Anil John
Making Digital Services Secure and Trustworthy

Anil John

FRAUD as a Digital Platform Service

 Tweet  Share  Comment  Print  Email

Operators of multi-sided platforms need to deliver compelling value to attract, keep, and grow participants in the platform. Leveraging cross-side and same-side network effects are ways to create value. I believe that a Federation-wide Reliable Account Usage Data (FRAUD) Service is one example of a platform service that can provide such value.

Broker/Proxy/Hub architectures currently seem to be the deployment configuration of choice for identity-enabled service delivery in the public sector. At the same time, I’ve noticed that such deployments seem to consider ‘identity as the killer app’ that will bring providers and consumers together.

I believe this focus on identity to be a short-sighted approach that ignores the opportunity to treat these deployments as multi-sided digital service enablement platforms, which in turn has unique implications for network effects, subsidies and subscriptions, transaction pricing, market incentives and more.

While I could go on about this, let me focus on a specific platform service that can provide incentives to both sides of the platform, and as such generate both cross-side and same-side network effects.

In previous blog posts, I described both the Shared Signals paper by Andrew Nash as well as the Credential Reliability and Revocation Model for Federated Identities paper by Hilde Ferraiolo. I believe that a shared fraud analytics service, that takes the best pieces of both these proposals and implements them in a broker/proxy environment would be an ideal platform service. For lack of better words, I called it the Federation-wide Reliable Account Usage Data (FRAUD) Service.

At a high level, it combines three particular aspects:

  1. A policy driven signal manager to intelligently manage routing;
  2. The shared account reliability score that changes based on feedback from CSPs, TMs and RPs, and;
  3. The identity blinding techniques implemented at the broker/proxy using directed identifiers (MBUNs and PAIs)

The combination of the above enables platform participants to contribute to a shared account reliability score on a per token/credential basis, across identity services and RPs, while not sharing the actual identity of the credential holder. It also results in a service that is highly attractive to platform participants who seek to mitigate identity risk and fraud (Financial Institutions and other high value services).

Oh BTW, if I was king of the platform, I would also make two very critical business decisions to increase the attractiveness of the platform:

  • Offer the FRAUD Service at no charge to platform participants
  • Allow access to the account reliability score only to those platform participants that contribute data


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog ( The opinions expressed here are my own and do not represent my employer’s view in any way.

By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a Public Interest Technologist. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone