Risk at Cash
In the few years since we started, Cash has developed a robust and effective approach to managing customer-facing financial risk. Our approach lets us operate in local markets which have often been ignored by traditional banks, offer products which previously seemed infeasible, and respond to changes rapidly. Fraud is a high-stakes game that takes constant work to stay ahead of bad actors. Working on the Risk team at Cash App means constantly striving to be at the cutting edge of the field.
At Cash, we work at an unprecedented scale, and under conditions that a traditional bank might think impossible. For instance, our customers sign up online - we don’t require them to come into an office to sign their name over and over again on stacks of paperwork. While a Cash customer may never physically interact with one of our employees, we strive to provide them with the best digital banking experience possible. Such an experience is one that is both seamless and accessible. We should obviously mention, however, that we do love meeting our customers and hearing about how excited they are about using Cash!
How do we accomplish all of this, and how do we continue to adapt and grow? We have closely coupled teams made up of three crucial roles:
A team of risk domain experts who can review anomalous transactions and escalate when necessary. They look for unusual patterns, identify new behaviors, and help us stay at the forefront of finding and preventing unhealthy behaviors on our platform.
A team of dedicated software engineers who know how to build and support state-of-the-art infrastructure to allow for rapid model construction, training, deployment, and monitoring.
A team of world-class machine learning modelers and AI researchers who are risk domain experts and identify what kind of signals we need to collect, metrics to track, and actions to take.
Since the inception of Cash App, machine learning and AI have been crucial components of mitigating risk and preventing fraud on our platform. This has set us apart from many traditional institutions which often relied solely on simple heuristics.
For example, a heuristic could be: if a customer used their card more than X times in an hour (perhaps it was stolen), block the transaction to protect the true cardholder. The value of X might be set based on an analyst’s intuition, or some historical data showing a relation between the value of X and the occurrence of fraudulent behavior.
A real customer may have a perfectly valid reason to use Cash App like this while an adversarial actor could, through enough trial attempts, guess such rules and avoid them (e.g. performing only X-1 transactions in an hour).
Across Cash App, we use machine learning and AI to keep our customers and our company safe. We accomplish this by monitoring metrics associated with unwanted activity, we build solutions to address unwanted activities while minimally impacting our good customers, and we track our solutions to ensure the desired outcome is reached. The solutions we implement could include changing thresholds to currently existing models or deploying new models. Importantly, we know that new behaviors are not necessarily bad behaviors.
All of this pattern recognition takes place within a high-dimensional space of signals we collect and curate. Some of these signals are related to a customer’s state - have they passed our ID process? Have they made a successful transaction before? Others relate to their instrument - is this an instrument we recognize and can associate with the account? Are they using it in a way which previous bad actors have done in the past? Within this high-dimensional space we seek to find the boundary between known, safe behaviors, and those of bad actors, looking to take advantage of our customers and our platform.
In the following series of blog posts, we’ll be addressing what it means to work on Risk at Cash App and how our team is building and deploying AI and ML in the space of Risk.