Given feature summaries for two card transactions (e.g., merchant category, amount, velocity, geolocation, device fingerprint, account tenure, historical approval/chargeback rates), decide approve or decline for each and justify the decision. Then outline a simple risk strategy for cold-start: propose concrete rules (velocity checks, geo-velocity, MCC limits, block/allow lists, step-up authentication), thresholds, and escalation paths, discussing the loss–friction trade-off and expected impact on approval rate, chargeback rate, and false positive rate. Finally, model adversary behavior: enumerate likely fraudster tactics (card testing, mule addresses, BIN attacks, device spoofing) and explain how you would detect adaptation and update rules or models.

This question evaluates a data scientist's competency in transaction risk assessment, rule‑based fraud decisioning, cold‑start control design, and adversary modeling using authorization‑time features and merchant/device/account signals.

How do I approach Analytics & Experimentation interview questions?

Analytics & Experimentation questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master analytics & experimentation interviews.

What difficulty level is this interview question?

This is a hard difficulty Analytics & Experimentation question, commonly asked during Onsite rounds at PayPal.

What role is this question designed for?

This question is commonly asked for Data Scientist candidates at PayPal during technical interviews.

Assess card transactions and plan risk strategy

Card Fraud Decisions and Cold‑Start Risk Strategy

Context

You are designing the first version of card risk controls for an online checkout platform. You have no production ML model yet and must rely on rules, step‑up authentication, and manual review. You receive feature summaries for two example card‑not‑present transactions.

Assumptions:

Liability for confirmed fraud is borne by the platform/merchant (no chargeback protection).
Features available at authorization time: merchant category (MCC), amount, velocity signals (per account/device/IP/card), geolocation comparisons, device fingerprint reputation, account tenure/behavior, merchant historical approval/chargeback rates.

Data: Two Example Transactions

Transaction A
- MCC: 5732 (Electronics)
- Amount: $1,199
- Account tenure: 1 day; 0 prior successful payments
- Velocity (last 10 min): account = 4 attempts; device = 19 attempts across 12 cards; IP = 35 attempts across 25 cards
- Geolocation: IP country = GB; card BIN country = US; shipping address = Miami, FL to a known freight‑forwarder ZIP range
- Device fingerprint: first seen yesterday; seen on 6 distinct accounts in 24h; 2 prior confirmed frauds tied to this fingerprint
- Merchant history: sitewide approval rate 92%; chargeback rate 0.8% overall, 1.5% for electronics >$500
Transaction B
- MCC: 5816 (Digital services/subscriptions)
- Amount: $29
- Account tenure: 3 years; 24 prior successful payments; no chargebacks
- Velocity (last 10 min): account = 1 attempt; device = 1 attempt; IP = 1 attempt
- Geolocation: IP city within 25 miles of billing ZIP; card BIN country matches IP country
- Device fingerprint: seen 60+ times over 3 years for this account only; no prior fraud associations
- Merchant history: approval rate 98%; chargeback rate 0.1%

Tasks

Decisioning
- For each transaction (A and B), decide Approve or Decline and justify using the features.
Cold‑Start Risk Strategy
- Propose concrete rules: velocity checks, geo‑velocity, MCC/amount limits, block/allow lists, step‑up authentication.
- Include specific thresholds and escalation paths (auto‑approve/decline → step‑up → manual review).
- Discuss the loss–friction trade‑off and expected direction/magnitude of impact on approval rate, chargeback rate, and false positive rate.
Adversary Modeling
- Enumerate likely fraudster tactics (e.g., card testing, mule addresses, BIN attacks, device spoofing, enumeration).
- Explain how you would detect adaptation over time and update rules or models accordingly.

Context

Assumptions:

Liability for confirmed fraud is borne by the platform/merchant (no chargeback protection).

Features available at authorization time: merchant category (MCC), amount, velocity signals (per account/device/IP/card), geolocation comparisons, device fingerprint reputation, account tenure/behavior, merchant historical approval/chargeback rates.

Data: Two Example Transactions

Transaction A

MCC: 5732 (Electronics)
Amount: $1,199
Account tenure: 1 day; 0 prior successful payments
Velocity (last 10 min): account = 4 attempts; device = 19 attempts across 12 cards; IP = 35 attempts across 25 cards
Geolocation: IP country = GB; card BIN country = US; shipping address = Miami, FL to a known freight‑forwarder ZIP range
Device fingerprint: first seen yesterday; seen on 6 distinct accounts in 24h; 2 prior confirmed frauds tied to this fingerprint
Merchant history: sitewide approval rate 92%; chargeback rate 0.8% overall, 1.5% for electronics >$500

Transaction B

MCC: 5816 (Digital services/subscriptions)
Amount: $29
Account tenure: 3 years; 24 prior successful payments; no chargebacks
Velocity (last 10 min): account = 1 attempt; device = 1 attempt; IP = 1 attempt
Geolocation: IP city within 25 miles of billing ZIP; card BIN country matches IP country
Device fingerprint: seen 60+ times over 3 years for this account only; no prior fraud associations
Merchant history: approval rate 98%; chargeback rate 0.1%

Tasks

Decisioning

For each transaction (A and B), decide Approve or Decline and justify using the features.

Cold‑Start Risk Strategy

Propose concrete rules: velocity checks, geo‑velocity, MCC/amount limits, block/allow lists, step‑up authentication.
Include specific thresholds and escalation paths (auto‑approve/decline → step‑up → manual review).
Discuss the loss–friction trade‑off and expected direction/magnitude of impact on approval rate, chargeback rate, and false positive rate.

Adversary Modeling

Enumerate likely fraudster tactics (e.g., card testing, mule addresses, BIN attacks, device spoofing, enumeration).
Explain how you would detect adaptation over time and update rules or models accordingly.

Assess card transactions and plan risk strategy

Quick Overview

Card Fraud Decisions and Cold‑Start Risk Strategy

Context

Data: Two Example Transactions

Tasks

Solution

Comments (0)

Assess card transactions and plan risk strategy

Quick Overview

Card Fraud Decisions and Cold‑Start Risk Strategy

Context

Data: Two Example Transactions

Tasks

Solution

Comments (0)