What Can Alipay Do within the 0.1 Second After You Click the Pay Button?
What can you do within 0.1 second? Blink your eyes, wink, or just plain do nothing? Well, for Ant Shield, Ant Financial’s payment security system, a lot of work has to be done in the 0.1 second after you make a payment using Alipay. Consider the following scenario:
- When someone transfers money to a scammer, Ant Shield needs to ferret out and find the scammer in a flash.
- When someone’s account is stolen and a hacker tries to transfer the money using the account, Ant Shield must quickly stop the hacker.
- When someone’s illegally raising funds, pooling hundreds of millions of money into a single account, Ant Shield must quickly detect this anomaly.
Well, 0.1 second is enough for you to click the Pay button, and because of this, Ant Shield must also be able to use this same flash of time to respond to any and all abnormal situations to protect you from losses. During this tiny span of time, the main task of Ant Shield is to determine if the person who has pressed the pay or transfer button is the user themselves and if the operation is normal or not.
To fulfill this seemingly impossible task, Ant Shield relies on a secret weapon, the CTU intelligent risk control brain.
My guess is that the person who came up with this name is probably a huge fan of American TV sitcoms and dramas, because the anti-terrorism bureau in the TV series 24 is called the Counter Terrorist Unit (CTU), and S.H.I.E.L.D.) (which stands for Strategic Homeland Intervention, Enforcement and Logistics Division) is an organization in the Marvel Cinematic Universe. Regardless of where the names come from, though, these names in many ways well convey the intention of Ant Financial to use cutting-edge technologies to safeguard user security.
To prove the strength of the CTU intelligent risk control brain, Shao Xiaodong, Director of Ant Shield, showed two methods of uncovering criminals to leiphone.com.
Uncovering Scammers Through Relationships
A few months ago, Ant Shield encountered a weird case.
A Ms. Li received a call from someone posing as Taobao’s Customer Service Center, and was told that she had to apply for a refund because there was a problem with the Taobao order she had placed just a few days. The person sent Ms. Li a web address through QQ, which is a popular messaging platform in China, guiding her to a well-fabricated phishing website and inducing her to transfer money from her Alipay account in a step-by-step procedure.
This picture from the Internet shows a fake Taobao Refund Center.
Just as Ms. Li was about to transfer money, the CTU intelligent risk control brain detected the transaction risk and prompted that “There may be a risk of fraud. Please confirm the identity of the beneficiary.” Unfortunately, Ms. Li, unabashed, still transferred ¥2,200 without confirming the identity of the beneficiary.
The scammer continued to harrash Ms Li. Three minutes later, Ms Li was induced to transfer another ¥8,000. At this moment, the CTU intelligent risk control brain confirmed that the beneficiary was a scammer, and then stopped the transaction from happening. Meanwhile, Ms. Li’s account was restricted, losing its payment permission. Surprisingly, Ms. Li voluntarily demanded that Alipay Customer Services lift the payment restriction on her account, and then paid ¥8,000 to the scammer. She was eventually scammed out of a total of ¥10,200. Fortunately, though, the police finally intervened, bringing this case some justice.
So, in this case, how did the CTU intelligent risk control brain determine the risk of this transfer? Shao Xiaodong told leiphone.com that the CTU intelligent risk control brain determines risks from eight dimensions, which are user preferences, account, identity, transactions, devices, location, relationship, and behavior. You are reminded of the risk in a transaction or your transaction is suspended if the risk of a transaction well exceeds the normal limit.
Considering that all of Ms. Li’s operations in this case were all done on her own regard, leiphone.com reckoned that the dimension “relationship” provided the crucial clues in the risk determination by CTU intelligent risk control brain. For example, when Ms. Li transferred money to another Alipay account, the following was considered:
- If this account has never shared any transactions with the accounts of Ms. Li or her friends, the CTU intelligent risk control brain will be on alert.
- If this account is an empty account that has been just applied for (to be used exclusively for fraud purposes) and shows an empty list of friends, the identity of the holder of this account is marked as suspicious.
- In addition, if this account has a bad credit record, or has a relationship with an account that has a bad credit record or is on the credit blacklist, this account is also marked as abnormal.
Detecting Illegal Fund Raising
In 2016, the police of Xuchang City, Henan, located in the north of China, busted an illegal fund-raising gang, based on clues originally provided by Ant Shield. By controlling risks along the capital chain, the CTU intelligent risk control brain of Ant Shield found that several accounts showed obvious features of illegal fund-raising. For instance, huge funds from a large number of uncorrelated accounts in Xuchang were transferred to several major accounts in a short window of time. Ant Shield took the initiative to inform the Public Security Bureau of Xuchang of the results of its technical analysis and judgment, asking the police whether this situation needed investigation. Finally, Ant Shield and the police jointly cracked an illegal fund-raising case involving hundreds of millions of CNY.
“This is the case where the customers’ losses were the most minimized among the all illegal fund-raising cases cracked by the Department of Public Security of Henan Province so far,” Shao Xiaodong said.
Moreover, Ant Shield assisted the Xuchang city police in cracking another pyramid scheme case. It also analyzed the abnormal flow of funds and then determined based on several detailed features and parameters, which include that the flow of funds showed a pyramid-shaped relationship between the upper and lower levels.
In addition to checking if the flow of funds is abnormal, another core task of the CTU intelligent risk control brain is to know who the operator is and ensure that an account is not stolen by others.
For example, assume there’s an account that’s logged on from a very different location using a device other than the one previously associated with the account, and purchases made on this new device are made in the middle of the night and are big ones, too. Naturally, in this sort of event, Alipay’s CTU intelligent risk control brain would be activated. Then, when activated, CTU brain’s job is to determine whether this account is been stolen or has been otherwise tampered with, and whether further action needs to be taken. In such cases where actions should be taken, CTU brain would either require the user to provide identity verification or directly restrict account transactions based on the risk level determined.
Leiphone.com learned from Shao Xiaodong that the CTU intelligent risk control brain uses more than 800 rules and more than 100 identification models. This is different from what the CTU brain claimed. Previously, it claimed that there were thousands of rules in total. This is because the CTU intelligent risk control brain has gradually reduced dependence on rules by using artificial intelligence capabilities such as deep learning algorithms, Shao Xiaodong said.
The Unlikely Pair: The Programmer and Police
There have been several cases where Ant Shield has discovered anomalies and then pushed them to the police to help handle relevant cases, Shao Xiaodong told leiphone.com. This is different from the previous way that enterprises waited for the police, procuratorates, and courts to come and then provided them with clues.
Last year, Ant Shield assisted the police in cracking down on 262 offline gangs, with one gang busted every two days on average. The settlement rate exceeded 80%. This surprised Shao Xiaodong, who had been a police officer for years. According to his past experience in handling cases, the settlement rate of network-based non-contact cases is only about 30%. “This is the power of cloud computing and big data”, Shao Xiaodong said.
There are not many things that can bring tech giants Baidu, Alibaba, and Tencent together to fight shoulder-to-shoulder, but it seems that Anti-fraud is one of those things. According to leiphone.com, Ant Financial has established the Anti-fraud and Anti-gambling Alliance with Baidu Security, and is working with Tencent Security to combat phishing and scamming. They also expressed the expectation that more enterprises can join them in the fight against fraud.