{"id":1121,"date":"2021-10-30T08:42:09","date_gmt":"2021-10-30T08:42:09","guid":{"rendered":"https:\/\/salarydistribution.com\/machine-learning\/2021\/10\/30\/prevent-fake-account-sign-ups-in-real-time-with-ai-using-amazon-fraud-detector\/"},"modified":"2021-10-30T08:42:09","modified_gmt":"2021-10-30T08:42:09","slug":"prevent-fake-account-sign-ups-in-real-time-with-ai-using-amazon-fraud-detector","status":"publish","type":"post","link":"https:\/\/salarydistribution.com\/machine-learning\/2021\/10\/30\/prevent-fake-account-sign-ups-in-real-time-with-ai-using-amazon-fraud-detector\/","title":{"rendered":"Prevent fake account sign-ups in real time with AI using Amazon Fraud Detector"},"content":{"rendered":"<div id=\"\">\n<p>Implementing an effective fraud prevention system is one of the top priorities for businesses that operate online web or mobile platforms. Businesses report millions of dollars of lost revenue each year due to fraud. Platform abuse and fraud prevention largely remain reactive, and is achieved by studying the profile behavior and transaction history of a user after they sign up. This approach is often manual, time-consuming, and expensive. Early detection and prevention of fraudulent account sign-ups on online platforms using artificial intelligence (AI) is an effective defense mechanism for combating fraud and abuse.<\/p>\n<p>This post shows how you can use <a href=\"https:\/\/aws.amazon.com\/fraud-detector\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Fraud Detector<\/a> in real time along with <a href=\"https:\/\/aws.amazon.com\/cognito\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Cognito<\/a> custom authentication workflows to prevent fake account sign-ups. Amazon Fraud Detector is a fully managed service that can identify potentially fraudulent online activities, such as creation of fake accounts or online payment fraud. Plus, you can use it without the need for any prior machine learning (ML) expertise. Unlike general-purpose ML packages, Amazon Fraud Detector is designed specifically to detect fraud.<\/p>\n<p>Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile applications quickly and easily. It\u2019s serverless, and can scale up to millions of users. I also discuss how you can use <a href=\"https:\/\/aws.amazon.com\/pinpoint\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Pinpoint<\/a> to track user sign-up flow events via user journeys and categorize users into segments. This is useful for user profiles and activity analysis in order to run effective marketing or promotional campaigns while maintaining a quality user experience.<\/p>\n<h2>Solution overview<\/h2>\n<p>In its general design, the solution uses an Amazon Fraud Detector supervised ML model along with a customized Amazon Cognito sign-up workflow to implement a real-time new user fraud prevention mechanism for online web and mobile applications. It also uses <a href=\"https:\/\/aws.amazon.com\/dynamodb\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon DynamoDB<\/a> and <a href=\"https:\/\/aws.amazon.com\/lambda\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Lambda<\/a> to customize the Amazon Cognito sign-up workflow. The following diagram illustrates the high-level architecture.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-30016 aligncenter\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/ML-6059-figure-1.png\" alt=\"High-level architecture diagram of real-time fraud prevention using Amazon Fraud Detector and Amazon Cognito\" width=\"729\" height=\"365\"><\/p>\n<h3>Using Amazon Fraud Detector Online Fraud Insights<\/h3>\n<p>Amazon Fraud Detector <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/online-fraud-insights.html\" target=\"_blank\" rel=\"noopener noreferrer\">Online Fraud Insights<\/a> is a supervised ML model designed to detect a variety of online fraud. You can use Online Fraud Insights to detect fraudulent accounts during the sign-up process. The model generates a model score between 0 and 1,000. The higher the score, the higher the risk of the new account being fraudulent.<\/p>\n<p>Because it\u2019s a supervised ML model, your model accuracy may vary depending on the quality and maturity of the labeled training data. The model requires at least two features in the training dataset along with two required features: <code>EVENT_TIMESTAMP<\/code> and <code>EVENT_LABEL<\/code>. Using more features may help achieve higher model accuracy and <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/training-performance-metrics.html\" target=\"_blank\" rel=\"noopener noreferrer\">lower false positive rates<\/a>. Amazon Fraud Detector provides information on the <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/model-variable-importance.html\" target=\"_blank\" rel=\"noopener noreferrer\">importance of the features<\/a> used in training the model, which is useful for addressing model overfitting or underfitting. The training dataset can be prepared with data from an existing fraud prevention system by following the <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/online-fraud-insights.html#data-set-guidance\" target=\"_blank\" rel=\"noopener noreferrer\">data preparation guidance<\/a>. In this case, the Amazon Fraud Detector model is trained with a labeled dataset with the following features.<\/p>\n<table border=\"1px\" width=\"494\" cellpadding=\"10px\">\n<tbody>\n<tr>\n<td><span>Feature<\/span><\/td>\n<td><span>Description<\/span><\/td>\n<\/tr>\n<tr>\n<td><code>ip_address<\/code><\/td>\n<td>User\u2019s public IP address<\/td>\n<\/tr>\n<tr>\n<td><code>email_address<\/code><\/td>\n<td>User\u2019s email address<\/td>\n<\/tr>\n<tr>\n<td><code>user_agent<\/code><\/td>\n<td>The <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/User-Agent\" target=\"_blank\" rel=\"noopener noreferrer\">User-Agent<\/a> request header value<\/td>\n<\/tr>\n<tr>\n<td><code>billing_state<\/code><\/td>\n<td>User\u2019s postal address state<\/td>\n<\/tr>\n<tr>\n<td><code>billing_postal<\/code><\/td>\n<td>User\u2019s zip or postal code<\/td>\n<\/tr>\n<tr>\n<td><code>billing_address<\/code><\/td>\n<td>User\u2019s billing address<\/td>\n<\/tr>\n<tr>\n<td><code>phone_number<\/code><\/td>\n<td>User\u2019s phone number<\/td>\n<\/tr>\n<tr>\n<td><code>EVENT_TIMESTAMP<\/code><\/td>\n<td>Required EVENT_TIMESTAMP variable<\/td>\n<\/tr>\n<tr>\n<td><code>EVENT_LABEL<\/code><\/td>\n<td>The label (fraud or legitimate)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Amazon Fraud Detector also provides a way to define rules that tell the detector how to interpret the inference outcome. These rules can be defined using the <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/rule-language-reference.html\" target=\"_blank\" rel=\"noopener noreferrer\">rule language<\/a>. A set of three specific rules is defined for this solution:<\/p>\n<ul>\n<li><strong>Low fraud risk <\/strong>\u2013 For a model score equal to or less than 650<\/li>\n<li><strong>Medium fraud risk<\/strong> \u2013 For a model score between 650 and 850<\/li>\n<li><strong>High fraud risk<\/strong> \u2013 For a model score over 850<\/li>\n<\/ul>\n<p>You can define fewer or additional rules depending on the use case and the overall model accuracy. For the purposes of this solution, I defined three distinct user sign-up flows depending on which rule the model score outcome conforms to:<\/p>\n<ul>\n<li>For low fraud risk evaluation outcomes, users can complete the registration process successfully.<\/li>\n<li>For medium fraud risk evaluation outcomes, we want to introduce additional friction in the registration process. This involves a human identity verification step\u2014a verification challenge code sent to their email, and (optionally) solving a CAPTCHA.<\/li>\n<li>For high fraud risk evaluation outcomes, we want to prevent the user from registering in our application, capture all available data, and optionally alert an administrator.<\/li>\n<\/ul>\n<h3>Attack vector considerations<\/h3>\n<p>Fraud attack vectors are a mechanism by which bad actors obtain fraudulent access to an application in order to exploit the system. The most common fraud attack vector is sign-up attempts by users using synthetic identities, such as use of disposable emails or email tumbling. These methods involve using unique email addresses for every sign-up attempt. Fraudulent sign-up attempts are either carried out by individual users, group of users, or automated systems (bots). Another sophisticated form of fraud attack vector involves collusive behavior, also known as collusion fraud. In this scenario, a group of users gain access to the system and perform transactions in coordination with each other to game the system to their advantage.<\/p>\n<p>Disposable email address domains can be identified by maintaining a list of known disposable email address domains in a DynamoDB table, and validating the email address against that list. <a href=\"https:\/\/aws.amazon.com\/neptune\/fraud-graphs-on-aws\/\" target=\"_blank\" rel=\"noopener noreferrer\">Fraud graphs<\/a> with <a href=\"https:\/\/aws.amazon.com\/neptune\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Neptune<\/a> provide a way to identify email tumbling and collusion fraud. Neptune is a fast, reliable, and fully managed graph database that can store fraud graphs and find relationships between the new user and existing users. With fraud graphs, you can use commonalities between user profiles such as the same postal address, phone numbers, and IP addresses to detect email tumbling or collusion fraud attempts. The following diagram shows an example of this process.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-30017 aligncenter\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/ML-6059-figure-2-1024x567.png\" alt=\"Validating if the email address uses a disposable email address and to detect email tumbling or collusion fraud using Amazon Neptune graph database identity graph\" width=\"618\" height=\"342\"><\/p>\n<h3>Custom Amazon Cognito user pool workflow<\/h3>\n<p>Amazon Cognito manages user sign-up and sign-in through a user directory known as a <a href=\"https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/cognito-user-identity-pools.html\" target=\"_blank\" rel=\"noopener noreferrer\"><em>user pool<\/em><\/a>. User pools let you <a href=\"https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\" target=\"_blank\" rel=\"noopener noreferrer\">customize authentication workflows using Lambda triggers<\/a>. To customize a user pool workflow, you can create Lambda functions that are invoked by Amazon Cognito during various phases of the workflow. These functions can implement functionalities such as introducing authentication challenges, validating emails, sending confirmation messages, and other custom logic.<\/p>\n<p>This solution uses Amazon Cognito <a href=\"https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/user-pool-lambda-pre-sign-up.html\" target=\"_blank\" rel=\"noopener noreferrer\">pre sign-up Lambda trigger<\/a> to implement a real-time fraud detection system. The Lambda trigger is invoked before Amazon Cognito performs a new user sign-up, which lets us run validations, and stores the user information and Amazon Fraud Detector rule outcome in a DynamoDB table. Because the function lets us run custom logic, we can also include validation of disposable emails or tumbling email addresses and subsequently assess the risk level of the user based on the rule outcome. The pre sign-up Lambda trigger lets us determine if the sign-up process should proceed normally, if additional validation steps (friction) should be introduced, or if the sign-up request should be denied.<\/p>\n<p>The following diagram illustrates the logical flow of this function.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-30018 aligncenter\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/ML-6059-figure-3.png\" alt=\"Logical flow of validations in an Amazon Cognito pre sign-up Lambda function for fraud prevention to filter disposable and tumbling email addresses and assess risk score using Amazon Fraud Detector\" width=\"852\" height=\"319\"><\/p>\n<h3>User segmentations and journeys using Amazon Pinpoint<\/h3>\n<p>Amazon Pinpoint enables businesses to communicate with their customers using popular channels like email, SMS, voice, and push notifications. With Amazon Pinpoint, you can also create <a href=\"https:\/\/docs.aws.amazon.com\/pinpoint\/latest\/userguide\/segments.html\" target=\"_blank\" rel=\"noopener noreferrer\">segments<\/a> of marketing campaign audiences. Without early fraud prevention for sign-ups, businesses must analyze all user profiles with the same lens. Findings of such analyses are then used to create appropriate audience segments for new user marketing or promotional campaigns. This approach often introduces overhead that takes time away from effectively engaging with customers, especially when dealing with large volumes of user data. For example, businesses may want to run marketing and promotional campaigns for new users with low sign-up risk scores.<\/p>\n<p>Events within the Amazon Cognito sign-up flow can also be sent to Amazon Pinpoint so businesses can create customer <a href=\"https:\/\/docs.aws.amazon.com\/pinpoint\/latest\/userguide\/journeys.html\" target=\"_blank\" rel=\"noopener noreferrer\">journeys<\/a>. An Amazon Pinpoint journey, as illustrated in the following diagram, is a multi-step engagement experience that can be tailored to fit the overall marketing strategy of the business.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-30019 aligncenter\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/ML-6059-figure-4.jpg\" alt=\"Segments of users by their sign-up risk scores. It also shows the user sign-up event journey that can be set up in Amazon Pinpoint to drive additional functionality such as running effective marketing campaigns for trusted users with low sign-up risk scores\" width=\"936\" height=\"366\"><\/p>\n<h2>Model retraining<\/h2>\n<p>Online web and mobile platforms may evolve based on changing business needs. Businesses may expand to new geographic locations, letting users sign up from uniquely different email domains and IP addresses. The online platform may start letting users sign up using their phone numbers. In such cases, it becomes important that the Online Fraud Insights model is retrained with a more recent dataset in order to minimize biased prediction outcomes.<\/p>\n<p>You can retrain a new version of the Amazon Fraud Detector model by using the data captured in DynamoDB. Data from the DynamoDB table can be exported to <a href=\"https:\/\/aws.amazon.com\/pm\/serv-s3\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Simple Storage Service<\/a> (Amazon S3) using <a href=\"https:\/\/docs.aws.amazon.com\/amazondynamodb\/latest\/developerguide\/DataExport.html\" target=\"_blank\" rel=\"noopener noreferrer\">DynamoDB table export<\/a>. The data in Amazon S3 can then be formatted using the <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/online-fraud-insights.html#data-set-guidance\" target=\"_blank\" rel=\"noopener noreferrer\">data preparation guidance<\/a> for Amazon Fraud Detector training data. When the retraining data is ready, a new Amazon Fraud Detector model version can be trained.<\/p>\n<h2>Architecture overview<\/h2>\n<p>To demonstrate the solution, we trained an Amazon Fraud Detector model using a fictitious, synthetically generated <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/samples\/training_data.zip\" target=\"_blank\" rel=\"noopener noreferrer\">sample dataset<\/a>. We used an Amazon Cognito user pool custom authentication workflow to define the three different flows based on each of the Amazon Fraud Detector rule outcomes.<\/p>\n<h3>Low and high fraud risk sign-up flows<\/h3>\n<p>The following diagram shows the sign-up flow events. The Amazon Fraud Detector Online Fraud Insights ML model evaluates either a low risk or high risk outcome for the new user.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-30020 aligncenter\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/ML-6059-figure-5.png\" alt=\"Registration flow architecture when low fraud risk or high fraud risk outcomes are detected by Amazon Fraud Detector, using Amazon Cognito and a pre sign up AWS Lambda function\" width=\"865\" height=\"423\"><\/p>\n<p>Let\u2019s walk through the flow:<\/p>\n<ol>\n<li>The user initiates a sign-up flow from the client application (web or mobile) by entering information such as name, email, postal address, phone, and desired password.<\/li>\n<li>The client invokes the Amazon Cognito user pool <code><a href=\"https:\/\/docs.aws.amazon.com\/cognito-user-identity-pools\/latest\/APIReference\/API_SignUp.html\" target=\"_blank\" rel=\"noopener noreferrer\">SignUp<\/a><\/code> API by passing all the registration information along with the user\u2019s public IP address and the client application\u2019s User-Agent value.<\/li>\n<li>The client also sends the sign-up event to Amazon Pinpoint through the <code><a href=\"https:\/\/docs.aws.amazon.com\/pinpoint\/latest\/developerguide\/audience-define-user.html\" target=\"_blank\" rel=\"noopener noreferrer\">update-endpoint<\/a><\/code> API.<\/li>\n<li>Amazon Cognito invokes the pre sign-up Lambda trigger with the user registration information, which includes all the variables needed for Amazon Fraud Detector to evaluate the user information.<\/li>\n<li>The Lambda trigger checks the email address against a predefined list of disposable email domains, and checks the email pattern for a tumbling email. If either of these validations are true, it <a href=\"https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/user-pool-lambda-pre-authentication.html#aws-lambda-triggers-pre-authentication-example\" target=\"_blank\" rel=\"noopener noreferrer\">responds with an error<\/a> back to Amazon Cognito, which stops the sign-up flow. The client application can display an appropriate message.<\/li>\n<li>If the email isn\u2019t disposable or a tumbling email, the Lambda trigger makes a call to the Amazon Fraud Detector <code><a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/api\/API_GetEventPrediction.html\" target=\"_blank\" rel=\"noopener noreferrer\">GetEventPrediction<\/a><\/code> API with all the required variables. Amazon Fraud Detector then responds back with the rule evaluation outcome and score that it used to evaluate the outcome. The outcome and score along with all other user attributes are stored in a DynamoDB table.<\/li>\n<li>Next, the outcome value is used to decide whether to permit the sign-up or not.\n<ol type=\"a\">\n<li>If the outcome is low risk, the Lambda function sets the <code><a href=\"https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/user-pool-lambda-pre-sign-up.html#cognito-user-pools-lambda-trigger-syntax-pre-signup\" target=\"_blank\" rel=\"noopener noreferrer\">autoConfirmUser<\/a><\/code> parameter to <code>true<\/code>. Amazon Cognito automatically confirms the user, and the user is registered.<\/li>\n<li>If the outcome is high risk, Lambda throws an error and Amazon Cognito denies the user sign-up.<\/li>\n<\/ol>\n<\/li>\n<li>Based on responses from Amazon Cognito, the client shows an appropriate message and sends a successful sign-up or a sign-up denied event to Amazon Pinpoint.<\/li>\n<\/ol>\n<h3>Medium fraud risk sign-up flow<\/h3>\n<p>The following diagram shows the sign-up flow events where the Online Fraud Insights ML model evaluates a medium risk outcome for the new user. In this case, friction is introduced in the sign-up flow by means of additional identity verification.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-30021 aligncenter\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/ML-6059-figure-6.png\" alt=\"Registration flow architecture when medium fraud risk outcome Is detected by Amazon Fraud Detector using Amazon Cognito pre sign-up AWS Lambda function, Amazon API Gateway, AWS Lambda, and Amazon DynamoDB\" width=\"866\" height=\"504\"><\/p>\n<p>To do a walkthrough of this flow, let\u2019s assume that the new user sign-up has passed the disposable and tumbling email validation checks in the pre sign-up Lambda trigger.<\/p>\n<ol>\n<li>The Amazon Cognito Lambda trigger receives a medium risk outcome and score from Amazon Fraud Detector and stores this, along with all other user attributes, in the DynamoDB table.<\/li>\n<li>The Lambda trigger sets the <code>autoConfirmUser<\/code> parameter to <code>false<\/code>. Amazon Cognito automatically sends a verification code to the user\u2019s email address. Note that <a href=\"https:\/\/docs.aws.amazon.com\/cognito\/latest\/developerguide\/user-pool-settings-email-phone-verification.html\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Cognito can also send a verification code to user\u2019s phone number via SMS<\/a>.<\/li>\n<li>The client application prompts the user to enter a verification code and (optionally) solve a CAPTCHA (implemented separately).<\/li>\n<li>The user enters the verification code to verify their identity. This identity verification step involves consecutive API calls.\n<ol type=\"a\">\n<li>The first call is to Amazon Pinpoint through the <code>update-endpoint<\/code> API that an identity verification step has occurred.<\/li>\n<li>Next, a call is made to an <a href=\"https:\/\/aws.amazon.com\/api-gateway\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon API Gateway<\/a> endpoint, which is backed by a Lambda function. This function validates if the client\u2019s public IP address or User-Agent has changed. For example, a user may have switched networks or changed browsers. If the function detects changes, it makes an additional <code><a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/api\/API_GetEventPrediction.html\" target=\"_blank\" rel=\"noopener noreferrer\">GetEventPrediction<\/a><\/code> call to get the new risk outcome and score.<\/li>\n<\/ol>\n<\/li>\n<li>If the second prediction outcome and score are in the same range or better\u2014that is, medium or low risk\u2014the Lambda function sends an <em>OK<\/em> response to the client via the API Gateway endpoint.<\/li>\n<li>Next, the client sends the verification code to Amazon Cognito via the <code><a href=\"https:\/\/docs.aws.amazon.com\/cognito-user-identity-pools\/latest\/APIReference\/API_ConfirmSignUp.html\" target=\"_blank\" rel=\"noopener noreferrer\">ConfirmSignup<\/a><\/code> API.<\/li>\n<li>Amazon Cognito confirms the user registration if the verification code entered by the user is valid.<\/li>\n<li>If the second prediction outcome changes to high risk, the Lambda function sends an error code to the client application via the API Gateway endpoint.<\/li>\n<li>The client stops the sign-up flow and displays a message to the user.<\/li>\n<\/ol>\n<h2>Deployment prerequisites<\/h2>\n<p>The starter code for setting up this real-time sign-up flow using Amazon Cognito and the Amazon Fraud Detector <code>GetEventPrediction<\/code> API is available on <a href=\"https:\/\/github.com\/aws-samples\/amazon-fraud-detector-with-cognito\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub<\/a>. For this walkthrough, you must have the following prerequisites:<\/p>\n<ul>\n<li>An <a href=\"https:\/\/signin.aws.amazon.com\/signin?redirect_uri=https%3A%2F%2Fportal.aws.amazon.com%2Fbilling%2Fsignup%2Fresume&amp;client_id=signup\" target=\"_blank\" rel=\"noopener noreferrer\">AWS account<\/a><\/li>\n<li>Access to an AWS account with administrator or power user (or equivalent) <a href=\"https:\/\/aws.amazon.com\/iam\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Identity and Access Management<\/a> (IAM) role policies attached with permissions for Amazon Fraud Detector, Amazon Cognito, Lambda, DynamoDB, API Gateway, and Amazon Pinpoint.<\/li>\n<\/ul>\n<h2>Set up Amazon Fraud Detector<\/h2>\n<p>To get started with setting up and testing Amazon Fraud Detector, complete the following steps:<\/p>\n<ol>\n<li><a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/part-a.html\" target=\"_blank\" rel=\"noopener noreferrer\">Build an Amazon Fraud Detector model<\/a> \u2013 upload the training data, create events to evaluate fraud, and train and deploy the model.<\/li>\n<li><a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/part-b.html\" target=\"_blank\" rel=\"noopener noreferrer\">Create a detector to generate real-time fraud predictions<\/a> \u2013 add the model to the detector, and create and configure rules.<\/li>\n<\/ol>\n<h2>Set up an Amazon Cognito custom authentication workflow<\/h2>\n<p>Detailed step-by-step instructions on how to deploy the custom sign-up workflow are available in the <a href=\"https:\/\/github.com\/aws-samples\/amazon-fraud-detector-with-cognito\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub repository<\/a>. The repository consists of an <a href=\"https:\/\/aws.amazon.com\/cdk\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Cloud Development Kit<\/a> (AWS CDK) application that deploys all the necessary AWS resources. The high-level steps are as follows:<\/p>\n<ol>\n<li>Create a Lambda function required to customize the Amazon Cognito user pool authentication workflow.<\/li>\n<li>Create an Amazon Cognito user pool and assign the Lambda function as the pre sign-up Lambda trigger.<\/li>\n<li>Create a DynamoDB table, Lambda function, and API Gateway endpoints for the identity verification step.<\/li>\n<li>Create an Amazon Pinpoint project.<\/li>\n<\/ol>\n<p>You can use Amazon Cognito APIs via the AWS SDK (available for <a href=\"https:\/\/www.npmjs.com\/package\/@aws-sdk\/client-cognito-identity\" target=\"_blank\" rel=\"noopener noreferrer\">JavaScript<\/a>, <a href=\"https:\/\/aws.amazon.com\/sdk-for-java\/\" target=\"_blank\" rel=\"noopener noreferrer\">Java<\/a>, <a href=\"https:\/\/aws.amazon.com\/sdk-for-net\/\" target=\"_blank\" rel=\"noopener noreferrer\">.NET<\/a>) and use API Gateway endpoints as REST endpoints to configure the sign-up or registration flow in your web or mobile app. Alternatively, you can use the <a href=\"https:\/\/docs.amplify.aws\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Amplify SDK<\/a> <a href=\"https:\/\/docs.amplify.aws\/lib\/auth\/getting-started\/q\/platform\/js\/\" target=\"_blank\" rel=\"noopener noreferrer\">Auth<\/a>, <a href=\"https:\/\/docs.amplify.aws\/lib\/restapi\/getting-started\/q\/platform\/js\/\" target=\"_blank\" rel=\"noopener noreferrer\">API<\/a>, and <a href=\"https:\/\/docs.amplify.aws\/lib\/analytics\/getting-started\/q\/platform\/js\/\" target=\"_blank\" rel=\"noopener noreferrer\">Analytics<\/a> modules to integrate Amazon Cognito, API Gateway, and Amazon Pinpoint with your application.<\/p>\n<h2>Clean up<\/h2>\n<p>To avoid incurring future charges, delete the resources created for the solution.<\/p>\n<ol>\n<li>Follow the <a href=\"https:\/\/github.com\/aws-samples\/amazon-fraud-detector-with-cognito#cleaning-up\" target=\"_blank\" rel=\"noopener noreferrer\">instructions provided in the GitHub repository<\/a> to clean up resources created by the AWS CDK application.<\/li>\n<li>On the Amazon Fraud Detector console, <a href=\"https:\/\/docs.aws.amazon.com\/frauddetector\/latest\/ug\/delete-resources.html\" target=\"_blank\" rel=\"noopener noreferrer\">manually delete<\/a> all related resources.<\/li>\n<\/ol>\n<h2>Conclusion<\/h2>\n<p>This post demonstrated how you can implement a real-time fraud prevention system by preventing fake account creation with AI using Amazon Fraud Detector. I discussed how to mitigate different fraud attack vectors by customizing authentication workflows in Amazon Cognito using Lambda functions. This solution helps businesses take steps towards building an AI-powered fraud prevention system for their web and mobile platforms. Fully managed AWS services such as Amazon Fraud Detector, Amazon Cognito, and Amazon Pinpoint help make the solution cost-effective by reducing operational overhead. This solution is also customizable to support mitigation of emerging fraud attack vectors. Early fraud prevention helps reduce the time businesses spend analyzing user behavior to identify fraud in their platforms and focus more on driving business value. To learn more about how Amazon Fraud Detector can help your business, <a href=\"https:\/\/aws.amazon.com\/fraud-detector\/\" target=\"_blank\" rel=\"noopener noreferrer\">visit the webpage<\/a>!<\/p>\n<hr>\n<h3>About the Author<\/h3>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-30037 alignleft\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/28\/Anjan-Biswas.png\" alt=\"Anjan Biswas\" width=\"100\" height=\"100\"><\/p>\n<p><b>Anjan Biswas<\/b> is a Senior Solutions Architect with focus on AI\/ML, Data Analytics, and enterprise applications. Anjan works with enterprise customers and is passionate about developing, deploying and explaining AI\/ML, Data Analytics, and Big Data solutions. Anjan has over 14 years of experience working with global supply chain, manufacturing, and retail organizations and is actively helping customers get started and scale on AWS.<\/p>\n<p>       <!-- '\"` -->\n      <\/div>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/aws.amazon.com\/blogs\/machine-learning\/prevent-fake-account-sign-ups-in-real-time-with-ai-using-amazon-fraud-detector\/<\/p>\n","protected":false},"author":0,"featured_media":1122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/posts\/1121"}],"collection":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/comments?post=1121"}],"version-history":[{"count":0,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/posts\/1121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/media\/1122"}],"wp:attachment":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/media?parent=1121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/categories?post=1121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/tags?post=1121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}