches are legitimate.
In the end, fraud prevention comes down to fraudsters vs. analysts
For all the amazing capabilities machine learning offers, humans still outperform when it comes to understanding human behavior. A recent example we’ve seen with one of our merchant partners illustrates this well.
This merchant had a pattern of known Russian resellers. Once the Russian invasion of Ukraine occurred in early 2022, many of the regular shipping routes into the country were blocked due to international sanctions. These resellers then relocated their warehouses to a nearby country, along with their billing and shipping addresses, but continued using their Russian email addresses, sometimes with a proxy IP for added authenticity.
A machine learning model might conceive this as a new emerging fraud pattern. A human analyst, on the other hand, can consider the complexity of changing geopolitical situations and understand how a known pattern has changed.
Consider another scenario, where a fraudster imports a fraud tactic typical to one industry into another.
For example, scalper bots are usually used to target high-demand, short-supply products like limited edition sneakers, Xbox consoles, and concert tickets. A model trained on an industry that doesn’t usually offer limited drops or releases might not immediately detect them. A fraud analyst monitoring the model will, if they know which trends are growing in the market and which are ebbing, which are typical to specific industries and which aren’t.
Most critically, a fraud analyst knows the challenges fraudsters are facing, and how they think.
To continue the metaphor: machine learning will never make a Monopoly move in a chess game. But a fraudster will. And a good fraud analyst will know to anticipate and look for it.
“It’s easier for an analyst to understand human behavior,” says Dvir. “What will be the easiest for a fraudster to change? Where will they choose to go and what method will they try next? Will it be easiest for them to change the payment method? Is it easier to change the IP, or perhaps to get a proxy closer to the victim’s billing address?”
“There are areas where switching credit card characteristics is very easy, and there are areas where it’s very hard. It’s my job as an analyst to understand not just what happened today and yesterday, but also what will happen tomorrow,” says Dvir.
The difference between an average ML fraud prevention solution and an exceptional one comes down to the human element
Some fraud prevention vendors who rely on machine learning pride themselves on their solution being “hands off.”
We, however, know that for effective fraud detection and prevention (one that blocks fraud without adding friction for consumers or creating false declines due to risk aversion), every piece of data needs to be contextualized properly by experts before being fed into the algorithm. Our analysts run constant performance reviews by tagging post-decision orders to make sure our models are always as accurate and optimized as possible.
“Riskified has a large team of experts who know fraud inside and out. They can look at transactions and know exactly what they see, and that impacts how we label, how we select data, and more,” says Rotem Lord Hareven, a Fraud Analyst at Riskified. “To achieve a holistic picture of the fraud landscape, analysts also need to be strategists and storytellers. This is the difference between rules-based fraud prevention and machine learning. After all, what use is the human element if the ‘analyst’ is just an arbiter of rules?”
The heart of the matter is this: the vast majority of transactions are legitimate and should be approved. However, while all machine learning-powered fraud solutions promise to reduce fraud and lift approval rates, not all solutions are equal, and not all analysts are equal either. In the end, machine learning is still a tool, and you want a Chessmaster behind the board, not a rookie.
Riskified’s vision is to enable merchants to approve maximum orders safely and seamlessly. Knowledgeable, experienced fraud analysts support higher approval rates by redeeming transactions that machine learning models pinpoint as higher risk because they act as a failsafe for that risk-taking. But it’s about more than just catching risk if it is realized, or identifying in real-time whether novel behavior is legitimate or a new fraud ring.
The machine learning process is not a straight line, but a cycle. When you have analysts who understand fraud inside and out, they know the model’s blind spots, which populations are riskier, and which new features are needed.
Unlike machine learning, they can account for biases and real-world changes and how these would impact fraudster behavior. Their experience and insights are continuously fed back into the models. Together, humans and machine learning make sure all blindspots are accounted for.
Get more insights
A strong end-to-end fraud prevention strategy is a must for today’s eCommerce businesses. Find a solution that meets your business requirements with the help of the Gartner Market Guide for Online Fraud Detection.