Experts say credit card fraud is on the rise, and while consumers generally aren’t on the hook for bogus charges, banks and merchants still lose billions of dollars every year to the crime.
Total credit and debit card fraud hit about $21.8 billion in 2015, up more than 20% from the previous year, according to an October report from The Nilson Report, an industry analyst. That’s not particularly surprising, with announcements of large-scale data leaks like last week’s massive Equifax breach revelation now commonplace.
About $5.9 billion of the cost of 2015’s fraud was absorbed by merchants, mostly from transactions like online and telephone purchases where credit card agreements are more likely to hold sellers and not banks liable, according to the report.
This is a problem that Justin Lie, CEO and founder of fraud prevention company CashShield, says he learned about from an early age, selling used video games and other items through online auction websites. When customers were reported to have bought his wares with stolen cards, his business would be forced to eat the cost.
“We started to lose faith in our customers,” he says. “I became very intrigued with developing algorithms to combat fraud.”
Like High-Speed Trading Algorithms, But For Chargebacks
Singapore-based CashShield launched in 2008 with a then-novel offer to merchants who were its potential customers: It would completely absorb customer losses from chargebacks, the industry term for credit card companies reversing charges to consumers and payments to merchants after a complaint.
Since then, the startup’s developed an increasingly sophisticated, machine-learning approach to figure out in real time which transactions are too risky to allow, and lets businesses connect to its software through an API integration. And it’s seen demand for its services grow too: CashShield announced Thursday that it was opening its first U.S. office in Menlo Park, Calif., in a bid for the Silicon Valley market, and that it had raised $5.5 million in funding.
The series A round, led by GGV Capital, drew investment from private equity firm Heliconia Capital Management, gaming lifestyle brand Razer, venture capital firm Stream Global, and Tony Fadell, the cofounder of Nest who is sometimes called the “Father of the iPod.”
Lie compares the firm’s technology to high-speed trading algorithms, which can determine in tiny fractions of a second whether or not data supports buying or selling a security. Like modern image recognition algorithms that parse images pixel-by-pixel, CashShield’s algorithms use whatever data is available to determine the risk to a merchant: attributes of a customer’s device and web browser, how quickly they type and navigate a website or app, and the time zone from which they’re connecting.
On mobile environments, the tool even looks at whether users are running other apps on the same device, which can help distinguish typical multitasking phone users from criminals devices dedicated to fraud or automated fraud bots, Lie says. “Usually for a normal person, they would have multiple additional apps,” he says.
The all-inclusive approach is necessary since just looking at attributes of the payment method itself, like card numbers and associated contact information, just isn’t enough, Lie says. That’s because sophisticated fraud rings may only make one fraudulent transaction with a particular set of stolen credentials, so there’s often just not enough historical evidence that would indicate there’s a scam underway.
CashShield boasts that it works entirely without the need for human analysts to review suspect transactions. That’s a common approach, but it can be difficult to scale, and the delays involved can be frustrating to both consumers and merchants. The company’s systems can also reduce the need for sometimes cumbersome verification tools like Verified By Visa, which can confuse customers and make them less likely to complete transactions.
“The ability to fight fraud in real time is a game-changer in the digital landscape where threats are constantly evolving,” said Fadell in a statement. CashShield’s product “has been proven around the world over the past decade to drastically reduce fraud rates to one-tenth of the industry’s average.”
Other anti-fraud vendors are increasingly harnessing machine learning technologies as well. Boise-based Kount, for instance, announced an AI approach last year that harnesses data from sources including LexisNexis, Experian, and WhitepagesPro. And San Jose-based Signifyd uses a variety of data to verify buyers really are who they claim to be and offers a chargeback guarantee of its own.
Chinese e-commerce giant Alibaba tested CashShield’s technology by sending the company a list of data captured from previous transactions, all of them far enough in the past that Alibaba already knew which had resulted in chargebacks. Alibaba asked which ones CashShield would approve. The secretive company never revealed which were scored correctly, but the system was evidently accurate enough to land Alibaba as a customer, Lie says.
Still, the algorithms and approach will need to continue to evolve, as fraudsters continue to refine their own methods, even sometimes using machine learning themselves to learn how to make their dealings more likely to be accepted as legitimate, Lie says.
“We would definitely still say that it’s going to be a cat-and-mouse game,” says Lie. “There’s no solution in the market that will last even three years.”