The Impact of AI and Machine Learning in Combatting E-commerce Fraud

1. Enhancing traditional methods of fraud detection

We’ve had fraud detection ages before the AI, and it’s not like these methods will magically disappear. If anything, developers will certainly introduce these methods into these AI algorithms. Moreover, these AI-powered e-commerce fraud detection methods will make traditional detection easier and more accurate.

Some of these traditional verification methods are:

• Card verification value (CVV)
• IP geolocation
• Manual review
• Checking negative lists
• Address verification system
• Monitoring previous chargebacks

Of course, you can supplement this list with other great ideas. There are also subtle methods like velocity checks. If too many transactions happen via the same card in a short time frame, this will raise more than a few alarms. Overall, you’ll be notified of any strange activity, regardless of which item from the list we’re talking about.

Each of these methods will remain active; only now will they be handled simultaneously via a unified, AI-powered platform. This means that most of these tasks will occur behind the scenes, and you’ll receive an end report. 

This will make the process a lot less confusing. You don’t have to do too many things, and try to remember if you’ve skipped anything. If anything, you won’t even risk missing anything because of the automation of most of these processes.

As we’ve already mentioned, each of these systems is already in use; it’s just that you'll make the tools more reliable with the help of AI and machine learning. Even more importantly, you’ll make them, for the most part, autonomous. We’ve already listed all the warning signs there are. All these tools have to do is recognise the pattern. This is something that a machine should be much better at.



2. More accurate account takeover detection

The basic premise under which the world of e-commerce functions is that the person using the account is a customer. This makes sense because only a customer knows their username/email and password, while, in most cases, there’s even a 2FA present. 

However, no system is impenetrable; someone can obtain all this information, even lock out the original owner (by changing the password). They don’t even have to do this since, in the time it would take the original owner to figure this out, they would already do considerable damage. 

Most e-commerce businesses now use account takeover detection software to protect themselves from this threat. This incredibly advanced tool is supposed to provide early detection and allow e-commerce businesses and users to prevent further damage.

There are a lot of reasons why this is so problematic. First, you’re assuming that the other party is a regular customer, which means you don’t have a reason to hide anything from them or deny them any request. After all, the account they’re using has already requested information or made purchases, so why would this time be any different?

Regarding the amount of confidential information that you weren’t supposed to keep without some sort of security, the account takeover can even lead to significant financial losses. The hacker can buy BTC and then anonymously send it to an address. This will practically leave no traces. 

To start dealing with this problem, you must first understand how it all works. There are three steps:

• Obtaining the login credentials: This can be done via keyloggers, malware, or phishing.
• Gaining unauthorised access: This is usually followed by a quick move to the next stage or locking out of the actual owner (so they can’t interfere).
• Exploiting the account: This step is, more or less, self-explanatory.

Ideally, you would detect this activity in the first stage, but anything before the third stage is relatively decent.

3. Friendly fraud detection

In the previous section, we’ve discussed why an account takeover is dangerous. However, if no one takes over the account (if it still belongs to the customer), the situation is completely safe for the e-commerce business, right? Well… not precisely. 

You see, there’s the concept of friendly fraud. This is a situation where your customer is trying to scam you. They either exploit your poor return policy or through various chargeback schemes that their card/bank allows.

The reason why this is so dangerous is because it’s almost impossible to prove. How can you prove the intent of one’s online purchase? They could have made a mistake, but it may have all been a part of a malicious ploy to exploit their association with you. If your return policy is particularly bad, they may not have to return the product. Instead, they get a chargeback, you pay a fee, and they get to keep the product.

The detection is so hard because it’s their account. There’s no breach. There’s likely even a history of positive interactions.

However, there are some methods to detect friendly fraud. For instance:

• Transaction monitoring: Suspicious transaction patterns are always worrying.
• Device fingerprinting: If you can prove it was their device, you’re already halfway there.
• Order verification: If they verify, it will be harder to prove it was an accident (or that it wasn’t them).
• Behaviour analytics: AI and behaviour detection tools will be especially handy here.

AI and machine learning may revolutionise this field because an algorithm is better at detecting subtle cues than a human investigator. We’ll talk about this more in our next section.

4. AI and ML in fraud detection behavioural analysis

The basic premise of this idea is fairly simple - even if someone has access to your account, they would still act differently with it. The majority of people are completely unaware of it. Still, our digital behaviour traits are vastly different as we have different smells, walk patterns, and postures in the real world. Even the way customers interact with the visual hierarchy of your web design may be vastly different. 

First, AI tools would need access to vast quantities of data to create user behavioural profiles. Tools can achieve this through relevant feature extraction. 

For instance, if someone is visiting your site and their visit never lasts over a minute, wouldn’t waiting for half an hour on your site be a bit suspicious? What if their last twenty offers are worth $200 combined, and they suddenly place a $5,000 order? Wouldn’t that be strange?

The first step is building a baseline (your typical behaviour). Then, the developers would enhance the tool with a sophisticated anomaly detection system. 

You also want to introduce risk scoring to avoid creating unnecessary customer issues. A jump from $10 to $5,000 is strange but a jump of $10 to $50… not that much. Also, what if someone just forgot to log out? Visit duration is an unreliable metric. You need to develop a score of “how suspicious” something is and be consistent with your scoring. With the help of ML, the more data you feed into the system, the more reliable this assessment becomes.

5. Biometrics, blockchain, and beyond

So far, we’ve mostly discussed methods and technology already used in fraud detection, but what about what lies ahead? We hear a lot of talk about biometrics. Can we use the fingerprint sensor on our smartphone as reliably (or even face scanning)? What about blockchain technology? Everyone agrees that this is supposed to be a big equaliser regarding online security. 

While the sensor technology is not as reliable (iris scan, for instance, failed the test because a quality cardboard cutout of an eye could pass it), there are other means to achieve this.

• Keystroke dynamics: Believe it or not, we all have our innate speed when casually typing. While you may believe this to be random, if someone bothered to get the average speed of your daily keyboard, you would get consistent results.
• Mouse movement: The similar thing happens here, as well. It’s not just about mouse speed and deviation but also path deviation. Erratic movements can be quite telling regarding it being the other person.
• Scroll patterns and navigation behaviours: Lastly, even how you scroll can be peculiar.

Remember that while these are not necessarily 100% reliable on their own, combined, they can easily reveal whether it’s another party impersonating you.

As far as the blockchain goes, by achieving supply chain integrity and making transactions immutable, any type of fraudulent activity will become incredibly hard to achieve.



AI and ML will improve the old detection methods and introduce new ones

Fraud detection in e-commerce is not a new concept. It is as old as e-commerce, and it already has some pretty reliable fraud detection and handling methods. At the same time, these sophisticated technologies will add more tools, making your efforts more accurate and reliable.