Real-time Management of Fraud Services


Lead Product Designer

DataVisor: Company Overview

DataVisor is the leading fraud detection platform powered by transformational AI technology. Using proprietary unsupervised machine learning algorithms, DataVisor restores trust online by enabling organizations to proactively detect and act on fast-evolving fraud patterns, and prevent future attacks before they happen. Combining advanced analytics and an intelligence network of more than 4B global user accounts, DataVisor protects against financial and reputational damage across a variety of industries, including financial services, marketplaces, ecommerce, and social platforms.

dVector: Project Overview

dVector offers real-time managed fraud services that empower organizations to confidently act on highly accurate fraud signals produced through advanced contextual detection and holistic analysis. 

When I joined in mid 2017, the product was in its infancy with bare minimum UI and the it was in the process of being overhauled to have more streamlined workflows for fraud investigation and add more powerful features. Being the first and only designer in the company, my goals were to lead the design development of the entire suite of products, and to rebrand the product.


What follows are snippets of a few of the efforts I led and contributed to in my time at the company. I've found it strangely difficult to summarize my time at this project due to the wide range of projects and activities I was involved in. Let this serve as a summary of the highlights, and if you're curious for more details, I'm happy to expound in person. 

Workflow 1: Clusters

A Cluster is a concept unique to DataVisor’s detection approach. The Cluster represents a set of highly correlated users that are likely to be orchestrated by the same bad actor or fraud ring. A Cluster is dynamic in nature and can grow and evolve over time as the bad actors create more accounts or engage in various types of malicious activity.

A Cluster is a series of coordinated attacks involving more than one person. DataVisor software identifies clusters based on similarities in IP address, country of origin, transaction amount, or other details identified by the DataVisor software. Each Cluster is assigned a unique Cluster ID.


1. Encourage users to use and rely on our product. Currently, most customers consume our detection results because of lack of investigative workflows and case management. 

2. Identify and detect fraud before the damage is done.

3. Prevent fraud without affecting the user experience of genuine users

Fraud analyst beginning their with a high level overview

Fraud analysts day begins from the dashboard, where he has a high level overview of all the campaigns for the specified time. 

Depending on the type of investigation the analyst is responsible for, they can filter the detected clusters and see the list of clusters

After initial investigation, if the analyst feels a certain cluster is suspicious, they can further drill down for more signals

If the analyst is still not sure if it is a suspicious cluster, they can further investigate for more signals

Based on all the investigation, the analyst can review the cluster/users as GOOD, BAD, or UNCERTAIN (if they cannot arrive at a conclusion)

In this view, the analyst can do a more details analysis of the clusters and see how users are correlated and to investigated if they are coordinating for an attack. 

In this interactive linkage view, the analyst can hover on the link between the users and see the common attributes that they are sharing and also they can click on a specific user and see more details. 

Datavisor generates a risk score for each user with it's proprietary algorithm. A score distribution chart allows the user to know how many users in the cluster are scored high by the algorithm, 

Analyst can also check all the events that occurred from the users in a cluster and analyze which events are most performed by the detected bad users.

For a selected cluster, the analyst can also see where the users are coming from..

Actions the analyst can take

Workflow 2: User list and User Profile

Investigating an individual user and determining if he is a fraud or not is the crux of any fraud detection platform. This project is part of the bigger goal of the DataVisor fraud detection platform which is to overhaul the user experience to make the fraud detection process effective and educate the customers about emerging frauds. 


As part of this, I spent time with the analysts in the fraud analysis team at the customer site to understand how they determine if a particular user is a fraud and the kind of information they seek in the process. I did contextual inquiries, user interviews and also did quantitative data analysis to understand how they are currently using our product. Also, collaborated closely with the product team to understand their vision of the product and the features that they want to realize in the next version of the product​

Contextual Inquiry, Fraud teams Interviews, Stakeholder Interviews, Brainstorming sessions with the product team, Quantitative Data Analysis

By clicking the icon, the end user can see the correlated users that share the attributes common to this user.

Select the users and take action like blocking or label them as Good/Bad/Need Review

Options to filter and search fraudulent users

Chart visualization of the categories of fraudulent users and the DataVisor score distributions.

Options to customize the table columns and to export the data.

Workflow 3: Rules Engine

Augment the simplicity of a rules engine with the scalability and capabilities of machine learning, and the sophistication of advanced AI-powered features, to safeguard your organization from modern fraud attacks. DataVisor’s Advanced Rules Engine integrates with the Feature Platform to power early detection with enriched fraud features.

Heuristic analysis of existing rules engine, Stakeholder interviews, Brainstorming sessions, Affinity diagram, Customer interviews, Usage analysis with Google Analytics
Hueristic Analysis: Sample Report

Conducted a thorough heuristic analysis of the existing workflows and submitted a meticulous report on the issues identified with the severity level and the suggested solution.

Usability testing: Sample

Collected feedback from the internal stakeholders as well as end users at different stages of design. Below is the sample of usability testing which I conducted for a reporting feature. The same exercise is carried out for each new design.

the outcome

The introduction of new dashboards, enhanced rules engine design and the new workflows increased the number of customers using our platform's UI directly. Earlier, only 3 of our customers used our UI for fraud investigation and the rest (>30) integrated our detection results in their in-house fraud detection products. Now, in the very short period after the new design, at least 12 customer use our UI for their day-to-day fraud investigations.

1. Robust rules management workflows

Once a complex workflow, with the new design the user can easily create and update a rule. The user can also track the efficiency of the rule and modify and test it on the fly by seeing the users detected by the rule.

2. Efficient and clean model setup, tuning and deployment process

The old model setup process was unstructured and involved numerous steps across multiple screens and it also needed a steep learning curve and time to understand. As a result, the new trial engineers took weeks to familiarize themselves with the process. The new model setup workflow allows the user to easily setup the model and tune the algorithm while seeing the output at each stage. The new design is so simple that even the sales and marketing team uses the actual setup to demo the product.

3. Comprehensive and contextual user information for fraud investigation

One of the primary use cases of the product is to facilitate the customers to review the detected users and investigate if they are fraudulent. With the new design, the customers can see more comprehensive and contextual information during the fraud review process. And, they can also take quick actions like labeling the users as Good/Bad, adding a note or blocking the user.