Buying vs. Building Fraud Solutions with Robinhood's Lenny Gusel
In this episode of Fraud Fighters, Unit21’s VP of Marketing, Aditya Vempaty, sits down for a fireside chat with Robinhood’s former VP of Trust & Safety, Lenny Gusel. Lenny shares how he got into the fraud prevention field and some of the most significant fraud issues he saw during his time at Robinhood, including ACH fraud and account takeover, and how they tackled these problems.
Aditya and Lenny also discuss building Fintech and Regtech fraud prevention solutions, buying vs. building fraud solutions, and the importance of networking and collaboration to fight fraud effectively. You can watch the full video now or read the transcript for details below.
Buying vs. Building Fraud Solutions (and Other Stories)
"We're lucky to have Lenny Gusel and have the privilege of interviewing him or getting his thoughts on things. So first off, I'd love to hear how'd you get into fraud.
I think many in the audience would like to know as well."
"I got really lucky. I needed a job, and I walked into this company called Actimize quite some time ago. It was 2006.
And I walked in on the day that they sold their first online banking fraud solution to one of the big banks in the United States, this was BB&T at the time. And I had a background in software technology.
I have a computer science background and didn't know anything about this domain, but I knew about online banking. I grew up online, kind of a digital native, and it was endlessly fascinating.
It was this amazing intersection of all the interesting things that were happening. And now the, you know, machine learning and AI, it started with the fraud space. And with the software and "cops and robbers" kind of psychology of it, I fell into it."
"Cops and robbers: sounds like a childhood dream come true.
You have an exciting history. You fell into fraud prevention, liked it, and then you went over to Robinhood eventually. I'm sure a lot of people are curious in the room to know what were the biggest fraud instances that you dealt with while at Robinhood specifically. What did you see predominantly occurring?"
"I'm no longer at Robinhood, but it was an incredible tenure there, and I learned a lot in an amazing place. The biggest challenges we were having, I can categorize into three things.
So one, we called it "instant abuse." So, if you deposited the ACH onto your Robinhood account, we instantly gave you credit for many customers. And what we're experiencing is then people would then take that credit and then make trades, various speculative trades, oftentimes short-term options, other things as well.
And if the trade didn't go well, they would just churn and disappear This was not an obvious thing. And it was far and away our biggest problem. And it's a very complicated problem for many reasons, so that was one.
The second was a very traditional account takeover. And the third was every kind of flavor of new account fraud, not just identity theft, but you name it.
Good people who plan to sell their account later. Identity theft, various kinds of synthetics of all kinds.
So those three, kind of the biggest buckets."
"So, you have three big buckets you're dealing with. How are you empowered to deal with this in dealing with the new account fraud or account takeover? Like, how did you get support? How are you able to, like, garner resources?"
"You know, I walked into Robinhood, taking over my specific role there, and reported to the chief operating officer. And I took on the fraud ops team and the account ops team. So walked into two large operational teams that were trying to work with product and engineering groups to do all the things that needed to get done.
There was incredible support from the CEO, (from the board and CEO on down), on all things we needed to do. There were a lot of enlightened leaders who understood that the company would live or die or do well based on how well they did this discipline.
This is not the case at many other places that I've been."
"How has it been at other places? Tell us about that."
"Listen, it really varies. It really depends on the type of organization, the size of the organization. I've seen a bunch, but focusing on kind of my last kind of gig at Robinhood, again, it was a lot of enlightened leadership who understood the value of it.
And my first three months at Robinhood were spent putting together a strategy that we then presented to the C team for how we plan to take various disparate pockets of product and engineering groups, some who are concentrating on onboarding, some who are concentrating on payments, some who are concentrating on the fraud platforms, some who are concentrating on authentication, and my teams and put them all together into what we termed as trust and safety.
Which is a thing I'm sure you're all familiar with in the industry.
So how do we take all of these silos that are all trying to fight the problem kind of and put them together into one cohesive part of the organization?
That's a big deal, and it was a huge strategy and a big reorganization, but it speaks to how seriously the leadership took the problem and how big the problem was."
"So it sounds like they made fraud not just your job, but the company's job."
"Yes, it was, it was made to be the company's job. Now, it wasn't all kind of Kumbaya. It took tremendous work to make everyone understand why it's everyone's job.
And for example, launching debit card funding and working with the product team who's responsible for that and helping them to understand all the different controls that they need to put in place and helping them understand why they're not going to be able to ramp their product if they don't.
So it takes a tremendous amount of internal socialization, partnership, and collaboration even when you have that kind of enlightened leadership at the top."
"So when you had that leadership, and you had the support, how did you go about it? Did you use solutions that you built in-house, or did you buy solutions off the shelf? What was that process?
"All of the above. So, Robinhood was operating at quite a scale. We had 22 million, you know, funded customers.
Contrasting that, walking into my, you know, BlockFi, which is where I was previously, where I was the first hire for fraud and building everything from the ground up from scratch, there was virtually no tooling.
So there are often product teams who are responsible, for example, for onboarding who will buy the tool that does document scanning or, you know, buy the tool that does some modicum of KYC and identity verification and then foist it onto then oftentimes the fraud team to use it to solve the problem.
And so, jumping back to Robinhood, there was a lot of internal building.
I don't know if others here experience it. I think in the Fintech world, in particular, there's a lot of brilliant engineers who like to take a first-principle approach and start to build things.
I found that to be both refreshing when necessary to just get shit done that no particular vendor will get done, but infuriating when invariably it really takes so much work and effort. The complexity over time to build the kind of platform such as a Unit21.
So Robinhood was in a position where they were coming around to understanding that the custom-built platform that they built for fraud themselves was not going to be long in the tooth.
"So I think you're reaffirming what we found in our insights on the report where things aren't being moved at the speed they need to be at the scale you're operating and getting the updates that you need if you're relying on someone else in in-house infrastructure that you've built."
"To do this at scale and at the professional level that any growing organization needs requires you to get very savvy with what tools you need to buy and make many different buy versus build decisions.
And because it's one of the things I learned, to step back. I came from the vendor space. I started my job at a fraud vendor in 2006 and did that for many years. I was the head of their fraud product, then went into the financial services industry to be a practitioner.
And what I found is, to deal with the problem, there are easily about 20 to 30 different vendors that you need to put together, and then engineering teams to string all the different solutions into one cohesive whole that then becomes the customer experience or the customer journey.
So it's not simple, but having a core platform becomes table stakes."
"So one thing for the audience: If you could give them a single piece of advice they can take back today to help them fight fraud better, what would it be?"
"Network and collaborate. Do what you're doing here today. Meet people, talk with people about how they're solving problems.
Network and collaborate within your own organization. Do your best to explain in as plain language as you can the problems that you're facing and the impact that it has.
And if you're in an organization that does not yet understand that fraud is not a back-office problem, that it is a fundamental board-level, C, C-suite level business issue, start to advocate for that and have those conversations with whoever you have access to."
Getting started is easy
can help bolster your risk & compliance operations