
Sift Science (YC S11) raise $18M to stop credit card fraud with machine learning - jasontan
http://techcrunch.com/2014/05/14/sift-science-raises-18m/
======
JackFr
Calling it 'lose-lose-lose' doesn't actually make sense. 1) They lose the TV;
2) they lose the $1000 dollars they obtained in the transaction; 3) the
chargeback negatively impacts relationship with the card issuer.

By that accounting, a legitimate sale would count as a 'lose', since they lose
the TV.

'Lose-lose' would be fine, but even by the standards of hastily written press
releases, this is kind of silly.

~~~
jasontan
Hi JackFr,

Jason here, op and CEO of Sift Science. You have a point, but do keep in mind
that the TV is going to a bad customer -- one that won't reward Best Buy with
repeat business (perhaps just more fraud) and won't spread positive word of
mouth (except to let other fraudsters know that Best Buy is a great fraud
target). So there is some "lose" in shipping the TV to a bad customer,
different from shipping it to a good customer. Does that make sense?

------
svmegatron
I run a product in this space
([https://www.merchantprotector.net](https://www.merchantprotector.net)) and
I'm quite impressed with Sift Science's pricing.

No charge for the first 10k transactions/month is impressive.

~~~
jasontan
thank you, will!

------
jliptzin
I can think of some simple things FIs can do to prevent fraud. For example
they could leverage your cell phone's GPS at the time you make a purchase to
make sure you're actually in the store where the purchase is coming from. For
online purchases, they could text you a confirmation that you were the one who
made the purchase. Just some simple things that seem a lot less complicated
than machine learning that we haven't tried yet.

~~~
laurenbee
Interesting ideas, but I don't think these suggestions would be so simple.
They would put a burden on consumers to always have a phone at the ready. What
happens if your phone can't connect to GPS inside a store? What if you don't
have your phone with you (or if you don't have a phone at all)? Buying goods
and services would be far less convenient.

~~~
jliptzin
That's true, things that sound simple on the surface often turn out to be
pretty complex in implementation. I think that the number of people making
purchases without cell phones on them is converging towards zero and will be
there soon, so I think it's safe to think about these systems now.

What about implementing a 2FA system for larger purchases (online or off),
implemented in an app on the consumer's phone like google authenticator or
sms? Swipe your card at checkout, if amount is > $XX (or otherwise suspicious
according to current models), prompt the buyer for a one-time code from SMS or
an app. I use the same system when logging into gmail, my bank account, etc -
I'd have no problem (and would even welcome) a similar system when using
plastic. It's at least a lot more convenient than having the txn declined and
your card disabled until you call their security hotline. This way, thieves
would need to steal your card _and_ your phone to cause damage.

------
JimmaDaRustla
Just off the top of this article - BestBuy wouldn't be liable for that $1000,
it is the FIs liability, if we're talking about a transaction at a physical
terminal, not CNP.

Edit: FIs also have to follow rules and regulations to monitor and predict
fraud activity.

~~~
jasontan
Jason here, op (and CEO of Sift Science). It wasn't quite clear in the article
- in the example of the stolen television, there is a key difference between
Best Buy and bestbuy.com. In the latter, the merchant takes the hit on fraud
(e.g. $1000 will be subtracted from the bank account of bestbuy.com), whereas
in the former, the merchant is off the hook for fraud. This is one of the key
differences between Card Present (offline) and Card Not Present (online)
transactions.

I've contacted the reporter to try and clear this up.

~~~
JimmaDaRustla
Edited this comment - misread your comment. Correct, thank-you for the
feedback!

Edit #2 - when you say offline/online, I'm assuming you mean in terms of an
online store, versus a physical retail store.

I took it as if the transaction was done in realtime to the backend FI system,
or if it were verified offline at a terminal. In EMV terminals at a physical
merchant location, transactions can be either online or offline ;)

------
lsh123
The biggest problem with ML is that it takes time for it to react to the new
fraud patterns/schemes. While rules engines have their limitations, they also
have one big benefit: they allow to block recognized fraud really fast.

So the actual question here is whether the ML for detecting fraud is better
than a flexible rules engine and goods analysts/statisticians. In my personal
experience, statistical analysis and anomalies detection effectively handles
majority of the fraud. I would be interested to see a more detailed analysis
of Sift Science performance with some numbers for false positives/false
negatives for example, though (of course) it is probably proprietary
information.

------
milkmanjr
Awesome stuff. I use sift science, in addition to some basic fraud prevention,
and what they are doing has allowed me to sleep easier at night.

Kudos to the Sift Science team!

------
suprgeek
Is the fact that this is based on "no rules just data" even sensible? Or is it
an artifact of bad reporting?

Many Credit card fraud prevention systems such as the Falcon Fraud Manager use
both Rules and ML (Neural Network modelling) to tackle this issue. I am not
sure that a purely data centric approach with no rules even makes sense.

~~~
jasontan
hi suprgeek, I'm the op (and CEO of Sift Science). it's true - we do not have
any rules in our product. we believe that rules can serve as an effective
short-term solution, or for special cases, e.g. prematurely blocking a massive
wave of fraud from an IP address because you know it's coming.

but, rules are rather easy for fraudsters to circumvent, and they require
merchants to play whack-a-mole. with today's technologies, it's easier than
ever to analyze massive amounts of data, and we believe that machine learning
can go a really long way in detecting fraud.

does that make sense? happy to discuss further, and we'd be happy to put you
in touch with our customers if you'd like to hear more about our results.

~~~
suprgeek
Hi Jason, Thanks for replying and that (no rules just data) is a pretty cool
ML + Big Data play.

Having worked in this space a bit, I know where the dragons be in such an
approach. I imagine that you are doing some kind of Pattern Matching: e.g.
known Fraudster uses these signals (Browser +OS + Email+Time of shopping +
something else... + type of Card) to teach the system what to look for. The
real trick is to avoid over training and evolving the patterns to keep pace
with the fraudsters by incorporating feedback from the merchants.

Can you point to some blog posts/text that provides a sneak peak into the
kinds of technology that you use to cut down on false positives?

------
ripberge
Anyone care to share their experience with Sift Science? How well does it
actually work for you?

I have been integrating it for a day or so. The documentation is slightly
confusing and they've had a few minor bugs in their UI, but support has been
really good thus far.

~~~
jasontan
hi ripberge, would love to hear what was confusing about our documentation,
and what bugs you've seen. we're always looking to improve the customer
experience - can you email me (jason at siftscience dot com)

------
mahyarm
When do you think credit cards / bank accounts will become push transactions
vs. the pull transactions by a few trusted banking agents as they are now. How
much will that reduce fraud?

------
saurabhnanda
why cant credit card transactions be mandated to go through a second layer of
auth that is _not present_ on the card? in india, the banking regulator RBI,
forced this a few years ago and the CNP fraud rates tanked to negligible
levels. All domestic transactions now go through a 3d-secure or OTP process.

~~~
Tarang
It decreases the chances of successful legitimate transactions just as a
barrier to completing payment. In India nearly 1/3 of card based transactions
online don't go through successfully. I.e want to order pizza but the phone
battery is dead (so no 2fa/otp)

