Careem Improves Fraud Prevention with AWS Machine Learning

Dubai-based Careem became the Middle East’s first unicorn when it was acquired by Uber for $3.1 billion in 2019. A pioneer of the region’s ride-hailing economy, Careem is now expanding its services to include mass transportation, delivery, and payments as an everyday super app.

But its size and popularity—it has around 50 million customer accounts—have also made it a prime target for fraudsters constantly looking for new loopholes to exploit and different ways to hijack genuine accounts.

Careem needed a way to detect and stop losses from fraud that were damaging both its revenue and its brand reputation.

It turned to Amazon Web Services (AWS) and is now fighting back using analytics and machine learning to automatically identify and block fraudsters in their tracks before any crime can be committed.

Careem sees a wide variety of different types of fraud and criminals are always finding new loopholes to bypass the specific measures it puts in place to combat the existing fraud patterns detected.

In the past, tackling these different kinds of fraud was a never-ending game of cat-and-mouse. Careem used to have to create rules or machine learning models for each specific type of fraud. But this was problematic on two levels.

First, it only allowed Careem to identify and block an account after the fraud had been committed and detected—the money had already been lost.

Second, fraudsters were able to quickly spot when Careem had worked out how to detect that type of fraud and they would simply move on and find a new loophole to exploit.

It was clear that Careem needed a smarter and faster way to detect fraudulent accounts and stop fraud before it was committed.

“Instead of continuously creating very specific tools to detect very specific fraud use cases, we wanted to build a project that was almost a blanket detection mechanism over all the users, regardless of what type of loophole they found or whatever type of attack they try to make,” says Kevin O’Brien, senior data scientist at Careem.

Careem opted for a graph database as a way of detecting potentially fraudulent patterns in real time across user and account activity, and evaluated several of the major providers in the market. 

It chose AWS and the automated real-time analysis and monitoring capabilities of Amazon Neptune, in part because it is a managed service. 

“Amazon Neptune is fully managed, which is a big advantage to us in terms of how many people we’d have to have working on this project, and the potential cost of infrastructure and maintenance,” says O’Brien. “Instead, that’s all completely managed by AWS.” 

Careem was already using AWS for all its cloud computing and data warehouse operations, so opted to stay in the same environment for its fraud prevention project. 

Careem also had a preference for the Gremlin query language that supports Amazon Neptune over the query languages such as Cypher that are used by other graph database providers. Gremlin allows developers to write queries in a range of programming languages, including Groovy, Java, and Python.

To improve its fraud detection capability using Amazon Neptune, Careem started focusing on the identity of users in addition to its efforts tackling specific types of fraud as they arose.

The Amazon Neptune graph database allows Careem to make connections between different users and datapoints and identify patterns that might indicate fraudulent activity.

The first version of the fraud prevention project went live in October 2020 using historical user data going back to 2012 from Careem’s in-house sources, such as its data warehouse. This data is extracted, transformed, and then formatted into CSV files on Amazon Simple Storage Service (Amazon S3) before being uploaded to Amazon Neptune. That historical data is added to in real-time as users perform new actions, such as using a new device to log in, adding a new credit card, changing a phone number, or making a profile change. On average, data is added to or updated in the Amazon Neptune graph more than 100,000 times per day.

This creates a cluster of data connected to each user, that is analyzed using a simple algorithmic analytics engine, built by Careem using Python, that sits on top of Amazon Neptune. 

When an account is flagged as potentially fraudulent it is either automatically blocked if the data shows it is historically an untrustworthy account or flagged for manual review if it is a trustworthy or high-value account, such as that of a corporate customer.

Careem has blocked tens of thousands of fraudulent user accounts since the implementation of the first phase of the project in October 2020, and the results are impressive—around 90 percent of the users that the system automatically blocked were correct decisions. This means Careem is blocking these fake accounts before any fraud is committed, which helps reduce losses.

After the success of this first phase of the project, Careem is now working with AWS on an updated version that will improve the accuracy further by using the machine learning capability in Amazon Neptune ML.

Using around 10 times more historical data, Careem will be able to apply advanced deep learning instead of a simple rules-based approach, and train the system so that it can learn to identify what a fraudulent user looks like on the graph database. This will allow for vastly improved recall, where the system is able to correctly detect more fraudulent accounts out of all the users that are analyzed by the system—while improving fraud prediction accuracy well beyond 90 percent.

“We are very confident this second version of our solution will improve on our current fraud prevention capabilities,” says O’Brien. “And this is another great reason why we chose Amazon Neptune.”