AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
Low Latency Fraud Detection & Prevention
1. Low Latency
Fraud Detection
& Prevention
June 9th, 2021
Sid Anand
Chief Architect
Datazoom
Taimur Rashid
Chief Business Officer
Redis Labs RE
WORK
.
2. Objectives of the session
• Importance of fraud prevention, especially given the rise of digitalization
• First principles of real-time data and fraud prevention
• Technical merits of in-memory databases such as Redis
• Fraud detection and prevention platform components
• Learn best practices of implementing low latency fraud prevention based on
examples from the industry related to:
• E-mail fraud
• Payment fraud
RE
WORK
.
3. Agenda
• State of the Union
• The need for Real-Time
• First Principles
• Modern Architectural Components
• Best Practices
RE
WORK
.
4. About me
• Redis Labs: Strategic BD, Emerging Business, AI/ML
• Microsoft: Worldwide Customer Success for Microsoft Azure
Data Platform, Analytics & AI
• Amazon Web Services (AWS): Platform Business Development
RE
WORK
.
5. Fraud is widespread and continues to rise
RE
WORK
.
49%
of companies had
experienced fraud
in losses caused
by fraud in 2020
$42 billion
In 2019 fraud cost
for banks grew by
17%
2020 PwC survey
10. Translating first principles to outcomes
RE
WORK
.
Real-time digital
identity updates
Increase accuracy
and detection speed
with AI models
High-speed statistical
analysis to reduce
cost
11. Keep digital identities updated in real time
RE
WORK
.
RedisSearch RedisGraph
Geolocation and
identity searches
Detect Suspicious
connections/ fake
identities
Consumer expect a
responsive digital
experience
Digital identity updated
in real-time to provide
a seamless consumer
experience
12. Increase accuracy and detection speed with AI
RE
WORK
.
RedisAI RedisGear
Slow Processing
due to separate
database storage
High accuracy
and instant
fraud detection
Deep learning models directly
where data lives in Redis
13. Reduce detection costs with statistical analysis
RE
WORK
.
RedisTimeSeries RedisBloom
Historical trends
and detect
anomalies
Compare transactions
against known
patterns
Significant cost
savings
Rule-based fraud
detection is expensive
as it needs manual
intervention
14. Bringing it all together with modern architecture
RE
WORK
.
Transaction
information
Behavioral
biometrics
Customer
identity
Record digital
Transaction
(Event Hub)
Validate
digital identity
Probabilistic
filter
Process
transaction
Transaction
scoring
Real-time
transaction scoring
Digital identity
validation
Anomaly
detection
RedisBloom
Redis AI RedisGears
RedisTime
Series
RedisSearch
Redis Streams
RedisGears
Has this identity executed this
type of transaction before?
Update
Digital identity
Real-time
SQL-like
querying
Asynchronous
event
processing
Track high
Risk transactions
Real-time
AI serving
collocated
with tensors
✓
X
16. About me
• Worked at : Netflix, LinkedIn, Etsy, PayPal, eBay, Agari
• Currently : Chief Architect @ Datazoom
• Previously : Chief Data Engineer @ PayPal
• Before That: Data Architect for Agari (A Spear Phish Prevention
company)
• Other Interests : PMC & Committer @ Apache Airflow, PMC member
of various technical conferences
RE
WORK
.
18. Email Fraud : What is it?
• The most common form is Phishing & Spam
RE
WORK
.
• These are typically handled using
• Secure Email Gateways (SEGs)
• Looks for common content patterns across email
• When found, these patterns (signatures) are used to filter out
future such email
• SEGs are really good at handling volume attacks
19. Email Fraud : What is it?
• Another type of attack is Spear Phishing (Targeted Email Attack)
RE
WORK
.
• Unlike Phishing, Spear Phishing is not a volume attack, hence these
emails often bypass SEGs
20. Email Fraud : What is it?
• Another type of attack is Spear Phishing (Targeted Email Attack)
RE
WORK
.
• Unlike Phishing, Spear Phishing is not a volume attack, hence these
emails often bypass SEGs
• In Spear Phishing, hackers target a high-value person with a few emails
and social engineering
21. Email Fraud : What is it?
• Examples from the real-world
RE
WORK
.
• W2 Spear Phishing :
● Cybercriminals, pretending to be executives at a company, email
payroll officials, requesting employee W-2s
● Cybercriminals then use the W-2s to (fraudulent) file tax returns within
days of receiving the requested W-2 to get tax refunds
22. Email Fraud : Technical Dive
RE
WORK
.
Implementing Spear Phish Prevention @ Agari
23. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
24. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester
25. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
26. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
27. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
Alerter
28. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
Alerter
29. Email Fraud : Technical Dive
RE
WORK
.
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
Alerter
E2E Response Time(p95) : 3s
30. Email Fraud : Technical Dive
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
Alerter
31. Email Fraud : Technical Dive
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
Alerter
nightly full model builds
32. Email Fraud : Technical Dive
Agari
Collector
Enterprise
Customer A
Ingester Scorer
Online
Model
Builder
Alerter
nightly feature digests
Agari Cloud (in AWS)
33. Email Fraud : Technical Dive
Agari
Collector
Enterprise
Customer A
Ingester Scorer
Online
Model
Builder
Alerter
on-demand model builds
Agari Cloud (in AWS)
34. Email Fraud : Technical Dive
Agari
Collector
Enterprise
Customer A
Agari Cloud (in AWS)
Ingester Scorer
Online
Model
Builder
Alerter
live counter increments to decay
variables
37. Payment Fraud : What is it?
• Examples from the real-world payment fraud (@ PayPal)
RE
WORK
.
• Buyer Risk: Seller Reputation Puffing & Non-Delivery (eBay)
• A fraudulent seller sells thousands of inexpensive trinkets to boost his eBay
Reputation
• Then, he sells a few high priced items (e.g. Cars) without delivering them,
takes the money and runs!
• Seller Risk: Overpayment Scam
• A fraudulent buyer overpays for an item & asks the seller for a refund to a
different account of the overpayment amount
• After receiving the overpayment amount, the buyer claims ATO of his PayPal
account and requests a full refund
• PayPal refunds the full payment to the buyer!
• Collusion Networks
• A fraudulent Seller and Buyer conspire : Buyer claims non-delivery of many
fake products after seller cashes out his PayPal account
• PayPal refunds money to Buyer. Buyer & Seller double their money!
38. Payment Fraud : Technical Dive
RE
WORK
.
Fraud Prevention @ PayPal
39. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
PayPal Data Center
(Users)
40. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
PayPal Risk Services
PayPal Data Center
(Users)
P(95) = 50ms
> 250MM / day
41. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
API Gateway
PayPal Risk Services
PayPal Data Center
(Users)
P(95) = 50ms
> 250MM / day
42. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
API Gateway
Decisioning Rules
Engine
PayPal Risk Services
PayPal Data Center
(Users)
P(95) = 50ms
> 250MM / day
43. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
API Gateway
Decisioning Rules
Engine
ML Compute
PayPal Risk Services
PayPal Data Center
(Users)
P(95) = 50ms
> 250MM / day
44. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules
Engine
ML Compute
PayPal Risk Services
PayPal Data Center
(Users)
P(95) = 50ms
> 250MM / day
45. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules
Engine
ML Compute
PayPal Risk Services
PayPal Data Center
(Users)
Teradata HDFS
~100-150 PB
nightly full
model builds
46. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules
Engine
ML Compute
PayPal Risk Services
PayPal Data Center
(Users)
Teradata HDFS
~100-150 PB
nightly feature
digests
47. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules
Engine
ML Compute
PayPal Risk Services
PayPal Data Center
(Users)
Recent Events
(Email change, Shipping
Address change)
48. Payment Fraud : Technical Dive
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules
Engine
ML Compute
PayPal Risk Services
PayPal Data Center
(Users)
Purchase Txns
50. Payment Fraud : In Action
PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules Engine
ML Compute
PayPal Risk Services
PayPal Data Center
Bob wants to
buy 500
GPUs
51. PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules Engine
ML Compute
PayPal Risk Services
PayPal Data Center
Bob wants to
buy 500
GPUs
from a
foreign IP
addr
RE
WORK
.
Payment Fraud : In Action
52. PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules Engine
ML Compute
PayPal Risk Services
PayPal Data Center
Bob wants to
buy 500
GPUs
from a
foreign IP
addr
He recently changed
his shipping address
and email address
RE
WORK
.
Payment Fraud : In Action
53. PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules Engine
ML Compute
PayPal Risk Services
PayPal Data Center
Bob wants to
buy 500
GPUs
from a
foreign IP
addr
He recently changed
his shipping address
and email address
He lives in the US midwest
& buys dog food once a
month
RE
WORK
.
Payment Fraud : In Action
54. PayPal Services
(Credit, P2P Payments, B2C Payments, Payment Processing, etc)
Risk Data Platform
API Gateway
Decisioning Rules Engine
ML Compute
PayPal Risk Services
PayPal Data Center
Bob wants to
buy 500
GPUs
from a
foreign IP
addr
He recently changed
his shipping address
and email address
He lives in the US midwest
& buys dog food once a
month
ATO
RE
WORK
.
Payment Fraud : In Action
56. Closing Thoughts
• Speed, Scalability, & Availability are Critical to Fraud Detection &
Prevention (FD&P) System Viability
RE
WORK
.
57. Closing Thoughts
• Speed, Scalability, & Availability are Critical to Fraud Detection &
Prevention (FD&P) System Viability
RE
WORK
.
• When a FD&P systems is down, the client need to decide whether to
fail open or closed.
58. Closing Thoughts
• Speed, Scalability, & Availability are Critical to Fraud Detection &
Prevention (FD&P) System Viability
RE
WORK
.
• Clients that fail-open incur fraud-losses and brand impact
• Clients that fail-closed cause user friction -- failed customer interactions
• When a FD&P systems is down, the client need to decide whether to
fail open or closed.
59. Closing Thoughts
• Speed, Scalability, & Availability are Critical to Fraud Detection &
Prevention (FD&P) System Viability
RE
WORK
.
• Clients that fail-open incur fraud-losses and brand impact
• Clients that fail-closed cause user friction -- failed customer interactions
• High-Performance Distributed Databases like Redis & Aerospike are key
to succeeding in this space
• When a FD&P systems is down, the client need to decide whether to
fail open or closed.