Machine Learning for Risk & Fraud Detection: 4 Key Insights From apply(risk)

In the battle against fraud and bad actors, machine learning is a powerful tool that can provide safety while still allowing a seamless experience for legitimate users. However, many practical challenges can arise when developing machine learning (ML) systems and deploying them to solve real-world problems. 

The apply(risk) conference, held in May 2023, brought together ML leaders with hands-on experience building risk and fraud detection systems to share their experience and advice. In this post, we highlight four major takeaways from the presentations.

1. Good features are worth investing in 

Feature engineering is often a discovery process, so to build ML models that are accurate, consistent, and useful, your team will need to build many features and find what works. Many speakers emphasized the importance of providing high-quality features to your models—which also means ensuring that the underlying data is also high quality. 

Jake Weholt, Engineering Manager at Remitly, pointed out in his talk, “Fighting Fraud with Machine Learning at Remitly,” that investing in better features and data quality will likely be more valuable than building more complex models. “You aren’t going to outrun bad data and features with fancier modeling architecture. The curation, collection, and transformation of data should have dedicated team resources because that is where the value is generated.”

In his talk, “A Decade of Risk Machine Learning: Some Lessons,” Francisco Javier Arceo, Engineering Manager at Affirm, agreed, stating, “Data is the foundation of all machine learning models. Garbage in, garbage out.”

Though the importance of data sounds obvious, it can be surprisingly difficult to create features. Tecton CEO Mike Del Balso opened the conference with his talk, “Powering ML Fraud Detection Models With Advanced Aggregations.” Using aggregation features as an example, Mike demonstrated how deploying even a single feature can quickly become a large engineering task, requiring a team to build and manage multiple pipelines for real-time usage and offline training. This difficulty leaves teams unable to try all the features they’d like. 

To iterate quickly on new features, Mike recommended using feature engines, which are easy-to-use, configurable implementations of common feature patterns. They automate the hard parts of data engineering, increasing velocity and even allowing data scientists to self-serve to deploy features.

In their talk, “Fighting Financial Crime With Machine Learning at Tide,” Aravind Maguluri, Lead Data Scientist, and Tocho Tochev, Lead ML Engineer, explained their technical architecture and how they use the Tecton feature platform to simplify the management of their feature pipelines. Tocho explained: “There are many benefits from Tecton, but the ones that we are most interested in are the ingestion of data in real time and being able to serve this data immediately.”

2. Fraud detection & prevention creates unique data challenges, so expertise is critical

Detecting and preventing fraud is challenging, and creates unique problems that fraud prevention teams need to be aware of. Bad actors will quickly learn new fraud detection capabilities and change their patterns to circumvent them. They’ll also quickly abandon methods that don’t work.

In other words, bad actors will change their behaviors in response to any changes in your ML models, so drift in data distributions is common and model test performance can be unreliable. This means that it can be difficult to evaluate the success of features and the health of your models with testing; even if testing showed that removing a feature would have no impact, the actual behavior you observe might not match your test data. 

Though it can be hard to evaluate the health of a model under these conditions, in his lightning talk “Fraud Prevention—Best Practices In ML Observability & Emerging Approaches for Multivariate Drift Detection,” Arize’s Dat Ngo recommended investing in ML observability to detect and understand drift. “You can think of drift as a kind of health metric for the model. Observability can help you understand when and why things go wrong,” he explained.

The data is also inherently tricky to deal with. Fraud usually makes up a small portion of transactions when compared to legitimate use, creating an imbalance between positive and negative examples. You may need to apply special techniques to make sure your models account for this imbalance. 

Also, in many situations, there’s significant real-world latency before an example transaction can be labeled. For example, if a stolen credit card number was used to make a transaction, it may be weeks before the victim notices and asks the bank to issue a chargeback (if they even do notice). Jake (Remitly) pointed out that this could make for a very long feedback and iteration loop, which means that bad actors could fly under the radar for a while before they’re discovered.

3. Compliance and data governance can create technical challenges

In Cooper Stimson’s lightning talk “Access Control in ML Feature Platforms,” he covered a common challenge for financial services companies: The complexities of working with sensitive datasets at Block that are subject to regulations and compliance laws. 

Given the sensitivity, he explained it was critical that Block set a clear story for access control across the board for their ML platform. However, due to a variety of user teams with different requirements, access levels, and toolchains for handling data, Cooper warned that “machine learning infrastructure presents interesting challenges for managing access control. These teams and systems had heterogeneous service areas.” Their datasets could even have individual rows that needed to be redacted but still stored, so they had to account for very specific granularity.

Cooper talked through different models of access control and their implications. Eventually, after a careful process of gathering requirements and design, his team built out the platform to support their users’ needs and developed a delegated access control system that allowed data owners to manage access to their sensitive data. Cooper recommends teams facing similar problems follow a similar approach. By doing that design work, he said, “You’ll quickly identify gaps—that’s where you come in as a platform team and build the glue.”

4. Remember the business context

Many speakers stressed the need for companies to keep the larger context in mind. Fraud detection is a delicate balance between catching bad actors and maintaining a positive experience for legitimate users. Depending on your product, your technical systems, and the types of fraud your team sees, you might evaluate trade-offs differently.

For example, in his talk “Challenges at the Intersection of ML & Real-Time Data: Lessons Learned Spam Fighting at Facebook,” Louis Brandy explained that it was important for Facebook to keep spam from being written to the database, which meant they needed to detect spam in real time and block it. He said this led to tradeoffs that may be unusual in other contexts: “In the spam-fighting world, approximation is ok; I will always choose speed over exactness.”

In addition, keeping context in mind can be useful for improving your models. In Devvret Rishi’s talk, “Solving Twitter’s Bot Problem With Less Than 10 Lines of Code,” he shared an example from his time at Kaggle of a user they determined to be a bot. This user had written his bio about being a personal injury lawyer—with no context, and in many other places, that would be reasonable. However, given the Kaggle community’s focus on machine learning and data science, the bio served as a helpful signal that this was a spammer. 

Devvret then noted the bio lacked the typical keywords or topics one might expect to find in spam. That meant Kaggle wouldn’t be able to detect spammers just by using a generic spam model. Instead, they “needed a solution that could take our Kaggle-specific context into account.”

Next steps

The conference ended with a workshop from Vince Houdebine, Senior Solution Architect at Tecton, titled “How to Build a Real-Time Fraud Detection System or Application With a Feature Platform.” Vince walked attendees through spinning up an example fraud detection system from scratch in just 60 minutes, demonstrating how feature platforms like Tecton can help teams speed up their process. If you’re ready to try building one yourself, check out his talk.

Risk assessment and fraud detection is a complex space with a number of challenges that can pop up. Your team can prepare to face them by learning from the experts and using the right tools to protect your customers and your business. To get expert insights and practical knowledge from our speakers, be sure to watch all the talks from apply(risk).