Smyte might brighten fraud plight: How machine-learning can be used to thwart crooks
Security works better when you write your own rules
Analysis Carousell, a mobile-friendly classified ads market, has to deal with fraud.
Like other e-commerce sites, it has to deal with miscreants who use software scripts to register masses of new accounts. It also has to handle attempts to trick sellers into refunding overpayments on bad checks.
Fraudsters will buy an item for $1,000 and send a fake check for $5,000, knowing it takes several days for the check to bounce. They'll request the overpayment be returned and sellers, seeing the money in their accounts, often comply, only to have the bank cancel the entire transaction later.
Carousell's answer to this involves combination of machine learning and human management, an approach that underscores the potential for AI-oriented tech to empower rather than destroy.
The Singapore-based biz began working with Smyte in San Francisco to identify behavioral patterns among its users, in order to find those attempting to abuse its systems, and to encourage compliance with abuse policies.
The results were good: in the first full quarter of working with Smyte – the final three months of 2016 – Carousell reported a 25 per cent reduction in fraud tickets amid a 20 per cent increase in transactions. Measured in terms of fraud per transaction, the fraud incidence decline was almost 40 per cent compared to the previous quarter.
Smyte, as cofounder Pete Hunt told The Register in a phone interview, provides risk mitigation as a service. "We have customers with some of the hardest problems in the business," he said.
Hunt, who led the Instagram web team at Facebook, and his cofounders, Josh Yudaken, also an Instagram veteran, and Julian Templesman, who worked on spam and abuse teams for several Google products, have some experience dealing with internet reprobates.
Smyte provides an automated classifier that can be trained to recognize specific types of data, like payments or accounts, in conjunction with a set of tools designed to help customer service teams handle manual reviews, and a developer platform that facilitates the creation of custom rules.
It mixes machine learning with human experience and creativity; the fraudster arsenal is similar, but has tended to put more emphasis on brute force than AI-oriented disciplines.
Smyte's automated classifier, through integration with clients' data sources or JSON REST API calls, gobbles up events – transactions, posts, and the like – and renders judgement via asynchronous webhook or via synchronous API call. It can block events, flag them for review, or take other programmatic action.
"Being able to iterate quickly, deploy and test and monitor is the name of the game," said Hunt.
A Smyte customer, for example, might want to check to see if new accounts being created use the same profile picture. To do so, the customer could write a query in SQRL, the Smyte Query and Rule Language, which is based on SQL:
LET NumUsersWithProfilePhoto := countUnique(Actor BY ActorImagehash); CREATE RULE ManyUsersSharingProfilePhoto WHERE NumUsersWithProfilePhoto >= 5; WHEN ManyUsersSharingProfilePhoto ADD "shared_photo" TO SessionActor;
This rule, sent to Smyte through a
git push command, would modify Smyte's system to flag the customer support them when it detected five or more accounts with the same image.
Smyte's approach is to strike a balance between automated security and manual oversight. Relying too much on human judgement tends to be expensive and slow, Hunt said, who envisions customer service teams as spam analysts and developers who work in conjunction with automated systems and provide feedback rather than as human exception handlers.
AI in this scenario isn't a destroyer of humanity or jobs; it's a tool that handles the drudgery while people focus on more interesting problems. ®