An unsolved problem
Over the past decade, we have seen an explosion in online transactions, further accelerated during the pandemic. Today, many of us expect to handle many of the most consequential actions of our lives – applying for a home loan, buying insurance, or completing major purchases – online, instantaneously, and securely.
This sharp increase in online transactions has resulted in a dramatic increase in risks of all manner — fraud risk, credit risk, insurance risk, and so on. Most companies’ investments in fraud and risk protection haven't kept pace with the proliferation of online transactions. And it’s not that these costs aren’t substantial – credit and fraud risk now costs companies more than $48 billion and consumers $8.8 billion annually.
I saw this trend unfold in real-time as a co-founder of Confluent and co-creator of Apache Kafka. I witnessed a large variety of interesting applications built using event streaming data, and one of the fastest growing and most meaningful ones is real-time online fraud detection and risk decisioning.
Helping our users build a fraud and risk detection system was challenging. Several distributed systems had to be pieced together to find and flag online fraud: Apache Kafka, a streaming SQL layer, a graph database, a log search system, a Machine Learning (ML) pipeline, and a data warehouse. And that still wasn't sufficient.
Deploying new fraud and risk decisioning models was a highly manual process – one that took engineers away from working on new products and services. And, in talking with hundreds of fraud and risk leaders since I stepped back from Confluent in 2020, I found that our challenges were not unique. Many organizations face similar challenges: providing autonomy to risk operations teams; ensuring access to the most relevant data at the appropriate time; and developing highly effective (ML) models.
The complexity of the solution for such a critical problem intrigued me.
And I wasn’t alone in wanting to build new solutions. While leading the engineering teams behind Meta’s private cloud and various distributed data systems, my co-founder Sachin observed similar challenges with Meta’s risk decisioning systems.
We were at two companies with some of the world’s top engineering talent, yet both of us were confounded by how cumbersome and, frankly, ineffective the prevailing risk decisioning technology was.
It reminded me of the early days of LinkedIn, where the proliferation of brittle data pipelines meant spending precious engineering resources on manually creating and maintaining critical data infrastructure. We needed a central, real-time data platform that could route data in real-time from any source to any destination. We created Apache Kafka to solve the problem – building a highly-scalable event streaming platform that could drastically reduce the complexity of the resulting data infrastructure. It quickly became the core foundation of all of LinkedIn’s—and more than 70% of the Fortune 500 companies’—data.
Convinced that fraud and risk decisioning technology requires an overhaul, Sachin and I have been working under the radar for the past two years to build a company to address this problem. We’ve quietly brought in dozens of engineers with decades of experience from Facebook, Google, Uber, and Confluent who have deep expertise in building highly scalable AI driven data systems. At Oscilar, we’re creating that new foundation for fraud and risk management through an approach we call AI Risk Decisioning.
Existing approaches have significant drawbacks
1. Inability to access the right data at the right time
The accuracy and effectiveness of any risk decisioning system centers on the ability to use the right data at the right time. An average risk assessment for a credit card transaction will take into account a user's search history, user profile data, chargeback history, and other signals. Ingesting and aggregating this data is challenging because it is federated across several internal databases, the data warehouse, and a myriad of third-party data sources that must be consulted to get a holistic view of a user's risk. Existing fraud and risk tools (as well as home-grown systems) are built to merely execute rules, leaving them incapable of assembling the data, which means it falls on the business team to manually assemble the right data. Furthermore, the team that creates the ML models—data scientists—and the team that creates rules—fraud and risk analysts and operations—often do not share the same data for training ML models and running rules. This is a fundamental problem because in the absence of a centralized platform that integrates data, it’s impossible to train ML models and run rules without engineering support to manually create custom data pipelines for every new signal to combat fast evolving fraud and risk patterns. This clunky process often takes weeks, significantly driving up costs; and in the process, creating gaps in fraud mitigation.
What businesses need is a holistic platform that automates the data pipelines – integrating data federated across disparate data sources, transforming it into the right form, and making it available to rules and ML models used for decisioning.
2. Static supervised or unsupervised black-box ML models that don’t learn new patterns quickly
The fraud and risk tools that do use AI primarily follow either a purely supervised or a purely unsupervised ML approach. The ones that employ a purely supervised ML approach require months of comprehensive data on past fraud and risk incidents—known as labels—to train their ML models. That means that the ML models are not updated quickly enough to be effective. Manually updating ML models after waiting for months to receive labeled data increases the time it takes to respond to new fraud and risk patterns (and, yes, drives up the overhead for the business). It can take up to three months to gather sufficient credit card chargeback data to make a quality risk decision.
Fraud and risk tools that employ a purely unsupervised ML approach often rely on black-box risk scores (e.g. checking the user’s IP and device risk) gathered from publicly-available datasets or anonymized risk signals from their customer network, without tailoring the ML model to the customer’s unique dataset and user behavior. This approach increases user friction due to a higher number of false positives. These tools use opaque risk scoring systems, which restrict the accuracy of the business’s risk models that rely on these scores. These systems also limit the ability to customize ML models to meet a business's unique risk requirements.
3. Siloed decisioning across the user journey
The prevailing use of fraud and risk tools is fundamentally siloed across various stages of the user journey. For instance, the fraud tool that detects account takeovers does not talk to the tool that detects payment fraud. The tool that makes lending decisions does not take into account the risk assessment made during the user's login and activity history.
This “split brain” in risk decisioning across the user journey reduces the overall accuracy of every decision made while assessing the risk of each transaction.
4. Absence of a 360-degree view
Existing tools rely purely on data from the current transaction to evaluate the risk of the transaction, such as the IP and device data. However, the transaction provides only a partial view of the transaction’s risk profile. What’s needed is a deep understanding of the user’s past and present behavior, and making it available in real-time. Accurate evaluation of the risk of each transaction requires use of a comprehensive dataset: data from the user’s 360-degree view, behavior of related users, and data from the transaction itself. Although assessing the risk of account takeover (ATO) is useful in evaluating the risk of credit card transactions, current tools are limited in their inability to use a user's login history as an ATO risk signal for subsequent transactions.
5. Longer mean time to mitigation
Relying on engineering to manually create data pipelines, waiting for large labeled datasets to retrain ML models, and the absence of a 360 degree view of the user slows down fraud and risk teams, thereby increasing the mean time to mitigate a new fraud or risk pattern.
Another significant cause of delay is that the analytics tool used to discover new signals is often distinct from the decisioning tool. As a result, they do not share the same data. Integrating the new signal identified by the analytics tool into the decisioning tool requires significant manual effort.
For example, it is very challenging to aggregate data about the user’s search history to differentiate between the search behavior of a legitimate user versus a fraudulent one. The core problem is the absence of a centralized platform to search through user activity logs, slice and dice data, visualize patterns, and use the newly discovered signals to train ML models and run rules.
6. Increased false positives and user friction
Absence of applying the right datasets, coupled with the use of stale black-box ML models dramatically reduces the accuracy of a decision and leads to an increase in false positives, which introduces friction in the experience of good users. The balance between combating fraud effectively and friction in the user experience is a core problem underpinning fraud and risk operations.
AI Risk Decisioning: A new category for fraud, credit and risk management
A thorough analysis of the limitations of existing technologies led us to create Oscilar and build the technology that addresses these limitations head on.
Here’s how we do it:
1. A unique semi-supervised Machine Learning approach
We have developed a unique AI technology that requires much less data about past fraud incidents—labels—from customers to train ML models due to an advanced semi-supervised ML approach. We also integrate aggregated anonymous risk signals from across our network of customers into our ML models. The end result is a much more sophisticated, quicker, and accurate fraud assessment that requires less engineering investment from our customers. As an example, unlike competitive tools that need to wait for months of chargeback data to retrain their credit card fraud ML models, Oscilar uses dramatically less labeled chargeback data to train and improve our credit card fraud ML models. For instance, Oscilar integrates aggregated anonymized risk signals such as IP and device history into the same semi-supervised chargeback model, thereby increasing the accuracy of the credit card fraud assessment.
2. Continuous retraining of Machine Learning models
Our ML models are continuously trained and tested. This process is fast since we have automated the feedback loop that updates our models. As a result, they automatically get smarter over time. Our competitors, however, use static ML models that don’t learn new risk patterns quickly.
3. A real-time 360-degree view of the user available at all times
Unlike other tools, Oscilar is able to build a complete picture by pulling past and present information together into one place. We have fully automated the process of building a real-time 360-degree view of the user’s behavior. In contrast, other vendors narrowly evaluate the risk of a transaction without knowing the historical behavior—and hence risk—of the user themselves. In our example, Oscilar can evaluate a user’s search history to differentiate between a good user, who browses through the product catalog before making the purchase, and a fraudulent user who quickly makes a new purchase.
4. Risk assessment across the entire user journey, not a point-in-time evaluation
The online fraud and risk detection market is flooded with specialized tools that tackle some aspects of online risk: identity risk, email risk, device risk, payment fraud risk, and so on. However, you can't fully assess the risk of a transaction using just one tool since it likely doesn’t have comprehensive data coverage.
AI Risk Decisioning provides a best-in-class approach. Unlike existing tools, Oscilar performs risk assessment across the entire customer journey; leveraging third-party data integrated from point solutions and marrying that with first party database data and the real-time 360-degree view of the user. For instance, if an account takeover risk score at the time of logging into the account was high, it should be factored into the risk score of the credit card transaction.
5. No-code automation for the entire risk decisioning journey
We have designed an end-to-end no-code product experience. This offers complete autonomy to risk operations teams–the subject matter experts–without depending on expensive engineering resources to intervene and provide technical support. Risk operations teams can create new risk models, test them, monitor and deploy the models. All within minutes, without writing any code and with full autonomy. For example, integrating a new risk signal (like the user’s recent search history prior to a purchase) might take the engineering team a week or more to assemble the relevant data set. Oscilar enables the same thing in a few minutes without any help from engineering.
The many use cases of AI Risk Decisioning
Since beginning to offer our tools to customers in 2021, we have been overwhelmed by the positive feedback and see a huge opportunity to deploy it across industries: financial services, insurance, healthcare, and more. That’s because AI Risk Decisioning revolutionizes the approach to risk assessment, offering unmatched benefits:
AI Risk Decisioning for fraud detection
AI Risk Decisioning dramatically improves the accuracy and speed of fraud detection and prevention. By analyzing data collected from user activity, AI Risk Decisioning platforms can quickly identify suspicious behavior and alert organizations about potential fraudulent activity.
AI Risk Decisioning for credit underwriting
AI Risk Decisioning also plays a significant role in credit underwriting. By leveraging AI Risk Decisioning technology, lenders can quickly and accurately assess the risk of lending to a prospective borrower. AI Risk Decisioning technology provides lenders with deep insights into a borrower's credit and cash flow history, allowing them to make informed decisions about issuing credit and setting loan terms.
AI Risk Decisioning for insurance underwriting
AI Risk Decisioning is also revolutionizing the insurance industry. By using AI Risk Decisioning technology, insurers can quickly make decisions about claims processing while reducing fraudulent claims. This technology also enables insurers to analyze large datasets to draw insights from customer behavior and preferences to create more tailored offerings that reduce risk.
AI Risk Decisioning for healthcare
Fraud is a significant problem in healthcare – representing billions of dollars of fraud losses. AI Risk Decisioning can prevent prescription fraud, medical identity theft, insurance fraud, billing fraud and supplier fraud.
Oscilar: The first real-time AI Risk Decisioning platform that is the future of fraud and risk management
We started off two years ago with the goal of developing a solution to protect online transactions from fraud and theft. As we come out of stealth, we do so with $20 million in self-funding, a world-class team, and a transformative first-of-its-kind solution that’s creating the best possible approach to fraud, credit, and risk management.
The persistent fraud and credit threats to consumers and companies will only continue growing. I’m optimistic that because of the advanced technology we’ve built – using AI and the smartest colleagues from around the world – we’ll finally be able to make online transactions safe and risk-free. This will benefit consumers in their daily lives, companies in preventing bad actors, and engineering teams by enabling them to focus on building new products and services.
We have lots of work left to do, but I’m extremely proud of the company we have built and excited to share our product with a wider set of customers and partners.
“Join us in our mission to make the internet a safer place”
Developed by the team that built the industry leading risk management platforms at Google, Facebook, Uber and LinkedIn.