E-commerce Fraud Facts

This is awesome stuff. Theoretically. But Sift doesn&#x27;t actually make these functional&#x2F;actionable right away through their service (even though they could). We signed up, love (LOVE!) the idea, but they keep asking for more data before returning meaningful results.<p>Their home page says, &quot;Get going in minutes: Integrate in just three steps: paste a Javascript snippet onto your site, log transactions from your servers to our REST API, and send examples of banned users.&quot; But it isn&#x27;t so. They require a long-term in-depth model of your site&#x2F;usage including multiple fraudulent examples (what if you&#x27;ve mostly solved fraud?) before returning meaningful results.<p>According to this post and previous posts, they should be able to return meaningful results with very basic things: time of transaction, email address, etc. They should start off with: &quot;Here&#x27;s our recommendation, but it&#x27;s based on limited information so we feel X strongly about it.&quot; Instead they say: &quot;Give us more information, we can&#x27;t help you yet.&quot;

With domain name registration the factors that we have noticed that are almost certainly fraud orders are (in various combinations):<p>1) credit card payment is all lower case and&#x2F;or obvious non understanding of how US addresses are formatted<p>2) domain name has &quot;hack&quot; or some foreign sounding word. Or is anything related to vietnam (get plenty from vietnam)<p>3) IP location doesn&#x27;t match customers location<p>4) Multiple attempts in a row with different credit cards<p>5) Registrant name doesn&#x27;t match the name on the credit card and&#x2F;or address<p>6) Customer name doesn&#x27;t relate to email address used in any way.<p>Once again no one factor is definitive usually but a combination of several together almost always indicate a fraud order.<p>Those are off the top there are more. Bottom line is when you simply look visually at the orders you can tell with near 100% certainty that an order is fraudulent.<p>Otoh, here is a fictional example of an order that wouldn&#x27;t appear fraudulent at all:<p>domain: bobspartycity.com<p>Registrant: Bob Wagner Address: 76 Walnut St., Williamette IL bobspartycity@gmail.com And IP is in that vicinity etc.<p>...etc. It could be of course but we&#x27;ve never had a case where a fraudster puts much effort into faking an order using knowledge of what we look for.

The patterns that emerge for fraudulent orders are amazing. And, as the article notes, often specific to a particular merchant. Fraudulent orders often come in waves lasting up to several months, and pattern recognition can be particularly helpful in identifying parts of those longer waves.<p>I&#x27;m also working on a project in this space - <a href="http://www.merchantprotector.net" rel="nofollow">http:&#x2F;&#x2F;www.merchantprotector.net</a>

We&#x27;ve found that good indicators include: a large distance between billing and shipping addresses, a large distance between estimated IP location and billing address, large order size, using a free email like gmail&#x2F;yahoo&#x2F;hotmail (that&#x27;s the smallest of the factors, but virtually all of our fraud orders use them). Even combining these and others with a threshold, it&#x27;s still hard to reliably detect without too many false positives.

Fraud &quot;facts&quot; like that applied in a blanket fashion would frequently flag international customers, 3 of the 5 rules listed apply to me.

Are you familiar with ensemble methods and boosting algorithms?<p>How does Sift Science combine multiple signals like these (which individually are pretty weak) into one fraud detection system with a high level of predictive accuracy?

We really wanted to like Sift, as we suffer from a substantial amount of fraud attempts (as most business who sell digital products). However, their model is not a good fit for eCommerce sites, and that&#x27;s a shame - it seems to be built specifically for services marketplaces like AirBnb, where there is typically a time delay between payment and service provision.<p>I exchanged a few Email with their support previously, and there is no way to get real time fraud scoring. I would expect to receive in the response to a transaction event the risk score associated with it - something similar to what the Minfraud service does (which we use), but taking into account more factors since they collect more data via their Javascript API.<p>One can only hope they&#x27;ll offer this capability in the future, and we&#x27;d be glad to try it out again.

This doesn&#x27;t seem really smart since some of those apply to me. I am not from America and I sometimes order from there meaning it would seem like I&#x27;m ordering at 4am when its 2pm my time. Another thing is the email, I know a lot of people with their birth year inside their email. What about them?

&quot;It might turn out that size 10 shoes are more fraudulent than size 15 shoes.&quot;<p>There should be a pretty limited list of mailing addresses that would order size 15 shoes (Shaq&#x27;s house?) and the black-market for reselling them must be a lot tighter.

So for something like &quot;fraudsters don&#x27;t use capital letters,&quot; does your system discover a fact like this automatically, or do I have to think up these indicators myself and hope they are relevant?

Did anyone else find it odd that the 2am and 4am times weren&#x27;t qualified? (US? East Coast&#x2F;West Coast?)

What exactly is a &quot;fraudulent order&quot; anyway? Someone has a credit card, pays you and you send the product. Where is the fraud? Isn&#x27;t it external to the company or service? If someone steals a credit card and makes an online purchase, isn&#x27;t that the responsibility of the card company in securing its account proxy more fully?