UPDATE Fraud Detection: The Journey To Make E-commerce More Secure

Agenda - The Need for Fraud Detection - Fraud Detection
System in Yahoo Japan - UPDATE Fraud Detection

The Need for Fraud Detection

Digitization is progressing Photo by Conny Schneider on Unsplash

Example: Buy something with Photo by Claire Abdo on Unsplash
Photo by Igal Ness on Unsplash

Example: Buy something with Cash Data

People have switched to shopping with Data.

E-commerce is becoming common Photo by rupixen.com on Unsplash

Practice: Please Recall your experience.

What did you do when you bought something on E-commerce
services?

1. Enter the number of your credit card. To buy
something on E-commerce 3. Press the "Order" button. 2. Enter the security code (CVV) of your credit card.

Digitization is progressing Photo by Conny Schneider on Unsplash

Digitization is progressing Photo by Clint Patterson on Unsplash

1. Enter the number of your credit card. What you
did some time ago 3. Press the "Order" button. 2. Enter the security code (CVV) of your credit card.

What if it was a phishing site?

How do fraudsters use stolen data?

1. Steal credit card data. How fraudsters use stolen data
3. Sell what they have bought. 2. Buy something with the stolen credit card data.

Where is this fraud occuring?

E-commerce market.

The amount of damage from the theft of credit card
numbers in Japan 39 19.5 31.1 22.3 22.2 0 10 20 30 40 50 2022? 2022 (half) 2021 2020 2019 Data: JAPAN CONSUMER CREDIT ASSOCIATION(2022), クレジットカード不正利用被害額の発生状況, https://www.j-credit.or.jp/information/statistics/download/toukei_03_g.pdf UNIT: billion yen

1. Digitization is progressing. Summary of the need for Fraud
Detection 3. Threat of credit card fraud in E-commerce is increasing. 2. Digitization of fraud is also under way.

Fraud Detection System in Yahoo Japan

Account Takeover • Credential Cracking • Credential Stuffing • Phishing
• Token Theft E-commerce Fraud • Scalping • Sniping Payment Fraud • Carding • Card Cracking • Cashing Out • Promotion Abuse Threat models for E-commerce Data: W3C Anti-Fraud Community Group, Use Cases & Threat Models https://github.com/antifraudcg/use-cases/blob/main/USE-CASES.md

Fraud tricks are ever-changing Target Another Trick Fraudsters Fraud Trick
Detect & Block Change

Fraud Detection System in Yahoo Japan Fraud Detection System Judges
Developers Analysts

Feedback Loop Manage Rules Fraud Detection Judge Store Logs Analyse

The First Step of Fraud Detection System

The First Step of Fraud Detection System Issues Mass illegal
access Hard-coded logic

• Client-Server model denylisting system The First Step of Fraud
Detection System System Overview • ML model specialized for specific tasks is built-in • With embedded logic and learning function.

Pros • Separation of logic from service. • Service-based logic
tuning. • Learning function. • Extremely fast. (2ms / 1 transaction) Cons • Some logics still hard-coded. • Cost for replace embedded model is too large. • Becomes confusing due to various subsystems and various notification methods. The First Step of Fraud Detection System Pros & Cons

Restructuring as Web API

Restructuring as Web API Analysts Rule management tool Reports Rules
Fraud Detection System Judges DWH Client Feedback System Overview

Restructuring as Web API Rule Structure Condition A Condition C
Condition B Condition X Condition Z Condition Y AND AND AND AND OR param [operator] value

Pros • Improved usability. • Real-time logic updates. • Aggregation
of fraud detection logics and notifications. Cons • Logics are managed manually. Restructuring as Web API Pros & Cons

• Manual management itself is complicated. • The more sophisticated
the rule, the more tacit knowledge an individual derives. • Combinatorial Explosion of parameters occurs. Manual rule management has limits.

Core Pillars Machine Learning Data Driven

Core Pillars 1. Machine Learning

Less false positive & More explainability

Core Pillars 1. Machine Learning Automatic Rule Management Inference as
Parameters Automatic Model Update

Automatic Rule Management Inference as Parameters Automatic Model Update Core
Pillars 1. Machine Learning

Core Pillars 1. Machine Learning Machine Learning API Fraud Detection
System Machine Learning API Model A (GBDT) Model B (GBDT) Models Config

Core Pillars 1. Machine Learning Model Serving Platform Fraud Detection
System CuttySark : Model Serving Platform Model C (TensorFlow) Model D (TensorFlow) Models

Core Pillars 2. Data Driven

• Manual management itself is complicated. • The more sophisticated
the rule, the more tacit knowledge an individual derives. • Combinatorial Explosion of parameters occurs. Manual rule management has limits.

Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis
Company-wide Database

Core Pillars 2. Data Driven Company-wide Database Company-wide DataBase Platforms
Anonymized User Data Abusive Data

Core Pillars 2. Data Driven Company-wide Database Fraud Detection System
Company-wide DataBase Platforms Other Services Anonymized User Data Abusive Data

Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis
Company-wide Database

Core Pillars Machine Learning Data Driven

Further Improvements

Detection based on a single transaction : dot-shaped detection Trick
Target Trick Trick Trick Trick Trick

Patrol-type detection : line-shaped detection Trick Target Trick Trick Trick
Trick Trick

UPDATE Fraud Detection

UPDATE for more Secure Accurate Flexible

Overview of Credit Card Fraud in Yahoo Japan on Shopping
business ( Yahoo! JAPAN Shopping , PayPay Mall ) 2017 2018 2019 2020 2021 Amount of Damage Amount of Prevention

Overview of Credit Card Fraud in Yahoo Japan on Reuse
business ( YAHUOKU! , PayPay Flea Market ) 2017 2018 2019 2020 2021 Amount of Damage Amount of Prevention

Yahoo Japan will not stop the journey to make E-commerce
more secure.

Thank you

UPDATE Fraud Detection: The Journey To Make E-c...

UPDATE Fraud Detection: The Journey To Make E-commerce More Secure

More Decks by Tech-Verse2022

Other Decks in Technology

Featured

Transcript