What is Separation of Detection and Killing?
What is "separation of detection and Killing"?
In the field of fraud detection, "detection" refers to finding malicious accounts or devices, and "killing" refers to handling malicious accounts or devices. The separation of detection and killing means not dealing with the fraudsters immediately after finding them, but waiting until they perform specific actions (often when they are committing evil and are about to harm the platform or business). On the contrary, killing without separation means dealing with malicious accounts or devices immediately after finding them.
Why do we need separation of detection and killing?
The benefits of separation of detection and killing are:
1. To avoid alerting fraudsters. Don't prevent them until they're about to make a profit. This way can increase the cost of fraudsters' activities. For example, when an account is detected as a malicious account during registration, you can mark this account and track its behavior instead of blocking the account's registration immediately. You can wait until the account participates in marketing activities such as lottery draws, and then deal with it ( For example, reducing the probability of winning to zero or intercepting withdraw) . Then the sunk cost of fraudsters before the final profit will become a real "sunk" cost.
2. There are several steps before the fraudsters make a profit. Handling them in subsequent steps can reduce the probability of fraudsters sensing and bypassing the fraud detection system. For example, a fraudster uses proxy IP and group control equipment to register or log in. If the account is banned at this step, the risk control strategy will easily be exposed to the perception of the fraudster, which will trigger rapid counterattack attempts or even the strategy will be bypassed.
3. It can continuously track the behavior of fraudsters and capture more information. For example, we can mark more digital assets used by them such as IPs and devices. Or the association of these assets can be used to obtain more malicious accounts.