E-COMmerce Proficient Analytics in Security and Sales for SMEs

Executive Summary:
Small and Medium e-shop owners need to compete in a much broader regional, national and even cross-border context in comparison to the traditional sales of products over conventional stores. In order for online SMEs to successfully position their e-shops in such a competitive environment, relevant information about the competitors and the own (potential) customers are essential. Precise knowledge of the customers’ preferences, for this reason, must be gathered to find out to whom (potential customers), what (products and services), how (marketing channels and design of the e-shops) and when (time) to address the target groups. Therefore, the sales process requires a deep data analysis to know the “consumer decision journey”. Another critical challenge for small and medium e-shops, is what nowadays called online or internet fraud, which turns to be a constant plague for e-commerce. This is mainly because fraudsters are highly adaptive to current defensive measures, constantly devising new tactics for breaching a security system. Among the various types of fraud, those related to credit card payments are undoubtedly the most frequently encountered and difficult to deal with. Credit-card payment and other types of online fraud entail risks and losses for all “rings” of the e-commerce chain: online merchants, customers, issuing and acquiring banks. They also lead to societal costs, as they threaten the very existence of e-commerce: the customer’s faith on internet as a reliable and viable sales channel. Therefore, it becomes crucial for e-commerce actors to design systems or processes that could either stop fraudulent activity in the first place or be able to detect it early before its consequences escalate. This is an essential step for European SMEs active in e-commerce in order to strengthen their sustainability, increase the confidence of its customers on security issues and expand in new cross-border markets in Europe.
In an attempt to overcome time and scale limitations in these complex market conditions and threats for online SMEs, the SME E-COMPASS Project researches, designs, develops and validates two real-time proficient applications that foster online security and promote e-sales, namely a) Real-time Anti-Fraud Online System for SMEs and b) Online Data Mining Services for SMEs.
The objectives of the Real-Time Anti-Fraud System are:
- to extract generally-applicable patterns of fraudulent activity based on real transaction data available from online SME merchants,
- to improve the transparency and readability of the automatic fraud detection process, so that the SMEs can easily interpret the final risk scoring of each order on the grounds of several suspicious characteristics or associations suggested by the system,
- to create a dynamic fraud-detection framework being able to adapt to new, possibly unknown, types of malicious activities that are possible to occur during real-time operation. The fundamental idea behind Online Data Mining Services is to support small and medium e-shops in increasing their conversion rates from visitor to customer by improving the:
- understanding of the customers and their expectations/motivation,
- knowledge about competitors and their activities, especially concerning their prices and price trends,
- examination of potentials for improvements by analysing some selected information of both, customers and competitors,
- initiation of appropriate actions depending on the identification of certain patterns in the analysis results above-mentioned.

Project Context and Objectives:
The SME E-COMPASS project offers to SME e-commerce providers two real-time and on-demand web-based applications that foster online security and promote e-sales: (1) a Real-time Anti-fraud “Software-as-a-Service” application, and (2) a Real-time Data Mining “Software-as-a-Service” application.
During the first reporting period (M1-M9), the project objectives focused on the following activities:

A. Design and delivery of the E-COMPASS methodological framework and the necessary documentation describing its impact on online fraud management and real-time data mining for SMEs (WP1). The project team will review international scientific evidence as well as current best practices in the e-business sector with the aim to identify and analyse opportunities and limitations of online anti-fraud and data mining tools. A critical objective of this WP is to obtain a deeper understanding of the requirements and challenges faced by online SME merchants. The outcomes of this analysis will form a basis for designing an implementation and validation framework for the proposed real-time applications and also for planning the “Software-as-a-Service” deployment policy.

B. User requirements and data collection and analysis (WP2).
The objectives of WP2 for M1-M9 were: (1) to gain valuable knowledge from past fraudulent transactions and identify everyday practices through which, industry experts deal with cyber-crime activities; (2) to determine the kind of data that current applications use, as well as the kind of data that new algorithms and tools will need; (3) to produce the first version of the project’s semantic model as an OWL ontology; (4) to select the initial data sources the project’s services are using, and provide an initial version of the mappings between these data sources and the ontology generated. The objective of this WP is to gather the expertise and knowledge of e-business specialists and entrepreneurs with respect to challenges and hazards in 24/7 transactions. In a series of interviews and focus groups with industry partners the consortium will attempt to gather valuable experience from past fraudulent transactions and identify everyday practices through which industry experts deal with cybercrime activities as well as collect and analyze data related to their online customers’ behavior, monitoring of competitors prices and pricing trends and overall data connected with the e-business and sales development . These interviews will specify further the SME needs (user requirements) on the two e-commerce domains that the project deals with and also determine current applications/tools/practices that SMEs currently apply and the kind of data the applications tools that the project develop will need. From the technical point of view, this WP aims to produce the first version of the project’s semantic model as an OWL ontology. Furthermore targets to select the initial data sources the project’s services are using, and provide an initial version of the mappings between these data sources and the ontology generated.

C. Functional requirements, architectural design and initialization of the development phase for the two applications, namely: (a) Real-time Anti-Fraud Application (WP3): Based on the requirements of the application domain the functional requirements and the high-level architecture of the fraud detection system will be defined. The goal is to provide generic definitions for all basic components (data, processes, information flow) of the fraud recognition framework. Moreover the relevant parameters/variables of Card not Present (CNP) transactions will be specified, that will serve as inputs to the risk-assessment process. In Period 1 WP3 work will deliver statistical and computational intelligent models for detecting malicious transaction patterns, operating in a both supervised- and unsupervised-learning mode. Furthermore the expert rule-base will be designed, i.e. a series of decision rules for automatic transaction monitoring and the development of the anti-fraud application will commence. (b) Real-time Data Mining Application (WP4). The high-level architecture for Real-time Data Mining fostering e-sales operations will be defined based on the requirements of the application domain. The business needs will be translated into technical requirements using a systematic approach. Furthermore, WP4 will define and create the data models required for data analysis within the Data Warehouse of the application. Furthermore during Period 1, WP4 effort will include the:
- Design of an automated competitor’s price extraction and analysis which enhances the real-time data mining service by adding external third party information
- Design of modeling techniques for transparent, easy-to-use and web-based definition of real-time analysis rules/patterns
- Design of the Event Processing Module and its interfaces within the Real-time Data Mining Service

D. Evaluation Plan (WP6). During the reporting period the evaluation plan will be developed, describing the overall evaluation framework, as well as, the main evaluation tasks that will be implemented in the project throughout its duration. The overall evaluation framework will include the methods for: i. User’s evaluation, Technical Evaluation of the Prototypes and the applications, Overall Impact.

E. Initial dissemination and awareness raising activities (WP7).
A dissemination plan for the SME E-COMPASS will be drafted. Dissemination events and workshops under the scope of the project’s communication strategy will be envisaged in order to attract SME-AGs members. The dissemination plan will act as the reference guide throughout the dissemination and training activities. The dissemination plan will pursue initiatives targeting all potential SMEs sectors of e-commerce in the SME-AGs network of members. During the first months of the project dissemination activities will focus on the development of the project website, the publication of the first Newsletter, and the development of a brochure for inviting potential users
– SMEs to the pilot phase. In addition, dedicated events will take place in each SME-AG partner’s premises for informing the SMEs on the forthcoming Pilot phase of the project as well as for the benefits they can gain from experiencing both applications. An inquiry to the SME members about the perspectives of the applied and technological results will be implemented. The goal of this inquiry is to collect interested SMEs in order to participate in the pilot rounds and in the training workshops that will take place.

For the second reporting period (M10-M24), the project’s objectives were as follows:

In order to reach next milestone of WP3 (Anti-Fraud Service) and demonstrate a ready for validation first prototype the following activities were planned:
-Interface Design and Database Schema completion for the remaining entities
-Implementation of the Web Application and Transaction Analytics Toolkit (TAT)
-Automated tests written both for the unit test level and for the integration level (UI and API).
-Deploy the prototype implementation on the cloud
-Anomaly Detector: Development of algorithms for the automatic detection of abnormal transactions.
-Deployment and Integration of Comp. Intelligence methods in Web-language
-Inference Engine deployment
-Data Integration
-Development of Anti-Fraud Rules Semantic Analyzer (AFRUSA) Interface and functionalities

For the Data Mining Services after the end of the first period there are four further milestones for reaching the final prototype:
1. Final modules for demonstration actions
2. Integrated service prototype for demonstration actions (all functions)
3. Final service
4. Validated service for deployment

In M14 the implementation of the first module versions is planned to be completed and be ready for the first pilot round with the support of the SME-AGs. The single modules will be gradually integrated to get the integrated version of the data mining service from M15 to M24. The first version of the integrated data mining service will be available in M18 for the second pilot round. In M24 the SME E-COMPASS project will provide an integrated and validated data mining service including all pilot tested functions.
WP5 Demonstration and Integration aims at providing evidence, through dedicated validation trials, on the performance and functionality of the initial prototypes developed. Through an iterative procedure of implementation-evaluation-refinement, the consortium should improve the initial prototypes based on the feedback and evaluation results to be collected by the SMEs Associations and their members. This pilot implementation phase should provide valuable insights into the interface design, usability and effectiveness of the applications.
Based on the feedback from the pilot trials, RTD performers should implement refinements, customizations and final applications’ integration in a “Software-as-a-Service” web-module, ready for exploitation by the SME Associations.
The SME E-COMPASS project requires to verify the software during every phase of its development life cycle and validated when it is transferred to production. The validation package (WP6) of this project will evaluate the developed S.a.a.S prototypes. The purpose of this evaluation is to conduct a formative and summative evaluation of technological production and application. To carry out this evaluation, a framework that collects the technical verification and the user's validation as well as assessing the impact of the project has been defined and its results and findings should be presented at the end of the project.
WP7 is dedicated to the dissemination of the project outputs and to the final “packaging” of the prototypes into a “software-as-a-service” business model. Activities and events where the applications can be demonstrated publicly to SMEs in all three countries should be organized.
This WP concludes with the preparation of an exploitation plan with a distribution strategy and policy for the project’s outcome and innovations that should serve as a roadmap for the SME-AGs to provide commercially the online services to the European market.

Project Results:
SME E-COMPASS Project dedicates its research and development to online SMEs by implementing industry-driven methodologies and innovative tools that assist in the first place SMEs active in e-commerce to (i) combat fraud in Card-Not-Present transactions,(ii) improve their businesses by collecting, consolidating and analysing more business specific data, (iii) analyse data and transactions in a deeper way than that of existing tools through computational intelligence algorithms, clustering and data mining techniques. In the second place-as a longer term impact-the project aims to enhance the limited confidence of European online consumers in cross-border e-commerce; thus contributing to Pillar 1 “Digital Single Market” of EU Digital Agenda for 2020.
The development of the SME E-COMPASS prototypes followed a user-centred approach. The approach comprises eight steps including four steps for collecting user feedback and other four steps for the development and extension of the S.a.a.S prototypes. The feedback was intensively collected before and after each main development step, but also during the development phase. The service development started with the elicitation of the user requirements through a questionnaire and by performing interviews and user events. The service specification and service mock-ups were created following the elicited user requirements. The mock-ups as well as a user-friendly illustration of the software specification were used for running further user activities in the form of mock-up interviews and user events as workshops in order to get more specific user feedback (WP2). The feedback from those activities was used to create the initial service prototypes. The initial prototypes (WP3 and WP4) were validated within two pilot rounds (WP5) in order to continuously improve the prototypes by integrating important user feedback from those rounds.
The Project designed, developed and validated two real-time proficient applications that foster online security and promote e-sales, namely a) E-COMPASS Real-time Anti-fraud service and b) Data Mining Services for SMEs.

“E-COMPASS Real-time Anti-fraud service” is demonstrating the following features, designed for European online SMES to identify and combat fraudulent card-not-present transactions:
i. Data Communication and Acceptance
ii. Online Reputation Database
iii. Real-time Responsiveness
iv. Expert Rule Base configurable by the user and empowered with machine learning techniques and anomaly detector
v. Unlimited 24/7 online service
vi. Fully Customizable Platform
vii. Data encryption and multi-level user’s management
viii. Advanced man-machine communication and reporting
ix. Adaptive Rule Base with Embedded Knowledge Representation for SMEs
x. Anti-fraud Rules Semantic Analyser for detecting any kind of inconsistency in the rule database
A brief description of the functional modules of the anti-fraud service follows:
Rules Engine Execution: Core fraud assessment logic execution module incorporating sets of rules real-time evaluated as well as machine learning techniques and anomaly detector to give an answer whether a Case is fraud or not.
Reporting: Real-time reporting tools being used by Fraud Assessment experts to quickly handle / review a Case, such as: Dashboard and real-time Charts, Advanced Search Criteria, Case full text indexing.
Case Review: Various views in place to help fraud assessment experts to review a Case, such as Rules breakdown, Rules Matched, Case Session Attribute Values, Similar Cases.
Security: The application is fully covered with Authentication. All the Users have to log in using a username and a password.
Customization / Configuration: The service is highly configurable in order to be applicable to a wide variety of business. These basic configuration modules are Profiles, Session Attributes, List of Values, Rules.
Integration: Anti-fraud server is offering an Application Programming Interface (API) in order for the e-shops to be able to connect to its services, for real-time Fraud Assessment.
“E-COMPASS Data Mining Service” comprises five different modules for collecting, analysing and visualising relevant e-commerce data in order to support e-shop owners in daily business. The data is collected from the analytics service of the e-shops, from the own e-shop website and from the e-shop websites of the competitors. The functions of the modules are described in short:
1. E-COMPASS Cockpit (ECC): This module provides the graphical user interface, forms for the registration and the account and user management
2. Competitor Data Collector: Collects the product and price data from the e-shop websites of the user and its competitors and provides it to the Data Collector & Consolidator in a structured form (JSON)
3. Data Collector & Consolidator: Collects the data from the Competitor Data Collector and the analytics services of the registered e-shops (users). It consolidates the collected data by the semantic concept of a domain specific ontology (domain: e-commerce)
4. Data Analyser: The data analyser processes the data provided by the Data Collector & Consolidator by using novel clustering techniques in order to identify specific types of visitors, products and competitors
5. Notification & Action Engine: The Notification & Action engine provides a set of pre-defined rules which can be individually adapted by the user through defining specific thresholds. It fires actions based on a condition defined by the user. Those actions are e.g. the sending of notifications or the real-time displaying of vouchers. For checking the fulfilment of the conditions the module analyses the data provided by the data Collector & Consolidator as well as the data of the analytics services of the users’ e-shops

Potential Impact:
SME E-COMPASS project designs and develops for online European SMEs a “Real-Time Anti-Fraud System” provided to the SME-AGs under a “Software-as-a-Service”, demonstrating the following components:
- Fully-functional web-based platform for order assessment, combining prior expert knowledge with automatic mechanisms for improving the cost-efficiency of the overall fraud detection process for SMEs
- Reputation database exposing transactional attributes related to CNP fraud, aiming to increase connectivity, information sharing and collaboration efforts between a wide network of online SME merchants and anti-fraud professionals;
- Knowledge database (KDB) of order scoring rules, empowered with a blend of supervised learning and intelligent models, for extracting patterns of fraudulent activity targeting online SMEs.
SMEs by connecting their online transaction mechanisms with the real-time anti-fraud service will benefit as following from the system’s capabilities and have access to domain knowledge and anti-fraud practices that only large e-commerce actors currently dispose:
i. Extracting common fraudulent behaviours: Analysis of big volumes of data already available by online shops and extraction of the principal components characterising fraud activity
ii. Disseminating novel patterns of cybercriminal activity to SMEs: Extract and subsequently disseminate to online merchants new tactics that cybercriminals have developed for committing cyber fraud via CNP transactions
iii. Hybrid system architecture: Beyond the state-of-the-art technological application with different levels of hybridization such as:
i. combining supervised learning with anomaly detection techniques,
ii. intelligent optimization heuristics to fine-tune the parameters of fraud detectors,
iii. rule-inductive algorithms to facilitate the interpretation of less transparent classification models
iv. Improving the cost-efficiency of the overall SME fraud detection process: The application provides economically-optimal design parameter settings for SME’ fraud monitoring system, supplemented by cost-effective practices for manual reviewing
v. Exploitation of cross-sectoral data and global information sources: Facilitates fraud detection by highlighting technical and geospatial aspects of each transaction, streamlines traditional risk monitoring practices and promotes the efficient usage of publicly available cross-sectoral data.

Furthermore the second “Software-as-a-Service” application provided to SME-AGs through the project, namely E-COMPASS data mining services assist e-shops in collecting and analysing business specific data. The main benefits of the E-COMPASS data mining services in comparison to existing tools like Google Analytics or Business Intelligence Software are:
- the access to external market relevant data like competitors’ data and linked open data,
- the simple configuration and usability and
- the provided possibility of real-time interaction with potential customers. Additionally, the E-COMPASS data mining services provide novel analytics for the classification of visitor and competitor types.

"Online Data Mining Services" creates additional value for the e-shop owners by collecting, consolidating, analysing and visualising all data which is relevant to run their SME. To this end, provides data analytics and functionalities useful for the SMEs, such as:
i. Automated procedures by applying rule-based actions: In order to facilitate the SME monitoring process of relevant metrics and certain patterns, a rule-based solution is offered which allows automated actions to be initiated when certain online instances occur
ii. SME Sales Optimiser: The system collects data about the conversion rate as well as competitors’ prices and is able to alert the e-shop owner in case of significant changes concerning the conversion rate or competitors’ prices. This enables the SME to react to an unforeseen increase or decrease of the conversion rate or competitors’ prices
iii. Visualization of the results in the E-COMPASS cockpit: Diverse graphics and tables, which provides SME with additional analytics and comparisons of great operational and strategic value.

List of Websites:
http://www.sme-ecompass.eu/
ecompass.coordinator@exus.co.uk