Fighting Fraud with Machine Learning


(Naji Esiri) #1

Fraud
Reducing the cost of debit card top-ups
(Joe) #3

You mention about 3D secure having a bad user experience, is there a way Monzo can provide a better experience? I hate using 3D secure no matter what because I have to go searching for wherever those details are.

Something like 2 factor authentication with the app would work really well


(Daniel Chatfield) #5

We can’t really make it any better for top ups because people top up using cards from other banks, and those banks then control the 3D Secure process.

When you spend money using a Monzo card then we can control it and yes, we plan to have a much better 3DS flow than the traditional “enter 3 characters of your password”. We’ll probably just send a push notification to your phone.


Non-UK Resident (Outside UK) / Questions
(Alex Sherwood) #6

A criminal can purchase stolen card details online, top up a Monzo card, and then spend that money that originally came from a stolen card in a shop or withdraw cash from an ATM. We will then later receive a chargeback from the real cardholder and are therefore out of pocket for that amount. Prepaid card schemes are especially attractive to criminals for this reason — it allows them to convert stolen card details into a physical card very easily.

Out of interest, what makes prepaid cards easier to use for this type of fraud vs debit cards / current accounts? And do you therefore expect a decrease in this type of fraud once Monzo launches the the current accounts & debit cards?


(James Nicholson) #7

Something I’d personally love to do (and we’ve talked about it a little here) is replace the horrid “enter the characters” interface with sending a push notification that you can :thumbsup: / :thumbsdown: on right in the lockscreen to continue your online purchase. Seamless (but will require a little more work and design thinking!)


(Daniel Chatfield) #8

You can’t usually top up a normal debit card or bank account via another debit card.

When a criminal steals card details they can only use them to buy things online which isn’t as valuable. With a prepaid card then can topup a card that they actually have and then withdraw cash.


#9

Personally as a user I hate other attempts at 2 factor autorization and prefer using MasterCard SecureCode


(CS) #10

Have you guys thought about using Splunk to help correlate patterns, events, and user behavior?


(Sam) #11

I don’t get prompted for any extra details (S3D/VbV/etc) when using my cards online - anything I have to do will be an extra inconvience, I think that this fraud protection should happen at the backend.


#12

I totally disagree here. I think the MasterCard SecureCode and Verified by Visa user experience is a good one and better than text message verification some banks offer, and am happier using these industry standard systems than there being a proliferation of separate individual verification systems for different providers


(Antoine) #13

I had a though about it, as you’re a bank you’ll be a 3DSecure provider at some point.
I think what would make sense is to match the IP adress of the browser performing the purchase with the IP adress of the Monzo smartphone. If they match, there is a high probability the card is in good hands.

Of course there can be additional measures like notifications with these thumbs up / down, but having a completely transparent screen auto refreshing is the best UX you can give to the users completing payments with their Monzo card.


(Rika Raybould) #14

This is what most issuers (especially credit cards) seem to do nowadays, browser profiling and attempts at geolocation rather than issuing a challenge to the user.


(Peter ) #15

Useful functionality for users also extends through to fraudulent ones, seemingly.

Unintended consequences can be fun


(Stephane Zahrai) #16

Out of curiosity, how do you actually estimate the false positives, when blocking a transaction makes it impossible to see if it turns out to be fraud?


(Daniel Chatfield) #17

The false positive rate in the blog post refers to when our fraud engine bans an account. If we later review it and unban it then it is a false positive.


(Alex Sherwood) #18

Pretty cool to see that Monzo’s application of machine learning got a mention in this story from The Economist -

Monzo, a British banking startup, built a model quick enough to stop would-be fraudsters from completing a transaction, bringing the fraud rate on its pre-paid cards down from 0.85% in June 2016 to less than 0.1% by January 2017.


#19

Hi guys and @daniel

I was just wondering if almost a year on how the numbers are looking now? Has the rate of fraud continued to drop?

I was also wondering how Monzo deal with chargebacks when people top up via card, or is the rate very low there as well? I understand that chargebacks are expensive to handle.

Many thanks


(Steven J Davis) #20

Two months ago a binary options broker cheated me out of €5000. When I asked to withdraw the funds, I never heard from the broker who was very helpful when I started. I would like to get my money back from this fraudster. Looking for a service to help me to recover my money! Did you ever get scammed as well?


(Change Works) #21

I think if you have been scammed it’s either the police or solicitors (the police being free, obviously).

Do you know where the person is based? Do you have a physical address? Checked it on Google Street View?