#27 - AI Rule Showdown: How Sardine, Oscilar & Seon differ

I believe the future of fraud prevention is AI. But not in the way you think.

It won’t not be about fancy algorithms and scores. It’ll be about rules.

Yes, old fashioned rules: how AI can research, write, test, and monitor rules autonomously in a way that combines both accuracy and transparency.

I’ve already ​written about LLMs’ capabilities in researching rules​, but today I want to focus on what’s happening in the industry on the “traditional” machine learning side.

In the last few weeks, I’ve spoken to three leading fraud vendors—Sardine, Oscilar, and Seon—about their rules recommendation features.

To my surprise, I learned that each had implemented a different technological approach for it.

And while I’m happy to geek-over the tech aspects, what’s even more important is how these differences translate into how these features are being used and for which use-cases.

So today I’d like to review these different approaches, and describe which teams would benefit most from them.

Hopefully it’ll make it easier for you to ask the right questions when you’re shopping around.

Automating the data analyst

Let’s start with ​Seon​’s approach, which I found the most straightforward from the user’s perspective.

The idea is simple: run an algorithm on your labeled, live database and find rule logics that show good performance.

Technically, it’s actually pretty hard to implement.

Without getting into boring (and confidential) details, the gist of it is running a decision tree algorithm, exploring its “branches” and identifying high performing “leaves”—ones that have a high ratio of fraud events.

The Pros

There are a few things going for this approach.

Firstly, it makes for a very straightforward feature. You get a list of easy to implement logics, with their simulation results already presented and sorted.

All you need to do is review the list, click “deploy” on rules you like, and you’re set. Can it be simpler than that?

Side note: Never underestimate the power of simplicity, especially in AI-driven products.

Secondly, as a result, you don’t necessarily need your own data analysts team or even have a proper research environment of your own.

These two are big ones.

The Cons

The most obvious disadvantage of this approach is its reliance on fraud labels to properly work.

Without getting into ​labeling mistakes​, we all know that labels are lagging indicators and can take weeks, if not months, to fully mature.

The team has assured me that their multi-tenant environment, where your data is hosted in the same datalake as other clients, assures that there will always be available labels.

But I do wonder if live performance will not deviate strongly from the simulations.

When and how to use

This approach fits best teams that lack data analytics skills for researching and writing rules. But even analytics teams will find it a huge time saver.

However, there are some use-cases this approach will struggle with, namely when labels are missing.

For example, and setting aside the onboarding period, I wonder how it’ll perform for businesses that have very volatile fraud patterns.

If fraud comes in spikes every now and then, or if it changes very quickly, this approach will likely struggle when it counts.

Automating the fraud specialist

​Sardine​’s approach is exactly the opposite: they’ve implemented an “unsupervised learning”, anomaly detection algorithm that catches new fraud spikes as they appear.

The algorithm monitors a set list of features (which I find quite extensive), and when it recognizes an increase in occurrences, it triggers an alert.

From there, the user can review the case, implement the feature threshold in the rule engine, test it on labeled data, and deploy it to production.

It’s definitely a more complex user journey, and one that requires some expertise.

But this complexity is needed to verify the spike is indeed a fraud attack and not a special business activity.

The Pros

Not relying on fraud labels means attacks can be spotted and stopped very early on.

Within the Sardine toolbox, the user will have all they need to research, validate, and implement a solution.

If utilized correctly, your team can put a tight squeeze on fraudsters and minimize your exposure to loss.

The Cons

In this approach, users will need to heavily control the quality of results, and to validate the alert was triggered by a real fraud spike.

This also means that the expertise required, with both fraud domain-knowledge and data analysis, is quite high.

When and how to use

This feature offers a more advanced capability that will help experienced teams to squeeze more performance from their rules.

It’ll also work well in volatile environments: initial onboarding period, launching new products, dealing with new fraud attacks, etc.

But I would say it’s probably beyond the skills of junior teams who lack experience with fraud and are looking for a more streamlined experience.

Automating the system optimizer

Lastly, let’s examine ​Oscilar​’s approach, which took a whole different direction.

The idea is this: examine existing rules you already have running live, and search for variants that perform better. For example, by changing a threshold.

The user will get an alert for that rule, a proposal for a new variant, and the expected performance boost (similarly to Seon, it’ll be calculated on your labeled data).

With a click you can deploy the change, or even a “challenger” rule to run in parallel.

Interestingly, Oscilar already has a similar feature that does the same thing, only on a workflow level. That’s what I call a “double whammy”.

Side note: The feature was still in beta testing when I saw the demo and wasn’t available for customers just yet. It might change a bit when it goes live.

The Pros

I find it interesting that while this feature recommends “new” rules, it actually serves best to monitor existing rules.

With the ability to semi-automatically throttle thresholds based on performance, you can avoid performance degradation. Especially as fraudsters react to your actions.

The Cons

This approach relies on two factors to become viable: having labels and having rules in the first place.

Secondly, one can argue this feature doesn’t recommend rules as much as it recommends rule tweaks.

When and how to use

This feature will be super powerful in the hands of teams who manage hundreds of rules or more. In such complex environments it’s sure to create massive value.

Monitoring and tweaking rules is a resource sinkhole that bigger teams struggle with and this feature is quite unique in how it addresses the issue.

For smaller teams, the benefit will be of course smaller.

Also, and without field-testing it, I can see how with deploying some “dummy” rules you can lay the groundwork for “discovering” new logics, but that will require some creative hacking.

Which one would I choose?

Looking at the three features, you gotta ask yourself: which one would I choose to use?

The answer is quite simple: all of them!

Initial setup with a feature like Seon’s, day-to-day operations with a feature like Sardine’s, and monitoring with a feature like Oscilar’s.

There’s room for them all as they all serve different use-cases.

Which one should you choose? It depends on which use-case you struggle the most with.

To close this week’s issue, I would want to extend my gratitude to all three vendors who have courageously agreed to “open the kimono”, knowing full well this is not a sponsored piece.

Whether it’s guts or self-confidence, we should appreciate it.

Have some first-hand experience/feedback? Seen a different approach in play? Hit the reply button and let me know!

In the meantime, that’s all for this week.

See you next Saturday.

P.S. If you feel like you're running out of time and need some expert advice with getting your fraud strategy on track, here's how I can help you:

Free Discovery Call - Unsure where to start or have a specific need? Schedule a 15-min call with me to assess if and how I can be of value.
​Schedule a Discovery Call Now »​

Consultation Call - Need expert advice on fraud? Meet with me for a 1-hour consultation call to gain the clarity you need. Guaranteed.
​Book a Consultation Call Now »​

Fraud Strategy Action Plan - Is your Fintech struggling with balancing fraud prevention and growth? Are you thinking about adding new fraud vendors or even offering your own fraud product? Sign up for this 2-week program to get your tailored, high-ROI fraud strategy action plan so that you know exactly what to do next. ​
Sign-up Now »

Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!