I don't see why not. Any feature that correlates with fraud is useful. Some of these correlate pretty strongly. And then combining multiple weak features can rapidly increase the certainty that a user is or is not fraudulent.
that is not something that should be presumed, this kind of error is super common, especially with people that are otherwise not statistically well grounded.
if 1% of transactions are fraudulent, and these indicators have only a 1% false positive rate (which it has nowhere close to), and it will match the fingerprint of every fraudulent transaction (which it wont) you get an absolutely titanic false overall positive rate, somewhere around >50% false positive.
This is not some trivial pedantic thing, its a very important aspect of statistical models that must be explicitly stated to be accounted for. It is not enough to say "every y has characteristic X" if no other information about X is provided.
Yes I understand Bayes Rule. Nowhere in the article did they make any such fallacy. They are just stating what features happen to be predictive of fraud.
Anyone actually using this would use a proper statistical model and real data, not random figures they found on a blog. But this post does give useful advice of what features to test.
In any case, if there is only a 50% chance that a user is a fraudster, it still might be worth rejecting them.
Anyway, using your assumption of 1% fraud, and using all of the features listed in the article (and presumably there would be other features too, but let's just use the ones they talked about), I do the following calculation:
1% = 1:99 x 8:1 (32 bit OS) x 9:1 (fresh cookies) x ? (Null values doesn't give a number, or suggests that 100% of null values are from fraudsters and never appear organically, so I will exclude it) x 5:1 (referrer history) x 96:70 (Windows) x ? (Number for plugins not given, but it seems to be a low correlation) x ? (No number given for incognito, but it's probably low.)
= 5:1 or 83% probability they are fraudulent, excluding the missing values, which would raise it further.
At the top of the article, they mention that they are comparing incidence between the 2% of the device population that represent fraudulent transactions vs. the 98% that do not.
The no referrer and user-agent (non Mac) are certainly signals, but there are some others that are interesting like caps lock on, geo-ip (obvious), and screen-size.
Or big FY to privacy conscious users. Does not mean that these are not a strong indicators of a possible fraud, but when applied fiercely would really hurt legitimate users.
Ugh. The author just gave away all the good tricks.
This is one area where security by obscurity actually works (well worked, depending on how many fraudsters read this).
Fraudsters are generally pretty dumb when it comes to technology, so even if a lot of these seem obvious to the tech savvy HN audience, they weren't obvious to the fraudsters till now.
The blog this was posted on was a company that deals with fraud detection. I'm sure they thought about this and only posted things they already weight pretty low in their algorithm as the evidence isn't too valuable.
Being pegged as a fraud risk just because the user is concerned about privacy rubs me the wrong way. Even if it is entirely legal and the statistical model is valid.
Some years back, some law enforcement agency in the US (but I forgot which) produced a highly-reliable indicator of drug mules on highways. The indicator was black male, driving a late-model sedan, and traveling at exactly the speed limit (when everyone else was traveling 10-15 mph over the limit). The police were stopping and searching anyone who fit these indicators.
Putting aside the questions of racial profiling and whether the statistical model was correct, do you think this is a good idea? I can't articulate my feelings exactly, but I feel it's wrong.
Should the police instead do less efficient completely random searches? Should the taxpayers hire more police officers to make up for this loss in efficiency?
Should businesses accept losses from fraud to placate your feelings?
While it may not feel very good to be sending signals that associate you with crime, that is a cost you have to accept of sending those signals.
In the case of police searches, I think attention would be better spent on making them more humane, rather than less racist.
I feel there is something deeply wrong with this sort of over-statistically/analytically focused thought chain, allow me to try to elaborate.
Many signals have absolutely nothing to do with wrongdoing whatsoever. Say that hypothetically every drug dealer makes large cash deposits, and this is marked in a database somewhere as a "very reliable indicator". Well what about taxi drivers? Street Vendors? other occupations that deal almost exclusively in cash, should they also be suspected?
What happens if somebody otherwise innocent of anything in particular triggers multiple "flags" like this, do they deserve to be discriminated against?
What if the flags are stuff like being black, being poor, having a friend that has been charged with a crime. What about living in the "wrong" neighbourhood, how about the wrong genetic markers. How about a family history of mental illness, what about if you dont own a cellphone? What if they are angry about the government and have publicly protested? What if you accidentally like ISIS on facebook, or your friend does it as a joke? are these acceptable "black flags" too?
What about if one of your close friends trips one or more of these markers? What if several do? Are you just as untrustworthy?
It gets much choppier when you introduce something like neural net learning into the equation. It will form links between activity that are basically impossible to decipher by a human at all, should we accept these utterly opaque judgments because "on average they are pretty reliable"?, what about the cases where they are 100% dead wrong, should they just be considered collateral damage?
A huge class of people could end up going through life denied basic services like a bank account because of things ENTIRELY beyond their control, or even understanding, all they know is they managed to piss off some equation somewhere.
It gets better, because on average people with bad scores on one system "reliably indicate" they will be bad faith in other contexts too...
Lots of businesses will accept this as an acceptable cost to keep fraud rates/whatever down, I don't find it acceptable, its almost the definition of injustice, and has a grave potential to create a vast underclass of "poor social credit score" people (who being a member of, even by association will assuredly be another hit against your scores)
How happy would you be, if via no fault of your own you were deemed an "unacceptable risk"?
So yes, it is inhuman, and wrong. I guess that -100 Social Credits for me.
Agreed. This mentality doesn't only lead to being denied a bank account; it leads to murder, literally.[1]
How is this any different from any number of discriminatory practices in the past, which are now (at least superficially) illegal, such as "red-lining" black neighborhoods to deny home loans?
The scariest thing is my mind is the potential for this to become self-reinforcing. Marginal people are marginalized even further, and forced to turn to crime to survive, thus "justifying" it even more.
This new years, I made a large liquor store purchase (about $600) in Manhattan, not in my normal geographical area. The transaction was declined, but all I had to do was to answer "yes" a text that I got from the issuing bank, and then swipe again. Was I "profiled"? Yes. Did Visa do a good job protecting me and itself with my profiling? Yes. Try running a real business with this purist approach. You will exceed 1% chargeback threshold in the first year, and your payment processor will either shut you down or will require a huge collateral.
Yeah, I think this is an appropriate way to do profiling. The declined transaction was explicitly tied to something you did, so you understood why it happened. The bank also provided an easy way out.
Where profiling becomes dangerous is when it's tied to something you are or something you did in the past: it can be harder to identify why you're being profiled in these cases. Most of these cases aren't resolved through a single text, either. Profiling is a useful tool, but we have to be careful to do it in a humane way.
We actually already do accept less police efficiency in favor of personal liberty in many areas. This is an American tradition.
E.g. The Fourth Amendment warrant requirement. No one doubts that we'd find more criminals and contraband if police could make impromptu home searches of anyone at any time. But that's how a police state functions.
And we've decided to exchange efficiency in crime reduction for civil rights.
I think your missing his point. He was assuming that the cops were already doing unjustified random searches of every car on the road.
Assuming they are already doing this, wouldn't it be preferable if they switch to a model that decreases the number of innocent people that are searched by 10x? Wouldn't that be a net good to society?
Of course if your opinion is that they shouldn't be allowed to do random searches at all, this whole thread is really irrelevant.
>Should the police instead do less efficient completely random searches? Should the taxpayers hire more police officers to make up for this loss in efficiency?
Jesus, dude. Obviously they should.
Who the fuck cares about efficiency if they're pulling over people because they're black... in sedans.
Racial profiling works to some degree, but it means that innocent people who match the profile have to put up with a lot more intrusion into their lives. It's similar to the moral question about where to draw the line: would you rather imprison an innocent, or let a guilty person go free?
If you're from the U.S. you seem to be forgetting some very hard lessons that were paid with blood in the past. There is a reason why we have a bill of rights. There is a reason for our rule of law, of requiring warrants before searches. That our 'forefathers' said that it's better that 10 guilty men go free than one innocent man be falsely charged. Racial profiling is wrong because you're infringing on the freedoms of innocent people that have committed no crimes.
I think what you are failing to articulate is the hidden effects of applying this model. Sam Harris kind of makes this point in a clearer way : https://youtu.be/JnYwgcgBYeo?t=2124.
If black people can be stripped and searched more often, sent to jail for less evidence etc the effect will be that they have no reason to try and be successful and productive members of the society. Even if there is no equality, it is essential that there is at least a perception of equality and a noticeable striving for equality. It gives people hope.
I think it's quite a stretch that being slightly more likely to get pulled over would make you an unproductive member of society. I mean hypothetically if they discovered that green cars correlate with drug muling, I don't think this policy would push owners of green cars to crime, regardless of their race.
One factor is easier to change than the other. The car owner can change cars or repaint it. A black man can't trivially change skin color, and they're going to feel that making an effort to be productive is less worth the effort.
If a significant number of additional stops which they have no control over would impact their job performance and reputation (frequently being late, etc), risking getting them fired at no fault of their own, what are they going to do?
I don't know why you make this assumption. If the percentage of black people were low, and the number of cops high, that ratio could make the odds of being pulled over arbitrarily high - making certain locations "no-go" areas for black people. I assume as the probability approached 100%, they would just install a checkpoint, or start whitelisting the cars of confirmed good blacks with some sort of sticker or radio ID (just to save on resources.)
>"Some years back, some law enforcement agency in the US (but I forgot which) produced a highly-reliable indicator of drug mules on highways. The indicator was black male, driving a late-model sedan, and traveling at exactly the speed limit (when everyone else was traveling 10-15 mph over the limit). The police were stopping and searching anyone who fit these indicators."
I don't see anything with that sort of indicator. Call it profiling if you will, but I believe it's perfectly harmless assuming no excessive/unwarranted violence is used. That second part is important and drives the point of what I think actually needs to be addressed from the LE side. If it is indeed a bad or poor-performing indicator of a "drug mule", then it will go away eventually.
The problem with that type of indicator is that it will target the same people again and again. An X-ray scan is safe enough to be used in routine medical visits, yet the technician must step out of the room due to dosage effects; so too the effects of even well-regulated police attention are cumulative. (Part of this is probabilistic: if every encounter has an x% chance to go badly...)
And that's true even if the indicator objectively performs relatively well, as long as there are innocent people affected. To go back to the current topic, banning all connections from certain countries is an effective way to cut down on fraud without decreasing sales too much; but that still screws over legitimate users from those countries.
Drug war laws have historically been a proxy for racism and prejudice.
It could be extrapolated from that same data that 'black males obeying speed limits' are just easier to obtain convictions on - after all one has not 'caught' a 'drug mule' until the alleged is convicted.
Studies have long shown it is easier to obtain convictions of black males, especially for drugs.
More importantly for LEO funding today: is money seized can be kept with less blowback if disadvantaged minorities are targeted.
Institutional & societal racism could perhaps better explain the statistic.
Competent criminals adapt their muling system, throwing a patsy to cops once in a while - 'everybody' gets some. Clearly the drugs still get through.
Aside from the probabilistic harm mentioned by sibling posts, there are also issues of self-fulfilling prophecies coming from fishing expeditions.
Assume:
- LEOs use profiling (based on statistical models) to target individuals who are not the subject of investigation but rather subjected to random stop/search/frisk.
- They catch some "bad guys" by following this model.
These assumptions are not dissimilar from the premise outlined in the grandparent post.
Now, let's say the statistical model throws up "20-25 year old preppie white guy with glasses, called Peter" either through error or some odd outlier stat. If LEOs start to check out every 20-25 year old matching that description, sooner or later they're going to find drugs or a gun or a lot of cash or something. Their statistical model gets updated with these stats, and before long it becomes a truism that a disproportionate number of preppie Peters are criminals.
If you shine a spotlight somewhere, that's where you'll find what you're looking for.
As long as it is just a quick search, what's wrong with it? I'm confised by US views on this: I go through pat down search every time I enter club or a mall, I'm quite happy to comply and never have any problems with it. I don't own the car, so I don't know how inconvenient and long a search can be, but if the police are aware that this factors are weak and give a lot of false positives, I don't think they treat every fitting individual as a deug mule.
It's also a bad idea if you want to catch drug mules. It's a feel-good idea for the people not being targeted, and an endless nightmare for black men who live there who drive late-model sedans - whose best option really is to move to a less racist area. It's only going to get worse.
You need to calculate the base rate. If only 0.1% of cars are drug mules, then that statistical test might decrease the number of false positives by 10x to 1%. But it still means you will search 99 innocent people's cars to catch a single drug mule. Which is well below probable cause, and probably a net harm to society.
If they could predict which cars were drug mules with 30% accuracy that would be acceptable I think.
My feeling is that it's ok to make judgements on the population and act on that, it's not ok to use judgments on the population to negatively affect your treatment of the individual.
This is easier to explain with gender differences:
It's ok for a company to decide to make financial considerations based on the number of women they employ and chances of maternity leave. It's not ok to not hire an individual based on the fact that they're female and therefore have a chance of needing maternity leave.
It's a valid conclusion that on average men run faster than women, but you should assume that in any given male/female pair the man will run faster.
It's difficult to know where to set the threshold for 'negatively affect' though.
For instance, black men have a higher incidence of heart problems, and different medical decisions need to be taken in that case due a different risk balance. This (to me) is clearly just good evidence based medicine.
In this case I'd argue the problem is that 'black' is a signal used in a lot of models, so discriminating on that becomes a large cumulative negative effect so it shouldn't be used. If 'red hair' was a signal in some situation, then that would be fine because people don't normally get affected by that. The rare situation of being stopped incorrectly is outweighed by the benefit.
> Putting aside ... whether the statistical model was correct
You can't put that aside. If the model is simply flawed then following it can't be a good idea. If the model is perfectly true and accurate then not following it is a bad idea. Of course nothing is perfect, so it would never be as black/white as that, but I don't see how any discussion that ignores the model is at all pointful.
> the questions of racial profiling
As with any statistical modelling this can get pretty hairy and potentially has recursive effects that are self-fulfilling. If you search just black people because the model says more of them get caught carrying drugs, you risk perpetuating the statistic whether it is correct or not because if you are hardly ever searching white people few are going to get cause so it will remain that more black people are found to be carrying. Unfortunately good statistical modelling is damn hard and criminal profiling is far from the only place you'll find these problems (many a scientific study has been discredited or otherwise written off some time later because flaws in the modelling and measuring are noticed in subsequent analysis).
The worst part of the model is that it is self-reinforcing. The characteristics that are being selected for have no connection to the thing being searched for other than previous correlations. Focusing investigation in that area will make the correlation even stronger. For example: black people in the US are less likely to do drugs than whites, but black people are imprisoned for drugs at six times the rate of whites.
-----
"The race issue isn’t just that the judge is going, ‘Oh, black man, I’m gonna sentence you higher,’” she said. “The police go into low-income minority neighborhoods and that’s where they make most of their drug arrests. If they arrest you, now you have a ‘prior,’ so if you plead or get arrested again, you’re gonna have a higher sentence. There’s a kind of cumulative effect.”
If you're searching (and targeting for search) a specific set of criteria, then that set of criteria will be what indicate high probability.
As a friend pointed out long ago, it's why you don't ask a group at a scheduled meeting what their preferred meeting time is. You're already selecting for those preferring the current time, and excluding those who find it unappealing.
In the context they're talking about, yes! 32 on 64 bit (on firefox at least) will have WOW64 on the header name, whereas 32 on 32 bit won't, and 64bit on 64 bit will have Win64.
But isn't WoW64 for running 32-bit applications on a 64-bit version of Windows? I don't think WoW64 exists on 32-bit Windows.
That'd make sense if they were running 32-bit Firefox on 64-bit Windows, but the article says a 32-bit OS on a 64-bit CPU. You'd think that would just look the same as a 32-bit OS on a 32-bit CPU in the headers, unless Firefox is going out their way to report a 32-bit OS on 64-bit hardware.
Yes, by javascript (https://developer.mozilla.org/en-US/docs/Web/API/NavigatorPl...). They somewhat fixed it by preventing you from enumerating through all the plugins, and requiring you to know the exact name, but that doesn't stop you from trying a list of all the common plugins.
How do they know that fraudsters with fresh cookies and no referrer history aren't just in private browser mode? Sounds like the server would view them as the same in most cases.
I've actually found a few online stores which now check for this and redirect you to a "turn off private browsing to browse our site" message. It's moderately annoying that they refuse to even let me see what they have for sale until I agree to let them use my hard drive.
On Firefox, IndexDB throws an InvalidStateError only on private mode, I'm sure there are equivalents for Chrome.
You can try that in the console of Firefox:
var request = window.indexedDB.open("MyTestDatabase", 3);request.onerror = function (event) { if (event.target.error.name === 'InvalidStateError') alert('private mode')}
They could have used PCA[1] on their feature set and let a human come up with these; they claim to use machine learning, not that this checklist was generated as a result of machine learning.
Otherwise, maybe they have an algorithm that looked at resulting classifications from learning and flagged inputs with the largest and most consistent variance across classes.
This type of service seems like it would be really useful to smaller merchants.
I remember reading awhile back on HN that smaller e-commerce shops were often targeted by fraudsters. So, many use Amazon as a go-between when they'd prefer to have their own site and payment processing.
Companies like this could empower competition of the services provided by Amazon, eBay etc.
Fraud is an always-changing landscape and the only way to stay on top of it is to rapidly and continuously adapt. Simility uses machine learning to derive and apply models in real time, which is huge for any-sized business.
Bigger guys like Stripe have huge anti-fraud departments, using a variety of techniques, including but not limited to machine learning, allowing them to derive results like this themselves, in near-real-time.
I would not assume that they are doing it well. Stripe and their customers reportedly got taken to the cleaners over hundreds of thousands of dollars of fraudulent hoverboard purchases earlier this year. Caveat vendor.
SiftScience seems the most similar to simility, and give pricing online (free lite version or full for 5-6 cents) per order.
Riskified and Signifyd actually provide insurance (and then perhaps have lower approval rating since they actually take risk?)
What is meant by referrer "history"? As far as I know, referrer in http headers can refer only to the one most recently visited resource.
Edit: And what's with this?
> There is another feature in browsers which is “Do Not Track” (http://donottrack.us/). For organic/real users the possible options are “Yes”, “No”, “Unspecified”;
amazon.com -> search evo 850 -> evo 850 product page -> post "add to cart"
or did your browser do
evo 850 product page -> post "add to cart"
or even
post "add to cart"
those are sorted in decreasing order of naturalness. Obviously #2 can happen if you got a link directing you to the product page, but it's still less natural. You would often expect to see the referrer be an email domain or similar.
DNT wasn't proposed until 2009 (and implemented in 2010). So this would be normal (DNT header not sent) on older OS versions. So it's the same reason as the 32 bit OS on a 64 bit machine assuming people use IE coming with the installation (or downloading an old browser that is still usable in 32bit).
From the technical level of the article I think they have allowed for that. I took that item to mean some fraudsters run customized browsers / extensions that result in a null value when non-null value would be expected eg. useragent is some post-2010 browser.
>or downloading an old browser that is still usable in 32bit
Are you implying newer browsers don't work with 32bit? Chrome and FireFox run as 32-bit and all IE versions still use a 32-bit renderer. These things are true on 64-bit and 32-bit machines, at least on Windows.
I admire the research that went into collecting these signals, but I consider it a poor idea to have published what could be used as a checklist. I believe some of the kind of people (criminals, bad people: you should stop) who take the technical actions listed certainly read hackernews. yet without exception all of these are easy to modify, losing your hard-won signals. better not to mention what they are.
that said, perhaps they did not pubish all of the signals they found.
My wife was seeing a lot of fraud with her business. She only takes payment via PayPal. The fraudsters have been ordering via a local hacked computer with a hacked PayPal account that matches. Everything looks 100% OK (physical address matches, IP address matches, browser nice and normal, etc), but she gets hit by a PayPal chargeback 3 to 4 weeks later for a "non authorised payment". She now has to call each new customer to make sure that they are real. Interestingly, when she posted that she would call all new customers the fraud attempts went down to about 5% of the previous level.
It appears that we have a special,
powerful, valuable opportunity for how to
manipulate the data in the OP.
So, the OP has "7 Leading Fraud
Indicators: From Fresh Cookies to Null
Values".
Suppose for those 7 indicators, 4 of them
have just two possible values and the
other three have just 4 possible values or
some such. Then for one connection to the
server from a Web browser, the 7 signals
have jointly just
2^4 * 4^3 = 1,024
possible values. That is, there are only
n = 1,024 possible cases of signal data
from a Web browser from a connection to
the server. And apparently we have good
data on each of the cases.
Or, to be practical, if for some case we
have no data at all, then we just assume
that the reason is that the probability of
that case is so low that we can ignore
that case.
The central problem here is how to detect
"fraudsters". For such detection,
necessarily there are two ways to be
wrong: (1) a false alarm when we say that
a connection is from fraud when it is not
and (2) a missed detection when we say
that a connection is not from fraud when
it is.
Our mission, and we have to accept it, is
essentially to find ways of manipulating
the large amount of relevant data so that
(A) from the false alarm (1), we can
specify the highest probability of a false
alarm f we are willing to tolerate, (B)
get that probability of a false alarm f in
practice, and (C) from the missed
detections in (2), for that probability of
a false alarm f, get the lowest
probability of a missed detection (2) we
can.
Or, for the false alarms we are willing to
tolerate, we want to manipulate the data
to get all the detections we can.
So, for some notation:
P -- probability
n -- positive integer, number of different
possible cases of data from connections,
e.g., as above, n = 1,024
B -- event, connection is bad, fraud
G -- event, connection is good, not fraud
P(B) + P(G) = P(B OR G) = 1
C -- random variable, case of connection,
i = 1, 2, ..., n.
So random variable C takes values in the
set {1, 2, ..., n}.
p(i) = P(C = i)
b(i) = P(B | C = i) = P(B AND C = i)/P(C = i)
= P(B AND C = i)/p(i)
g(i) = P(G | C = i) = P(G AND C = i)/P(C = i)
= P(G AND C = i)/p(i)
B = U_i {B AND C = i}
P(B) = Sum_i P(B AND C = i)
= Sum_i p(i) P(B | C = i)
= Sum_i p(i) b(i)
P(G) = Sum_i p(i) g(i)
b(i) + g(i) = P(B | C = i) + P(G | C = i)
= P(B AND C = i)/P(C = i) + P(G AND C = i)/P(C = i)
= ( P(B AND C = i) + P(G AND C = i) )/P(C = i)
= P( (B AND C = i) OR (G AND C = i) )/P(C = i)
= P(C = i)/P(C = i) = 1
M -- event, a missed detection of a bad
connection, fraud
D -- event, detection of a bad connection, fraud
F -- event, false alarm
Detection Rule:
Suppose for some set I a subset of {1, 2,
..., n} we raise an alarm of a detection
of a bad connection, that is, fraud, when
C in I.
With this detection rule, probability of a
false alarm is
P(F) = Sum_{C in i} P(G AND C = i)
= Sum_{C in i} P(G | C = i) p(i)
= Sum_{C in i} g(i) p(i)
the probability of a detection is
P(D) = Sum_{i in I} P(B AND C = i)
= Sum_{i in I} P(B | C = i) p(i)
= Sum_{i in I} b(i) p(i)
and the probability of a missed detection
is
P(M) = P(B AND C not in I)
= Sum_{j not in I} P(B AND C = j)
= Sum_{j not in I} P(B | C = j) p(j)
= Sum_j P(B | C = j) p(j)
- Sum_{i in I} p(B | C = i) p(i)
= Sum_j P(B | C = j) p(j) - P(D)
= Sum_j P(B AND C = j) - P(D)
= P(B) - P(D)
So, to minimize the probability of a
missed detection P(M) we want to maximize
the probability of a detection P(D). We
guessed this intuitively.
To maximize the probability of a detection
P(D), suppose we have sorted our data on
the n cases so that the ratios b(i)/g(i)
are in descending order, that is, so that
b(1)/g(1) >= b(2)/g(2) >= ... >= b(n)/g(n)
Suppose we pick k in {1, 2, ..., n} and let I
= {1, 2, ..., k}.
Then for our detection rule with this k
and I, the probability of a false alarm ...
92 comments
[ 3.9 ms ] story [ 153 ms ] threadif 1% of transactions are fraudulent, and these indicators have only a 1% false positive rate (which it has nowhere close to), and it will match the fingerprint of every fraudulent transaction (which it wont) you get an absolutely titanic false overall positive rate, somewhere around >50% false positive.
This is not some trivial pedantic thing, its a very important aspect of statistical models that must be explicitly stated to be accounted for. It is not enough to say "every y has characteristic X" if no other information about X is provided.
Anyone actually using this would use a proper statistical model and real data, not random figures they found on a blog. But this post does give useful advice of what features to test.
In any case, if there is only a 50% chance that a user is a fraudster, it still might be worth rejecting them.
Anyway, using your assumption of 1% fraud, and using all of the features listed in the article (and presumably there would be other features too, but let's just use the ones they talked about), I do the following calculation:
1% = 1:99 x 8:1 (32 bit OS) x 9:1 (fresh cookies) x ? (Null values doesn't give a number, or suggests that 100% of null values are from fraudsters and never appear organically, so I will exclude it) x 5:1 (referrer history) x 96:70 (Windows) x ? (Number for plugins not given, but it seems to be a low correlation) x ? (No number given for incognito, but it's probably low.)
= 5:1 or 83% probability they are fraudulent, excluding the missing values, which would raise it further.
This is one area where security by obscurity actually works (well worked, depending on how many fraudsters read this).
Fraudsters are generally pretty dumb when it comes to technology, so even if a lot of these seem obvious to the tech savvy HN audience, they weren't obvious to the fraudsters till now.
The good news is that most of them don't read HN.
Some years back, some law enforcement agency in the US (but I forgot which) produced a highly-reliable indicator of drug mules on highways. The indicator was black male, driving a late-model sedan, and traveling at exactly the speed limit (when everyone else was traveling 10-15 mph over the limit). The police were stopping and searching anyone who fit these indicators.
Putting aside the questions of racial profiling and whether the statistical model was correct, do you think this is a good idea? I can't articulate my feelings exactly, but I feel it's wrong.
It's completely reasonable to not like being profiled based on arbitrary features. The question is: what alternatives are there to preventing fraud?
Should the police instead do less efficient completely random searches? Should the taxpayers hire more police officers to make up for this loss in efficiency?
Should businesses accept losses from fraud to placate your feelings?
While it may not feel very good to be sending signals that associate you with crime, that is a cost you have to accept of sending those signals.
In the case of police searches, I think attention would be better spent on making them more humane, rather than less racist.
Many signals have absolutely nothing to do with wrongdoing whatsoever. Say that hypothetically every drug dealer makes large cash deposits, and this is marked in a database somewhere as a "very reliable indicator". Well what about taxi drivers? Street Vendors? other occupations that deal almost exclusively in cash, should they also be suspected?
What happens if somebody otherwise innocent of anything in particular triggers multiple "flags" like this, do they deserve to be discriminated against?
What if the flags are stuff like being black, being poor, having a friend that has been charged with a crime. What about living in the "wrong" neighbourhood, how about the wrong genetic markers. How about a family history of mental illness, what about if you dont own a cellphone? What if they are angry about the government and have publicly protested? What if you accidentally like ISIS on facebook, or your friend does it as a joke? are these acceptable "black flags" too?
What about if one of your close friends trips one or more of these markers? What if several do? Are you just as untrustworthy?
It gets much choppier when you introduce something like neural net learning into the equation. It will form links between activity that are basically impossible to decipher by a human at all, should we accept these utterly opaque judgments because "on average they are pretty reliable"?, what about the cases where they are 100% dead wrong, should they just be considered collateral damage?
A huge class of people could end up going through life denied basic services like a bank account because of things ENTIRELY beyond their control, or even understanding, all they know is they managed to piss off some equation somewhere.
It gets better, because on average people with bad scores on one system "reliably indicate" they will be bad faith in other contexts too...
Lots of businesses will accept this as an acceptable cost to keep fraud rates/whatever down, I don't find it acceptable, its almost the definition of injustice, and has a grave potential to create a vast underclass of "poor social credit score" people (who being a member of, even by association will assuredly be another hit against your scores)
How happy would you be, if via no fault of your own you were deemed an "unacceptable risk"?
So yes, it is inhuman, and wrong. I guess that -100 Social Credits for me.
Example - http://www.acamstoday.org/domestic-high-risk-geographies-eme...
https://www.fincen.gov/law_enforcement/hifca/
How is this any different from any number of discriminatory practices in the past, which are now (at least superficially) illegal, such as "red-lining" black neighborhoods to deny home loans?
‘We Kill People Based on Metadata’ [1] http://www.nybooks.com/daily/2014/05/10/we-kill-people-based...
Where profiling becomes dangerous is when it's tied to something you are or something you did in the past: it can be harder to identify why you're being profiled in these cases. Most of these cases aren't resolved through a single text, either. Profiling is a useful tool, but we have to be careful to do it in a humane way.
E.g. The Fourth Amendment warrant requirement. No one doubts that we'd find more criminals and contraband if police could make impromptu home searches of anyone at any time. But that's how a police state functions.
And we've decided to exchange efficiency in crime reduction for civil rights.
(You'd have to find a different metric to figure out what effect the 4th amendment or similar equivalent in other countries has.)
Assuming they are already doing this, wouldn't it be preferable if they switch to a model that decreases the number of innocent people that are searched by 10x? Wouldn't that be a net good to society?
Of course if your opinion is that they shouldn't be allowed to do random searches at all, this whole thread is really irrelevant.
easy. ignoring protected classes [1] - thereby losing part, but not all of your signal. i.e. don't see race.
[1] https://en.wikipedia.org/wiki/Protected_class
Probably quite a lot of drugs are moved by white guys in shiny rented cars, because those are less likely to be profiled.
Jesus, dude. Obviously they should.
Who the fuck cares about efficiency if they're pulling over people because they're black... in sedans.
Aren't you just making statistical inference based on past experience?
if that is wrong then all learning is wrong.
Yes, but if your behavior in the past was also biased, going off of arrest records or something like that won't get you better / less biased results.
If black people can be stripped and searched more often, sent to jail for less evidence etc the effect will be that they have no reason to try and be successful and productive members of the society. Even if there is no equality, it is essential that there is at least a perception of equality and a noticeable striving for equality. It gives people hope.
If a significant number of additional stops which they have no control over would impact their job performance and reputation (frequently being late, etc), risking getting them fired at no fault of their own, what are they going to do?
I don't know why you make this assumption. If the percentage of black people were low, and the number of cops high, that ratio could make the odds of being pulled over arbitrarily high - making certain locations "no-go" areas for black people. I assume as the probability approached 100%, they would just install a checkpoint, or start whitelisting the cars of confirmed good blacks with some sort of sticker or radio ID (just to save on resources.)
I don't see anything with that sort of indicator. Call it profiling if you will, but I believe it's perfectly harmless assuming no excessive/unwarranted violence is used. That second part is important and drives the point of what I think actually needs to be addressed from the LE side. If it is indeed a bad or poor-performing indicator of a "drug mule", then it will go away eventually.
And that's true even if the indicator objectively performs relatively well, as long as there are innocent people affected. To go back to the current topic, banning all connections from certain countries is an effective way to cut down on fraud without decreasing sales too much; but that still screws over legitimate users from those countries.
It could be extrapolated from that same data that 'black males obeying speed limits' are just easier to obtain convictions on - after all one has not 'caught' a 'drug mule' until the alleged is convicted.
Studies have long shown it is easier to obtain convictions of black males, especially for drugs.
More importantly for LEO funding today: is money seized can be kept with less blowback if disadvantaged minorities are targeted.
Institutional & societal racism could perhaps better explain the statistic.
Competent criminals adapt their muling system, throwing a patsy to cops once in a while - 'everybody' gets some. Clearly the drugs still get through.
Assume:
- LEOs use profiling (based on statistical models) to target individuals who are not the subject of investigation but rather subjected to random stop/search/frisk.
- They catch some "bad guys" by following this model.
These assumptions are not dissimilar from the premise outlined in the grandparent post.
Now, let's say the statistical model throws up "20-25 year old preppie white guy with glasses, called Peter" either through error or some odd outlier stat. If LEOs start to check out every 20-25 year old matching that description, sooner or later they're going to find drugs or a gun or a lot of cash or something. Their statistical model gets updated with these stats, and before long it becomes a truism that a disproportionate number of preppie Peters are criminals.
If you shine a spotlight somewhere, that's where you'll find what you're looking for.
If they could predict which cars were drug mules with 30% accuracy that would be acceptable I think.
This is easier to explain with gender differences: It's ok for a company to decide to make financial considerations based on the number of women they employ and chances of maternity leave. It's not ok to not hire an individual based on the fact that they're female and therefore have a chance of needing maternity leave.
It's a valid conclusion that on average men run faster than women, but you should assume that in any given male/female pair the man will run faster.
It's difficult to know where to set the threshold for 'negatively affect' though.
For instance, black men have a higher incidence of heart problems, and different medical decisions need to be taken in that case due a different risk balance. This (to me) is clearly just good evidence based medicine.
In this case I'd argue the problem is that 'black' is a signal used in a lot of models, so discriminating on that becomes a large cumulative negative effect so it shouldn't be used. If 'red hair' was a signal in some situation, then that would be fine because people don't normally get affected by that. The rare situation of being stopped incorrectly is outweighed by the benefit.
You can't put that aside. If the model is simply flawed then following it can't be a good idea. If the model is perfectly true and accurate then not following it is a bad idea. Of course nothing is perfect, so it would never be as black/white as that, but I don't see how any discussion that ignores the model is at all pointful.
> the questions of racial profiling
As with any statistical modelling this can get pretty hairy and potentially has recursive effects that are self-fulfilling. If you search just black people because the model says more of them get caught carrying drugs, you risk perpetuating the statistic whether it is correct or not because if you are hardly ever searching white people few are going to get cause so it will remain that more black people are found to be carrying. Unfortunately good statistical modelling is damn hard and criminal profiling is far from the only place you'll find these problems (many a scientific study has been discredited or otherwise written off some time later because flaws in the modelling and measuring are noticed in subsequent analysis).
-----
"The race issue isn’t just that the judge is going, ‘Oh, black man, I’m gonna sentence you higher,’” she said. “The police go into low-income minority neighborhoods and that’s where they make most of their drug arrests. If they arrest you, now you have a ‘prior,’ so if you plead or get arrested again, you’re gonna have a higher sentence. There’s a kind of cumulative effect.”
http://www.huffingtonpost.com/2013/09/17/racial-disparity-dr...
If you're searching (and targeting for search) a specific set of criteria, then that set of criteria will be what indicate high probability.
As a friend pointed out long ago, it's why you don't ask a group at a scheduled meeting what their preferred meeting time is. You're already selecting for those preferring the current time, and excluding those who find it unappealing.
can you tell cpu from browser finger printing?
and cookie age? is he talking about cross-domain cookies from the ad networks?
In the context they're talking about, yes! 32 on 64 bit (on firefox at least) will have WOW64 on the header name, whereas 32 on 32 bit won't, and 64bit on 64 bit will have Win64.
That'd make sense if they were running 32-bit Firefox on 64-bit Windows, but the article says a 32-bit OS on a 64-bit CPU. You'd think that would just look the same as a 32-bit OS on a 32-bit CPU in the headers, unless Firefox is going out their way to report a 32-bit OS on 64-bit hardware.
https://panopticlick.eff.org/
I went to clean up the most revealing one: "HTTP_ACCEPT Headers" ... I turned off least-used language in chrome://settings/languages
It was 1/1200, now it's 1/9... still says I'm unique, though.
Problem solved.
You can try that in the console of Firefox:
Otherwise, maybe they have an algorithm that looked at resulting classifications from learning and flagged inputs with the largest and most consistent variance across classes.
[1]https://en.wikipedia.org/wiki/Principal_component_analysis
I remember reading awhile back on HN that smaller e-commerce shops were often targeted by fraudsters. So, many use Amazon as a go-between when they'd prefer to have their own site and payment processing.
Companies like this could empower competition of the services provided by Amazon, eBay etc.
Here they mention some tips https://support.stripe.com/questions/avoiding-fraud-and-disp... and also point to SiftScience, Signifyd or Riskified.
SiftScience seems the most similar to simility, and give pricing online (free lite version or full for 5-6 cents) per order. Riskified and Signifyd actually provide insurance (and then perhaps have lower approval rating since they actually take risk?)
I'm planning on trying SiftScience in the future.
Edit: And what's with this?
> There is another feature in browsers which is “Do Not Track” (http://donottrack.us/). For organic/real users the possible options are “Yes”, “No”, “Unspecified”;
The DNT http header has 2 values. "0" and "1".
https://zyan.scripts.mit.edu/blog/sniffly/
They're asking did your browser go
or did your browser do or even those are sorted in decreasing order of naturalness. Obviously #2 can happen if you got a link directing you to the product page, but it's still less natural. You would often expect to see the referrer be an email domain or similar.DNT wasn't proposed until 2009 (and implemented in 2010). So this would be normal (DNT header not sent) on older OS versions. So it's the same reason as the 32 bit OS on a 64 bit machine assuming people use IE coming with the installation (or downloading an old browser that is still usable in 32bit).
Are you implying newer browsers don't work with 32bit? Chrome and FireFox run as 32-bit and all IE versions still use a 32-bit renderer. These things are true on 64-bit and 32-bit machines, at least on Windows.
that said, perhaps they did not pubish all of the signals they found.
So, the OP has "7 Leading Fraud Indicators: From Fresh Cookies to Null Values".
Suppose for those 7 indicators, 4 of them have just two possible values and the other three have just 4 possible values or some such. Then for one connection to the server from a Web browser, the 7 signals have jointly just
possible values. That is, there are only n = 1,024 possible cases of signal data from a Web browser from a connection to the server. And apparently we have good data on each of the cases.Or, to be practical, if for some case we have no data at all, then we just assume that the reason is that the probability of that case is so low that we can ignore that case.
The central problem here is how to detect "fraudsters". For such detection, necessarily there are two ways to be wrong: (1) a false alarm when we say that a connection is from fraud when it is not and (2) a missed detection when we say that a connection is not from fraud when it is.
Our mission, and we have to accept it, is essentially to find ways of manipulating the large amount of relevant data so that (A) from the false alarm (1), we can specify the highest probability of a false alarm f we are willing to tolerate, (B) get that probability of a false alarm f in practice, and (C) from the missed detections in (2), for that probability of a false alarm f, get the lowest probability of a missed detection (2) we can.
Or, for the false alarms we are willing to tolerate, we want to manipulate the data to get all the detections we can.
So, for some notation:
P -- probability
n -- positive integer, number of different possible cases of data from connections, e.g., as above, n = 1,024
B -- event, connection is bad, fraud
G -- event, connection is good, not fraud
P(B) + P(G) = P(B OR G) = 1
C -- random variable, case of connection, i = 1, 2, ..., n.
So random variable C takes values in the set {1, 2, ..., n}.
p(i) = P(C = i)
b(i) = P(B | C = i) = P(B AND C = i)/P(C = i)
= P(B AND C = i)/p(i)
g(i) = P(G | C = i) = P(G AND C = i)/P(C = i)
= P(G AND C = i)/p(i)
B = U_i {B AND C = i}
P(B) = Sum_i P(B AND C = i)
= Sum_i p(i) P(B | C = i)
= Sum_i p(i) b(i)
P(G) = Sum_i p(i) g(i)
b(i) + g(i) = P(B | C = i) + P(G | C = i)
= P(B AND C = i)/P(C = i) + P(G AND C = i)/P(C = i)
= ( P(B AND C = i) + P(G AND C = i) )/P(C = i)
= P( (B AND C = i) OR (G AND C = i) )/P(C = i)
= P(C = i)/P(C = i) = 1
M -- event, a missed detection of a bad connection, fraud
D -- event, detection of a bad connection, fraud
F -- event, false alarm
Detection Rule:
Suppose for some set I a subset of {1, 2, ..., n} we raise an alarm of a detection of a bad connection, that is, fraud, when C in I.
With this detection rule, probability of a false alarm is
P(F) = Sum_{C in i} P(G AND C = i)
= Sum_{C in i} P(G | C = i) p(i)
= Sum_{C in i} g(i) p(i)
the probability of a detection is
P(D) = Sum_{i in I} P(B AND C = i)
= Sum_{i in I} P(B | C = i) p(i)
= Sum_{i in I} b(i) p(i)
and the probability of a missed detection is
P(M) = P(B AND C not in I)
= Sum_{j not in I} P(B AND C = j)
= Sum_{j not in I} P(B | C = j) p(j)
= Sum_j P(B | C = j) p(j)
- Sum_{i in I} p(B | C = i) p(i)
= Sum_j P(B | C = j) p(j) - P(D)
= Sum_j P(B AND C = j) - P(D)
= P(B) - P(D)
So, to minimize the probability of a missed detection P(M) we want to maximize the probability of a detection P(D). We guessed this intuitively.
To maximize the probability of a detection P(D), suppose we have sorted our data on the n cases so that the ratios b(i)/g(i) are in descending order, that is, so that
b(1)/g(1) >= b(2)/g(2) >= ... >= b(n)/g(n)
Suppose we pick k in {1, 2, ..., n} and let I = {1, 2, ..., k}.
Then for our detection rule with this k and I, the probability of a false alarm ...
Change
L = b(k)/g(l)
to
L = b(k)/g(k)