Fraud Detection

For the Web Developer

  • Starting the Website
  • Scoring a Transaction
  • Example Transaction
  • Remote Access to Website
    • The example site is built with node.js. It uses tedius for communication with SQL Server.

    The final goal of this solution is to interrupt a fraudulent transaction before it occurs. Keep in mind that there will be false positives - transctions flagged that are not in fact fraud. For that reason, the decision point when the model returns a high probability of fraud might be to require the purchaser contact a live person to complete the transaction, rather than simply deny the purchase.

    This solution contains an example of a website that does just that. The example is not meant to be production-quality code, it is meant simply to show how a website might make use of such a model. The example shows the purchase page of a transaction, with the ability to try the same simulated purchase from multiple accounts.

    Starting the Website

    To start the website, type the following commands into a terminal window or powershell window. Substitute your own values for the path and username/password:

        cd C:\Solutions\Fraud\Website
    node server.js

    You should see the following response:

        Example app listening on port 3000!
    DB Connection Success

    Now leave this window open and open the url http://localhost:3000 in your browser.

    Or see below for accessing the website from a different computer

    Scoring a Transaction

    A connection to the Fraud database is set up in server.js. The user name and password are supplied on the command line when starting the web server.

    var con = new Connection({ 
	userName: user,
    password: pw,
    server: 'localhost',
    // When you connect to Azure SQL Database, you need encrypt: true
     options: {  encrypt: true, database: 'Fraud' }
});

    The predict function then calls the ScoreOneTrans stored procedure with the transaction details and receives back a predicted probability for that transaction.

    app.get('/predict', function (req, res) {
    var request = new Request('ScoreOneTrans', function(err, rowCount) {
    if (err) {
        console.log(err);
        }  
       // console.log("Rows Returned: " + rowCount )      
    });
    
    var record = req.query.record;
    console.log (record)
    request.on('row', function(col) {
          if (col[0].value === null) {
            console.log('NULL');
          } else {
            // values to return - the predicted probability
            value = col[0].value;   
          }

         res.json({ pred: value });
         request.on('doneInProc', function(rowCount, more) { 
            console.log(rowCount + ' rows returned'); 
      }); 
        
    });  
    // pass the entire record to the stored procedure
    request.addParameter('inputstring', TYPES.VarChar, record);
    con.callProcedure(request); 
    con.close; 
});

    Finally, the function in public/js/scoreClaim.js uses this probabiity to display a message to the user based on the value:

    //first get the rest of the data for this id
    record = lookupData(id, amt)
    // call /predict to get res.prob, the probability of returning the shipment
    $.ajax({
    url: '/predict',
    type: 'GET',
    data: { record: record },
    contentType:"application/json; charset=utf-8",
    error: function(xhr, error){
        console.log(xhr); console.log(error);
    }, 
    success: function(res) { 
       console.log("AccountID: " + id  + " transactionAmt: " + amt )
       console.log("Predicted probability: " + res.pred )
            // now use the probability to display one of two message 
            if (res.pred > 0.5) {  //problem with this order; 
                $("#resultArea").html('There is a problem with this order.  Please call 800-555-2222 for more information');
                        $("#resultArea").removeClass('alert-success');
                        $("#resultArea").addClass('alert-danger');
                    } else { // no problem with the order
                $("#resultArea").html('Thank you for submitting your order. You will receive an email with tracking information shortly.');
                        $("#resultArea").removeClass('alert-danger');
                        $("#resultArea").addClass('alert-success');
                    }

    Example Transaction

    This site is set up to mimic a sale on a website. “Log in” by selecting an account and then add some items to your shopping cart. Finally, hit the Purchase button to trigger the model scoring. If the model returns a low probability for the transaction, it is not likely to be fraudulent, and the purchase will be accepted. However, if the model returns a high probability, you will see a message that explains the purchaser must contact a support representative to continue.

    You can view the model values by opening the Console window on your browser.

    • For Edge or Internet Explorer: Press F12 to open Developer Tools, then click on the Console tab.
    • For FireFox or Chome: Press Ctrl-Shift-i to open Developer Tools, then click on the Console tab.

    Use the Log In button on the site to switch to a different account and try the same transaction again. (Hint: the account number that begins with a “9” is most likely to have a high probability of fraud.)

    Remote Access to Website

    If you wish to access this website from another computer, perform the following steps;
  • Open the firewall for port 3000: 
     
     netsh advfirewall firewall add rule name="website" dir=in action=allow protocol=tcp localport=3000
  • Then start the web server: 
     
    cd C:\Solutions\Fraud\Website
    node server.js YOUR_SQL_USERNAME YOUR_SQL_PASSWORD
  • On other computers, use the Public IP Address in place of localhost in the address http://localhost:3000. The Public IP Address can be found in the Azure Portal under the "Network interfaces" section.
  • Make sure to leave the terminal window in which you started the server open on your VM.