alunablue - stock.adobe.com
How Grab is using Kafka in fraud detection
Grab is using Apache Kafka in its fraud detection and prevention platform to ingest event streams from its mobile software development kits and client backends to pick up fraudulent activities
When Grab first built its technology stack for fraud detection and prevention, the in-house software was intertwined with internal systems, making it difficult to achieve interoperability if it were to open it up to partners such as e-commerce and financial technology (fintech) firms.
So, before it launched Grab Defence, as the technology stack is now called, it started looking out for what it calls “universal adapters”, a class of service providers that offers the technology pieces it needs to plug into other technology stacks.
One such technology is Apache Kafka, an open-source software platform for event streaming, the practice of capturing data in real-time from databases, sensors, mobile devices, cloud services and software applications in the form of streams of events to be processed and acted upon.
For Grab Defence, Kafka is being used to ingest event streams from its mobile software development kits (SDKs) and client backends to pick up fraudulent behaviour, said Wui Ngiap Foo, head of technology at Grab.
Speaking at the recent Kafka Summit in Asia-Pacific, Foo said the event streams, comprising data such as device fingerprinting signals, are fed into Apache Flink or Spark for feature engineering, and later into machine learning and deep learning models.
Grab worked with Confluent, a commercial Kafka vendor, to implement the technology through Confluent Cloud, a managed service which Foo said has been “working well out of the box”.
“We serve a suite of fintech companies that have very strict regulatory requirements around data privacy and data separation,” Foo said. “Kafka was able to help us to achieve data isolation, fostering events like sign-ups, logins and transactions – and you can imagine why this data is super sensitive to fintechs and banks.”
At the same time, Grab has built self-service options to provide easier access to Kafka for developers and other teams. Foo said its developers now provision new event streams and onboard new clients in just a few clicks, with minimal concerns about stability and scalability.
Being a cloud-agnostic service, Confluent Cloud also supports Kafka deployments across multiple clouds, without which Grab would have to “take a lot of effort and resources to duplicate your code, and then adapt it to different native streaming solutions offered by different clouds”, Foo said.
According to third party research, e-commerce businesses in Southeast Asia lose on average 1.6% of their revenue to fraud through anomalous transactions and GPS spoofing, among other fraudulent activities.
To address the challenge, Foo said Grab has invested in developing systems powered by machine learning and artificial intelligence to catch and prevent fraud, thanks to its visibility over millions of transactions daily. As a result, Grab has kept its fraud rate at about 0.2%, which is far below the industry average, he added.
The Grab Defence suite of tools is offered as part of GrabPlatform, Grab’s open platform strategy and a suite of application programming interfaces (APIs) for partners to integrate their services with Grab. It was first made available in Indonesia in 2019.
Read more about IT in ASEAN
- A new generation of farmers is tapping the internet of things and machine learning to operate self-sustaining urban farms with minimal supervision.
- E-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty.
- Singapore insurer Great Eastern has started a centre of excellence to drive adoption of data analytics and hone its capabilities in data governance and data engineering.
- Indonesia’s Bank Jabar Banten Syariah is adopting DevOps and microservices to speed up delivery of applications