How to Think About Your Fraud Strategy and Avoid the Gambling Grifters
For many years I played blackjack professionally. In that time, countless amateur players would provide advice on how to play, attributing their expertise to a "system" they developed. I respected the ones who were at the table employing their system (even though they always ended up going broke). The true grifters were the ones who' would stand behind you at the table, providing advice while risking nothing themselves.
In the online fraud prevention world, there are two types of vendors. There are the “guarantees” vendors, who offer a guaranteed level of performance and reimburse you when a chargeback is received. And there are the “best efforts” vendors, who simply provide advice with no financial reimbursement. The best-efforts vendors are the amateurs standing behind the table. They lack the confidence in their system to sit at the table themselves (or they already tried their hand and went broke). You should consider their advice accordingly. Drawing from my experience at the blackjack table, and more importantly from my 11 years running R&D at a pioneering guarantees vendor, let me provide some tips below on how to think about your fraud strategy and avoid the grifters.
Don’t Gamble Unless You’re Certain of Your Edge
When most people ask me for tips on playing blackjack, I simply say, “Don’t play.” If you must play, do it for the entertainment value and the free drinks. Don’t do it as a money-making enterprise. It takes time and dedication to learn and implement a profitable system. When I was playing blackjack, it was a full-time job to get a reliable mathematical edge. Most people have better things to do.
In the same way, when someone working in e-commerce asks me if they should select a best-efforts, low-budget fraud vendor vs. a guaranteed solution, I ask them if they want certainty or if they want to be entertained.
Think of it this way: if you’re responsible for managing fraud at your organization, there are essentially two pitches you can make to your chief financial officer:
- I would like to buy a product that will make our fraud costs absolutely predictable. We’ll be charged a fraction of our revenue, the same way we’re charged for payment processing. It's more expensive, but it will never deviate from that price.
- Chasing fraudsters is entertaining to me. I like the thrill of it and think we should build in-house. We’ll save a small amount, but we will be exposed to fraud attacks which will make our costs wildly unpredictable.
Most CFOs I know will smartly take the sure bet. Otherwise, you’re “picking up pennies in front of a steamroller,” as they say on Wall Street; the potential to make a little, with the potential to lose a lot.
Don’t Take Advice From Someone Who Has No Skin in the Game
There are many blackjack strategy books. At the top of my list was one called, "Beyond Counting." The difference between "Beyond Counting" and many others was that it was written by a practitioner, James Grosjean. He made his living employing the strategies in his book; he wasn’t just an author. He was at the table. You’ve got to demonstrate to me that you believe your system works before I’m going to trust it.
I feel the same way about artificial intelligence vendors that only have (or lead with) a best-efforts product. They just don’t trust their system. They prefer selling a best-efforts product because that’s a high-margin, less-risky product. After all, the customer retains all the risk! There are a few companies that offer both options, guarantees and best efforts, including my own, but I only trust the ones that lead with a guarantees product. Those are the ones that trust their products and are willing to put skin in the game. Pushing your highest margin product to a customer just because it’s your highest margin product, not necessarily what’s right for the customer, isn’t an honest sales practice.
The Law of Large Numbers Only Works if You Can Keep Playing
The law of large numbers states in a nutshell that if a particular bet has an expected value, then the more times you make that bet the more your overall performance converges to the expected value. In blackjack, that means if you have an edge, you'll eventually win if you can keep playing hands. So you need to stay solvent — i.e., you need to size your bet to your bankroll and, more importantly, you can’t get kicked out of the casino. If you go insolvent or you get kicked out, you can’t play any more hands, which means the law of large numbers can’t do its magic.
Guarantees vendors leverage the law of large numbers to great effect. They know that machine learning models work over their entire portfolio of business. There may be fluctuations with particular merchants as they experience a fraud attack, but overall, they stay solvent.
The equivalent of getting “kicked out of the casino” in fraud is when a merchant churns as a customer, most likely when they’re subject to huge costs due to a fraud attack. Best-efforts providers will provide an approval rate service-level agreement (SLA) and then never do better than that promised baseline. They don’t want to expose the merchant to losses and risk getting kicked out of the casino. Guarantees vendors, on the other hand, view the approval rate SLA as the minimum acceptable performance. With the knowledge that they protect their merchants against all financial risk and therefore won't churn due to an attack, they continuously run experiments to increase approval rates over the SLA. That’s what’s required to bring down false positive rates.
Focus on What You’re Good At
As a professional blackjack player, you normally operate as a team. One teammate operates as the counter or spotter keeping track of the cards. Another teammate is fed information by the counter, and they bet the money, which is why they’re called the “Big Player.” You have this separation of responsibilities because the skills are very different. The counter needs to keep focus and maintain a low profile. The Big Player, on the other hand, wants to draw attention and appear like your average unskilled high roller. Combining the roles isn’t advisable.
As a merchant, you sell products. You want to build your entire team to be obsessed with delivering a good customer experience. It should be ingrained in your culture. It creates unnecessary tension if you’re also telling your customer service associates, “but you should be skeptical of some customers.” It’s much better to hire a guarantees provider that will have you protected, and then focus your team on providing the best customer service possible.
Of course, this separation of responsibilities is exactly how the more developed “card present” world works. If you’re a brick-and-mortar retailer and you sell something to a fraudster, you’re protected. Fraud detection is done by the card-issuing bank, and they also accept liability. We believe fraud liability coverage should just be built into the card-not-present system as well. That’s the promise guarantees vendors deliver on.
All of which should leave you asking yourself one question: If a fraud protection vendor doesn’t want a seat at the table, why even consider playing with them?
Michael Liberty is the co-founder and chief product officer of Signifyd, an e-commerce fraud protection platform.
