12.13.2004

Credit Card fraud prevention and algorithm design at Amex

Nothing is a bigger pain in the butt then pumping gas into your car in the middle of a snowstorm. Nothing that is… except for when the gas pump turns down your Amex credit card and makes you scramble across icy pavement to pay the attendant inside. Luckily, my Amex card only started failing on my return trip as I visited family this weekend.

When I got home, I had several half-human, half-automated phone messages from Amex mentioning that my account was flagged for possible fraudulent charges.

The human read my name aloud and an automated voice gave the actual warning and 800 number to call. It was funny to me at the time that the men and women speaking my name completely butchered it. They had one job to do and they did it poorly. The automated voice performed admirably.

Upon phoning Amex, I went over my recent charges with a representative. I’m pretty anal about receipts and so I had almost every recent receipt in my wallet. All the charges he read off looked good to me so he removed the flag from my account but not before I questioned him on why the account was flagged in the first place.

I originally thought perhaps my card had been flagged for the recent onslaught of purchases I’ve put on it. I’ve fallen in love with the Amex point system and have been using my Amex card instead of cash for my holiday purchases. I like giving gifts so needless to say, that credit card is practically smoking in my wallet these days.

But it turns out that Amex flagged my account for a combination of reasons:

  • There were several small purchases in one state on Friday in the AM and several small purchases on Friday in the PM in another state.
  • There were 4 purchases at gas stations in a 24 hour period.

Basically, since I was traveling by car through a few states and buying Christmas presents along the way, Amex thought perhaps my card was stolen. That's a reasonable assumption. What was in actuality just someone driving to a relative's house, buying gas and a few small gifts at outlet stores along the way could well have been a rowdy gang of credit card bandits souping up their post-apocalyptic Mad-Max vehicle with new electronic gadgets.

The Amex rep couldn’t tell me whether or not either of these reasons alone would have caused the flag to be set on my account. But I’m kind of glad that they have some kind of system in place that is at least looking for irregular patterns of purchasing. It got me to thinking about what kind of business rules their “purchase pattern algorithm” would require.

Right off the bat, they would need some kind of purchasing history on you. I know for a fact that if you only make small purchases on your Amex and then make a huge purchase, that they’ll flag you for that. But does that mean there’s no fraud prevention going on for your account in the first few months of new customers? Probably not, but I wonder.

Amex would also need to keep track of the geographic locations of purchases. For instance if a purchase is made in this state now and another far away state 5 minutes from now, that’s probably fraud. But how do they get/maintain that geographic information? What about for web purchases? Is that order recorded with the geographic location of the purchaser or the vendor?

Amex also has to have date information built into their system. They didn’t flag me for lots of purchases near the holidays, they flagged me for other reasons. This means their system expects credit card activity to ramp up in November and December. That’s a reasonable assumption. But to me, it also immediately says that November and December are the best months to commit credit card fraud.

I’m not building any kind of system right now that would require this kind of algorithm design but it’s interesting to be able to look at one in use that affects us on a daily basis. Or at least as often as we use our credit cards. Next time, we'll look at algorithm design for traffic lights and how they always seem to turn red when I approach.

No comments:

Post a Comment