Foe for Fraud: Transferable Adversarial Attacks in Credit Card Fraud Detection

TL;DR

This paper investigates the vulnerability of credit card fraud detection models to transferable adversarial attacks on tabular data, revealing significant susceptibility and emphasizing the need for robust defenses.

Contribution

It introduces a holistic framework for assessing the robustness of CCFD models against gradient-based adversarial attacks in both black- and white-box settings, including transferability analysis.

Findings

Tabular data models are vulnerable to subtle adversarial perturbations.

Transferable adversarial samples can deceive multiple CCFD models.

Adversarial attacks remain effective across different model types.

Abstract

Credit card fraud detection (CCFD) is a critical application of Machine Learning (ML) in the financial sector, where accurately identifying fraudulent transactions is essential for mitigating financial losses. ML models have demonstrated their effectiveness in fraud detection task, in particular with the tabular dataset. While adversarial attacks have been extensively studied in computer vision and deep learning, their impacts on the ML models, particularly those trained on CCFD tabular datasets, remains largely unexplored. These latent vulnerabilities pose significant threats to the security and stability of the financial industry, especially in high-value transactions where losses could be substantial. To address this gap, in this paper, we present a holistic framework that investigate the robustness of CCFD ML model against adversarial perturbations under different circumstances. Specifically, the gradient-based attack methods are incorporated into the tabular credit card transaction data in both black- and white-box adversarial attacks settings. Our findings confirm that tabular data is also susceptible to subtle perturbations, highlighting the need for heightened awareness among financial technology practitioners regarding ML model security and trustworthiness. Furthermore, the experiments by transferring adversarial samples from gradient-based attack method to non-gradient-based models also verify our findings. Our results demonstrate that such attacks remain effective, emphasizing the necessity of developing robust defenses for CCFD algorithms.