Upgrade to Pro — share decks privately, control downloads, hide ads and more …

UPDATE Fraud Detection: The Journey To Make E-commerce More Secure

Tech-Verse2022
PRO
November 17, 2022
Technology
0
140

UPDATE Fraud Detection: The Journey To Make E-commerce More Secure

Akihiro Daigo (Yahoo! JAPAN / Commerce Infrastructure Division, Commerce CTO, Commerce Group / Engineer)

https://tech-verse.me/ja/sessions/184
https://tech-verse.me/en/sessions/184
https://tech-verse.me/ko/sessions/184

Tech-Verse2022
PRO

November 17, 2022
Tweet

More Decks by Tech-Verse2022

See All by Tech-Verse2022
Development and Operation of Expressive Speech Synthesis System
techverse_2022
PRO
0
330
チームの協働関係を強化するスクラム活用方法
techverse_2022
PRO
0
200
Easier and Safer LINE Account Transfer
techverse_2022
PRO
0
58k
Server Architecture Behind Safety Check at LINE
techverse_2022
PRO
0
250
How LINE OpenChat Server Handles Extreme Traffic Spikes
techverse_2022
PRO
0
640k
How LINE Securities Integrates with External Services
techverse_2022
PRO
0
210
Problems and Solutions for Two Billion Recommendations Per Day
techverse_2022
PRO
0
260
Anko to Jetpack Compose, LINE Sticker Maker's Technical Debt Resolution
techverse_2022
PRO
0
200
SwiftUI in LINE LIVE iOS - Technology Selection and Implementation
techverse_2022
PRO
0
410

Other Decks in Technology

See All in Technology
require(ESM)とECMAScript仕様
uhyo
4
970
Babylon.js JAPAN活動紹介 (2024/4)
limes2018
1
120
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
0
650
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
250
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
2
590
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
110
止まらないLinuxシステムを構築する_高信頼性クラスタ入門
koedoyoshida
2
410
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
AWS学習者向けにAzureの解説スライドを作成した話
handy
3
190
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
1k
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
330
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
270

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
60
4k
Automating Front-end Workflow
addyosmani
1357
200k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
79
43k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
RailsConf 2023
tenderlove
8
550
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
245
20k
Design by the Numbers
sachag
274
18k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Being A Developer After 40
akosma
66
580k
Happy Clients
brianwarren
92
6.4k

Transcript

  1. None

  2. Agenda - The Need for Fraud Detection - Fraud Detection

    System in Yahoo Japan - UPDATE Fraud Detection

  3. The Need for Fraud Detection

  4. Digitization is progressing Photo by Conny Schneider on Unsplash

  5. Example: Buy something with Photo by Claire Abdo on Unsplash

    Photo by Igal Ness on Unsplash

  6. Example: Buy something with Photo by Claire Abdo on Unsplash

    Photo by Igal Ness on Unsplash

  7. Example: Buy something with Cash Data

  8. People have switched to shopping with Data.

  9. E-commerce is becoming common Photo by rupixen.com on Unsplash

  10. Practice: Please Recall your experience.

  11. What did you do when you bought something on E-commerce

    services?

  12. 1. Enter the number of your credit card. To buy

    something on E-commerce 3. Press the "Order" button. 2. Enter the security code (CVV) of your credit card.

  13. 1. Enter the number of your credit card. To buy

    something on E-commerce 3. Press the "Order" button. 2. Enter the security code (CVV) of your credit card.

  14. Digitization is progressing Photo by Conny Schneider on Unsplash

  15. Digitization is progressing Photo by Clint Patterson on Unsplash

  16. 1. Enter the number of your credit card. What you

    did some time ago 3. Press the "Order" button. 2. Enter the security code (CVV) of your credit card.

  17. What if it was a phishing site?

  18. How do fraudsters use stolen data?

  19. 1. Steal credit card data. How fraudsters use stolen data

    3. Sell what they have bought. 2. Buy something with the stolen credit card data.

  20. Where is this fraud occuring?

  21. E-commerce market.

  22. The amount of damage from the theft of credit card

    numbers in Japan 39 19.5 31.1 22.3 22.2 0 10 20 30 40 50 2022? 2022 (half) 2021 2020 2019 Data: JAPAN CONSUMER CREDIT ASSOCIATION(2022), クレジットカード不正利用被害額の発生状況, https://www.j-credit.or.jp/information/statistics/download/toukei_03_g.pdf UNIT: billion yen

  23. 1. Digitization is progressing. Summary of the need for Fraud

    Detection 3. Threat of credit card fraud in E-commerce is increasing. 2. Digitization of fraud is also under way.

  24. Fraud Detection System in Yahoo Japan

  25. Account Takeover • Credential Cracking • Credential Stuffing • Phishing

    • Token Theft E-commerce Fraud • Scalping • Sniping Payment Fraud • Carding • Card Cracking • Cashing Out • Promotion Abuse Threat models for E-commerce Data: W3C Anti-Fraud Community Group, Use Cases & Threat Models https://github.com/antifraudcg/use-cases/blob/main/USE-CASES.md

  26. Fraud tricks are ever-changing Target Another Trick Fraudsters Fraud Trick

    Detect & Block Change

  27. Fraud Detection System in Yahoo Japan Fraud Detection System Judges

    Developers Analysts

  28. Feedback Loop Manage Rules Fraud Detection Judge Store Logs Analyse

  29. The First Step of Fraud Detection System

  30. The First Step of Fraud Detection System Issues Mass illegal

    access Hard-coded logic

  31. • Client-Server model denylisting system The First Step of Fraud

    Detection System System Overview • ML model specialized for specific tasks is built-in • With embedded logic and learning function.

  32. Pros • Separation of logic from service. • Service-based logic

    tuning. • Learning function. • Extremely fast. (2ms / 1 transaction) Cons • Some logics still hard-coded. • Cost for replace embedded model is too large. • Becomes confusing due to various subsystems and various notification methods. The First Step of Fraud Detection System Pros & Cons

  33. Pros • Separation of logic from service. • Service-based logic

    tuning. • Learning function. • Extremely fast. (2ms / 1 transaction) Cons • Some logics still hard-coded. • Cost for replace embedded model is too large. • Becomes confusing due to various subsystems and various notification methods. The First Step of Fraud Detection System Pros & Cons

  34. Restructuring as Web API

  35. Restructuring as Web API Analysts Rule management tool Reports Rules

    Fraud Detection System Judges DWH Client Feedback System Overview

  36. Restructuring as Web API Rule Structure Condition A Condition C

    Condition B Condition X Condition Z Condition Y AND AND AND AND OR param [operator] value

  37. Pros • Improved usability. • Real-time logic updates. • Aggregation

    of fraud detection logics and notifications. Cons • Logics are managed manually. Restructuring as Web API Pros & Cons

  38. • Manual management itself is complicated. • The more sophisticated

    the rule, the more tacit knowledge an individual derives. • Combinatorial Explosion of parameters occurs. Manual rule management has limits.

  39. Core Pillars Machine Learning Data Driven

  40. Core Pillars 1. Machine Learning

  41. Less false positive & More explainability

  42. Core Pillars 1. Machine Learning Automatic Rule Management Inference as

    Parameters Automatic Model Update

  43. Automatic Rule Management Inference as Parameters Automatic Model Update Core

    Pillars 1. Machine Learning

  44. Automatic Rule Management Inference as Parameters Automatic Model Update Core

    Pillars 1. Machine Learning

  45. Automatic Rule Management Inference as Parameters Automatic Model Update Core

    Pillars 1. Machine Learning

  46. Core Pillars 1. Machine Learning Automatic Rule Management Inference as

    Parameters Automatic Model Update

  47. Core Pillars 1. Machine Learning Automatic Rule Management Inference as

    Parameters Automatic Model Update

  48. Core Pillars 1. Machine Learning Machine Learning API Fraud Detection

    System Machine Learning API Model A (GBDT) Model B (GBDT) Models Config

  49. Core Pillars 1. Machine Learning Machine Learning API Fraud Detection

    System Machine Learning API Model A (GBDT) Model B (GBDT) Models Config

  50. Core Pillars 1. Machine Learning Model Serving Platform Fraud Detection

    System CuttySark : Model Serving Platform Model C (TensorFlow) Model D (TensorFlow) Models

  51. Core Pillars 1. Machine Learning Automatic Rule Management Inference as

    Parameters Automatic Model Update

  52. Core Pillars 1. Machine Learning Automatic Rule Management Inference as

    Parameters Automatic Model Update

  53. Core Pillars 1. Machine Learning Automatic Rule Management Inference as

    Parameters Automatic Model Update

  54. Core Pillars 2. Data Driven

  55. • Manual management itself is complicated. • The more sophisticated

    the rule, the more tacit knowledge an individual derives. • Combinatorial Explosion of parameters occurs. Manual rule management has limits.

  56. • Manual management itself is complicated. • The more sophisticated

    the rule, the more tacit knowledge an individual derives. • Combinatorial Explosion of parameters occurs. Manual rule management has limits.

  57. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  58. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  59. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  60. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  61. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  62. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  63. Core Pillars 2. Data Driven Company-wide Database Company-wide DataBase Platforms

    Anonymized User Data Abusive Data

  64. Core Pillars 2. Data Driven Company-wide Database Company-wide DataBase Platforms

    Anonymized User Data Abusive Data

  65. Core Pillars 2. Data Driven Company-wide Database Fraud Detection System

    Company-wide DataBase Platforms Other Services Anonymized User Data Abusive Data

  66. Core Pillars 2. Data Driven Fraudulent Keywords Ranking Network Analysis

    Company-wide Database

  67. Core Pillars Machine Learning Data Driven

  68. Core Pillars Machine Learning Data Driven

  69. Further Improvements

  70. Detection based on a single transaction : dot-shaped detection Trick

    Target Trick Trick Trick Trick Trick

  71. Patrol-type detection : line-shaped detection Trick Target Trick Trick Trick

    Trick Trick

  72. Patrol-type detection : line-shaped detection Trick Target Trick Trick Trick

    Trick Trick

  73. UPDATE Fraud Detection

  74. UPDATE for more Secure Accurate Flexible

  75. Overview of Credit Card Fraud in Yahoo Japan on Shopping

    business ( Yahoo! JAPAN Shopping , PayPay Mall ) 2017 2018 2019 2020 2021 Amount of Damage Amount of Prevention

  76. Overview of Credit Card Fraud in Yahoo Japan on Reuse

    business ( YAHUOKU! , PayPay Flea Market ) 2017 2018 2019 2020 2021 Amount of Damage Amount of Prevention

  77. Yahoo Japan will not stop the journey to make E-commerce

    more secure.

  78. Thank you