A Rule-Based and Game-Theoretic Approach to Online Credit Card Fraud Detection

Traditional security mechanisms are often found to be inadequate for protection against attacks by authorized users or intruders posing as authorized users. This has drawn the interest of the research community towards intrusion detection techniques. We model the conflicting motives between an intruder and an intrusion detection system as a multistage game between two players, each trying to maximize its payoff. We consider the specific application of credit card fraud detection and propose a two-tiered architecture having a rule-based component in the first tier and a game-theoretic component in the second tier. Classical game theory is considered useful in many situations because it permits the formulation of strategies that are optimal, regardless of what the adversary does, negating the need for prediction of his/her behavior. However, we use it in a predictive application in the sense that we consider intruders as rational adversaries who would try to behave optimally, and the expected optimal behavior can be determined through game theory.