Fraud with Problems: Ravelin boss Martin Sweeney talks Hailo, fake credit cards and machine learning

Will Railton
Follow Will
​ You can buy a stolen card online with a money-back guarantee that it won’t be stopped within a day for three dollars

"There’s a real tension at the heart of fraud detection: if you want to stop online fraud, just switch everything off.” Martin Sweeney is, of course, being facetious. But fraud, he impresses, has become an accepted fact of the on-demand economy. “We as consumers are accepting that most of the things we buy have a premium of one or two per cent built in.”

Sweeney is a former Hailo engineer who took what he had learnt about payments at the taxi hailing app to start his own fraud detection platform, Ravelin, in 2014. He admits that there were far better software engineers, and he took on Hailo's payments because no-one else had wanted to. “I see this with a lot of startups. You may know almost nothing about an area, but it’s still more than anyone else.”

Swamped with the business of paying drivers and keeping accounts in order, fraud was at the bottom of his list of priorities, and he was struck that anti-fraud companies who claimed they could help knew remarkably little about the cab business. So he left along with three other colleagues to tackle what he describes as “the dirty secret of the on-demand economy”.

NEVER BEEN EASIER

As on-demand companies look to grow as fast as they can, they try to maximise conversions by optimising their apps to make the path to purchase as smooth and quick as possible. This makes things easier than ever for fraudsters, says Sweeney, because they don’t ask you for the personal details – date of birth, billing address, mother’s maiden name – which e-commerce retailers have traditionally requested. And because Apple and Android operate very closed environments, the information businesses can acquire about their customers is limited. “Companies are trying to detect fraud in an environment which is harder than ever, where it has never been easier for people to commit fraud.”

The operation is very simple for fraudsters, says Sweeney. Type in an email address, a phone number – confirm it – then a credit card number. “Credit cards are easier than ever to get hold of. You could download the Tor browser, buy a couple of bitcoin and purchase a good quality credit card for a dollar. Three dollars could get you a card with a money-back guarantee that it won’t be stopped within a day.”

COUNTING THE COST

Strong consumer protection legislation means that the buck stops with the merchants themselves. “It’s a compound problem for them,” he explains. “If you’re a retailer, for example, the physical goods you sent the customer are gone, you get the money taken off you, and finally you receive a £15 chargeback from the customer’s bank. If it keeps happening, Mastercard and Visa notice and put you on an excessive chargeback list, so it costs you £30 each time. These credit card companies offer their own expensive solutions for limiting fraud, but they’re serious contracts and aren’t viable for many businesses.”

An Amazon or an Ebay could be losing as much as single figure percentage points of total sales to fraud. But while they are likely to have engineering and data science teams to ensure that any losses are minimised, younger, privately held companies with fast growth ambitions take the hit to keep their user experience as open and fluid as possible. It is these firms which Ravelin currently caters to, as well as those which have stopped growing and want to protect their bottom line from unnecessary losses.

The industry’s standard for acceptable levels of fraud is one per cent of total sales, which Sweeney sees as unacceptable. Ravelin aims for 0.1 per cent, after which fraud gets harder to reduce.

POTENTIAL AND PROOF

Starting out was the easy part for Sweeney. “Because we were well placed in the industry, we knew everyone to talk to, and raised money with this basic idea.” Seed funding from Passion Capital allowed him and other ex-Hailo colleagues to make hires and build a product which fitted the market. This enabled them to raise more money and tell the story of how Ravelin could be taken beyond the novel on-demand market into deeper waters.

“The instant gratification element of two taps is seen in other areas of retail, with same-day delivery and click-and-collect. That’s a godsend for fraudsters because they rely on the consumer having no time to notice anything’s wrong. They’ll book airline tickets for the next day, knowing companies can’t review every transaction before it goes out.”

The pressures came before Ravelin was able to start charging clients. It faced compliance constraints from the beginning, including regular audits on security standards – a huge overhead for a startup – and is heavily affected by EU data regulation.

“It’s a challenge for all fintech companies handling sensitive information. With the first round of funding, the investor thinks: what can these guys achieve if all goes well? But the further you go through the investment cycle, it’s less about selling the dream and more about a spreadsheet, and a graph which goes up to the right. The graph took longer for us because we had to get the platform right from the beginning.”

His ultimate ambition is for Ravelin to become the go-to fraud solution for any company which processes payments – a completely self-serve product which can be plugged into a customer’s network, allowing them to benefit from data collected from other businesses about their fraudsters.

MAN AND MACHINE

The platform relies on machine learning. Individual indicators of fraud are weak on their own, but machine learning is good at aggregating and weighting them to identify offenders. Co-operation from the customer’s existing fraud team is also essential for two reasons.

First, Ravelin is trying to appeal to customers from different industries, each with its own species of fraud. “With gambling, fraudsters will top up on a credit card. If they’re up at the end, they withdraw the winnings to a Paypal account. That’s a strong sign.”

Second, Ravelin faces an adoption challenge. “It’s difficult to sell machine learning to an employee of a company who thinks that their job might be at risk from your software. We currently work for firms with fraud teams of two or three who are stretched by other responsibilities. They know more about their fraud issues than we do, and their experience is very useful in the beginning. They can plug on Ravelin at any time, but eventually they recognise how smart it is.”

Related articles