
Announcing Sift Science: fight fraud with large-scale machine learning - brandonb
http://blog.siftscience.com/announcing-sift-science-fight-fraud-with-large-scale-machine-learning/
======
devonkim
I'm kind of wondering how this will (or can) fit from a deployment set of
concerns (cross-silos, compliance & audit, handling CDNs, etc.) into large-
scale environments like eBay or Paypal and whether the fraud models are
appropriate for most that do business online. As a crude example, I might care
about fraud in blog spam from SEO blackhats, which is not the same as credit
card fraud patterns but both translate into real dollar loss for some
businesses. Granted, the founders are ex-Googlers so perhaps this was done
yesterday, but the way they present themselves and with their current customer
list they make it look like it's mostly for direct financial transaction based
sites. I'm suspecting things are overly simplified but I find it pretty hard
to believe that inserting some Javascript snippets into a page could actually
help when fraudsters could eventually start bypassing that JS (see: web
scrapers). The API docs seem awful naive in number of possible cases.

With that said, congratulations on the launch, I know this is not an easy
problem to handle and I think you actually have fulfilled a major goal of
ease-of-use for online fraud detection systems. The only comparable systems
I've heard of are ridiculously expensive beasts of enterprise software or
custom-grown for the company with incredible barriers to entry. Best of luck
to you guys.

~~~
brandonb
Hey Devon -- thanks for the thoughtful comments!

Most of our customers do use Sift Science for financial fraud, but because
it's a machine learning system, you can train it to detect other types of bad
behavior like spam. We have customers in production using us to detect spam,
fake inventory, and duplicate accounts. If you have a use-case that doesn't
quite seem to fit, let me know and we can figure out how to train our system
to recognize that type of behavior: brandon@siftscience.com.

If a fraudster bypasses the JS, we still have REST events such as transactions
(or any other custom event sent from the backend). Seeing a user who has REST
events but no Javascript events is a suspicious signal in itself, so
fraudsters can't circumvent the system by just turning off JS.

FWIW, we're on some pretty major sites that we can't announce, so we've gone
through a bunch of compliance, audit, security, and other concerns already.

~~~
raverbashing
Can you explain better what exactly you do?

It seems that you use ML to pinpoint fraud (or better, undesired behaviour) in
$WEBSITE.

So that could be fraud detection because they login from one country, ship to
another and buy a certain combination of items.

Or that could be "spam fighting" because they create an account with X and Y
characteristics and post similar things.

Am I right in my perception? (and you could use this not only for 'bad
behaviour' but for good behaviour as well)

~~~
brandonb
You're right on. In theory, you could train our system to recognize good
behavior if you sent us enough $label events, but most of the patterns we have
today are really optimized around detecting bad behavior.

~~~
sdepablos
Could you develop a little more how duplicate accounts could be detected?

------
dougk16
An article will appear a year from now..."Perpetrating fraud with large-scale
machine learning."

Just kidding ;)...Looks awesome and easy-to-use, congrats on launching.

------
brandonb
I'm the OP and I work at Sift Science. Let me know if you have questions!

~~~
adrr
Is it possible to run this stuff on certain purchases say like gift cards or
would that reduce effectiveness of the software? If its looking for patterns
in ordering, and i only feed in gift card purchases, it would have nothing to
compare against. Reason I am asking, we have almost 0% fraud/charge back rate
since you can only by our physical product via a subscription model.

------
ericcholis
While I'm currently evaluating and very excited about Sift Science, what are
some of the competitors in this space? I'm only aware of CPA Detective Max
Mind miniFraud.

~~~
brandonb
The two biggest anti-fraud vendors are Accertify and ReD. You might also look
at ThreatMetrix, 41st Parameter, and Iovation, who do primarily device
identification.

Let us know what you think!

------
haliax
Where did you get your initial data when you were starting up?

~~~
brandonb
We were lucky to find some early beta customers like Airbnb, Uber, and Listia,
who were all looking for what we were building and willing to take a risk with
a startup. In general, getting the first two or three customers is one of the
hardest parts of building a B2B startup. Might make a good blog post one day!

~~~
haliax
I'd love to read such a post and best of luck!

------
trxblazr
I sat in your ACM presentation the other day at Stanford. It was really
awesome. Thanks for coming by and best of luck!

~~~
cbcase
Glad to hear it! I had a lot of fun coming back to campus. Good luck to you
too!

carl @ sift

------
jackmaney
Who, exactly, is "am9icytiNjRAc2lmdHNjaWVuY2UuY29t" (listed as a contact on
the Jobs page)?

~~~
trxblazr
hint hint hint: echo 'am9icytiNjRAc2lmdHNjaWVuY2UuY29t' | base64 -D

~~~
7402
trxblazr, you have demonstrated poor judgement. Sift Science is trying to make
a small attempt at filtering some of the inevitable spam that results from a
public job posting. You spoiled it. Why? For what purpose? To show how smart
you are?

Sift Science does not look like some arrogant company that has cooked up their
own broken security system, and that deserves to be poked at this way. It is
not a public service to defeat this quiz, a quiz that some people would have
been happier solving on their own so as to have a fair shot at apply for the
job.

------
jareau
Congrats from the Balanced team! You guys are doing great work.

~~~
brandonb
Thanks!

------
arkitaip
Any plans on working with major e-commerce platform providers?

~~~
brandonb
Definitely! What would be your top choices? And what's your ideal integration
experience?

