I'm kind of wondering how this will (or can) fit from a deployment set of concerns (cross-silos, compliance & audit, handling CDNs, etc.) into large-scale environments like eBay or Paypal and whether the fraud models are appropriate for most that do business online. As a crude example, I might care about fraud in blog spam from SEO blackhats, which is not the same as credit card fraud patterns but both translate into real dollar loss for some businesses. Granted, the founders are ex-Googlers so perhaps this was done yesterday, but the way they present themselves and with their current customer list they make it look like it's mostly for direct financial transaction based sites. I'm suspecting things are overly simplified but I find it pretty hard to believe that inserting some Javascript snippets into a page could actually help when fraudsters could eventually start bypassing that JS (see: web scrapers). The API docs seem awful naive in number of possible cases.
With that said, congratulations on the launch, I know this is not an easy problem to handle and I think you actually have fulfilled a major goal of ease-of-use for online fraud detection systems. The only comparable systems I've heard of are ridiculously expensive beasts of enterprise software or custom-grown for the company with incredible barriers to entry. Best of luck to you guys.
Most of our customers do use Sift Science for financial fraud, but because it's a machine learning system, you can train it to detect other types of bad behavior like spam. We have customers in production using us to detect spam, fake inventory, and duplicate accounts. If you have a use-case that doesn't quite seem to fit, let me know and we can figure out how to train our system to recognize that type of behavior: [email protected].
If a fraudster bypasses the JS, we still have REST events such as transactions (or any other custom event sent from the backend). Seeing a user who has REST events but no Javascript events is a suspicious signal in itself, so fraudsters can't circumvent the system by just turning off JS.
FWIW, we're on some pretty major sites that we can't announce, so we've gone through a bunch of compliance, audit, security, and other concerns already.
Is it possible to run this stuff on certain purchases say like gift cards or would that reduce effectiveness of the software? If its looking for patterns in ordering, and i only feed in gift card purchases, it would have nothing to compare against. Reason I am asking, we have almost 0% fraud/charge back rate since you can only by our physical product via a subscription model.
While I'm currently evaluating and very excited about Sift Science, what are some of the competitors in this space? I'm only aware of CPA Detective Max Mind miniFraud.
The two biggest anti-fraud vendors are Accertify and ReD. You might also look at ThreatMetrix, 41st Parameter, and Iovation, who do primarily device identification.
We were lucky to find some early beta customers like Airbnb, Uber, and Listia, who were all looking for what we were building and willing to take a risk with a startup. In general, getting the first two or three customers is one of the hardest parts of building a B2B startup. Might make a good blog post one day!
[+] [-] devonkim|13 years ago|reply
With that said, congratulations on the launch, I know this is not an easy problem to handle and I think you actually have fulfilled a major goal of ease-of-use for online fraud detection systems. The only comparable systems I've heard of are ridiculously expensive beasts of enterprise software or custom-grown for the company with incredible barriers to entry. Best of luck to you guys.
[+] [-] brandonb|13 years ago|reply
Most of our customers do use Sift Science for financial fraud, but because it's a machine learning system, you can train it to detect other types of bad behavior like spam. We have customers in production using us to detect spam, fake inventory, and duplicate accounts. If you have a use-case that doesn't quite seem to fit, let me know and we can figure out how to train our system to recognize that type of behavior: [email protected].
If a fraudster bypasses the JS, we still have REST events such as transactions (or any other custom event sent from the backend). Seeing a user who has REST events but no Javascript events is a suspicious signal in itself, so fraudsters can't circumvent the system by just turning off JS.
FWIW, we're on some pretty major sites that we can't announce, so we've gone through a bunch of compliance, audit, security, and other concerns already.
[+] [-] dougk16|13 years ago|reply
Just kidding ;)...Looks awesome and easy-to-use, congrats on launching.
[+] [-] brandonb|13 years ago|reply
[+] [-] adrr|13 years ago|reply
[+] [-] narrator|13 years ago|reply
[+] [-] sweis|13 years ago|reply
[+] [-] ericcholis|13 years ago|reply
[+] [-] brandonb|13 years ago|reply
Let us know what you think!
[+] [-] haliax|13 years ago|reply
[+] [-] brandonb|13 years ago|reply
[+] [-] trxblazr|13 years ago|reply
[+] [-] cbcase|13 years ago|reply
carl @ sift
[+] [-] seanny__g|13 years ago|reply
[+] [-] jackmaney|13 years ago|reply
[+] [-] donretag|13 years ago|reply
[+] [-] brandonb|13 years ago|reply
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] trxblazr|13 years ago|reply
[+] [-] jareau|13 years ago|reply
[+] [-] brandonb|13 years ago|reply
[+] [-] arkitaip|13 years ago|reply
[+] [-] brandonb|13 years ago|reply
[+] [-] auston|13 years ago|reply