Five questions with CashShield

CashShield founder Justin Lie, 35, began dabbling in online business by selling gaming consoles on eBay. The modest venture eventually led him into the world of algorithmic fraud detection, and the founding of a company that now provides its service to e-commerce giant Alibaba. He spoke recently to Yasmine Yahya about the journey and where CashShield is headed next.

Q How did it all begin?

A When I was 16, I found out about eBay and PayPal. Anyone with a credit card could start an account on these sites and begin selling products online and accepting payments.

My parents refused to lend me their credit card but I borrowed some cards from my friends. When I started to make money, my parents finally came around.

I initially sold refurbished gaming consoles. Later I sourced for any product I could sell to the North American market.

In those early days, payments were 100 per cent safe and secure; there was no fraud.

But after a while, hackers began to emerge and it became a really frustrating problem. Every time there was a fraudulent transaction, it could easily amount to about US$500 (S$680), which would be deducted from my account to be returned to the real card holder, whose card had been fraudulently used.

So I had a vision of taking things to the next level, and coming up with a solution to this problem.

I have a finance background, and I learnt how to code, and I started CashShield while studying at the National University of Singapore.

Q What does CashShield do?

A We have created the world's first online fraud management solution that does not require human involvement.

Traditionally, fraud prevention solutions use machine-learning and software solutions as the first filter of fraud, but they are still reactive and require human operators.

However, hackers are now using machine-learning to attack businesses. They can use software to hide or disguise themselves, take on different identities, and be whoever they want to be to slip through a business' cyber defences.

CashShield combines high-frequency trading algorithms, real-time pattern recognition and passive biometrics. What this means, for example, is that if someone goes to to make a purchase, within milliseconds of him landing on the page, we have a good profile of him.

For example, we can tell whether he's using a laptop or mobile phone. And if he's using a mobile phone, we can know how fast he swipes, whether he's a right swiper or left, how fast he types, whether he's using copy-paste actions.

And if he's using a laptop, we can tell, among other things, his operating system, his CPU system, his language settings, time zone and the software he has installed.

So, for example, when someone is surfing the Internet, he usually has multiple tabs open on the browser. We can detect if he is consecutively logged on to social media sites. Why is this important? Because if a hacker is trying to perform a coordinated criminal action using software or hiding himself, he would not be bothered to log on to social media as well.

So in these various ways, we can distinguish between authentic visitors and hackers.

We also detect whether the user "likes" a product before buying it and what kind of payment method he uses.

All of this information is collated and co-related within less than 0.1 second, which helps us to distinguish "good" from "bad" behavioural patterns.

Q What happens next?

A There are two product lines we offer. First, we secure against unauthorised online payments. Basically, credit card fraud - hackers using stolen card information to buy things online for free, creating a huge problem in the e-commerce sector.

Second, we help companies defend against unauthorised account takeovers, which is a huge problem as well. For example, a stolen Uber account is worth US$30 on the black market. Hackers can take over these accounts and resell them on the black market to people who then use them to take rides for free.

So what we do is detect and stop fraudulent account takeovers in real time. We detect behaviour such as when a group of hackers has suddenly accessed hundreds of thousands of stolen accounts. The first thing they would do is try to take over the accounts and change the passwords. When they try to log in, we will suspend those accounts before they can do so, to prevent them from carrying out their plan.

Q Can your service ultimately help businesses make more money?

A We help companies grow their revenue. Today, only 60 to 70 per cent of online credit card payments are accepted, because there has been a huge overreaction against fraud. For example, some e-commerce players have implemented two-factor authentication to combat fraud. In Singapore, people can accept this but in the United States and Europe, consumers would not bother to go through multiple steps just to make a purchase. So companies lose a lot of business this way.

With CashShield, these companies can accept more payments more confidently and safely. In one case, we helped a company raise its payment acceptance rate from 70 per cent to 99.5 per cent, which helped it grow its revenue.

Q What's next for CashShield?

A We have offices in Berlin, Jakarta, Shanghai, Singapore and Silicon Valley, but we want to further establish a foothold as a global company and to do that we have to better penetrate Silicon Valley and establish ourselves as one of the leaders there.

Most of our competitors are in the US. But we feel we have a unique competitive advantage with our technology.

China is also an interesting market because it has huge companies and we have already managed to secure some high-profile clients there, so we would like to expand there.