arrow left facebook twitter linkedin medium menu play circle

Fraudsters Outsmart Machine Learning, According to New DataVisor Study

December 12, 2018

Q3 2018 Fraud Index Report shows prevention and detection demand multiple lenses to stay ahead of threats

MOUNTAIN VIEW, Calif. – Dec. 12, 2018 – DataVisor, a leading fraud detection platform, today released its quarterly fraud index report, which indicates that sophisticated fraud campaigns are beginning to outwit machine learning solutions especially the ones that only detect known fraud patterns based on historic loss experience. As bad actors begin using modern technologies (even machine learning) in their attacks, enterprises must bolster detection efforts with a complete solution that can also detect new and emerging fraud patterns and detect them early, or risk being overtaken by fraudsters’ increasingly superior tech prowess.

The Q3 2018 DataVisor Fraud Index Report is a quarterly assessment of trending types and methods of online fraud in commerce and across the Internet. The current report uses information gathered by DataVisor between July and September of 2018, in the course of analyzing sample data over 40 plus billion events and analyzing over 750 million active user accounts, globally. The analysis also included 4.2 million user-agent strings, 120,000 device types and 500,000 phone number prefixes, among other indicators.

“This quarter’s Fraud Index Report shows that fraudsters are becoming increasingly aware of behaviors that can trigger machine learning fraud detection systems,” said Fang Yu, CTO and co-founder of DataVisor. “This underscores our contention that conventional machine learning systems are useful only for keeping up with known types of fraud. Unfortunately, when it comes to fraud detection, if you’re just keeping up, you’re already behind.”

The Fraud Index Report finds that fraudsters have become adept at evading static signals, and employ a flexible backend infrastructure so they can change their modus operandi quickly. Out of the fraud signals detected, 36% were active for less than one day, and 64% for less than one week. IP addresses were the most volatile with the median lifetime of IP fraud signals being just 3.5 days.

The report differentiates between high sophistication and low sophistication attacks. Highly sophisticated attackers (typically in the financial sector) can conduct normal online business operations for as much as 18 months before initiating small scale “test” attacks, to determine what responses may be forthcoming from targeted companies. Some 45% of attacks from highly sophisticated fraudsters occurred in these types of staggered stages.

Fraud attacks with higher sophistication also tend to have a more significant “delay” between attack phases. According to the report, in 40% of high sophistication attacks attackers wait for at least one day before mounting their peak attack, while 20% wait more than one month. By contrast, 80% of low sophistication attacks are performed within one day of fake account creation.

Private domains have become popular means of fraudulent user account registration. Registering private domains allows fraudsters to create email accounts en masse, enabling them to bypass phone verification, CAPTCHA, and other authentication methods often required with public email services.

The majority of these email domain fraud signals were identified with fraud from third-party sellers, including scams and/or the sale of fake and/or counterfeit items. Fake accounts are also registered solely for the purpose of promotion abuse, or to artificially boost a seller’s reputation by conducting fake purchases or leaving fake comments.

These new fraud methods suggest that existing machine-learning solutions may be insufficient for staying ahead of increasingly sophisticated attack strategies.

“Early detection is essential to preventing fraud, and it’s not enough to have point solutions or model-based methods,” said DataVisor’s Yu. “True prevention requires multiple lenses — a suite of solutions that combines business rules with adaptive AI that can detect both known and unknown fraud patterns.

“A combined approach enables users to accurately identify known attacks, and to get ahead of newer attack types that typically escape detection.”

About DataVisor
DataVisor is the next gen fraud detection platform based on cutting edge AI technology. Using proprietary unsupervised machine learning algorithms, DataVisor helps restore trust in digital commerce by helping businesses proactively detect and take action on fast evolving fraud patterns. Combining advanced analytics and an intelligence network of more than 4B user accounts globally, DataVisor protects businesses against financial and reputational damage. The DataVisor solution is deployed across a variety of industries, including financial services and e-commerce and social platforms. For more information, visit