Online Identity and Fraud Prevention
This a guest post by Mary Haskett, CEO of BeehiveID. BeehiveID uses technology to protect online communities by identifying fraudulent accounts and helping websites ensure their online accounts are backed by real people. It is especially important for such as a sensitive area as online dating.
There is a reported $3.5B lost to online fraud each year (source: Cybersource:2013 Online Fraud Report PDF 3.2 MB) but to me the more interesting number is the amazing $40B in lost revenue due to unnecessary blocks to online transactions (source: Trust Insight Report, Dec 2013).
Existing fraud prevention tools are blocking a lot of good customers while letting plenty of bad guys through the cracks. The founding team of BeehiveID has decades of experience working with identity technology for the DOD, in law enforcement applications where the stakes are high. We decided to see if we could find a better way to address the problem of identity online.
The reason traditional fraud prevention tools fail is that they focus on specific characteristics of individual transactions – IP address, geolocation, browser fingerprints or behavioral factors. Using these shallow measures to predict fraud worked well when they were largely unknown by scammers.
These days, however, the bad guys have developed tools that allow them to circumvent most of these techniques. Worse still, these traditional tools have a high false positive rate. This means you aren’t effectively blocking the bad guys, but you are falsely identifying good customers as bad! Our customers report as many as 25% of their rejected transactions turned out to be from valid customers once manually analyzed. Can you afford to turn away that many customers?
We have developed a new way to think about fraud prevention. Instead of looking at transactions, we are looking at the people themselves. If a scammer intends to do harm, either using a stolen credit card or creating an account with bad intent, they don’t use their real persona. They create shallow fake accounts which we can detect.
We have two basic methods. The first uses social sites like Facebook, LinkedIn or Gmail. The user logs into an account and our algorithm combs through the data created when they use these sites. Real people interact with other real people in specific patterns that cannot be replicated by scammers – it’s too much work.
The second method is selfie-based, for people who do not have or do not want to use social accounts. We provide a time-based code and they send us a selfie including the code. We use biometric face matching and other image matching techniques to ensure the account in backed by a unique, real person.
All of our techniques are opt-in and preserve privacy.
If you are interested in more details, we hosted a webinar that examined the various transactional tools traditionally used to fight fraud — how they work (at a basic level), and where they fall short. We also showed a new way of thinking about fraud — instead of trying to prevent fraud by using shallow transactional data, we showed how person-based data can be a much more effective barrier to fraud, as well as a critical tool for building safe, trusting online communities. You can sign up to watch the webinar here.
UPDATE: The service is no longer available after the changes in Facebook Developer Policy following the Cambridge Analytica scandal.