For years, fraud was primarily a game of strategy. Fraudsters sought to disguise their true intentions, and fraud prevention was an art of detection. Today, fraud is still a game of wits but it has also evolved into a game of speed and volume. The advancement of technology and explosion of e-commerce has had a compounding effect. No longer are fraudsters shackled by the need to physically steal a credit card and visit a store or meticulously forge a check they bring to a bank. In the digital realm they can easily disguise themselves, move faster and exist in several places at once.
Conversely, for fraud prevention teams, these advancements and the nature of online transactions means the window for detecting and stopping fraud has shrunk to sub-seconds. It isn’t enough to see through the disguise, you have to see through it in time.
For fraud prevention teams, the window for detecting and stopping fraud has shrunk to sub-seconds.
Ibotta, a free cash back rewards platform, is no exception to this phenomenon. As the success of the business and surface area of our system grow, the introduction of new and compelling features in the app also create space for bad actors to find holes in our armor. But as fraudsters have become more sophisticated, so have we. Our commitment to the integrity of our system has led to the creation of a best-in-class fraud prevention analytics program known internally as Cyberfraud Intelligence & Analytics (C.I.A. – because obviously).
To address the element of time, Ibotta’s fraud prevention strategy is multifaceted. The fact is, you can only combat automation with automation, and so we rely on a combination of 3rd party vendors and home-grown systems to make decisions about fraud in real-time. Those systems work around the clock to keep both our end users, whom we call our Savers, and our Brand and Retail partners safe. But fraud is constantly evolving. It is a moving target and inevitably fraudsters find a way to slip through. When that happens we turn to our on-call analysts and investigators and this is where our new partnership with Imply has significantly enhanced our capabilities.
Using the unique and highly specialized tools that the Imply team has built into their product, we have already delivered remarkable results that are bolstering our resilience against fraud; moreover, we have successfully introduced and clearly proven the value of real-time analytics as a paradigm to the larger organization.
Challenges with our previous state
For those who have experienced a fraud on-call shift, you know initial detection is key, but equally important is the ability to quickly dissect and address the problem to minimize losses. This means access to real-time data is paramount.
Architecturally, Ibotta has walked a path familiar to many modern applications: we started with a monolith, and over time grew into a network of carefully orchestrated, message-driven microservices, facilitating greater resiliency, responsiveness, elasticity, and maintainability (these characteristics, with their powers combined, make up the Reactive Architecture paradigm). As a result, we have achieved a robust and growing ecosystem powered by event data.
That event-driven architecture gives our applications the ability to respond to changes in the environment in real-time, and it powers our fraud prevention services. Prior to our implementation of Imply, our analysts did not yet have the ability to unlock that data until hours later due to the mechanics of the pipeline into our data lake. And without a platform specialized for ingesting and exposing real-time data to analysts, our on-call team faced several high-impact roadblocks:
Dispersed Data Each of our 3rd party vendors includes their own real-time portal to review transactions and other flagged events. In isolation, the data provided by each vendor tells a powerful but incomplete story and analysts lose valuable time with each portal they had to visit.
Obsolete Dashboards Visualization is a powerful ally to an analyst looking to quickly understand the latest fraud trends. But fraud never stands still. The tools we had for visualizing our fraud landscape were ill-equipped to ingest real-time data and weren’t agile enough for the pace of change. Our classic BI dashboards would too quickly become obsolete as fraud tactics shifted.
Slow Queries In order to have a holistic view of our ecosystem and successfully monitor for fraud or other anomalies, we needed to be able to quickly query and visualize very large datasets. Our existing analytics stack had served us well for historical reporting and batch jobs but wasn’t designed for investigative analytics, where the issues are time-critical and response times are key to minimizing losses.
Technical Barriers Any options within our existing infrastructure for accessing real-time data required learning to use a custom query language for the platform. The technical barriers meant analysts would spend their time fighting with syntax and optimization, rather than doing what they do best: identifying patterns and driving value with our data. As we entered 2020, we knew our ecosystem and event architecture had reached a level of maturity that would allow us to resolve these pain points, not only for fraud but for use cases across the company.
As we entered 2020, we knew our ecosystem and event architecture had reached a level of maturity that would allow us to resolve these pain points, not only for fraud but for use cases across the company.
Evaluating and choosing Imply
Before selecting Imply, Ibotta evaluated several alternatives spanning categories such as log management, cloud monitoring, distributed search, and cloud BI. As with most things in life, there was no silver bullet – each one included the capability to access our event data in real-time, albeit through very different implementations with both assets and drawbacks.
After careful consideration, we found Imply to be clearly the most robust solution out of all of the platforms we were considering, that would allow us to meet three overarching business goals: supporting rapid incident response, building trust with our Savers and partners through proactive fraud prevention, and enabling more of our team to easily make use of our data.
Moreover, Imply met key specs around things like maintainability, workflows, cost, and security:
Managed cloud offering reduces maintenance time and risk
Full cluster transparency, monitoring, and alerting with Imply Clarity
Highly configurable and therefore extensible for a broad set of potential use cases
SQL support as well as drag-and-drop functionality
“Everything is clickable” Imply Pivot interface with robust, real-time visualizations
Optimized for numerical aggregations rather than text analysis or search functions
Cost-effective at the scale we expect for our roadmap
Role-based access at all levels, including individual aggregates and fields that may contain sensitive user or vendor data
Tools for masking and removing data in compliance with CCPA regulations
Filling in the gaps with a three-tier architecture
At Ibotta we separate our use cases into three storage layers: a data lake, data warehouse, and data river. Imply is now the foundation of our data river and serves as a key component in a broader analytical architecture at Ibotta, called Data Access in Real-Time (DART – anyone else a Stranger Things fan?). Various services within our system emit events, which we collect with an Event Observer implementation and pass through a series of Kinesis Streams and transformative AWS Lambda Functions. The results are then fanned out to Imply and other specialized consumers, which we use for custom anomaly detection and alerting workflows.
With the implementation of the data river, we have filled a major gap in our data ecosystem which up until now was preventing us from effectively conducting time-critical analytics. The data river runs in parallel with our existing pipelines to our data lake and warehousing solutions, but is completely decoupled, and designed to be extremely flexible. They are fed from the same source of truth but operate separately, with built-in resiliency to changes in one system or the other. This flexibility is particularly important for fraud data, as it allows us to limit sensitive data to the appropriate engineering teams as needed to comply with privacy rules.
The data river runs in parallel with our existing pipelines to our data lake and warehousing solutions, but is completely decoupled.
Combating fraud with Imply
With the DART architecture in place, the fraud team started to experience the benefits of Imply immediately. The previously mentioned roadblocks disintegrated. Now, for the first time, our analysts have immediate access to the same data our applications have been capitalizing on. They can see fraud as it’s happening.
In Imply, slow queries and syntax struggles have been replaced by Pivot’s Data Cubes offering slice and dice functionality with sub-second response times. Instead of obsolete reports and dispersed data, we now have a highly interactive real-time dashboard that incorporates both internal customer interaction events and data from each of our vendors. With this powerful tool, the team is armed with a holistic view of both fraud and our application ecosystem.
All of this is empowering our on-call team like never before, resulting in very tangible time and thus cost savings.
Pivot’s dashboards have made it much easier to isolate new fraud trends and identify their scope. By having all our data in one location and updated in real-time, suspicious patterns jump off the page with new clarity.
Once a trend is discovered, the agility of Pivot’s visualizations and Data Cubes substantially shortens investigations, and the time needed to pinpoint the source of the spike or trend. What may have taken hours previously (especially with the inherent latency of our data lake pipeline) now takes only minutes.
By swiftly spotting trends and better understanding their source and scope, the on-call team can take action quickly and with more confidence. Reducing the interval between fraud incident awareness and mitigation is crucial to our business in many ways, more of which are emerging as we expand our use of real-time data. In addition to the obvious savings from reducing the window in which a fraudster is active on our platform, it also helps us protect our relationships with our clients by instilling trust, with our payment networks by proactively reducing disputes, and with our Savers by protecting their accounts.
Once mitigating action is taken we can track the efficacy in real-time to confirm the issue has been resolved without negatively impacting our legitimate users.
Finally, as fraud patterns shift or new data becomes available, the fraud team can easily update existing dashboards or build new ones from scratch without needing to engage an engineer. Since development is quick and GUI-based, the time to value has been greatly accelerated, creating substantial cost savings in both engineering time and loss prevention after an attack.
Designing for rapid response
With each new technology we integrate into our system and workflows, we grow and mature as an engineering organization. They force us to rethink old assumptions and develop new patterns. Imply has been no different. From the completed implementation of our first project we have come away with many valuable pro-tips about ways to shift mindsets from traditional analytics to make the best use of a real-time system. But at the end of the day, it all really boils down to this: focus on the experience of your stakeholders.
It all really boils down to this: focus on the experience of your stakeholders.
The whole point of a data river is to make the information within it available and actionable as fast as possible. This means that it should take very little effort for end users – who may or may not have the technical know-how to execute complex SQL queries or build reports from scratch – to digest the data in front of them.
As system designers, then, it’s our responsibility to remove complexity upfront. We need to narrow our focus to their task at hand when modeling how to format and aggregate incoming data, so that it’s highly optimized in terms of speed, completeness, and relevance to what the end user is trying to accomplish. In other words: congratulations! You are now a UX designer (don’t panic if you live in the backend – it’s fun, we promise).
Now, this is not to say that reusability and consistency with the rest of the organization isn’t important. It is, for all kinds of reasons, not least of which is the cost of resources needed to store, process, and analyze high-volume datasets. But the nature of this particular flavor of analytics – especially in high-risk and time-sensitive domains like fraud – means that in this case, balancing ease-of-use with cost optimization and other organizational practices becomes mission-critical.
So, to design a data river which minimizes your stakeholders’ cognitive load, we suggest asking questions like these during the data modeling process:
What is the right amount and type of data needed for users to accomplish at least most of their goal in one place, rather than context-switching between multiple tools?
What information is needed to quickly identify patterns across windowed data, rather than long-term or lifetime trends like we’d look at in a data lake? Do any fields need to be renamed or reformatted to fit the operational context of the end user?
What fact data needs to be appended to real-time events in order to give context to the human users looking at the dashboard? Is it point-in-time or current-state? What could happen if it goes stale?
What is the investigative workflow for this use case? What common fields need to be present across data sources for analysts to be able to pivot and drill down effectively?
How do you structure sensitive user and vendor data in a way that gives your team the tools they need to do their work, while also protecting user privacy and contractual confidentiality agreements?
Are any of the events closely related, either structurally or contextually? If so, should they be unioned or joined into a single result set, versus overlaid or analyzed side-by-side?
Data lakes and warehouses exist to provide broad accessibility to the data ecosystem for a wide set of use cases, usually at the cost of speed and technical barriers to entry. But by taking these questions under consideration when we’re building a data river, we can fine-tune the tool to work extremely well for specific use cases where the goal is enabling rapid response.
Imply and Ibotta’s Core Values
While fraud prevention was the impetus for investing in Imply, the benefits extend far beyond it. At Ibotta, one of our Core Values is that “a good idea can come from anywhere.” We firmly believe that our most valuable assets are the creativity and vision of our team. Our partnership with Imply supports this value by giving more of our people more access to our data, empowering them to innovate, iterate, and further our mission to “Make every purchase rewarding.”
Due to the highly technical nature of real-time data systems, many companies rely on a small set of skilled and specialized technicians to work with data and provide answers to the business. But that small set of specialists does not scale to a large user base, especially when organizations are trying to push decision-making down to front-line business users who need to react quickly as events are unfolding.
Instead, Imply is helping us lower the technical barriers to entry and enable need-to-know employees without an engineering or data science background to add value to the data in a way that makes sense to them, and is unique to their area of expertise. Democratizing our data has made it available to a larger community of team members to leverage for improving the business.
This empowerment is allowing us to expand our real-time use cases beyond fraud detection into several business domains, including:
Ad ops processes
Campaign pacing and budget monitoring
Saver rewards and receipt processing
Product analytics and feature testing with clickstream analysis
With that said, we are already immensely pleased with our experience and results. We look forward to opening up the system to a broader user base and watching the inevitable transformation as teams across the company gain access to real-time data.
TL;DR:
Build yourself a data river and combat fraud with Imply.
Other blogs you might find interesting
No records found...
Sep 27, 2023
Introducing incremental encoding for Apache Druid dictionary encoded columns
In this blog post we deep dive on a recent engineering effort: incremental encoding of STRING columns. In preliminary testing, it has shown to be quite promising at significantly reducing the size of segment...
Migrate Analytics Data from MongoDB to Apache Druid
This blog presents a concise guide on migrating data from MongoDB to Druid. It includes Python scripts to extract data from MongoDB, save it as CSV, and then ingest it into Druid. It also touches on maintaining...
How Druid Facilitates Real-Time Analytics for Mass Transit
Mass transit plays a key role in reimagining life in a warmer, more densely populated world. Learn how Apache Druid helps power data and analytics for mass transit.
Migrate Analytics Data from Snowflake to Apache Druid
This blog outlines the steps needed to migrate data from Snowflake to Apache Druid, a platform designed for high-performance analytical queries. The article covers the migration process, including Python scripts...
Apache Kafka, Flink, and Druid: Open Source Essentials for Real-Time Applications
Apache Kafka, Flink, and Druid, when used together, create a real-time data architecture that eliminates all these wait states. In this blog post, we’ll explore how the combination of these tools enables...
Visualizing Data in Apache Druid with the Plotly Python Library
In today's data-driven world, making sense of vast datasets can be a daunting task. Visualizing this data can transform complicated patterns into actionable insights. This blog delves into the utilization of...
Bringing Real-Time Data to Solar Power with Apache Druid
In a rapidly warming world, solar power is critical for decarbonization. Learn how Apache Druid empowers a solar equipment manufacturer to provide real-time data to users, from utility plant operators to homeowners
When to Build (Versus Buy) an Observability Application
Observability is the key to software reliability. Here’s how to decide whether to build or buy your own solution—and why Apache Druid is a popular database for real-time observability
How Innowatts Simplifies Utility Management with Apache Druid
Data is a key driver of progress and innovation in all aspects of our society and economy. By bringing digital data to physical hardware, the Internet of Things (IoT) bridges the gap between the online and...
Three Ways to Use Apache Druid for Machine Learning Workflows
An excellent addition to any machine learning environment, Apache Druid® can facilitate analytics, streamline monitoring, and add real-time data to operations and training
Apache Druid® is an open-source distributed database designed for real-time analytics at scale. Apache Druid 27.0 contains over 350 commits & 46 contributors. This release's focus is on stability and scaling...
Unleashing Real-Time Analytics in APJ: Introducing Imply Polaris on AWS AP-South-1
Imply, the company founded by the original creators of Apache Druid, has exciting news for developers in India seeking to build real-time analytics applications. Introducing Imply Polaris, a powerful database-as-a-Service...
In this guide, we will walk you through creating a very simple web app that shows a different embedded chart for each user selected from a drop-down. While this example is simple it highlights the possibilities...
Automate Streaming Data Ingestion with Kafka and Druid
In this blog post, we explore the integration of Kafka and Druid for data stream management and analysis, emphasizing automatic topic detection and ingestion. We delve into the creation of 'Ingestion Spec',...
This guide explores configuring Apache Druid to receive Kafka streaming messages. To demonstrate Druid's game-changing automatic schema discovery. Using a real-world scenario where data changes are handled...
Imply Polaris, our ever-evolving Database-as-a-Service, recently focused on global expansion, enhanced security, and improved data handling and visualization. This fully managed cloud service, based on Apache...
Introducing hands-on developer tutorials for Apache Druid
The objective of this blog is to introduce the new set of interactive tutorials focused on the Druid API fundamentals. These tutorials are available as Jupyter Notebooks and can be downloaded as a Docker container.
In this blog article I’ll unpack schema auto-discovery, a new feature now available in Druid 26.0, that enables Druid to automatically discover data fields and data types and update tables to match changing...
Druid now has a new function, Unnest. Unnest explodes an array into individual elements. This blog contains design methodology and examples for this new Unnest function both from native and SQL binding perspectives.
What’s new in Imply Polaris – Our Real-Time Analytics DBaaS
Every week we add new features and capabilities to Imply Polaris. This month, we’ve expanded security capabilities, added new query functionality, and made it easier to monitor your service with your preferred...
Apache Druid® 26.0, an open-source distributed database for real-time analytics, has seen significant improvements with 411 new commits, a 40% increase from version 25.0. The expanded contributor base of 60...
How to Build a Sentiment Analysis Application with ChatGPT and Druid
Leveraging ChatGPT for sentiment analysis, when combined with Apache Druid, offers results from large data volumes. This integration is easily achievable, revealing valuable insights and trends for businesses...
In this blog, we will compare Snowflake and Druid. It is important to note that reporting data warehouses and real-time analytics databases are different domains. Choosing the right tool for your specific requirements...
Learn how to achieve sub-second responses with Apache Druid
Learn how to achieve sub-second responses with Apache Druid. This article is an in-depth look at how Druid resolves queries and describes data modeling techniques that improve performance.
Apache Druid uses load rules to manage the ageing of segments from one historical tier to another and finally to purge old segments from the cluster. In this article, we’ll show what happens when you make...
Real-Time Analytics: Building Blocks and Architecture
This blog identifies the key technical considerations for real-time analytics. It answers what is the right data architecture and why. It spotlights the technologies used at Confluent, Reddit, Target and 1000s...
What’s new in Imply Polaris – Our Real-Time Analytics DBaaS
This blog explains some of the new features, functionality and connectivity added to Imply Polaris over the last two months. We've expanded ingestion capabilities, simplified operations and increased reliability...
Wow, that was easy – Up and running with Apache Druid
The objective of this blog is to provide a step-by-step guide on setting up Druid locally, including the use of SQL ingestion for importing data and executing analytical queries.
Tales at Scale Podcast Kicks off with the Apache Druid Origin Story
Tales at Scale cracks open the world of analytics projects and shares stories from developers and engineers who are building analytics applications or working within the real-time data space. One of the key...
Real-time Analytics Database uses partitioning and pruning to achieve its legendary performance
Apache Druid uses partitioning (splitting data) and pruning (selecting subset of data) to achieve its legendary performance. Learn how to use the CLUSTERED BY clause during ingestion for performance and high...
Easily embed analytics into your own apps with Imply’s DBaaS
This blog explains how developers can leverage Imply Polaris to embed robust visualization options directly into their own applications without them having to build a UI. This is super important because consuming...
Building an Event Analytics Pipeline with Confluent Cloud and Imply’s real time DBaaS, Polaris
Learn how to set up a pipeline that generates a simulated clickstream event stream and sends it to Confluent Cloud, processes the raw clickstream data using managed ksqlDB in Confluent Cloud, delivers the processed...
We are excited to announce the availability of Imply Polaris in Europe, specifically in AWS eu-central-1 region based in Frankfurt. Since its launch in March 2022, Imply Polaris, the fully managed Database-as-a-Service...
Should You Build or Buy Security Analytics for SecOps?
When should you build—or buy—a security analytics platform for your environment? Here are some common considerations—and how Apache Druid is the ideal foundation for any in-house security solution.
Combating financial fraud and money laundering at scale with Apache Druid
Learn how Apache Druid enables financial services firms and FinTech companies to get immediate insights from petabytes-plus data volumes for anti-fraud and anti-money laundering compliance.
This is a what's new to Imply in Dec 2022. We’ve added two new features to Imply Polaris to make it easier for your end users to take advantage of real-time insights.
Imply Pivot delivers the final mile for modern analytics applications
This blog is focused on how Imply Pivot delivers the final mile for building an anlaytics app. It showcases two customer examples - Twitch and ironsource.
For decades, analytics has been defined by the standard reporting and BI workflow, supported by the data warehouse. Now, 1000s of companies are realizing an expansion of analytics beyond reporting, which requires...
Apache Druid is at the heart of Imply. We’re an open source business, and that’s why we’re committed to making Druid the best open source database for modern analytics applications
When it comes to modern data analytics applications, speed is of the utmost importance. In this blog we discuss two approximation algorithms which can be used to greatly enhance speed with only a slight reduction...
The next chapter for Imply Polaris: celebrating 250+ accounts, continued innovation
Today we announced the next iteration of Imply Polaris, the fully managed Database-as-a-Service that helps you build modern analytics applications faster, cheaper, and with less effort. Since its launch in...
We obviously talk a lot about #ApacheDruid on here. But what are folks actually building with Druid? What is a modern analytics application, exactly? Let's find out
Elasticity is important, but beware the database that can only save you money when your application is not in use. The best solution will have excellent price-performance under all conditions.
Druid 0.23 – Features And Capabilities For Advanced Scenarios
Many of Druid’s improvements focus on building a solid foundation, including making the system more stable, easier to use, faster to scale, and better integrated with the rest of the data ecosystem. But for...
Apache Druid 0.23.0 contains over 450 updates, including new features, major performance enhancements, bug fixes, and major documentation improvements.
Imply Polaris is a fully managed database-as-a-service for building realtime analytics applications. John is the tech lead for the Polaris UI, known internally as the Unified App. It began with a profound question:...
There is a new category within data analytics emerging which is not centered in the world of reports and dashboards (the purview of data analysts and data scientists), but instead centered in the world of applications...
We are in the early stages of a stream revolution, as developers build modern transactional and analytic applications that use real-time data continuously delivered.
Developers and architects must look beyond query performance to understand the operational realities of growing and managing a high performance database and if it will consume their valuable time.
Building high performance logging analytics with Polaris and Logstash
When you think of querying with Apache Druid, you probably imagine queries over massive data sets that run in less than a second. This blog is about some of the things we did as a team to discover the user...
Horizontal scaling is the key to performance at scale, which is why every database claims this. You should investigate, though, to see how much effort it takes, especially compared to Apache Druid.
When you think of querying with Apache Druid, you probably imagine queries over massive data sets that run in less than a second. This blog is about some of the things we did as a team to discover the user...
Building Analytics for External Users is a Whole Different Animal
Analytics aren’t just for internal stakeholders anymore. If you’re building an analytics application for customers, then you’re probably wondering…what’s the right database backend?
After over 30 years of working with data analytics, we’ve been witness (and sometimes participant) to three major shifts in how we find insights from data - and now we’re looking at the fourth.
Every year industry pundits predict data and analytics becoming more valuable the following year. But this doesn’t take a crystal ball to predict. There’s instead something much more interesting happening...
Today, I'm prepared to share our progress on this effort and some of our plans for the future. But before diving further into that, let's take a closer look at how Druid's core query engine executes queries,...
Product Update: SSO, Cluster level authorization, OAuth 2.0 and more security features
When you think of querying with Apache Druid, you probably imagine queries over massive data sets that run in less than a second. This blog is about some of the things we did as a team to discover the user...
When you think of querying with Apache Druid, you probably imagine queries over massive data sets that run in less than a second. This blog is about some of the things we did as a team to discover the user...
Druid Nails Cost Efficiency Challenge Against ClickHouse & Rockset
To make a long story short, we were pleased to confirm that Druid is 2 times faster than ClickHouse and 8 times faster than Rockset with fewer hardware resources!.
Unveiling Project Shapeshift Nov. 9th at Druid Summit 2021
There is a new category within data analytics emerging which is not centered in the world of reports and dashboards (the purview of data analysts and data scientists), but instead centered in the world of applications...
How we made long-running queries work in Apache Druid
When you think of querying with Apache Druid, you probably imagine queries over massive data sets that run in less than a second. This blog is about some of the things we did as a team to discover the user...
Uneven traffic flow in streaming pipelines is a common problem. Providing the right level of resources to keep up with spikes in demand is a requirement in order to deliver timely analytics.
Community Discoveries: multi-value dimensions in Apache Druid
Hellmar Becker is an Imply solutions engineer based in Germany, where he has been delving into the nooks-and-crannies of multi-valued dimension support in Druid. In this interview, Hellmar explains why...
Community Spotlight: Apache Pulsar and Apache Druid get close…
The community team at Imply spoke with an Apache Pulsar community member, Giannis Polyzos, about how collaboration between open source communities generates great things, and more specifically, about how...