Monday, April 27, 2009

Who are these guys?

The investigators were baffled. After 3 hours of investigation, they still haven't made any progress in understanding who should they be looking for as the prime suspect for the assault case. The problem? No, not a mismatching DNA sample. Not a picture that's not on the immediate suspects list. Not even scarcity of able people willing to crate a drawing based on the description from the victim. The problem, suprizingly, was that the victim would not let out any revealing detail about their assailant: gender? against the sexual harrassment act. Skin color? Dude, we're against any type of discrimination. Religion? get out of here. Lucky for the investigators, the guy (oops) was of average height. At least that went through.

Imaginary? Indeed. Possible? Of course. I once spent 15 minutes listening to a friend of a friend describing a very similar case, until I was able to understand what the person's profile was. Because in social interactions PC sometimes deters us from using specific observations. Makes sense. In the world of Risk management, however, such a starting point can be the blow of death to your ability to understand what exactly is attacking your system, and stop it.

Profiling is the name of the game, and some of us are not playing it, and are wrong at doing so. Because fraudsters lie every time they need to. They lie about their identity, they hide their connection, they use other people's details and they will come back to demand the service you are not giving them and might end up convincing you. But what's their motivation? Is a WFH scammer the same as a 419 fraudster or a WOW gold trader, or for that matter - a cusotmer that maliciously reports not receiving an item they have in fact received? Of course not. They have different starting points, different sets of tools and conceptions, they might even be from completely different regions of the world (quick hint: they are). And that renders behavioral attributes that either are not reflected in your analysis (beacuse the fraudster's age and favorite social network do not reflect in the account time-on-file or time before a Chargeback comes in).

When not profiling, you are bound to looking at losses as they appear, and then reverse engineer them using business dimensions to try and understand what going on. You might discover that your UK market for new intangible item transactions is high on chrageback rates. Is this a bad finding? Absolutely not, data driven analysis HAS to be the first step of any research - because segmenting the world is the first step toward prioritizing work and creating a souns results-related risk policy. But whan you don't ask yourself "why is this happening" and "who are these users causing losses" and even "what's their story?", you are missing on three big things:
  1. the ability to further segment the world based on how bad user behaviors look in your system, and differentiate malicious intent from system errors (classification errors and others) and mistakes (the human factor - flakes, friendly fraud and others)
  2. the ability to identify the good guys, and provide them with better treatement, even when they resemble bad guys in business segmentation
  3. the chance of foresight - understanding where the bad guys might go next

Behavior based analytics isn't the sole answer to all BI problems. On the contrary - without a proper data driven segmentation, experts' intuition is both invalidated (and though usually is useful, is risky when it's the only thing you're using for long term planning) and will take a lot more time to create (since prioritizing where to look first is the proper use of your Oracles). But it is the single most important frame of thought your risk management team is probably not using - and whether this is happening because of PC, lack of domain expertise of just disinterest, you cannot let it pass you by.

No comments: