I'm kind of wondering how this will (or can) fit from a deployment set of concerns (cross-silos, compliance & audit, handling CDNs, etc.) into large-scale environments like eBay or Paypal and whether the fraud models are appropriate for most that do business online. As a crude example, I might care about fraud in blog spam from SEO blackhats, which is not the same as credit card fraud patterns but both translate into real dollar loss for some businesses. Granted, the founders are ex-Googlers so perhaps this was done yesterday, but the way they present themselves and with their current customer list they make it look like it's mostly for direct financial transaction based sites. I'm suspecting things are overly simplified but I find it pretty hard to believe that inserting some Javascript snippets into a page could actually help when fraudsters could eventually start bypassing that JS (see: web scrapers). The API docs seem awful naive in number of possible cases.
With that said, congratulations on the launch, I know this is not an easy problem to handle and I think you actually have fulfilled a major goal of ease-of-use for online fraud detection systems. The only comparable systems I've heard of are ridiculously expensive beasts of enterprise software or custom-grown for the company with incredible barriers to entry. Best of luck to you guys.
Most of our customers do use Sift Science for financial fraud, but because it's a machine learning system, you can train it to detect other types of bad behavior like spam. We have customers in production using us to detect spam, fake inventory, and duplicate accounts. If you have a use-case that doesn't quite seem to fit, let me know and we can figure out how to train our system to recognize that type of behavior: brandon@siftscience.com.
If a fraudster bypasses the JS, we still have REST events such as transactions (or any other custom event sent from the backend). Seeing a user who has REST events but no Javascript events is a suspicious signal in itself, so fraudsters can't circumvent the system by just turning off JS.
FWIW, we're on some pretty major sites that we can't announce, so we've gone through a bunch of compliance, audit, security, and other concerns already.
You're right on. In theory, you could train our system to recognize good behavior if you sent us enough $label events, but most of the patterns we have today are really optimized around detecting bad behavior.
Is it possible to run this stuff on certain purchases say like gift cards or would that reduce effectiveness of the software? If its looking for patterns in ordering, and i only feed in gift card purchases, it would have nothing to compare against. Reason I am asking, we have almost 0% fraud/charge back rate since you can only by our physical product via a subscription model.
While I'm currently evaluating and very excited about Sift Science, what are some of the competitors in this space? I'm only aware of CPA Detective Max Mind miniFraud.
The two biggest anti-fraud vendors are Accertify and ReD. You might also look at ThreatMetrix, 41st Parameter, and Iovation, who do primarily device identification.
We were lucky to find some early beta customers like Airbnb, Uber, and Listia, who were all looking for what we were building and willing to take a risk with a startup. In general, getting the first two or three customers is one of the hardest parts of building a B2B startup. Might make a good blog post one day!
Gotcha. I figured it was either a puzzle or an error (ie "I don't know what the contact email address for this job is yet, so I'll enter some gibberish...").
trxblazr, you have demonstrated poor judgement. Sift Science is trying to make a small attempt at filtering some of the inevitable spam that results from a public job posting. You spoiled it. Why? For what purpose? To show how smart you are?
Sift Science does not look like some arrogant company that has cooked up their own broken security system, and that deserves to be poked at this way. It is not a public service to defeat this quiz, a quiz that some people would have been happier solving on their own so as to have a fair shot at apply for the job.
With that said, congratulations on the launch, I know this is not an easy problem to handle and I think you actually have fulfilled a major goal of ease-of-use for online fraud detection systems. The only comparable systems I've heard of are ridiculously expensive beasts of enterprise software or custom-grown for the company with incredible barriers to entry. Best of luck to you guys.