PayPal employees in Tel Aviv, mostly veterans
of the army intelligence corps, team up with algorithms to decide whether your
transaction should go through.
A few years
ago, an American living in Indiana opened an account with PayPal, the U.S. Company for making payments
and money transfers online. A few months later, funds were drawn from the
account — from Iraq, and the delivery address for the goods ordered was in
Germany.
So
was the account hacked?
Or maybe it was simply an American soldier scheduled for transfer to Germany.
This fictional case illustrates real issues that PayPal has to sift through.
The company’s battle against fraud is led by a team of 100 Israelis, mostly
veterans of the Israel Defense Forces’ intelligence corps who work at the
firm’s Tel Aviv development center.
“Fraud is a
significant threat; there are countries in which PayPal handles more than 20%
of online commerce,” says Tomer Barel, who five months ago was appointed
director of risk management for PayPal worldwide. He previously headed the Tel
Aviv development center since 2009.
“As a result,
PayPal is a major target for fraud," Barel says. "We have almost 150
million users, so theoretically this involves a huge number of people who could
become theft victims. Every day, 10 million transactions are conducted on
PayPal, and the company’s loss rate is 0.2% of sales, most of which stems from
fraud.”
Barel and the
Israeli development center have the fascinating job of making Internet
purchases simple and secure without invading users’ privacy. The increasing use
of the Internet on mobile phones, the development of virtual currencies such as
Bit coin and the growing online criminality are just some of the challenges.
Kingpins recruit hackers
Organized
crime has changed drastically over the past decade, Barel says. In the past,
criminals would go from restaurant to restaurant demanding protection money,
not to mention the occasional beating or shooting. Now organized crime can
recruit people around the world; all the recruit needs is skill, an Internet
connection and the ability to convince him that what he’s doing is acceptable.
“We get into
the hackers’ [online] forums and see a lot of rationalization there. The
hackers view people who use violence as criminals,” Barel says.
“Organized
crime recruits a lot of smart and talented people who tell themselves they’re
not really stealing from individuals because [consumers] are protected and get
their stolen money back. And everything is done without violence; there’s no
contact. The victim is faceless, so there’s no compassion.”
It’s a model
involving a minimum of friction between the criminal and the victim, Barel
notes.
“Someone’s
sitting in China, Britain or Moldova and tells himself: ‘I’m stealing from
multinational corporations, those rich bad people. I’m a kind of Robin Hood,’”
he says.
“But that
money flows to organized-crime groups and funds their other activities, some of
which are violent. The ability of a group to be scattered all over the world
and not directly confront its victims contributes to its success.”
The Israeli
team has the expertise to take data from a transaction and make an immediate
decision, Barel says. The idea is to prevent fraud while limiting the
inconvenience to good customers whose transactions might be a bit out of the
ordinary.
A fraction of a second
Most of the
time, the process is carried out automatically. The job of PayPal’s Israel
center is to flag use of a PayPal account by someone other than the account
holder. There are standard tools to do this, such as a user’s IP address — the
number assigned to a particular computer — but there are less obvious ways.
“Activity on
a computer produces a number of electronic signatures; the trick is to identify
them and make links among them,” Barel says.
Whether the
task is an art or a science, there isn’t much time to do it.
“We need to
identify attempted fraud in real time, and that’s a matter of a fraction of a
second,” Barel says. “I need to identify that a stranger is using your account.
You’re not going to wait in front of your computer or mobile device for five
minutes for the system to approve the transaction.”
The Israeli
team also has to analyze sophisticated cases that a computer can’t recognize as
fraudulent. This involves research and intelligence gathering; graduates of the
Israel Defense Forces’ technology units are natural candidates.
“It’s a
cat-and-mouse game. Fraudsters adapt to the model that you put in place, so we
came to the conclusion that the human dimension is critical,” Barel says.
“In our
research groups in Israel, there’s a large team of analysts who look at huge
volumes of data, identify patterns and help the algorithm make a decision.
People are still more powerful than machines in trying to foresee and identify
human behavior.”
No comments:
Post a Comment