A defender's key advantage is their massive dataset of legitimate activity. Machine learning excels by modeling the messy, typo-ridden chaos of real business data. Fraudsters, however sophisticated, cannot perfectly replicate this organic "noise," causing their cleaner, fabricated patterns to stand out as anomalies.
Related Insights
Binary decisions are brittle. For payments that are neither clearly safe nor clearly fraudulent, Stripe uses a "soft block." This triggers a 3DS authentication step, allowing legitimate users to proceed while stopping fraudsters, resolving ambiguity without losing revenue.
Stripe's AI model processes payments as a distinct data type, not just text. It analyzes transaction sequences across buyers, cards, devices, and merchants to uncover complex fraud patterns invisible to humans, boosting card testing detection from 59% to 97%.
For complex cases like "friendly fraud," traditional ground truth labels are often missing. Stripe uses an LLM to act as a judge, evaluating the quality of AI-generated labels for suspicious payments. This creates a proxy for ground truth, enabling faster model iteration.
A core pillar of modern cybersecurity, anomaly detection, fails when applied to AI agents. These systems lack a stable behavioral baseline, making it nearly impossible to distinguish between a harmless emergent behavior and a genuine threat. This requires entirely new detection paradigms.
By creating dense embeddings for every transaction, Stripe's model identifies subtle patterns of card testing (e.g., tiny, repetitive charges) hidden within high-volume merchants' traffic. These attacks are invisible to traditional ML but appear as distinct clusters to the foundation model, boosting detection on large users from 59% to 97%.
While many focus on AI for consumer apps or underwriting, its most significant immediate application has been by fraudsters. AI is driving an 18-20% annual growth in financial fraud by automating scams at an unprecedented scale, making it the most urgent AI-related challenge for the industry.
Large-scale fraud operates like a business with a supply chain of specialized services like incorporation agents, mail services, and accountants. While some tools are generic (Excel), graphing the use of shared, specialized infrastructure can quickly unravel entire fraud networks.
The skills for digital forensics (detecting intrusions) are distinct from offensive hacking (creating intrusions). This separation means that focusing AI development on forensics offers a rare opportunity to 'differentially accelerate' defensive capabilities. We can build powerful defensive tools without proportionally improving offensive ones, creating a strategic advantage for cybersecurity.
Purely model-based or rule-based systems have flaws. Stripe combines them for better results. For instance, a transaction with a CVC code mismatch (a rule) is only blocked if its model-generated risk score is also elevated, preventing rejection of good customers who make simple mistakes.
A core conceit of fraud is faking business growth. Consequently, fraudulent enterprises often report growth rates that dwarf even the most successful legitimate companies. For example, the fraudulent 'Feeding Our Future' program claimed a 578% CAGR, more than double Uber's peak growth rate. This makes sorting by growth an effective detection method.