American Express: Using Big Data to Prevent Fraud

American Express is a 170 year old company that was able to reposition itself as an innovator and pioneer in the use of Big Data for fraud detection and credit underwriting. Their path to success was not straight forward, but today they can claim to be a thought leader in the field.

American Express is a $100bn market cap payments company that provides card-issuing, merchant-acquiring, and card network services to its clients. It executes around $1 trillion in transactions every year, leading to troves of data being accumulated each time a client swipes an American Express card, or each time an American Express merchant executes a sale.

A key cost for American Express is covering for fraudulent transactions that take place through its payments network or by the use of its cards. The company leverages the vast amounts of data it collects from cardholders and merchants to make fraud assessments in fractions of a second, making sure that the purchasing experience is seamless for legitimate customers while limiting the number of fraudulent transactions that are approved. For example, American Express leverages cardholder membership information, spending trends, merchant details to triangulate whether card-not-present transactions (mostly ecommerce-related) are legitimate or not. In less than a second, American Express’ ML algorithms and fraud prevention tools analyze thousands of datapoints of merchant and cardholder alike to minimize the risk of fraud.

Overview of American Express fraud detection systems for its credit card offering.

An example of the tools created by American Express’ data scientists is Enhanced Authorization (EA). EA allows merchants and American Express to identify who is behind a credit card transaction by having the merchant send additional information to Amex each time a transaction takes place, beyond the typical credit card number, purchase amount, and type of merchandise information. This additional information includes data points such as IP address, email address, and shipping address, which Amex can cross-reference with what is stored in its data hubs. By leveraging EA, American Express has reduced fraudulent transactions by 60%, and is offered free of charge to merchants.

Overview of Enhanced Authorization process

Tools such as EA create value for cardholders by minimizing stress associated with credit card fraud. Merchants are similarly rewarded because they spend less time worrying about the legitimacy of their customers or handling claims. All in all, better fraud prevention leveraging data science creates incentives for American Express’ customers to be a part of its network. Similarly, it reduces costs for American Express as the reduction in fraudulent transactions leads to lower costs for the company.

However, the actual creation of these ML algorithms that analyze each transaction in the American Express network and make a call is no easy task. The company started investing heavily in Big Data and ML capabilities in 2010, when it upgraded its data stack to Apache Hadoop. Hadoop is an open-source framework that facilitates the storage and processing of large datasets such as the ones created every minute by the +150M American Express cards in circulation. This also led to difficult decisions regarding legacy systems that had previously been in use by the company: an assessment was made regarding the ones considered obsolete and in need of discontinuation.

This technological change brought about complicated personnel decisions, as the teams in charge of the previous infrastructure were not necessarily the best suited to handle new data science projects at the cutting edge of technology. The firm had to invest heavily in a hiring binge, building data science capabilities from scratch to the now close to 800 data scientists that are employed at American Express.

Attracting and retaining this new talent in the data science front was a considerable challenge for a company founded 170 years ago. First, talent is extremely scarce in the data science space, with big-pocketed competitors such as Google, Amazon, Microsoft, and Apple absorbing much of the supply by leveraging large salaries and attractive benefits. Similarly, smaller but sexy Silicon Valley start-ups offer attractive equity-compensation packages. American Express executives wondered how they could compete in the space, as a centuries-old, East Coast financial services company.

The first step was to build a state-of-the-art tech lab in Palo Alto, CA, planting a flag in America’s tech hub and trying to disassociate from American Express’ East Coast, financial services stigma. The second step was to isolate the data science team’s culture, so that testing, iterating, and failing were incentivized instead of penalized. A culture of continuous testing and learning was promoted from the top down, and a sense of empowerment was given to these new hires given their immediate impact in business and financial decisions.

However, the geographical, cultural, and contextual split between the data science and business teams produced additional challenges. It is difficult for data scientists to wrap their heads around the business needs of the projects they are working on, and business decision makers struggle understanding the potential and limitations of data science and AI. American Express circumvented this disconnect by leveraging what they call the “democratization” of data – essentially putting data tools developed by tech employees on the West Coast on the hands of business decision makers in the East Coast. This allowed data scientists to focus on transcendental, value-added projects that lead to immediate applications by business users, while business decision makers received handy tools immediately applicable in their day to day.

As American Express continues to invest in data solutions, it will be interesting to track how they tackle increasing concerns and regulation around privacy. Will regulators allow companies such as American Express to leverage personally identifiable data points across multiple sources when providing services to third-party merchants? Where will the line be drawn with respect to the usability and transferability of this data? Will customers be able to opt out? The answer to these questions will become clearer in the coming years.

Link 1
Link 2
Link 3


Marriott: Data-driven Customer Experience for Decades at Scale


Leveraging Big Data at Ibotta

Student comments on American Express: Using Big Data to Prevent Fraud

  1. Thank you for the blog post, Manuel.

    I read your analysis through the lens of having just had a “false positive” with my American Express Platinum Card (i.e. my real purchase was flagged as potential fraud… perhaps because I was spending outside of my typical “pattern” after having made multiple transactions in a very short timeframe). I think machine learning is a great start to detecting fraud.

    As an American Express client, I’ve noticed their ongoing efforts to improve their fraud monitoring, particularly with login attempts/account changes, keystroke patterns, and biometrics (i.e. fingerprints / face ID detection – which is normalized now but I’m sure initially sparked ethical questions amongst their Privacy and Risk teams). It’s also interesting to see how American Express has also framed many of these efforts to their clients as “time saving, convenient solutions” rather than fraud protection strategies, presumably to get clients who are not concerned with fraud to adopt these solutions. 

I’m happy to see American Express continue to invest in fraud detection and customer protection!

  2. Something similar to Elizabeth happened to me five years ago. I traveled to Hong Kong and paid for the cab to the hotel with my only credit card. When I wanted to grab breakfast later, the card was already blocked and I was literally standing there without a cent in my pocket. This is not as easy as it seems in a time without Apple Pay and co. I therefore understand customers who are / were initially not particularly enthusiastic about machine learning algorithms in credit card fraud detection – especially people who are not tech aware.

    But, as we learned from Manuels post, the beauty of these systems is that they are constantly learning! Hence, this has never happened to me again so far. In fact, I have often benefited from these systems by recovering amounts from incorrect transactions on my card in no time. I am therefore a huge supporter of such mechanisms and convinced that big data solutions like AMEX’ Enhanced Authorization system will bring even bigger added value in the future. I would also be willing to instantly provide more personal data (e.g. biometric data) for even better functioning algorithms.

  3. Great post! Payments are such a big part of our lives that it is great the be able to witness these technological advancements as they happen.

    I remember just a few years ago, when I was leaving the country I would have to call my bank and let them know the dates I was going to be away and what countries I was going to. They would then put a “travel plan” on my card, which meant that my card would not be blocked. If I did not do this, my bank would automatically block transactions.

    These days, with the advancements in technology, we no longer have to do this and the card companies and banks have ways of determining whether transactions are fraudulent or not using sophisticated ML models.

  4. Thank you for the great post Manuel!

    I have been an enthusiastic customer of Amex for a long time and have more or less followed their continuous developments in the field of fraud prevention, you can clearly see that the algorithm is getting better and better!

    I find it particularly positive, for example, that data analytics is also used to flexibly adjust the credit limit, this has helped me especially with my corporate card, as Amex learns how the regular expenses look like and so also high payments are not rejected directly.

    With my private cards I can join Elizabeth and Yannik, I once had a transaction in an unusual amount (tuition fees) that was classified as potential fraud and my cards were immediately blocked, which of course causes a lot of inconvenience.
    However, from my experience I can say that Amex combines these rather “strict” analytics with great customer service – within a few minutes my card was unblocked. This is of course a high cost for Amex to provide an always available and competent member service, but I think it is also the USP they advertise, and so they turned a very negative experience into an extremely positive one (in terms of my image and loyalty), while my other bank took several weeks to unblock my other card.

    I think especially in the end you are asking the right questions! and as someone who comes from a country where privacy is paramount I am curious how this tension of regulation and enough available data will develop.

  5. Thanks for the post, Manu!

    Payment fraud has historically been the most painful problem in the fintech industry. However, this is often not a user’s concern but a company’s problem, in this case, American Express. Users are not incentivized to participate in enhanced security measures to minimize fraud. These measures can be as simple as logging in for international travel on the American Express portal or activating two-factor authentication for large transactions. To continue the example above, users who don’t record international travel frequently get their cards blocked, negatively affecting user experience. To make matters worse, blocked cards don’t generate revenue for American Express.

    American Express is taking the right approach by developing its algorithms in a separate entrepreneurial environment. Who knows, maybe in the future the solution spins out and process more than only American Express transactions.

Leave a comment