What is Fraud mitigation?
Fraud has existed as long as buyers and sellers have engaged in commerce and there will always be someone looking for a way to beat the system.
It’s challenging to think of a modern enterprise that doesn’t use electronic commerce. Modern commerce is not only about moving cash around electronically, but also includes contracts and financial instruments represented as electronic transactions.
As technology gets more sophisticated and systems become more interconnected, detecting fraud becomes harder using traditional methods. We must look at how best to balance the need for fraud detection with the instant transaction expectations of our customers.
Challenges: Fraud detection in real time
- Modern fraud detection engines should be based on a well-trained AI model that can be served over a scalable distributed architecture with minimum to no effect on application latency.
- Detecting and mitigating fraud requires enriching the transaction data with a variety of data sources and preparing it (i.e. vectorizing the data) to be served by the AI engine. This operation can be time sensitive and in many cases adds significant delays to the application execution. To overcome this problem, DevOps engineers and architects are forced to bypass some of the rules set by the data-science team to make sure the application can still meet its performance and availability SLA at the expense of the quality of the fraud-mitigation application.
Why Redis Enterprise?
Transactions rarely happen in isolation, there is usually a relationship between multiple transactions. This relationship could include the time of day they occurred, the type of transaction, the country or location the transaction occurred, or the frequency of transactions. All of these are signals that can be monitored to detect fraudulent behavior.
We can quickly detect these anomalies using a fast, in-memory data store. Once identified, we can offload the processing of suspect transactions to systems dedicated to specific aspects of fraudulent behavior.
From a classic fraud prevention point of view, there are several standard tools that can be used. These include location checking, 3-D Secure, CVV2 number checking, and AVS matching, to name a few.
Location checking, for example, can refer to both a physical cardholder’s address and GeoIP matching. GeoIP checking is a useful tool that compares the IP the transaction originated from against the expected physical location of the transaction owner. It is easy to implement this efficiently using Redis’ geospatial indexing.
Examining patterns over time, chaining together events from an owner’s transaction history to provide insight is another technique. Redis Enterprise includes comprehensive time-series functionality that allows for search on time-stamped based datasets (RedisTimeSeries). With a fast in-memory data store, we can examine transactions and compare them with cached user information to identify anomalies quickly and precisely.
In addition, Redis Enterprise extends the core probabilistic data structures of Redis with a probabilistic data-structure like Bloom Filter (see RedisBloom) that provides an efficient way to verify whether an entry is certainly not in a set. In a fraud-detection application, Bloom filters could be useful to check if a transaction’s ID was present or not in a list of known fraudulent patterns.
Last but not least, Redis Enterprise comes with a robust AI module (RedisAI) for serving deep learning (DL) models that were trained by state-of-the-art systems like TensorFlow or PyTorch in-addition to a machine learning (ML) serving engine based on ONNX Runtime. RedisAI runs on top of the shared-nothing, scalable, and highly available architecture of Redis Enterprise and utilizes GPUs for parallelizing the model-serving operation. Furthermore, Redis Enterprise can be programmed to enrich the DL/ML serving with data already stored in Redis Enterprise and avoid the per transaction-processing overhead and the complexity associated with migrating, serializing, and vectorizing data between the database and the AI serving layer.
How to implement fraud mitigation with Redis Enterprise
Fundamental fraud detection only gets us so far. Eventually, every organization and developer must dive into the world of artificial intelligence and machine learning to understand the data and then use it for real time fraud mitigation. Using AI can bring us beyond standard rules based analysis and help us detect subtle patterns that would be missed otherwise. AI/DL and ML are particularly useful when analyzing buyer behavior to determine if a transaction falls within the scope of what a buyer would typically do.
As noted, RedisAI enables serving AI models created in PyTorch, Tensorflow, and ONNX. Redis Enterprise also provides support for two libraries that work with RedisAI: JRedisAI for Java and redisai-py for Python.
A hands-on example
This blog post (My Other Stack Is RedisEdge) explains how to feed video from a camera or a file into Redis and run an AI model in real time for face recognition or classification. You can apply the same methodology to run an AI classification model against all transactions being fed into Redis Enterprise to detect and prevent fraud in real time.
If you’re interested in digging deeper, consider the following case studies, best practices, and setup guides: