Complex fraud detection platform

Problem statement: In the early stages of the Trust & Safety departments at this company, fraud detection techniques were unscientific and reactive, relying on manually examining spreadsheets for inconsistencies and using a range of outdated tools to take action.

With the evolution of the fraud landscape, attacks increased in frequency and complexity. It became evident that existing methods for identifying and addressing various types of fraud required systematization and automation. This would enable a more proactive approach to identifying malicious actors before they could significantly impact customers.

Project: My team and I spearheaded the architecture and development of a complex, event-based fraud detection platform with the following features in mind:

• Keyword detection: Identifying suspicious or malicious words and phrases within user-submitted data.

• Account takeover prevention: Proactively protecting user accounts from unauthorized access.

• Identity verification: Verifying users are who they claim to be.

• Risk monitoring: Continuously assessing potential threats and vulnerabilities.

• Compliance case management: Escalating and managing investigations in accordance with policy.

• Crisis management: Effectively responding to critical incidents.
  

We developed a technical solution that allowed all of these separate operations to take place in parallel, managed by their respective departments without duplicating efforts. Because these systems all interacted with each other on the back end, it allowed for easier escalations and shared case responsibility when applicable.

This system adheres to a strict compliance framework, including national and international regulations set forth by regulatory agencies such as GDPR, CRA, IRS, FCC, OFAC, and FINTRAC.

A game-changer in this suite of products was the intuitive React-based GUI that empowered our customer teams to manage their own security rules. Instead of submitting engineering requests into sprints or submitting emergency requests, Trust & Safety leadership could directly view and adjust the conditions for monitoring, flagging, reviewing, and taking action on malicious activity. This enabled real-time threat response, significantly improving security posture and allowing the company to respond more effectively during crises and coordinated attacks.

Key improvements:

• Increased agility: Customers proactively manage and test security rules, reducing dependence on finite engineering resources.

• Enhanced responsiveness: Real-time adjustments to monitoring criteria allow for immediate threat response.

• Brand protection: Monetary losses reduced by 9% in the first month immediately following the MVP release.

• Improved compliance: System adheres to strict regulations, minimizing legal and financial risks.

• WYSIWYG: All fraud detection rules and outcomes are human-readable without reviewing code.

• Logging and monitoring: Rule creation and edits are logged to a downloadable CSV and reports summarizing daily outcomes are auto-generated via Looker and emailed to leadership.

• Infinite customizability: Designed to react to the fluidity and creativity of bad actors, crises, and requisite organizational changes within the company.

Overall, this innovative system empowers the company and its customers by proactively managing risk, safety and compliance in one place.