How we protect reviews, purchases and travel from fraudsters

    Arkady is a successful startup. He read all the books on personal efficiency, opens new promising businesses every month and is pleased with himself, but every time something goes wrong.

    First, evil schoolchildren run into him to deliver luxury shoes, then from somewhere devastating reviews about his iPhone store with TV antennas are taken, then he opens an online casino, but people are in no hurry to carry money there and are limited to a free deposit.

    I stole this illustration from the designers when they turned away.

    At the end of the bonus card in Pyaterochka, someone writes off 364 points accumulated over the last year on kefir and goji berries, and Arkady boils. He goes to the Internet with the question of how other guys act in such situations.

    This post is about the antifraud machine Yandex.Cash. Under the cut there are some scenarios in which she protects, and a story about a new API for stores, which will greatly complicate the work of fraudsters.

    A warning

    All the examples from the post are the subject of the collective fiction of the authors and can happen to everyone, the gender and the names of people were chosen randomly, all references to pop culture were made intentionally, and yes, you caught them correctly.

    And do not engage in fraud, for it is punished under the Criminal Code.

    How does the anti-fraud work?

    We already had an article about the anti  - fraud - there we told how everything works. Machine search for anomalies has been turned on for a year by default for all transactions through Yandex.Cash.

    Now we rolled out the antifraud-as-a-service - custom API, which our partners connect to sites and applications. If additional authentication is required, the API simplifies it for the legitimate user, and for the fraudster it makes it almost impossible.

    Scammers are cut off at three levels:

    1. At first, the rules of rough estimation work: yes / no, you can / cannot, filters by black or white lists. Everything that is cut off at this stage is transmitted to the ML component to saturate the repository of historical data and self-study models;
    2. Filter by the rules - there are a lot of them, they are different, and I definitely can’t write about them in this article;
    3. When the fraud machine doubts which decision to make, the event is sent to the third level, where machine learning models are launched, which complement the filters according to the rules. Some types of events always go to run on ML-models to derive additional rules of the second level.

    The scheme is complicated, but the idea is simple. The merchant gives the API a set of data about the transaction, user authorization, or the feedback left, we all do this cleverly in the anti-fraud machine and issue a verdict whether there are fraudsters or not. What to do next - at the discretion of the store. Another plus: it becomes easier for the “good” user to buy, and the attackers and fraudsters should suffer.

    How to buy without anti-fraud:

    1. Choose a product, put in the basket;
    2. Enter the password to enter the wallet;
    3. Enter the payment password to confirm the payment;
    4. If payment by card - enter a one-time password for 3D Secure.

    Total - three passwords in a couple of minutes. It's a lot. And sometimes it is bad with the Internet or text messages do not immediately reach. With fraud protection enabled, you just need to log in to your wallet and pay without entering a pile of passwords if the system “recognized”.

    The green line on the chart is when the antifraud machine decided that everything is in order and you can not send any SMS for confirmation. According to the schedule it is about 30% of cases - a significant saving on SMS is obtained.

    It may, however, not to know - depends on how much the store owners are willing to take risks. Any security system has two extremes - the most “twisted” rules and the complete elimination of fraud, or a complete disposal of security measures. In the first case, many normal customers suffer, and in the second, the business is open to attacks. The guys from Yandex.Cash are looking for a balance between security and conversion: they analyze the operations, complete the rules and take into account the wishes of the client, received through the manager.

    Let us return to Arkady and see how we can help the merchants, around whom there are especially many scammers. These are classic online stores with all sorts of things, game services - roulettes, online casinos and that's it, and another travel segment.

    Printer factory

    Arkady is friends with the director of a printer factory, who sometimes tells stories about coffee. The factory is not greedy and sells printers for nothing if they buy paper and toner from them every month. Office guys want an almost free printer, but don't want to pay in advance.

    Here the antifraud can help determine whether someone Sergei is solvent, who urgently needs a printer to print a desktop. Sergey also usually pays on the Internet with a card - it is more convenient for him. If the internal Yandex.Cash systems in the PCI DSS perimeter once met this card, its holder is exactly Sergey, who regularly buys something, then everything is fine - the API will return a good verdict, and the factory will ship the printer to Sergey.

    If we do not know anything about this card — too old or, on the contrary, only released — we can offer the printer factory to take an advance payment for the first year of paper and toner. If other antifraud triggers show that the user has no money, the merchant makes a decision himself, depending on the business processes and relations with this user. For example, conducts additional checks or requests prepayment for the year.

    Merchants themselves decide at what stage to check the user. If he can cause damage to the company when he first appears in the service (for example, receiving a free taxi ride after registration), the assessment is carried out when he creates an account or opens an application.

    Labuteni in Kupchino

    After the collapse of the business of selling black masks on instagram, Arkady opened the delivery of labutenes. The case is profitable, the shoes are sold - and here comes the order for delivery to the private sector in Kupchino. The client does not want to make a prepayment, communicates with formal replies and in general some kind of incomprehensible. The question arises - is it worth taking something there, and who is lucky? Today, another 15 normal orders, and the courier is needed alive.

    In such situations, we tell the merchant whether a particular user is paying, what chances that this is not a fraudster, and much more. At the same time, we do not interfere in the partner’s business processes - it transfers data that is already stored in the database or collected during operation. Our analysts help to understand what is useful for determining fraudsters, and what data is not needed.

    After all discussions and settings, the partner will receive one API handle, which is configured as much as possible for him. That is, you can connect the anti-fraud to the site, mobile application and anything else from where you can send an HTTP request. For obvious reasons, we cannot show what requests look like - become partners, and there we will show everything.

    Sit down, pyaterochka

    If somewhere there is an unprotected account with money, it will be hacked. Therefore, many where on the Internet sell bonus cards of large retail chains with a balance of several thousand rubles for the sum of three or four times less. These are real accounts in loyalty programs, which owners overlooked. Arkady was also caught, and now someone else will spend his honestly earned bonuses.

    Here the antifraud API helps with analyzing the user at the time of authentication. As a rule, a person visits sites and pays for services from a specific set of devices - a computer, tablet or smartphone. If we understand that Arkady usually checks bonuses from a Lenovo laptop or a LG Android-smartphone from Moscow region, and now he is trying to log in via VPN from Uruguay from a MacBook, then most likely something went wrong.

    In Yandex.Money, you can tell about the upcoming trips so that the antifraud machine will not suspect you.

    At a minimum, if a user leaves for Uruguay, he is unlikely to have an interest balance in the Pyaterochka loyalty program.

    Fake reviews

    Once Arkady opened an iPhone store with a television antenna on the fifth Android, connected to Yandex.Market, but quickly picked up negative reviews. Arkady blames the competitors - they say, they put on dislikes and put “units” on them. Of course, Arkady, the army of bots is to blame, and the Chinese iPhones have nothing to do with it. One way or another, the army comes, puts a thousand “fives” on the store and disappears.

    Or like this - Arkady's favorite team lost in the Champions League final, and he decided to write a devastating commentary about the referees, video replays and terrible footballers. He went to a sports site and could not write anything. By that time, the site had already suffered for a month from slyly crafted spam comments, which also had pluses on it. Therefore, the comments were closed, and the anger of our hero remained unsaid.

    The antifraud of Cashier can automatically analyze reviews and understand that they are written from one device, from one network and one person. It works like this: the user presses the “Send Feedback” button, the one is saved in the database, and the user data is sent to the API for analysis. If there are no signs of fraud, a review is published, any suspicion is placed on a manual moderation, and if the anti-fraud gives a negative verdict, the review is rejected.

    So you can sell the trolley, but why?

    At some point in his successful business youth, Arkady, at an exorbitant price, was selling toys from Chinese online stores. Data on orders immediately went to the package, and it was all good. Exactly until the time when this toy store in its video mentioned Maxim, a three-year video blogger, he ordered a great trolleybus there and wanted to share his happiness with everyone.

    Young children clicked on the link in the description and left thousands of orders with the name "forging" or random numbers instead of the phone, in general - a catastrophe. Naturally, the picking department was not ready to handle such a stream of “orders”. A few days later, the wave passes, but the store manages to lose a couple of large orders for the supply of trolleybuses from state institutions.

    In such cases, the antifraud will also help - you can send an order flow to the API so that the ML system automatically filters fake or flag questionable orders for delivery to Tver from a user from Vladivostok. What to do next - the merchant decides, for example, to call back and clarify whether everything is as specified.

    If the order is in order and the partner gives us the data at the time of payment, we can see that a compromised bank card is involved in one of the orders - for example, a chargeback has arrived on it or anomalous activity has been noticed. If such a card is attempted to be paid by our other partners, the antifraud will also warn you so that no foolish situations happen.

    The machine gave the line

    Arkady is a successful person, and all the money is invested in a business. Therefore, he has to watch TV shows on the Internet on free sites. Once, while inspecting the next series of “The Big Bang Theory”, he learned that you can make money on the Internet almost without investments, and decided to open your own online casino.

    No sooner said than done. To attract users, Arkady decided to give at the start a beautiful amount of 666 rubles, and also bought an advertisement from a popular blogger. Life has improved, but Arkady did not take into account one moment - users register, spend free money, and then start a new account, and everything repeats. Nobody brings money.

    If Arkady had connected the anti-fraud API, he would have known that he can also do profiling. If accounts are opened from the same device, with similar mails (alex_darkstalker1, alexdarkstalker2 ... alexdarkstalker98) or a number of parameters coincide, we give the merchant a signal that you should pay attention to accounting. For example, to limit the issuance of bonuses or not to issue them at all.

    Our hero also has a classmate Petya, who is so imbued with the idea of ​​making money in a casino that he spent all his money and sold the sofa. After a forced divorce from his wife, Petya changed his mind - he wrote Arkady and asked himself to temporarily block so that he would not play. Petya is progressive, communicates with other players from Europe and knows that this is possible. This is called a “self-excluded player.”

    In terms of effectiveness, it’s like trying to quit smoking by locking cigarettes in a cupboard with dishes. Therefore, after some time, Petya found ways to circumvent the ban: he started a new mail and found friends with documents that were not opposed to creating an account in his name. But the computer remained the same - therefore at this moment the anti-fraud could have sounded the alarm and informed the support service that something was unclean.

    # heal to Thailand

    Arkady had long wanted to go to Thailand - he saved up money, bought tickets and, with joy, put a photo on Instagram with the hashtag # lechevtajland. There the scammers found the photo, spied on the code from the ticket and drove it into the service that gives bonuses for it. And along the way, they re-registered Arcadia for the flight to Surgut.

    Antifraud works well in such cases - we have an engine for analyzing the legitimacy of the data. If Vasily works in an agency that arranges business trips for foreign delegations, he can get information about their flights - by buying tickets for everyone or simply by peeping at the data in the database. And if a delegation from Colombia flew to Moscow for the World Cup, then there will be a lot of miles for their flights. Basil can use them to buy something, upgrade his class of service, or do much more.


    1. Follow the children on the Internet;
    2. Set complex passwords;
    3. Do not post pictures of tickets;
    4. And in principle, personal data;
    5. If you are already accepting payments through Yandex.Kassa and the scammers wear you out, use the custom antifraud .

    And Arkady is doing well. He leads motivational business training and talks about his difficult path to those to whom all these mistakes are only coming.

    That's all. Ask questions in the comments - we are here and ready to answer.

    Also popular now: