An open source approach to fraud prevention | Opensource.com
An open source approach to fraud prevention
Companies often discuss completely changing their back-end infrastructure, but rarely do. The cost of diverting resources and slowing product enhancements during the transition—as well as the impact on customers— can strike fear into the hardiest of executives, chief technical officers, and developers.
It can be the smart long-term move, but the short-term costs can make the change seem too risky. This was a challenge that iovation, a SaaS fraud prevention company, decided to tackle.
As a startup, iovation analyzed approximately 1 million transactions per day using a proprietary vendor's data management system. As the company grew, that number increased to more than 10 million transactions per day. This analysis involves multiple business intelligence databases that quantify in real time whether an end user's device is associated with credit card fraud, identity theft, social community abuses or other high-risk behavior.
After several years of growth, the proprietary vendor's architecture showed signs of performance strain with no reasonable scaling options. iovation faced exorbitant license, service, and upgrade/expansion fees from the proprietary vendor. Given these issues, iovation decided to ditch the propriety software and go with an open source solution.
In 2011, iovation designed and implemented an upgrade that leveraged an open source stack including Apache Cassandra, PostgreSQL and Linux. We incrementally replaced components of the legacy enterprise architecture with the open source tools, and completed this multi-year migration in early 2013. In the process, we added hundreds of individual servers were added as iovation moved away from centralized, monolithic data stores to a service-oriented architecture.
Previously, a basic fraud query for an individual online transaction would take (on average) close to 300 milliseconds. After converting to the modular service-oriented architecture powered by open source software, that same process now takes less than 100 milliseconds on average. This remained the case even after we added complex new layers of business rules, allowing iovation to scour customer transactions for identity obfuscation techniques, stateful velocity checks and other vital analyses.
While a few hundred milliseconds may seem inconsequential, they absolutely matter when determining, in real time, which transactions are fraudulent and which are legitimate. In addition to wanting to catch a high-risk transaction as quickly as possible, ensuring good customers don't have to wait is important. Time to market for service enhancements and new features has also been reduced since the more modular architecture better decouples system components to facilitate incremental advances.
iovation's architectural transformation also gave the company newfound flexibility to launch multiple, decentralized data centers and institute an "active/active" system. This kind of configuration allows the data centers to equally share query loads under normal operating circumstances, or for certain data centers to handle the full load if one of them ever goes down. This redundancy makes it possible for iovation to take one data center offline for maintenance, push out software updates, or debug with no service interruption to customers.
The horizontal scalability this architecture provides makes scaling as simple as adding commodity hardware to live running service modules. There is no need for changes to the software architecture and the active/active infrastructure allows scaling with no downtime required.
This distributed SaaS infrastructure positions iovation to support the largest companies and traffic volumes on the planet. Scaling models have clear paths to processing 100 million daily transactions before encountering the next tier of significant network infrastructure upgrades.
In the end, the move to an open source architecture makes iovation a more nimble, scalable, and better performing service provider. The upgrade is ultimately an investment in the company's future and a commitment to providing world class services to customers.