PayPal's Fight against Fraud with Predictive Analysis

By CIOReview | Friday, July 8, 2016

Overview data

With the rise in security breaches around the globe, e-commerce companies are forced to invest on security and come up with improved fraud prevention techniques. PayPal, the pioneer in online payments is one of the world's largest Internet payment companies that have set best-in-class standards for fraud prevention by delivering holistic security solutions. As part of the company’s instigation to minimize fraud across major payment types and channels – including online, and mobile payments, PayPal utilizes the data from the past for a secure future. PayPal’s Internet payment system processes transactions 24/7 from all over the globe. In fact, the company reported to have handled 4.9 billion transactions in 2015 alone. They not only offer people better ways to manage and move their money, but also present them with choice and flexibility in how they are able to send money, pay or get paid with an open, secure and technology agnostic payments platform. With all those fraud and threat around the web, how does PayPal be on the track with optimal safety in each transaction?

Predictive Analysis in Security

Predictive analytics encompass a variety of statistical techniques from predictive modeling, machine learning, and data mining that analyze current and historical facts to make predictions about future or otherwise unknown events. In business, predictive models exploit patterns found in historical and transactional data to identify risks and opportunities. Models capture relationships among many factors to allow assessment of potential risks associated with a particular set of conditions, thus guiding in decision making for transactions.

Today’s predictive analysis is an emerging tool being used to identify potential cyber-threats against organizations. When integrated with existing security techniques, predictive analytics can fortify the defense and detect unknown or unusual behaviors. It involves advanced decision-making algorithms that analyze multiple parameters and take in live traffic data allowing the system to learn and adapt based on what it sees. Machine learning systems look for dangers and evidences of an incident that has taken place, is under way, or might be imminent. And although they do not necessarily handle security or policy enforcement, predictive analysis can provide continuous intelligence to other systems, like content-based security solutions, perimeter management solutions, and policy management solutions, to find threats leading to the prioritization of controls, protection, and remediation.

Online Shopping Frauds

Hackers using payment data is an effective and popular way of making a quick profit rather than trying to hack the whole e-commerce system, which is time consuming and risky. Although online companies try to protect their customers, attacks against individual users are still quite common. By stealing a relatively small amount from each hijacked online account, a cybercriminal has a good chance of going undetected. Cyber attacks against individual customers are largely automated and almost no operator involvement is required. Some of the common e-commerce security threats that PayPal had to tackle include Account Hacking where the attacker gains illegal entry into a person’s computer (PC) system and uses compromised customer credentials to hijack the banking information. In Identity theft fraud, the fraudster illegally obtains and uses personal information, whereas in Phishing the confidential information is obtained by posing as a trusted authority.

Some of the methods like use of tokens – small USB devices which contains a unique key to complete transaction, also had backdrops when hackers created methods of bypassing this protection and authorizing payment transactions.

PayPal’s Fraud Prevention Techniques

To offer the best in class security and better privacy for the users, PayPal introduced fraud attempts prediction with advanced predictive data analysis that can handle huge amount of historic data. “It’s a humongous amount of data we’re trying to get our head around and provide safe business to consumers and merchants together,” says Vamshi Ambati, Data Scientist, PayPal’s Data Technologies team. With a 17 year track record of secure online payments, PayPal is frequently improving its data infrastructure to identify potential cases of fraud. PayPal is building new technique and transforming the existing fraud analytics system by incorporating various open source technologies.

PayPal adopted predictive analytics to scour data related to the kind of device patrons might make payment on the location and compare information with the person's profile on PayPal to identify chances of scam attempt. The team uses this data to build machine learning algorithms that review each transaction for potential signs of fraud. Over time, the algorithm learns and sharpens its predictions. This data can make the predictive tools adept better at spotting illegal transactions and so PayPal can stop them or anticipate them. The team uses products from Teradata and Oracle for data management and from SAS Institute for analytics, but is becoming a bigger user of open source tools like Hadoop and Spark. “Many times commercial software doesn’t meet our needs completely, so, in this case, open source really comes in handy. We are able to take them and do all kinds of adjustments ourselves. That really unleashed the power of our data scientists,” said Hui Wang, PayPal’s Senior Director of Global Risk Sciences. Predictive analytics software is a necessity for businesses much like PayPal that need to deliver accurate and fast results to consumers, but also ensure thieves aren't targeting their customers. PayPal's predictive analytics tools can quickly identify the patrons that are trustworthy and fast-track their business dealings while at the same time slowing down transactions that appear suspect.

The right selection of scientists and engineers also was another remarkable achievement of PayPal to form the best team to handle the security threats with data analysis. Wang selected his team briskly by recruiting engineers who possess domain knowledge and curiosity rather than specific technical skills. "We've had a lot of success recruiting fresh-out-of-school students, these people have the latest and greatest on the technology side, and these people, we notice, are more open minded," concluded Wang.