🦸🏻 Automated Fraud Detection

Introduction

Welcome to the Automated Fraud Detection feature. In this documentation developer guide for Taggun, we delve into similar receipts detection as an indispensable feature that adds an extra layer of security to your receipt validation process.

Customer engagement campaigns have a prevalent form of receipt fraud involving sharing and uploading similar receipts for multiple submissions. Fortunately, Taggun's API seamlessly integrates a solution to detect and mitigate this type of fraud, ensuring the integrity of your processes.

With duplicate detection, Taggun's API doesn't only detect when the same receipt has been submitted multiple times, but it also flags suspiciously similar receipts, returning a similarity score for those that may need to be investigated further.


Safeguarding Against Common Fraud Cases

Mitigating Duplicate Receipt Submissions

To thwart the tactic of submitting identical receipts repeatedly, our system employs advanced duplicate detection algorithms. These algorithms analyze various receipt attributes to identify and prevent fraudulent attempts, ensuring the integrity of the validation process.

Addressing the Challenge of Shared Receipts Among Users

To counter the risk posed by malicious users sharing receipts, we implement detection of similar receipts, mitigating the potential for fraudulent activities orchestrated through collaboration.

Preventing Fraudulent Manipulation of Receipt Images for multiple submissions

In response to potential threats involving manipulating receipts for multiple submissions, our system can detect suspiciously similar receipts if they have been manipulated.


How to set up a campaign with fraud detection?

This new feature is part of Taggun's existing Receipt Validation API.

So first, you need to contact with Taggun [email protected] to get access (as this is currently an opt in product).

Once you have access to Taggun's Receipt Validation APIs, you can integrate this feature right away:

  1. Create a new campaign or update an existing campaign through the API.

In the request body, there is a new object which must be passed in. See example below:

  "fraudDetection": {
    "allowSimilarityCheck": true
  }

This will be shown in further detail in the updated API reference here.


How to send a request to track similar receipts?

Starting with the request body of validate receipts, there are two new fields as following:

Field NameTypeDescription
referenceId (optional)stringPassing this with a validation request will tag the receipt with your system's unique submission ID of a receipt for proof of purchase. This ensures effective tracking and management of suspicious receipts submitted within your system.

referenceId is optional. If you don't with to pass in a referenceId, you may also save TAGGUN's trackingId from the API response to cross reference to which receipt submission was uploaded from your system that is flagged as suspicious.

However, we recommend sending a referenceId. To avoid wrongly flagging a legitimate case of re-submitting a receipt as proof of purchase, we will not flag receipts as suspicious if they share the same referenceId.
userId (optional)stringPassing this with a validation request will tag the receipt with your system's user ID This ensures effective tracking and management of suspicious user behaviour within your system.

Tag a receipt with a user ID so that if the same receipt has been previously uploaded by another user, this will be flagged as suspicious behaviour

And there are multiple additions to the response object described as below:

Field NameTypeDescription
trackingIdstringUsed internally to attach each validation result to its receipt, can also be used as an automatically generated reference if the referenceId field is not provided in the request.
similarReceiptsarrayAn array containing all (if any) similar receipts, with similarity scores exceeding 0.9
similarReceipts[index].scorenumberThe calculated similarity score above 0.9, the higher the score the greater the similarity
similarReceipts[index].trackingIdstringThe tracking ID of the similar receipt
similarReceipts[index].referenceIdstringIf applicable, returns the reference ID of the similar receipt
similarReceipts[index].userIdstringIf applicable, the user ID for a separate user that has uploaded a similar receipt

How does it work?

After extracting the text from the receipt image, the data is run through a series of calculations that analyse how similar one receipt is to another (in the same campaign).

Even when malicious users edit images to avoid detection for duplication, we can flag these uploads as suspicious so that you can either bounce them back to the user or send them to a manual review process.

If two different people try and upload the same receipt in one campaign, will it still be flagged?

Yes. Also, if the user ID argument has been passed in with the request, it becomes very easy to investigate other potential fraudulent behaviour from the offending users.

What happens if the receipts from one merchants are very similar to one another all the time?

No problem, our system takes this into effect and alters the score threshold on a per-merchant basis, limiting the number of false alarms.


An example

A malicious user wants to bypass basic comparison checks by editing a receipt. While the two below receipts might look the same, the offending version has alterations made to the MERCH ID, AID, TVR, and ARQC values, as well as to the transaction date.

Original ReceiptEdited Receipt

After creating a campaignId with fraud detection enabled (as discussed earlier in this article), we can test these receipts for potential fraud using the API explorer here.

Using the original receipt, we get the following response object, with no receipts returned in the similarReceipts array.

{
  "successful": true,
  "failedValidations": [],
  "passedValidations": [
    "merchant_name_validated",
    "date_validated",
    "fraud_detection_unique_receipt_validated",
    "product_line_items_validated"
  ],
  "productLineItems": [
    ...
  ],
  "matchedProductLineItems": [
    ...
  ],
  "date": "2023-09-08T09:35:00.000Z",
  "merchantName": "metro",
  "productCodes": [
    "TVR 0000008001"
  ],
  "balanceAmount": null,
  "totalAmount": 8.31,
  "similarReceipts": [],
  "trackingId": "T-20231207-1576094"
}

In this response we see that fraud_detection_unique_receipt_validated has returned a successful response, and a trackingId has been assigned to the receipt also. So far so good, everything is as it should be.

What should you expect then, when the edited receipt is uploaded?

{
  "successful": false,
  "failedValidations": [
    "fraud_detection_unique_receipt_validated"
  ],
  "passedValidations": [
    "merchant_name_validated",
    "date_validated",
    "product_line_items_validated"
  ],
  "productLineItems": [
    ...
  ],
  "matchedProductLineItems": [
		...
  ],
  "date": "2023-02-22T09:35:00.000Z",
  "merchantName": "metro",
  "productCodes": [
    "TVR 0000018001"
  ],
  "balanceAmount": null,
  "totalAmount": 8.31,
  "similarReceipts": [
    {
      "referenceId": null,
      "userId": null,
      "trackingId": "T-20231207-1576094",
      "similarityScore": 0.9841417670249939
    }
  ],
  "trackingId": "T-20231207-8012734"
}

The fraud_detection_unique_receipt_validated response is now negative. Also, the similarReceipts array now includes reference to the original receipt, listing both its trackingId and a similarityScore well above the 0.9 threshold, a strong indicator that fraudulent behaviour is taking place, enabling you to investigate further.


Start Building

Contact Taggun now [email protected] to get access to this feature, and then dive straight into the API reference to start building fraud-proof applications!