Presentation: Solving Payment Fraud and User Security with ML

Track: Machine Learning 2.0

Location: Majestic Complex, 6th fl

Duration: 1:40pm - 2:30pm

Day of week: Wednesday

Level: Advanced

Persona: Data Scientist


Coinbase is the one of the largest digital currency exchanges in the world. We store about $1B of digital currency (bitcoin, litecoin, ether) on behalf of our users. Given the instant nature of digital currency and that it can't be reversed, we have one of the hardest payment fraud and security problems in the world. We are hit by the most sophisticated scammers constantly and consequently we are at the forefront of the fight against fraudsters and hackers. We've witnessed and solved loopholes exploited by fraudsters years ahead of the broader industry (e.g., vulnerabilities in second-factor tokens delivered by SMS, phone porting attacks, loopholes in online identity verification, etc.). I'll talk about our risk program that relies on machine learning (supervised and unsupervised), rules-based systems as well as highly-skilled human fraud fighters. I'll present attack trends and techniques we've seen through the past years and how the entire system has worked in cohesion allowing us to stay a step ahead of the bad actors.


QCon: What’s the motivation for your talk?

Soups: Digital currency exchanges such as Coinbase attract highly sophisticated adversaries as bitcoins and other digital currencies can be instantly transferred and can not be reversed. Payment fraudsters use stolen money instruments (credit cards, bank accounts) to buy bitcoins and move it out of our exchange. Attackers attempt to takeover Coinbase accounts, so they can steal the digital currencies out of them. In this talk, I'll present what it takes to stay ahead of these fraudsters and scammers. We've been successful at keeping fraud and account takeover rates under control by using a variety of Machine Learning approaches, both supervised and unsupervised as well as tools that quickly extrapolate our analyst's sixth sense of who's a scammer and who isn't.

QCon: What’s the level & core persona?

Soups: Core persona that I am targeting are developers, CTO/CIO, data scientists and engineers. My talk is going to be very accessible to those with no background in Machine Learning. I'm going to talk more about what it means to build a practical data-driven product in a risk and security setting.

QCon: What 3 actionable things do you want persona to walk away with?

Soups: Key actionable takeaways for the attendees will be:

  • Coinbase gets to see the latest fraud and account takeover techniques before it gets applied anywhere else. NIST has mentioned that SMS 2FA is dead. Come learn about what we are doing to protect our users from SIM swap and other SMS 2FA vulnerabilities using a data-driven risk approach.
  • How do you design a Machine Learning product that has proper user experience for both your true positives and false positives? Machine Learnt systems will never be 100% accurate. So it is crucial to take adequate care of the false positives e.g. good users who are falsely identified as risky should be given a second chance to prove themselves innocent.
  • How do you evaluate whether your Machine Learning model is performing well? Quite often a ML model that you expect to perform great, doesn't actually do well on the business metric. I'll present methods to evaluate models before launching them in production as well as how to evaluate them via A/B tests in production.
QCon: What is a good use case for Bitcoins and other digital currencies?

Soups: Bitcoins, Ethereum and other digital currencies are revolutionary because they provide the unbanked access to money on their own terms. In a decade, kids in the developed as well as developing world, won't walk into a local bank branch to open a bank account. They will deposit the digital currencies they have acquired while playing online games in to a digital currency wallet. When they join the workforce, they can be paid in bitcoins. And they can use a a debit card that is linked to their digital currency wallet to pay for goods in the physical world. Whats the best part: this future exists today. After the talk, I'd love to chat with the attendees on how you can actually completely live without a traditional bank account today.

Speaker: Soups Ranjan

Director of Data Science @Coinbase

Soups Ranjan is the Director of Data Science at Coinbase, one the largest bitcoin exchanges in the world. He manages the Risk & Data Science team that is chartered with preventing avoidable losses to the company due to payment fraud or account takeovers. Soups has a PhD in ECE on network security from Rice University. He has previously led the development of Machine Learning pipelines to improve performance advertising at Yelp and Flurry. He is the founder of, a round-table forum for risk professionals in San Francisco to share ideas on stopping bad actors.

Find Soups Ranjan at

Similar Talks

Developer Advocate @Couchbase
Principal Software Engineer @ Vistaprint
Senior Infrastructure Engineer @Heroku
Director of Engineering @ Squarespace
Software Engineer @Jet, previous CTO
SVP Engineering, HBC Digital / Gilt & Committer Apache Karaf


Monday, 26 June

Tuesday, 27 June

Wednesday, 28 June