Most companies have adopted a mobile-first strategy for many years now. Marketing spend has been shifting to mobile advertisement and purchased application installs, with marketing spend projected to be over $70 billion dollars globally in 2018. Along with the growth of paid application installs, the amount of fake installs have also been on the rise. Mobile User Acquisition fraud has been estimated to be about 7.8% of the total installs, and the monetary damage will exceed $10B in 2018. Today, fraudsters have access to sophisticated technology, and UA fraud is quickly becoming one of the more profitable ventures on the dark web. Fraudsters operate at scale and speed, constantly changing techniques, that even large companies like Amazon and Facebook struggle to keep up with them. As more and more consumers embrace digital channels for day-to-day transactions, existing points of compromise become more vulnerable than ever.
IT teams in the early century focused their efforts on combating cyber-crime – malwares, breaches and bot attacks that pierced firewalls and compromised data and systems that were in some ways black and white. Simplistic viruses and malware attacks such as the ILOVEYOU, MyDoom, Sasser and Cryptolock caused billions of dollars of damages when they were released. Today, fraudsters are employing more subtle but effective tools powered by AI. With stolen credentials and synthetic identities, they enter the system as trojans and make it very difficult for IT teams to stop them at the door without jeopardizing good customer experience.
IT teams have to be proactive and be on the lookout for fraud and be able to react to it at the speed it happens. Preventing fraud and protecting users is integral to IT strategy and core to maintaining a company’s competitive advantage.
In my recent presentations at ChinaJoy, AWS Beijing and AWS Anaheim, I noticed a growing trend where Engineering and IT teams are leading the search for technical solutions to protect their companies from suffering fraud damages. They were tasked to look for cutting edge solutions that can scale with organizational growth without the associated operation overhead. Also, more and more companies want real-time and self-learning solutions helping to defend the attacks versus a rules engine or reputation database that need to be maintained manually..
I’ve summarized below some of the key takeaways based on discussions with IT practitioners in the industry, who are leading this change within their own organizations.
Existing fraud tools are Inadequate and cannot scale
Digital information contained in application level events is astronomical – millions of user attributes such as IP addresses, email domains and user string agents, thousands of OS versions, phone prefixes and device types result in potentially trillions pieces of information. Our fundamental belief is that digital fraud happens in groups. It is impossible for humans to fully track all of the possible permutations between groupings of attributes and detect fraud in the digital age. To solve this problem scalably, you have to not only store the information, but find a way to complete this computation at a high quality in a timely manner.
The attacks are adaptive and self-learning. For example, a threshold based rule that is triggered when the wire transfer amount is greater than $500 is easily circumvented by the hackers. Hackers will be doing wire transfers at varied thresholds. By observing the transactions that passed or failed, they can stay under the radar by doing randomized amount under the threshold value. The perfect system will need to quickly adapt and learn as the attack patterns morph.
The brute force method is too resource and time intensive. You will need to find algorithms that will learns from the information received, and adapt to the attacks automatically. The reason why our customers want real-time response is there are actual cases where significant damage is done within 24 hours period.
Infrastructure needs to be actively managed and optimized
AI/Machine Learning is also called Big Data for a reason. Pending on the algorithm, the infrastructure needed scales geometrically with the size of the data within your organization. At DataVisor, we process about the same amount of information contained within the Library of Congress every day. The data also varies as much as 300% day-to-day for each client. Given this, we leverage the cloud solution from AWS and AliCloud heavily, scaling elastically to over 4000 nodes during peak volume. We find that from a cost and time-to-market perspective, the best way to design a project is with a pure cloud or a hybrid cloud solution. We are able to perform most of the compute based on bidding on spot instances, which makes it more cost effective than owning our own machines.
Time to adopt and adapt needs to be accelerated
Cloud, open source and proprietary machine learning platforms have reduced the barrier to entry to AI projects in a company. It is much easier to have a small team working on the projects that yield a high ROI. Developing AI solutions in-house should now be part of the technical roadmap for midsize to large organizations, and there is a good chance that you will see return on the investment in less than one year.
The most difficult parts of the AI implementation actually lies within the data collection and feature generation. Picking models is now a small part of the work. The following is a chart from a famous paper, which depicts the amount of work needed for an AI project. Over 90% of the work is outside of the algorithm portion of the work.
The initial implementation can start with as little as one team member. But the time to market is at least 6 months of work, with most of the projects taking over one year to reach production. Most of the challenge is to translate business level logic into useful features for the ML algorithms. One great feature can be more significant than using the optimal algorithm for the computation. After the initial launch, updating the model as the business evolves will be a constant workload. With the fast evolution of this space, this is a portion of the IT projects that should be strongly considered to be outsourced if there is not enough internal resources or expertise to deploy a solution immediately.
As IT teams explore new solutions and the associated integration efforts and costs, they need to keep in mind key factors that are critical to the decision making. They need a solution that can be proactive and provide early detection so they can adapt to emerging threats more easily. And, they need efficacy so the solutions can continue to perform with expected results without continuous monitoring and maintenance. With any IT transformation project, the ease of adoption enables executive buy-in as well end user adoption.
Datavisor provides out of box solutions that can be used IT and Engineering teams. We have designed the system to be quickly launched into various fraud scenarios out of the box in less than 2 weeks. We have thousands of features engineered to detect from mobile installation fraud to fraudulent transactions within a financial institution. With flexible deployment options, customers can wire Datavisor as an independent on-premise/cloud solution or integrate with existing tools as a augmented signal.