Archives for : July2017

How AI machine learning is confronting online retail fraud

Fraud is one of the biggest causes of lost revenue for online retailers. Fraugster and Riskified, two startups that operate in this space, share their insights and methods for safeguarding online retail.


Amazon Prime Day (APD) was a huge success, they say. At an estimate 60 percent increase in sales over 2016 and nearly $2 billion in revenue, it’s hard to argue otherwise.

If you want to talk numbers though, let’s consider this. What would you say if you were told that Amazon could lose nearly 5 percent of that revenue, or $100 million, due to fraud?

That’s a lot of money. And it’s not just Amazon on its Prime Day, it’s every online retailer that is exposed to online fraud every single day.

Retail hallmarks like APD or Christmas make things worse. What can be done to prevent this? Machine learning (ML) to the rescue. ZDNet talked to fraud prevention startups Fraugster and Riskified to get their insights.

The anatomy of fraud

According to industry blog Retail Minded, there are two main types of fraud — chargeback fraud and card-testing fraud. Chargeback fraud involves purchases that are reported as never delivered and then charged back to the merchant by the credit card company.

Card-testing fraud happens when thieves with a list of stolen card numbers essentially “play the slots” by attempting purchase after purchase from an online store with different numbers until they find a card number that succeeds. They then use this number to make fraudulent purchases at other stores.

It takes both expertise and resources to be able to identify fraud. Behemoths like Amazon may be able to deal with this in-house, but most retailers are not. And in any case, this is not something retailers would like to spend resources on.

According to a 2016 report, the average yearly financial expense attributed to fraud for retailers was 7.6 percent of annual revenue across all channels, including online and offline sales. Seven percent of that is attributable to chargebacks; 74 percent is for fraud management software, hardware and employees; and 19 percent comes from false positives — transactions erroneously rejected as fraud.

And that is on a business-as-usual day. On AMD, clients operating on Amazon have reportedly seen an increase of 150 percent in fraud attempts. Doing the math for chargebacks and false positives, we arrive at the 5 percent/$100 million figures.

Of course, the blunt of retailer spend attributed to fraud goes to fraud management software, hardware, and employees. Money well spent as far as retailers are concerned probably, since they represent resources required to minimize the impact of fraud.

This is an industry with considerable resources to spend and motivation to do so, producing and sitting on loads of data. Like any other domain with these characteristics, it seems ripe for automation by means of ML. Here is how Fraugster and Riskified approach this.

No false positives, we’re positive

Riskified is a fraud management solution for enterprise online retailers, co-founded by Eido Gal and Assaf Feldman in 2012. Assaf is an MIT graduate with 15 years of experience developing machine learning algorithms, and Gal had been working on risk and identity solutions at various startups, including Fraud Sciences, which was purchased by PayPal.

Gal says that they realized there was a gap in the way the eCommerce industry managed risk: “while most retailers were relying on third-party solutions for some parts of their online business, such as payment processing and website creation, every merchant was trying to manage fraud in-house. Fraud prevention tools available in the market at that time generally provided retailers with a risk score per transaction, and the retailer’s in-house fraud team was tasked with deciding whether to accept or reject the order.”

Gal noted that scoring tools flagged any statistically risky transaction, and fraud teams were focused on preventing losses.

This combination meant that retailers ended up turning away many legitimate customers due to suspected fraud, and losing out on significant revenue. Riskified’s vision was to outsource fraud detection to experts, allowing retailers to focus on growing revenue and improving customer service.

The company built a ML based fraud detection system, and leveraged a business model they say ensures their goals align with retailers: driving sales to good customers while avoiding fraud. Instead of providing a risk score and charging a flat fee for every transaction, Riskified offers retailers the option to approve or decline the transaction.

Riskified only charges a fee for approved orders covered by a chargeback guarantee in case of fraud. Gal says this incentivizes Riskified to approve as many good transactions as possible, while its chargeback guarantee means it takes on fraud liability for every order it approves, requiring the company to accurately identify fraud attempts.

In order for this to work, Riskified’s algorithms must either be less picky about what they approve, or more smart. Gal says that in legacy systems, each data element receives a score, which contributed to the overall risk score of the transactions.

For example, any order shipping to a re-shipper or a placed via a proxy server will be “penalized,” as these are potential indicators of fraudulent activity.

“Riskified’s ML models are far more complex, taking into account many more data points to uncover the context of the order. In this example, thanks to automatic data enrichment, our systems will have an indication that while the order is shipping to a US-based re-shipper, the item’s final destination is in China.

We know that statistically, it’s common for consumers based in China to use proxy servers when shopping online, and that to avoid high shipping costs, many good Chinese shoppers use re-shipping services. This insight is incorporated as a feature into our algorithms.

But our ML models consider many additional data points, such as the shopper’s online behavior, their digital footprint, and their past transactions with any other merchant using Riskified’s solution. Only after evaluating all the relevant data, the models reach a decision to approve or decline the transaction.

When we first launched Riskified, our entire service was identifying good orders that retailers planned to decline. We’ve since expanded our offering, and today most retailers use Riskified for their entire online volume.”

Look, mum, no rules

Fraugster, a German-Israeli payment security company founded in 2014, has its own approach here. Fraugster was founded by Max Laemmle and Chen Zamir. Laemmle says that after years of working in the payments industry, they experienced first-hand the challenges of fraud for e-commerce merchants.

He describes their vision was “to design and build an anti-fraud technology that could help create a fraud free world.” Laemmle says they found that all existing anti-fraud solutions were built on outdated technologies and could not deal with sophisticated cyber criminals:

“Existing rule-based systems as well as classical ML solutions are expensive and slow to adapt to new fraud patterns in real-time, hence inaccurate. Our team of intelligence and payment experts spent the last several years designing our proprietary technology from scratch. The result is advanced artificial intelligence (AI) technology which can not only eliminate payment fraud but also maximize revenues by reducing false positives.”

Laemmle explains their approach as follows:

“Translating intuition from rules or processes equals a human dictating to a machine how to reason. This requires a lot of manual work. What our engine does is use ML techniques that don’t substitute these things but substitute the human intuition part with which we reason.

The end result is a deterministic accurate system, trained not by a human but by a machine. Our engine requires a rich vocabulary and the capability to tie in these separate words into sentences and paragraphs that tell a narrative. We want to expand our vocabulary and continue to train the engine to choose the right vocabulary to tell the right story.”


Laemmle reports that their clients operating on Amazon saw an increase of 150 percent in fraud attempts on AMD.

“These are times when it’s easier for fraud to pass through a manual review system or classical ML system due to more transactions and fewer resources.

Not because of lack of accuracy, because of lack of scalability and the necessary speed to adapt to new fraudpatterns. A cyber criminal doesn’t generally care about sales (they plan on getting the item for free anyways) but during sales time they go through a less adverse security system.

One, because there are more transactions and it’s difficult for manual reviews to keep up and two, an item that is on sale might go through a system that is meant to look at lower priced items, think rule-based systems. Our technology is super scalable and self-learning so it can identify new fraud patterns as they emerge in real time.

All ML players have to build work arounds because they can’t process data in real-time. This means they have to pre-segmentize the data, etc. Their solutions are not fully automated / frictionless. Fraugster is not using human analysts, rules, or models. Our engine operates fully autonomously without contributing any friction in the check-out process.”

Mind the black box

Each company has its own approach and strengths, but the point here is not to compare them. The point is that these are some of the most widely influential applications of real-life big data innovation. Applications like these, even when operating in stealth as far as most of us are concerned, push the boundaries on a number of levels.

Equally important to the technical aspect are the aspects of transparency and compliance. Assaf elaborates:

“While the recent EU law requiring organizations that rely on ML for user-impacting decisions to fully explain the data that resulted in this decision, transparency into ML decisions is also a business requirement. In our industry, retailers need to know why a certain shopper’s purchase was identified as fraud and subsequently declined.

In case of a serious fraud ring attack that resulted in high chargeback rates, online merchants are held accountable by the payment gateway/processor — and need to explain why those fraudulent purchases were approved by the algorithms, and what has been done to ensure such cases are correctly identified going forward.

This has been a blindspot of the tech community, and is a key reason that many businesses are reluctant to leverage ML based tools, which they consider to be “black box” solutions. Riskified has invested significant resources into providing retailers with transparency into our ML decisions.

This was achieved by translating the tools used by Riskified data scientists when researching ML decisioning into a visualization that coherently conveys the logic behind the models’ decisions.”

As we have noted before, transparency and ML approaches seems to be at odds at present. The requirement for clarity does not only come from regulatory frameworks, but by and large it comes from business users too, as noted by many practitioners. While different approaches have been proposed to work around this issue, at this time no perfect solution seems to exist.


Henry Sapiecha

Over-payment scam targeting restaurant industry through social media channels

An Events Manager is warning of a new scam targeting Perth’s restaurant industry through social media channels.

Brooke Lingard works with The Old Laundry Bar and Kitchen in North Perth and said it was recently contacted by two people trying to run the same dodgy play.


“The first scammer contacted the restaurant through their email address on the website and asked to place an order for food, $2,000 worth, to pick up,” she said.

“They then go through the process of looking through the menu and choosing their selection and even to the point of giving us their credit card details.”

But then Ms Lingard said the red flags started appearing, and her instincts against scams kicked in.

“They then told us that their florist for their event doesn’t have credit card facilities and could we charge their card an extra $2,000 and then transfer that to their florist’s bank account,” she said.

“Very obviously a scam. I tried to fish for more details to pass over to the fraud police but he’s obviously very good at what he does.”

A second scammer tried to place the same dodgy order, but the team at The Old Laundry quickly shut it down.

Variations of this scam have been doing the rounds for years, with Ms Lingard recalling her own parents had been targeted in a similar way.

“My parents used to run a B&B and there were people saying they wanted to pay for their accommodation and their car hire in one go so they tried a similar thing.

“It seems obvious when you have experience with it, but there may be people out there who are not so wary.”

“I’d hate to see a local restaurant fall for such a scheme.”

WA’s Department of Commerce said the scheme is classed as an overpayment scam, which usually relies on stolen or fake credit cards.

Usually the order is substantial to make it attractive for the targeted business to cooperate, and usually the transactions are made before the business realises the payment method is fake and they find themselves out of pocket.

To check any suspicious messages, people are encouraged to check the Department of Commerce’s ScamNet page, which has this advice on overpayment scams:

  • Never agree to a deal in which the buyer wishes to issue an amount for more than the agreed price, and expects you to reimburse the balance
  • Never accept a cheque or money order, and then turn around and send part of the money back
  • Don’t assume that the cheque or money order is legitimate just because your bank accepts it for deposit. It takes time to clear an overseas cheque
  • Always seek authorisation from the credit card issuer to ensure the card is not stolen
  • If they want to use an escrow company (a third party which holds the money until the item is delivered), select your own. Their “escrow company” may be bogus
  • Remember, these scammers are conmen and are expert at coming up with plausible reasons and excuses.

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear


Not so long ago, enterprising thieves who wanted to steal the entire contents of an ATM had to blow it up. Today, a more discreet sort of cash-machine burglar can walk away with an ATM’s stash and leave behind only a tell-tale three-inch hole in its front panel.

Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a $15 homemade gadget that injects malicious commands to trigger the machine’s cash dispenser. And though they won’t name the ATM manufacturer or the banks affected, they warn that thieves have already used the drill attack across Russia and Europe, and that the technique could still leave ATMs around the world vulnerable to having their cash safes disemboweled in a matter of minutes.

“We wanted to know: To what extent can you control the internals of the ATM with one drilled hole and one connected wire? It turns out we can do anything with it,” says Kaspersky researcher Igor Soumenkov, who presented the research at the company’s annual Kaspersky Analyst Summit. “The dispenser will obey and dispense money, and it can all be done with a very simple microcomputer.”

Drill, Baby, Drill

For Kaspersky, the mystery of the drilled ATMs began last fall, when a bank client showed them an emptied cash machine whose only evidence of tampering was a golf-ball sized hole next to its PIN pad. To hide their tidy surgery, the thieves had even covered the entry point with a sticker. Eventually, the researchers learned of close to a dozen similar ATM heists. And when police arrested a suspect in one of the cases, they found a laptop, along with a cable he’d apparently snaked into the PIN pad hole. “Just a laptop, some wiring, and a hole in the ATM, that’s it,” says Soumenkov.

Kaspersky’s researchers already had the same model of ATM in their test lab, one that’s been in wide use since the 1990s. They removed its front panel to find a serial port that would have been accessible from the thieves’ hole. It connected to a wire that ran through the ATM’s entire internal bus of components, from the computer that controlled its user interface to the cash dispenser. Then the researchers spent five solid weeks with an oscilloscope and logic analyzer, decoding the protocol of the ATM’s internal communications from raw electric signals. They found that the machine’s only encryption was a weak XOR cipher they were able to easily break, and that there was no real authentication between the machine’s modules.

In practical terms, that means any part of the ATM could essentially send commands to any other part, allowing an attacker to spoof commands to the dispenser, giving them the appearance of coming from the ATM’s own trusted computer.

Eventually, the researchers were able to build their own device capable of sending cash-ejecting commands through just that exposed port. Their compact gadget, far smaller than even the arrested suspect’s laptop, consisted of only a breadboard, an Atmega microcontroller of the kind commonly found in Arduino microcomputers, some capacitors, an adapter, and a 9 volt battery. All told, it took less than $15 worth of equipment.

In their tests, the researchers found their finished tool could trigger the cash dispenser within seconds of connecting, and then spew as many bills as they wanted. The only limit to the attack’s speed came when the ATM’s computer “noticed” the dispenser acting independently and rebooted. But the researchers say that they could extract thousands of dollars before the reboot kicked in, and afterward they could simply repeat their attack, pulling more cash out of the machine until it was empty.

Easy Marks

Kaspersky says it’s alerted the vulnerable ATM manufacturer to the technique, but there’s no easy patch for the problem: The units’ software can’t be updated remotely. A fix, Kaspersky researchers say, will require replacing hardware in the ATMs to add more authentication measures—or failing that, adding physical security measures, like access controls and surveillance cameras, that might prevent thieves from daring an in-person raid on the machines. WIRED reached out to the ATM Industry Association for comment, but the trade group didn’t respond by the time of publication.

ATMs are a frequent hacker target. Lately, attacks from Thailand and Taiwan to Russia have infected banks’ own networks with malware that’s been used to trigger ATM cashouts. In tightly coordinated operations, money-mules retrieve the stacks of bills in person from the victim bank’s cash machines. In their conference talk Monday, Kaspersky researchers also revealed a new form of ATM malware they’ve found, which they say had been planted through stealthy fileless infections of banks in Russia and Kazakhstan. And other physical access attacks have planted malware on machines by opening their cases—either picking or breaking the panels’ locks—or used that physical access to a machine’s internals to connect a hacking tool directly to the cash dispenser.

But the Kaspersky researchers say the drill technique represents a simpler and stealthier path to an ATM’s innards. Breaching a bank’s back-end network requires far more sophisticated network intrusion skills, while opening the machine’s panel to plant malware or to connect a tool directly to the cash dispenser triggers an alarm. Drilling a gaping hole in the front of the machine, in this case, doesn’t set off that same warning.

Physical attacks on ATMs are, in some sense, an unsolvable problem. Computer security experts have long warned that no computer should be considered secure if an attacker takes physical control of it. But weak encryption and a lack of authentication between components leaves ATMs particularly vulnerable to physical attacks—access to any part of the insecure machine Kaspersky describes means access to its most sensitive core. And for computers that are left standing unprotected on a dark street in the middle of the night, stuffed full of money, a little more thought to digital security might be a worthwhile investment.


Henry Sapiecha