Doing good by fighting fraud: Ethical anti-fraud systems for mobile payments
This addresses ethical issues in mobile payment fraud prevention by making systems more equitable for users with low-end devices, though it is incremental as it builds on an existing method.
The paper tackled the problem that existing anti-fraud systems like Boxer perform poorly on low-end mobile devices, blocking users with inexpensive hardware. It resulted in Daredevil, which reduces devices running at less than 1 FPS by an order of magnitude compared to Boxer, based on data from over 5 million real devices.
App builders commonly use security challenges, a form of step-up authentication, to add security to their apps. However, the ethical implications of this type of architecture has not been studied previously. In this paper, we present a large-scale measurement study of running an existing anti-fraud security challenge, Boxer, in real apps running on mobile devices. We find that although Boxer does work well overall, it is unable to scan effectively on devices that run its machine learning models at less than one frame per second (FPS), blocking users who use inexpensive devices. With the insights from our study, we design Daredevil, anew anti-fraud system for scanning payment cards that work swell across the broad range of performance characteristics and hardware configurations found on modern mobile devices. Daredevil reduces the number of devices that run at less than one FPS by an order of magnitude compared to Boxer, providing a more equitable system for fighting fraud. In total, we collect data from 5,085,444 real devices spread across 496 real apps running production software and interacting with real users.