
Ex-Googlers Launch Sift Science (YC S11), a Fraud-Fighting System For Websites - amerf1
http://techcrunch.com/2013/03/19/ex-googlers-launch-sift-science-a-fraud-fighting-system-for-websites-backed-by-5-5m-in-funding-from-union-square-first-round-yc-others/
======
DanBC
This is exciting, and I wish you luck!

The article mentions a 90% detection success rate, but it doesn't go into
rates of false positives (people who aren't scammers who are flagged as
scammers) or false negatives; and it doesn't mention if there's any path for
people marked as scammers to become not scammers.

Also, do you have any plans to feed information to law enforcement in various
jurisdictions?

~~~
pc86
Maybe I'm misunderstanding your question, but doesn't 90% detection imply a
10% false negative rate?

I agree that the rate of false positives is extremely important here.

~~~
atwebb
Not exactly, it means that out of all of the fraud attempts, they found 90% of
them.

The false positive is, out of the ones they found, how many weren't fraud.

So if there are 10 real fraud attempts and they identity 9 of them, but find
90 others as well, then they still have a 90% fraud detection level, but they
just hampered 90 customers who did nothing wrong. This would be an extreme
case, but it should make the point. This applies in medical science at lot
when false positives can mean lots of time and money spent on patients who
don't really have the disease that was tested for.

~~~
pc86
The question was about false negatives, not false positives.

The parent's point was that he wanted to know the false _negative_ rate when
they found 90% of fraud attempts. I was asking if that 90% number meant that
by definition there was a 10% false negative rate.

~~~
wtvanhest
False Positive: Identify person as committing fraud when they are actually not
committing fraud.

False Negative: Identify person as safe when they are committing fraud.

False negatives lead to losses for large corporations and small companies
growing. False positives destroy individuals lives in extreme cases.

If the company becomes large, they should have a way to deal with false
positives. Hopefully a number that people can call and talk to someone. Making
people wait days to complete a transaction or worse yet, not allowing them to
make it at all is bad. If they become really big, this becomes really bad as
it could cut people off to services and products that they may really need.

Obviously, these are long-term problems and if they arise, the team is doing a
lot of other things right and I'm sure they will fix it.

~~~
galactus
Pc86 knows the meaning of false positives and false negatives, you should read
his original question again.

~~~
wtvanhest
DanBC: "The article mentions a 90% detection success rate, but it doesn't go
into rates of false positives (people who aren't scammers who are flagged as
scammers) or false negatives;"

Then...

pc86: "Maybe I'm misunderstanding your question, but doesn't 90% detection
imply a 10% false negative rate"

Then...

atwebb: explains difference between false positive and false negative.

Then...

pc86: "The question was about false negatives, not false positives. The
parent's point was that he wanted to know the false negative rate when they
found 90% of fraud attempts. I was asking if that 90% number meant that by
definition there was a 10% false negative rate."

But... the parent's point was about false positives, not false negatives. In
order to clear up the dialogue I put the definition of each, then re-asked the
question which was not previously answered.

The question still stands: What are they going to do about people who are
detected as fraudsters who are actually not trying to commit fraud?

~~~
pc86
atwebb's comment was not germane. He talked about both FPs and FNs when FPs
had nothing to do with my question. If he had explained how a 90% detection
rate does not necessarily mean there is a 10% false negative rate, then it
would have been relevant.

DanBC said the article did not mention FPs or FNs. I agreed with the FP point
so from here out lets ignore anything related to FPs. My question/point was
that as far as I understood it that 90% detection rate by definition means
there is a 10% rate of false negatives.

~~~
wtvanhest
You and I view FPs and FNs differently.

FNs to me are not interesting because they will be studied by the service
buyer so there is someone obviously interested in researching it and the
market will make sure that FNs are low enough or the service will not make any
money. FNs will automatically be solved. Asking about them doesn't even make
sense unless you are a buyer.

FPs on the other hand are not important to anyone but potential 'victims' (too
strong of a word, but still) and those victims do not have any way to
negotiate their position in the process.

By forcing people to use the system by signing up service providers, the
company is creating a situation where FPs are a very big deal for those that
are flagged as potential fraudsters.

I could care less about FNs since those will be naturally resolved by the
market place.

In general, a level of FPs has to be tolerated, even by the most aggressive
activists if the company can reduce a lot of fraud, but FPs are still serious.

------
brandonb
I work at Sift Science. Let me know if any of you have questions!

~~~
jasonlotito
I spent 10 years doing CC processing for high-risk sites. So, I feel for the
challenge you have ahead of you. =)

That being said, do you differentiate on the type of fraud? Fraud is not
fraud. I guess my question revolves around real fraud (stolen cc data being
used), and friendly fraud (me charging back a transaction fraudulently
claiming I never received a service). I'd be curious to know if you are
handling that, and how. Is it merely a case of asking the people using your
system to rate a particular transaction a certain way and putting into the
pool of data to be processed? Or do you do something more?

Also, you mention skipping verification steps. Do you do things to recommend
specific extra steps, or do you just provide a score and then let the client
figure it out? For example, a score of 90 might be reached in different ways.
In some ways, you an automated phone call could alleviate much of the concern,
while it in other cases, it wouldn't. I guess the question really comes down
to whether you provide guidance on which verification steps to take.

~~~
brandonb
Thanks Jason! Since every site is a bit different, we currently provide the
score and let the site decide what to do based on their UI. I really like the
idea of recommending specific extra steps though! Perhaps a good idea for a
future launch.

------
blauwbilgorgel
Could a site like Hackernews use the software to detect spammers, bots and
trolls? Or are the user patterns solely meant for fraudulent activity?

~~~
brandonb
Yeah, absolutely! You can train our system to detect whatever type of bad
behavior you care most about by giving previous examples of bad users you've
banned from the site. Some of our customers have trained our system to detect
spam, for example. Feel free to email me: brandon@siftscience.com.

------
planetjones
I haven't looked in detail at how this works - but what is the Fraudster has
JavaScript disabled or disables the http requests to Sift Science?

How do you gather data in that case - can fraudsters not just go "under the
radar" ?

Maybe there is more to this than the techcrunch article states which is
"Businesses can integrate Sift Science’s technology by copying and pasting a
small snippet of Javascript code to their sites, the company says."

~~~
brandonb
Sites integrate both a Javascript snippet and events from the server. If there
are server-side events, but no Javascript, that's a suspicious sign.

You can see the steps for integration here:
<https://siftscience.com/quickstart>

~~~
planetjones
I see it - the whole system and implementation looks a fantastically neat idea
:)

------
fingerprinter
Interesting development, and I like the high level approach.

I wrote one of the first bigtime fraud detection web systems (hence my
name...system is also still in use today and _finally_ adapted to an approach
my team and I architected over 5 years ago! Yay to shortsighted founders/VC!)
and am interested to see what they do.

BTW, the newly adapted approach previously mentioned? Yeah, it looks alot like
this. Best of luck!

------
suhail
Congrats guys!

