SEON is an eCommerce fraud prevention solution that specializes in intelligence tools and AI-powered fraud detection. We sat down with Co-founder Bence Jendruszak for a wide-ranging discussion including how to properly use social data when evaluating orders, the use of email as a data enrichment source, and whether or not the human fraud analyst still has a role to play in today’s fraud prevention world.
1. SEON suggests merchants use ‘multi-layered fraud prevention’. What are the key parts of that strategy today? And if a fraud department has a limited budget, what are the essential things to put in place?
Regardless of budget, we believe the most efficient fraud prevention systems need to do two things. First, collect as many data points as possible. Second, feed them to an algorithm that can help the fraud department find anomalies.
So a merchant with a limited budget should really focus on data points that are easy and affordable to extract. IP addresses are a great example. With extra resources, you can go for more sophisticated tools like email profiling, and all the way to facial recognition to match selfies with IDs.
The main point about multi-layered fraud prevention is that it enables flexibility and scalability in the long run. Even if you start off with the basic modules, like IP analysis, you still have the option to upgrade later.
It’s really cost effective because you only pay for what you need, and you are essentially saving on future manual work and integrations. We believe it’s one of the reasons why anti-fraud APIs are so successful right now.
2. You mention the possibility that merchants might be using “stale information” to make fraud decisions — a charge many would surely deny. How do you define “stale” data, and what are the steps for merchants to run a system audit and evaluate if their data is “stale”?
A lot of merchants rely on third-party databases that just aren’t updated regularly enough. For instance, working with a blacklist that is even a few days old can lead to false positives, which means a poor customer experience and churn.
At the bare minimum, third-party databases should be updated daily. We’ve seen some that take as long as one month to be updated, and that’s just way too slow for us, hence the “stale” data comment.
When it comes to own data, we ensure data points that change dynamically, like IP addresses, are never blacklisted for too long. We also keep timestamps and logs of everything so the evidence can be used later.
3. SEON uses both “whitebox” and “blackbox” machine learning. Can you explain the differences between those concepts? How merchants should be conceptualizing their own fraud prevention data in order to run more effective order analysis and make better decisions?
In fraud prevention, the goal of machine learning is to provide a risk score. But the calculations are based on probabilities and very complex. So some vendors remove transparency. They hide these calculations from sight and focus on just giving the result, which is the score. This is what we call a blackbox system.
With a whitebox system, on the other hand, you get readable rules through a Decision Tree algorithm. With ours, each applied rule creates a new branch where the nodes are clear parameters. This helps fraud analysts with manual reviews because they can visualize the calculations, understand scores, and adjust thresholds for approved or declined transactions.
We find whitebox systems are great for companies with talented fraud teams. They can take control of the system and adjust the algorithms as needed, for instance with something like a Black Friday sale where the data would not match historical user behavior.
But blackbox also has its uses for companies who just want to run the system on autopilot, or those who don’t have the resources to adjust it properly.
4. Let’s talk data. Social media profiling is one of the data sets that change over time. How do merchants properly enrich the social data they have on their users? How should they be making use of it in day to day operations?
Social media data is a fantastic asset for fraud analysts, because when it’s enriched, it combines publicly available data with information only the merchants has on the customer, creating a real 360 degree profile.
For instance, it works great as an authenticator at the account creation point, because it means users have already gone through a verification process on Facebook or Linkedin. It’s not bulletproof, but it helps filter out the less sophisticated bots and fraudsters.
Then there’s social media profiling for manual reviews. This can be a true goldmine. One of our clients says they’ve drastically reduced friendly fraud, simply by being able to prove that there are Instagram pictures of the buyer with the product, when they said they didn’t receive it. It’s a lengthy process, but it can make a huge difference for companies dealing with high value goods.
5. The idea of using IP addresses for high-risk geographic locations is a common practice. But you talk about flagging whole data centers and open port PING. What is the value in adding that information?
IP addresses are useful for flagging high-risk locations, but they’re also really easy to mask and change via VPNs and proxy servers. If your business relies on geo-blocking, you need to know when this happens. Companies like Netflix, for example, have a zero tolerance towards proxy usage.
The way to do detect that usage is looking at the ISP and via open port pinging. It helps reveal proxies as they all need an open port so people can connect to them. And if an ISP is only bringing in fraudsters from these IP addresses, it makes sense to block the entire data center.
This is where machine learning is really helpful, because it can suggest whether it’s worth blocking them all or not depending on your ratio of fraudsters vs legitimate users coming from the same ISP.
6. Another interesting tactic SEON uses to gain data is “reverse email lookup”. Can you explain what that means, and how it can help with fraud prevention?
Our email addresses are like our IDs for the digital world. We need them to open an account for most online services. While they are very easy to create, the personal ones stick with us for a long time. On average, a legitimate user keeps the same address for 10+ years.
And because these addresses are used everywhere, they can reveal a lot about us. We can check the domain type, quality (free or paid), if it’s linked to social media, found on blacklists or data breaches, etc…
This gives us clues about the user’s history. And when you feed enough of that history to a machine learning engine, you can quickly see which points make an email address risky or not – although social media profiling is often the main winner here.
7. When it comes to analyzing data, you write merchants can use SEON to “decrease manual review efforts” Why ‘decrease’ and not ‘eliminate’? What do you think the role of the manual fraud analyst is in today’s increasingly AI-powered environment?
This is a very good question, and a hot topic in the industry. Machines are getting smarter, and it is difficult to imagine their limits. Will there be a point when they can go on without human interaction at all?
The key point to remember is that machines only work miracles if they are fed the right data. And machines do not know what the right data is by themselves.
This is why manual reviews still have a role to play. Their feedback must be fed into the algorithms to improve the accuracy of the rules. So you still need human knowledge and insights to perform them in the first place – even if the goal is to get as few of them as possible.
We think the role of manual fraud analysts will always be important, even if their skills will be more used to supervise ML systems rather than actually perform manual reviews.
8. On an industry-specific level, you work with iGaming companies. Bonus and promo abuse is a big issue in that community. How do the strategies for preventing this type of fraud differ from those used in traditional chargeback fraud, if at all?
Every fraud type is detected through different patterns. So the strategies for stopping an account takeover, for instance, are quite different from those needed to curb promo abuse in gambling.
But there is one common point, which is about knowing who your customers are. For payment fraud, it’s about linking the customer with transaction details like card number and shipping address. For promo abuse, it’s about linking the customer to other similar accounts on the gambling site. You can find a wide range of data points available of any customer based on the digital footprint.
So if you can read your user’s digital footprint with the right data points, it’s easier to spot and flag multi-accounting, which is where bonus abuse comes from and the same applies to ecommerce fraud. Once again, knowing which are the right data points is easier if you can capture as many of them as possible and feed them into a machine learning engine to help you see the connections.
9. You also provide chargeback services for Forex companies, which is a fairly high-risk industry. How should fraud managers in these types of industries be thinking about fraud different than those in a more traditional eCommerce model?
Fraud managers in the Forex industry have to be extra vigilant about all potential fraud aspects, and worse, they have to work fast.
So the first challenge is that they deal with digital goods that are shipped in real time. That means their fraud prevention needs to work near instantly to prevent chargebacks. Ours provides results under 1 second.
Unlike with standard online stores, they also tend to work with fewer data points (no shipping data to block transactions), which makes it harder to block fraudulent transactions. So data enrichment is a must here.
Them there’s also complex bonus and affiliate systems, which are ripe for exploitation by fraudsters. Affiliate fraud is something we’re paying a lot of attention to at SEON, and we’ve seen that reducing the amount of bad traffic tends to reduce chargeback rates too.
10. Finally, if you could give one piece of advice to merchants about preventing fraud in a world with increasingly sophisticated and technology-powered fraudster tactics, what would it be?
This circles back to the original point about multi-layered protection. Basically: use as many different data points as possible, and find a way to connect their results.
It doesn’t even matter if you use one end-to-end system, or multiple tools. The point is that everything must work together in harmony.
It’s simply a matter of strength in numbers. Fraudsters can very easily falsify one data point. But faking the whole picture is a lot more difficult and resource-heavy.
So while we don’t think we’ll ever see a world without fraud, you can certainly make it as hard as possible for the bad guys to target your business. This is usually the best protection you can get.
