By Max Wolke, Head of Strategy at Fraugster
In the 2002 film Minority Report, Tom Cruise’s character John Anderton works for the Washington Police Department in a division called Precrime. Basically, the story revolves around the idea of using precognition to prevent crimes before they happen. While the film itself is a work of science-fiction, over the past couple of decades, the real world has come closer to resembling this reality. Particularly, when it comes to risk management and fraud prevention. And just like in the film, there are certain moral questions that are raised about the ethics behind these real-life developments.
The New World of Criminal Detection and Fraud Prevention
Wherever someone is doing business, there will be someone trying to take advantage of them. This existed long before we went online, and it has only accelerated since then. And no matter what we do or what tools we create, we will never be able to stop someone from attempting to commit a crime.
But just because we cannot prevent the intent, it doesn’t mean that we cannot detect the attempt before it is successful. And one of the most innovative ways of protecting customers and businesses is through a new concept that uses behavioral analytics as a method of detection: Cognitive Fingerprinting.
Cognitive fingerprinting is about identifying specific behaviors and actions that signal intent and seeks to analyze these to determine risk. Just like when a person touches a surface with their finger, they leave a unique print behind that can be analyzed and recorded, Cognitive fingerprinting proposes that when a person interacts online, they leave behind a specific, identifiable pattern of how their mind processes the information.
How Cognitive Fingerprinting Works
In the past few years, there have been different approaches to online detection and authentication.
Firstly, online users were asked to provide a password that the real account holder would theoretically know. However, over time, criminals and fraudsters have found ways to easily manipulate these barriers.
This led to more of a biometric approach to authorization: using unalterable human characteristics, such as fingerprints, eye and voice recognition, as biological measurements for identification.
Cognitive fingerprinting as a concept goes even further, exploring how people behave, more so than who they are. The idea is that if we could theoretically track and record how a person acts online, then we could potentially isolate their specific patterns of behavior in order to identify them in a digital space. This has led to some exciting advancements in behavioral identifiers.
But with these new developments also comes the question of ethics. Like many breakthroughs in technology, it is important to be fully aware of the effect these advancements will have on individuals and society. Or to paraphrase a character from a different Spielberg film: it’s important to not get carried away with whether or not we could, but rather stop and think if we should.
With cognitive fingerprinting, there are some concerns surrounding online surveillance. Particularly if using behavioral identifiers encroaches on an individual’s right to privacy. Here are a few behavioral measurements that can now be potentially tracked and recorded:
- Typing patterns
- The speed of typing
- The impact on the keys
- Navigation patterns
- Finger movements on a touchscreen
- Mouse speed and movement
- Engagement patterns
- How we hold a phone – The tilt or angle
- How a person opens and closes apps
How far should we go to protect ourselves online? And where is the line that shouldn’t be crossed? These are some of the questions that have given rise against big tech over the past few years and imposed greater scrutiny on surveillance capitalism.
But how does cognitive fingerprinting work in the e-commerce arena? And is there a way to prevent fraud ethically?
Cognitive Fingerprinting in Fraud Prevention and Detection
Let’s take a practical look at behavioral analytics and cognitive fingerprinting and how they can be used positively in the world of online fraud prevention and management – How they can protect merchants and users while remaining unobtrusive and compliant with the privacy rights of customers.
While fraud detection may indeed be a social science, it is important that fraud prevention companies don’t extend their reach too much when it comes to cybersecurity. That is why it is best practice to use these new powerful tools in the study of the transactional event itself, rather than tracking the individual attempting the purchase.
Instead of recording subconscious biometrical and behavioral traits like how fast a person types on a keyboard or the way in which their finger glides across a trackpad, AI-powered fraud prevention can succeed by analyzing the basic information provided at the point of checkout. And it is through a process known as data enrichment, that artificial intelligence can play a key role in the ethical detection and management of risk.
Data Enrichment in Fraud Prevention
When an online purchase is attempted, basic transactional data is passed from the buyer to the merchant (or, rather to the risk management solution that the merchant works with). These 15-20 pieces of data can be as simple as an email address, credit card details, and IP address. What an AI can do is actually enrich this standard information with thousands of additional datapoints to get a better understanding of the validity of the purchase.
From the basic data provided by the customer, the AI will instantly look for any behavioral identifiers, connected to the transaction, that could be indicative of fraud:
- How many times has this credit card been used?
- What was the length of time between purchases?
- Have multiple email addresses used the same card?
- Has the IP address been flagged as suspicious in the past?
Thousands of these datapoints and connections will be analyzed and compared with historical patterns of fraud. The transaction can then be segmented into clusters relating to its risk profile. And, like a jigsaw puzzle coming together, piece-by-piece, a Risk Score is created, presenting a precise, probabilistic determination as to whether the transaction is good, or bad.
This Risk Score is the ultimate predictive assessment for a given transaction, created through evaluating the cognitive fingerprint that was formed from the act of data enrichment. A score based on the behavior and actions around the transaction, rather than on the person behind it.
While identifying a person by how they move a mouse could be powerful tools in the fight against fraud, we can never forget the techno-ethical obligations that come with this newfound level of surveillance. And we must always strive to strike a balance between innovation and intrusion.