• United States




Using better data to fight credit card fraud

News Analysis
Jan 30, 20186 mins

Galileo Processing uses artificial intelligence to more accurately identify fraudulent credit card transactions. It's an example of how AI can be a powerful security technology.

pile of credit cards financial tech
Credit: Thinkstock

I recently spoke with a long-time acquaintance who had owned several small businesses. He made a good living selling electronic products like computers and printers to consumers, and he seemed to be doing well enough that I would call him “rich.” In my eyes, he was the epitome of the American dream. He worked hard and was rewarded handsomely for it.

I hadn’t talked to him in nearly a decade when I ran into him at a gas station, which it turned out he owned. He told me he had sold all his online businesses and just had this one gas station as his only income-generating asset. He wasn’t getting richer, necessarily, but he said he had far less stress than before. I had to ask why. He said, “I don’t have to deal with credit card fraud nearly as much anymore.”

When you sell electronics online, you become a frequent target for credit card fraudsters trying to convert their stolen credit card information into physical goods, which they can then resell for cash. Unfortunately, many times the charges reversed after the credit cards are reported stolen are the responsibility of the seller (depending on the vendor’s merchant card agreement). Since Europay, Mastercard and VISA (EMV) chip-enabled credit cards started taking over the world, physical credit card crime is dropping while online credit card crime is flourishing. “I’d still be selling electronics and making a better retirement if someone could get the credit card fraud under control,” he said.

I told him someone has.

Credit card fraud statistics

Although only a fraction of a percent of credit card transactions (6 to 7 cents per $100) are fraud, that still equates to tens-of-billions of dollars in fraudulent transactions. The United States, the country with the most credit card transactions, leads the way in fraud, accounting for between one-fifth to one-third of all credit card fraud depending on the year. Credit card providers and merchants spend billions of dollars each year to prevent more fraud.

Want to be a hero in the credit card fraud prevention world? Prevent just 0.1 percent of the fraud from occurring.  Although there are a variety of factors and markets to consider, the industry considers a fraud rate of 0.005 percent to be good. Galileo Processing claims it has pushed its customer’s fraud rates down to 0.001 percent.

Better yet, Galileo says it has pushed down false-negatives and false-positives (something the industry labels as “precision”) to well below the industry average. Precision can be likened to false-negatives and false-positives by an antivirus product. You want your antivirus product to be as near 100 percent accurate as possible, but if it flags or deletes one legitimate file and messes up your computer for a day, you’re going to be pissed.

It’s the same in the credit card industry, except too many false-positives (stopping or interrupting legitimate transactions) will cause the customer to flee to other, more precise credit cards. Credit card vendors are constantly trying to find the right balance in stopping real fraud without making too many customers mad.

Industry average precision from the biggest credit card fraud vendors is around .25, meaning that credit card vendors have three negative correlation events for every true positive correlation (i.e., real fraud). Galileo claims a precision of .90, meaning nine true events detected for every single negative correlation. That gives Galileo is more than three times greater accurate while pushing fraud rates five times lower. These numbers might not seem like much, but because so much money is involved, when Galileo shares these numbers with industry insiders, they have a hard time not cussing…in a good way.

From fintech to credit card fraud prevention

I interviewed Galileo’s enthusiastic founder and CEO, Clay Wilkes, to get more information on his “secret sauce” to share with readers. Unfortunately, Clay is protecting his AI algorithms like they were worth hundreds of millions of dollars, which they are. Galileo hadn’t started out to become one of the top credit card fraud catchers in the world, but it turned out that way.

Galileo is an 18-year old company headquartered in Utah. Last year it grew 800 percent. Galileo offers full lifecycle services for the financial technologies (fintech) sector. It offers all the services needed to run a private label credit card including back-end processing, new account registration, billing, automated clearing house (ACH), customer service and fraud detection.

Wilkes said that his company has always been data-centric. It’s the nature of his business, but he quickly discovered that what he was doing to prevent credit card fraud for his customers was having results above industry norms. So, starting in 2016, Galileo’s “standard offering” was a rules-based anti-fraud engine, which it fine-tuned to be more accurate over time. That morphed into a true AI engine that allowed Galileo to be even more accurate and more responsive. The AI isn’t a rules-based engine. Instead it learns on its own over billions of credit card transactions and events.

Wilkes was hesitant to share the exact details of how Galileo’s AI got so accurate, beyond that it looks at 500 different transaction attributes (such as overall account behavior, physical distance between two transactions, and merchant credibility), and uses previous outcomes to improve precision. He did share that Galileo’s precision was so good that it had only 84 false-positives (i.e., a bad consumer experience) out of 2.6 million transactions.

Most vendors talk about how the future of the world will be AI, but Galileo has a product now that appears to be getting great results. Wilkes says anyone interested in Galileo’s systems can interact with them through an open API and development environment sandbox.

These days I’m a sucker for any company that is using big data and security analytics to improve their field or the world. Galileo Processing is doing just that in the credit card industry. After I shared Galileo’s fraud prevent stats with my gas station-owning friend, all he could say is that he would still be in business and making money online if they had been around when he was an online marketer. After interviewing Wilkes, my only thought was that I wish he would expand into more sectors. The world needs more people showing what can be done today in improving security and leading the way.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author