Opinions expressed in this article are those of the sponsor.
Why machine learning means proactive loyalty fraud prevention
Loyalty programs are big business for companies and a key target for fraudsters. Don't just wait for a hacker's attack before acting.
Loyalty fraud is on the rise again and, while account takeovers seem to be the most common type of fraud reported, this type of theft is only the tip of the iceberg; program rules violation, unauthorized redemptions, privilege escalations, flawed integrations and data breaches are also on the rise.
To complicate matters, the increasing complexity of loyalty programs makes it even harder for companies to defend themselves against fraudsters.
A typical project for a loyalty platform implementation involves dozens of integrations with other systems, partners, point transfers, reversals, conversions and so on. The more complex the implementation, the higher the probability that there will be loopholes that can be exploited.
Believe it or not, the chances are good that there is a teenager out there who, at this very moment, is doing something to try to take advantage of open vulnerabilities that they found in your loyalty program. Statistically speaking, no matter what your reporting solution is, what kind of fraud rules you have in place, what type of security policy you have implemented — your program will become a target for fraudsters.
How to fight back? The only thing that can potentially give you the upper hand is an automated security system that doesn’t require explicit configuration; a system that automatically adapts to the data processed by your loyalty program — that can dig through enormous amounts of data to detect a few subtle patterns and correlations between billions of data points and parameters that are changing constantly. This system should also get better at detecting anomalies over time.
Machine learning strikes again!
Despite the enthusiastic buzz surrounding this subject, machine learning is by no means a magic wand that can make all threats disappear. It will never fully replace traditional fraud prevention and detection methods. Well-designed reporting and fraud rules, strong end-point security, policies, and procedures are and will always remain a must. But machine learning will take your company from being reactive to having a proactive fraud prevention process in place that detects anomalies before they can cause damage on both the program-wide and individual member levels.
Here’s a quick example. A gas station chain defined a fraud rule which would block a member’s account if more than five sale transactions were recorded in a day. The rule was meant to prevent cashiers from swiping their own loyalty cards whenever a paying customer was not enrolled in the program, and from accumulating points in violation of loyalty program rules. However, cashiers realized that car wash services were being processed by separate Point-of-Sale software and were treated as a different type of transaction. Soon enough, cashiers focused on the car wash clients, as those transactions were not covered by the configured limits and allowed for quick and easy points gains.
Another example. A security team configured an alert that activates whenever new member enrollments reach a specified level. The marketing team created a new sign-up promo that successfully brought in a significant influx of new members. Those two teams rarely interact with each other and did not think to discuss the promotion and its potential consequences on the system. Therefore, when the security team started receiving the unusual number of alerts, they assumed a mass enrollment fraud attempt and decided to shut down the entire platform. It took them an hour or two to verify that all the new member accounts were legitimate.
These are two are real-life examples of loyalty programs that have millions of active members. What makes them similar is that although the traditional fraud prevention measures in place were based on the right assumptions, there are always some scenarios in which those assumptions won’t be enough to meet all of the program’s needs.
Benefits for loyalty programs
The benefit of machine learning modeling is that it requires just one simple assumption — that the vast majority of staff and members mean no harm to the program; members obey the rules and enjoy the program as it was initially designed. Using their data, machine learning models can “learn” the typical behaviors and extract patterns and relationships between millions of data points, whether they are transactions, points, values, or activity patterns. These may, of course, change over time, and machine learning will adjust to changes in configuration.
What is also impressive about this approach (which some AI-nerds call “unsupervised machine learning”) is that it doesn’t need any explicit definitions of what is a normal type of behavior and what is not. It will adapt itself to the volumes of data it receives as the input and return any anomalies as soon as it “decides” that they are worth triggering a warning. This way, it is possible to proactively prevent fraudulent activities that have not been seen in the past and, finally, to be one step ahead of the fraudsters.
The missing piece
Although machine learning is not a universal solution to all loyalty program issues and challenges, it can be THAT missing piece of the puzzle when it comes to the security of loyalty program configuration. Together with traditional fraud countermeasures, it enables a genuinely proactive loyalty fraud prevention method that is ready to meet the challenges of the ever-changing landscape of modern information systems.
Other success stories from Comarch about the management of loyalty programs can be found here.