How might we become more creative in protecting people from fraud?

At our product strategy workshop with the customer safety and security product team working at marketplace for classified ads, we had an idea: what if we apply product discovery methods to become more creative in dealing with fraud. In this post, I’ll describe our thoughts about fraud prevention and the idea to repurpose product discovery for understanding fraudsters better.

An increasing problem

We’ve learned from the fraud prevention experts we worked with that there’s an increasing and wide range of fraudulent activity in classifieds. The malicious behavior we are facing includes harmless hoaxes that are just annoying, like hacking content and outsmarting the AI. But also include heavier offenses like identity theft of small shop owners, that may ruin their reputation, sexual harassment of women online, threats to health and life, and organized-crime that’s highly profitable. Data shows that this problem is increasing and Facebook announced to spend $3.7 billion on safety and security in 2019.

Three factors that make it complex

1. As more people are on marketplaces and social platforms, there are more but also a wider range of people to attack, so the “market” for attackers is growing, too. And attackers become more creative in their approaches and organize to generate huge revenues.

2. The platforms compete in product innovation. But new value propositions also may open more cracks to exploit. Thus it is challenging for product teams to find the right tradeoff between desirability, safety, and security.

3. Some types of fraudulent activities happen directly on the services, which makes it easier to control. Yet particularly on platforms that support off-line activities, services are only used as part of the malicious interactions, that then happen off-line and are hard to spot and to measure.

Strategies to prevent and react

Obvious threats are prevented by applying static security models that exclude malicious behaviours before they can happen. To allow for emerging behaviours teams need to become more reactive. Reactive approaches combine data science and AI with manual work to detect malicious behaviour when it happens and apply strategies to prevent it as fast as possible. All these approaches share the problems with pure data-oriented product discovery: they lack a model of intentions of people interacting with the service and thus only work in hindsight.

Create: outlearn the enemies

Especially in the case of organized crime, it is becoming more and more a challenge to outlearn the enemies. To create truly innovative products we need to deeply understand our customers Job-To-Be-Done and design solutions around this knowledge. How might we gain this knowledge beforehand and create models that help us make more sense of the Job-To-Be-Done of the attackers?

Inverse customer discovery

Our idea was to simply repurpose customer discovery methods to create a deep understanding of the attackers Job-To-Be-Done and use this model to apply ideation in order to find solutions that exclude their actions from the solutions early in the design process. Here are some simple ways how to work with this reframing of customer discovery:

  • Inverse brainstorming: with a cross-functional product group ask the question “you’re hired as a double agent working for big fraud organization and within our company, what value does our service provide to you?”
  • Immersion: run safe-to-fail experiments to exploit the cracks in the platform
  • Wizard of Oz MVP: run safe-to-fail experiments to become victim of fraud
  • Expert Interviews: visit the police and have expert interviews

 

Want to learn more? Join our meetup Product Strategies to Fight Online Fraud, Oct 17 2019