Conference: Jun 26-28, 2017
Workshops: Jun 29-30, 2017
Presentation: Solving Payment Fraud and User Security with ML
Abstract
Coinbase is the one of the largest digital currency exchanges in the world. We store about $1B of digital currency (bitcoin, litecoin, ether) on behalf of our users. Given the instant nature of digital currency and that it can't be reversed, we have one of the hardest payment fraud and security problems in the world. We are hit by the most sophisticated scammers constantly and consequently we are at the forefront of the fight against fraudsters and hackers. We've witnessed and solved loopholes exploited by fraudsters years ahead of the broader industry (e.g., vulnerabilities in second-factor tokens delivered by SMS, phone porting attacks, loopholes in online identity verification, etc.). I'll talk about our risk program that relies on machine learning (supervised and unsupervised), rules-based systems as well as highly-skilled human fraud fighters. I'll present attack trends and techniques we've seen through the past years and how the entire system has worked in cohesion allowing us to stay a step ahead of the bad actors.
Interview
Soups: Digital currency exchanges such as Coinbase attract highly sophisticated adversaries as bitcoins and other digital currencies can be instantly transferred and can not be reversed. Payment fraudsters use stolen money instruments (credit cards, bank accounts) to buy bitcoins and move it out of our exchange. Attackers attempt to takeover Coinbase accounts, so they can steal the digital currencies out of them. In this talk, I'll present what it takes to stay ahead of these fraudsters and scammers. We've been successful at keeping fraud and account takeover rates under control by using a variety of Machine Learning approaches, both supervised and unsupervised as well as tools that quickly extrapolate our analyst's sixth sense of who's a scammer and who isn't.
Soups: Core persona that I am targeting are developers, CTO/CIO, data scientists and engineers. My talk is going to be very accessible to those with no background in Machine Learning. I'm going to talk more about what it means to build a practical data-driven product in a risk and security setting.
Soups: Key actionable takeaways for the attendees will be:
- Coinbase gets to see the latest fraud and account takeover techniques before it gets applied anywhere else. NIST has mentioned that SMS 2FA is dead. Come learn about what we are doing to protect our users from SIM swap and other SMS 2FA vulnerabilities using a data-driven risk approach.
- How do you design a Machine Learning product that has proper user experience for both your true positives and false positives? Machine Learnt systems will never be 100% accurate. So it is crucial to take adequate care of the false positives e.g. good users who are falsely identified as risky should be given a second chance to prove themselves innocent.
- How do you evaluate whether your Machine Learning model is performing well? Quite often a ML model that you expect to perform great, doesn't actually do well on the business metric. I'll present methods to evaluate models before launching them in production as well as how to evaluate them via A/B tests in production.
Soups: Bitcoins, Ethereum and other digital currencies are revolutionary because they provide the unbanked access to money on their own terms. In a decade, kids in the developed as well as developing world, won't walk into a local bank branch to open a bank account. They will deposit the digital currencies they have acquired while playing online games in to a digital currency wallet. When they join the workforce, they can be paid in bitcoins. And they can use a a debit card that is linked to their digital currency wallet to pay for goods in the physical world. Whats the best part: this future exists today. After the talk, I'd love to chat with the attendees on how you can actually completely live without a traditional bank account today.
Similar Talks
Tracks
Monday, 26 June
-
Microservices: Patterns & Practices
Practical experiences and lessons with Microservices.
-
Java - Propelling the Ecosystem Forward
Lessons from Java 8, prepping for Java 9, and looking ahead at Java 10. Innovators in Java.
-
High Velocity Dev Teams
Working Smarter as a team. Improving value delivery of engineers. Lean and Agile principles.
-
Modern Browser-Based Apps
Reactive, cross platform, progressive - webapp tech today.
-
Innovations in Fintech
Technology, tools and techniques supporting modern financial services.
Tuesday, 27 June
-
Architectures You've Always Wondered About
Case studies from the most relevant names in software.
-
Developer Experience: Level up Your Engineering Effectiveness
Trends, tools and projects that we're using to maximally empower your developers.
-
Chaos & Resilience
Failures, edge cases and how we're embracing them.
-
Stream Processing at Large
Rapidly moving data at scale.
-
Building Security Infrastructure
How our industry is being attacked and what you can do about it.
Wednesday, 28 June
-
Next Gen APIs: Designs, Protocols, and Evolution
Practical deep-dives into public and internal API design, tooling and techniques for evolving them, and binary and graph-based protocols.
-
Immutable Infrastructures: Orchestration, Serverless, and More
What's next in infrastructure. How cloud function like lambda are making their way into production.
-
Machine Learning 2.0
Machine Learning 2.0, Deep Learning & Deep Learning Datasets.
-
Modern CS in the Real World
Applied, practical, & real-world dive into industry adoption of modern CS.
-
Optimizing Yourself
Maximizing your impact as an engineer, as a leader, and as a person.
-
Ask Me Anything (AMA)
