
Ex-Googlers Train Machine Army to Sift Out Crooks - divad12
http://www.wired.com/wiredenterprise/2013/03/siftscience/
======
justinsteele
$0.10/query is a hefty price to pay. For comparison's sake -
<http://www.maxmind.com/en/ccfd_features>

If siftscience turns out to be significantly more accurate, it may end up
being worth it.. but at somewhere between 6 and 20x their competition's price,
it will take quite the improvement.

~~~
jahabrewer
That was my main takeaway from skimming. I'm not a sales person, but I could
see ten cents being a significant portion of the profit margin on certain
items.

~~~
brandonb
(I work at Sift Science.)

For what it's worth, you can score up to 5000 users per month completely free
with Sift Science. So if you run a small site, there's no fee. If you run a
large site, you can see for yourself whether we're saving you enough money to
justify the price.

In addition, there are discounts from high volume, for pre-payment, and
there's the possibility of scoring only high-risk users. If you run a web
site, feel free to shoot me an e-mail at brandon@siftscience.com, and we can
figure out how to make it work for you.

~~~
divad12
(I work at Sift Science too.)

Just to clarify, we charge 10 cents per _unique user_ that you query in a
month, not per query. So, you can query the same user as many times as you
like in a month and the cost will not exceed 10 cents for that user.

------
beilabs
How would this sit with payment gateways from a PCI standpoint?

An ideal customer would be an e-commerce marketplace, I imagine that Sift
Science would want to receive as much information about the customer as
possible, including credit card / address details. Are you guys completely PCI
compliant? You're taking 10 out of 16 credit card digits...

From a quick glance of your website you make no reference to PCI.

~~~
brandonb
Great question. We should add it to a FAQ. The PCI-DSS rules apply to systems
that store the entire credit card number ("PAN" in PCI-DSS parlance). We don't
accept the full credit card number -- just the first six digits (which
identify the type of credit card and bank) and the last four (typically
printed on receipts), which the PCI-DSS rules allow for. So if you're PCI
compliant already, you'll still be PCI compliant if you use Sift Science.

~~~
beilabs
Thanks for the information, I think I'll be in touch about an account in the
next few weeks for a marketplace I'm developing.

Perfect timing too, I just started looking at our options for developing
something similar internally.

Would love to see the systems that Etsy / Ebay for handling this type of
fraud.

------
mynewwork
So what happens when a user scores high? Suppose I'm a firefox & windows xp
user from elbonia shopping at 3am, does the site not let me make a purchase?
Am I forced to provide extra information or are items delayed before shipping?

~~~
brandonb
(I work at Sift Science.)

We provide a score, and then let our customers decide what to do. The majority
of our customers have a human review the user, and sometimes as part of that
review, they'll do extra verification such as calling the user up. In other
cases, customers will delay charging the credit card until they can verify
it's legitimate.

------
theorique
Interesting that a prepaid gift card strongly suggests fraud. What if a person
simply wants to protect his privacy?

~~~
brandonb
(I work at Sift Science.)

One thing to note -- our system analyzes a whole bunch of patterns for each
user. So just shopping at 3am by itself won't cause problems, nor will using a
prepaid gift card by itself. But if a user matches multiple fraud patterns,
then they're likely to get a high fraud score.

~~~
theorique
Cool, thanks for clarifying.

------
luser001
Since the Sift guys are responding: from where do you get the raw data about
fraudulent transactions? I'm assuming you have streams of fraudulent and valid
transactions, otherwise you can't figure out what correlates with fraud.

~~~
brandonb
Our customers send examples of users that they've banned from their site or
who have caused a credit card chargeback -- these are the $label events in our
API and quickstart.

Those $label events let us do two really important things.

First, we can learn patterns that are unique to a particular site. Every site
is a little different, so that has a big impact. Patterns that catch fraud
accurately for an auction site may not work at all on a travel site.

Two, if a user gets banned from one site in our network, we can identify when
they attack another site. That means as more sites join the network, the
system gets more accurate for everybody.

------
zallarak
This strikes me as a very dramatic title.

------
frozenport
There is a second point of feedback that should be exploited. He knows which
services are used for fraud, it is not unreasonable to conclude that Yahoo
(2x) has something wrong in their service (terrible security problem) that AOL
doesn't (0.5x).

------
jaytaylor
I've used sift science, it's pretty neat! I recommend checking out their
product.

------
cddotdotslash
From what I've read about this project so far, it requires adding "a single
line of JavaScript to the site." So what's to stop scammers and spammers from
just blocking the file from loading?

~~~
dougb5
(I work at Sift Science)

If there has been no JavaScript activity from a user who makes a transaction
on your site, that is a fraud signal in its own right. (You can send us events
from your server in addition to adding the JS to your site, so that we know
characteristics of your users' transactions that can't be gleaned from the JS.
In both cases you set the user ID in the call to Sift.)

~~~
cddotdotslash
Ah, okay that makes sense, considering that both client side and server side
events will be used. Thanks for the reply!

