
How Fraudulent Users Slip Under the Radar - jasontan
http://blog.siftscience.com/blog/2015/how-fraudulent-users-slip-under-the-radar
======
dredmorbius
Some useful patterns, but also quite likley noise.

Both Alaska and Delaware are small states, with (relatively) small
populations. For classifiers with uneven numbers of members (e.g., states),
odds are high that whatever your outlier member is _will be a lower-population
classifier_. It's simply a matter of variance and other elements.

To test for _actual_ significance of those findings, you'd want to look at
Monte Carlo simulations through your dataset over time to see if there's a
_consistent_ trend for these particular indicators, or if the locus shifts
among several other regions.

Other indicators such as multiple accounts and time/day of activity suggest
stronger causal relationships.

~~~
alanh
This post is not useful or meant to be useful, I think. It's just supposed to
be entertaining enough to get you to think about Sift. You shouldn't blacklist
Delaware addresses or elderly people…

That said, your point about noise here is a good and interesting one

------
bemmu
Fraud doesn't just cause merchants lost goods. It makes ordering from stores
more difficult when there are extra steps (at least 3-D secure) just for fraud
reduction. This both annoys customers and causes sales to be lost because
ordering is less convenient.

It causes unnecessary returns when merchants end up sending things to non-
existent addresses that someone just invented to see if their stolen card was
working or not.

It even makes things like A/B testing less reliable, when your numbers are
skewed by fraud. Eliminating an extra step in your order process might look
like a great A/B testing win. Unless it was just because that "optimization"
just made fraud easier to commit. At the very least it adds noise.

It also makes it more difficult to know where you as a merchant stand
financially, as orders can become reversed in the future. Even if you
seemingly turned a $1000 profit this month, later you might find out you
actually didn't.

It's a sad situation that we have to just try to guess who might be committing
fraud or not, sometimes denying service to perfectly legitimate users while
still missing many cases of actual fraud.

------
ck2
I often buy sub-$20 items and have to try a few credit cards because I forget
how much is left on each one (I use one-time load cards for security).

So that explains the holds I sometimes get on orders, where I am like why hold
up a $20 order.

Regarding Deleware, I bet there are drop mailers there, surprised there isn't
a database of those.

------
devit
And now the fraudiest fraudsters in the fraudlands know how to fraudulently
defraud without ringing any fraudbells.

------
Shivetya
I wonder if the age range identified is because these fraudsters speed through
the sign up and select the low value when asked their age. I wonder if they
are either 1/1 or 12/31 babies too.

~~~
k1point618
That is definitely a trend. Similarly, Alaska (first in the abbreviated drop
down list for states) could be fraudulent due to the same reason. I don't
believe that the fraud users are actually from Alaska.

------
danso
A little off-topic, but today there was a pretty entertaining post on Gawker
about ISIS follower accounts who were caught talking about mundane stuff and
having run-of-the-mill "Twitter" drama:

[http://gawker.com/even-isis-guys-have-twitter-
drama-17405414...](http://gawker.com/even-isis-guys-have-twitter-
drama-1740541455)

What was funny was not just the purported content of the tweets -- now
apparently removed by Twitter -- but how these guys were identified:

> _...Abu Yusuf Al-Jabarti is an avid tweeter (his handle, @AlJabarti42,
> indicates he’s been banned 41 times) and supporter of the Islamic State.
> Most of his tweets are like this, just trying to expand his brand like
> everyone else..._

I'm not saying it's easy to write a general algorithm that follows a rule of
"If an account gets banned an another account with the same name but a
Levenshtein distance of 1 sprouts up from the same IP block and its first
tweets contain similar content to the deleted account, then ban that new
account, too"...at least, it wouldn't be easier than removing these accounts
ad-hoc (i.e. after Gawker discovers them)...but some problematic users don't
even make themselves hard to find and yet the prospective computational
solution isn't necessarily practical to implement or particularly worth
anyone's time (at the moment...).

------
ellius
Systems like Sift are interesting. Machine learning can pick up a lot of
trends over time that humans can't. The problem is that they often fail to
react quickly to new trends, many of which hit hard quickly. I've talked to a
lot of these vendors and most of them are complimenting machine learning
systems with traditional rule-based systems and human review because ML by
itself is too slow in adapting to attackers.

------
gruez
>Fraudsters work at night. 3 a.m. is the fraudiest time of day, regardless of
time zone.

what does that even mean? it's always 3 am somewhere in the world.

~~~
Pinatubo
I think they mean consumers who make transactions at 3am their time are more
likely to be committing fraud.

------
anigbrowl
I'm generally opposed to torture, but I make an exception for people who coin
neologisms like 'fraudiest.' No thanks for that assault on literacy.

~~~
ChuckMcM
Q: What do you call a language that doesn't change year after year?

A: Dead.

There was a great interview with the folks at the OED about why they added
words to the dictionary that someone had just "made up" (like 'selfie'). And
their answer was simply that all words are made up at some point, and trying
out a new word exposes it to the population and ones that effectively
communicate a concept or idea get picked up and distributed. That is how the
language evolves to deal with a world and a society that evolves.

On the flip side, many folks are rather annoyed that technologists took
previously fine words and repurposed them for their own use and now they speak
a language that sounds like English but isn't understandable by non-techies.

I'm guessing the OED folks would have preferred that new words were created to
cover that case :-)

~~~
moron4hire
One might also consider that a dictionary should be considered a service, to
provide the user a means to identify and understand unfamiliar language. I
think, too often, people treat dictionaries as official authority on language.
But I'm not aware that there is any such thing as a central language authority
for any language other than French. So, for a dictionary to include a word
like "selfie" is not necessarily a definitive inclusion of the word in the
language (as literally no-one holds that authority), but a statement that new
things are going on that readers might, just perhaps, want to know about to
stay relevant.

~~~
TeMPOraL
> _I think, too often, people treat dictionaries as official authority on
> language._

They aren't, and a lot of people miss it - they don't know that dictionaries
are descriptive, not proscriptive. They do not _define_ words, they only
catalogue ones that are used, providing their most popular meanings.

~~~
moron4hire
That is a much more succinct way of describing what I was hamfistedly trying
to say.

