Fraud Fighting with the Experts
In this episode of Fraud Fighters, Trisha Kothari, CEO and Co-Founder of Unit21, talks with industry experts from Robinhood, Rho, & Melio.
Here, Lenny Gusel (former VP of Trust & Safety at Robinhood), Ben Crockett (Head of Fraud at Rho), and Scott Benson (Sr. Compliance Officer at Melio), each share the fraud scenarios they've seen most frequently, including MFA attacks, P2P scams, and more.
They also share predictions for the future of fraud, how to convince executives of the importance of being proactive in fraud and risk prevention, and the benefits of using an off-the-shelf fraud solution product such as Unit21 rather than attempting to build one in-house.
Read the transcript below or watch the video for details.
"The one question I wanted to ask to begin with is, what were some of the interesting fraud trends you saw in 2022 and what do you predict for 2023?"
"I think I gave my prediction already, so I won't go into that again, but I think the biggest fraud trend that I've seen is the ability where MFA (multi-factor authentication) is becoming easier to hack either through social engineering or other types of attacks. And so what I saw a lot last year was more exposure through MFA setups, if that makes sense."
"I'm going to piggyback on Ben and say that as a result of all payments moving faster, and whether it's wires or FedNow, or Crypto, or P2P of various kinds, what we've seen is a massive rise in scams and first-party fraud. And let me define what I mean. Not talking about people onboarding, I'm talking about people, what has always been out there in the plastic space, in credit, debit card space of disputes of, 'I didn't buy that TV.'
That type of fraud is rising incredibly fast and in the domain of payments. And it's coming concurrently with scams. And frankly, the entire financial services sector is not in a position to be as prepared for it as we need to.
It's going to be a major fight for the next several years and a huge area of focus. And yes, the UK is well ahead of us because they converted to faster payments in 2008. I was there, I remember working with the banks on that. And then they did a tremendous job of shutting down many of the account takeover vectors.
So what did the fraudsters do? They moved to convincing people to send the money themselves, so-called authorized payments. And that is going to be far and away beyond anything else, the most massive, biggest thing that we're all gonna be dealing with as an industry for the next several years."
"Yeah, it's really interesting with respect to scams, we did a report earlier this year on romance fraud, something that could not even be considered 10 years ago because obviously, online dating has increased in the last 10 years.
In 2021, half a billion dollars was reported to the FBI. And this is reported scams, so there's probably a lot more that people are ashamed about. One thing that you all mentioned and touched a little bit about was with respect to getting buy-in internally.
We have a lot of fraud fighters here, but it's challenging sometimes for the organization to understand that this is an area that needs investment.
And so while everyone here understands that, how do you convince the board, the CFO, the COO, the CEO that this is something that needs investment? What are the KPIs? What are the metrics that all of you use?"
"Yeah, for me, I think, you know, one thing that I'm lucky is at Rho we've had a thoughtful investment into our fraud and compliance, and those controls. But I've been in places where it's not, and I just go to the CFO, and say, 'you like money, you want to save some? Because we can save some.'
And in my space, I've seen a lot of failure in getting that buy-in. I think you had mentioned earlier is you need to treat your fraud and your risk teams like a C-suite entity, not a back-office problem. They need to be at the forefront of the organization. You're dealing with monetary loss, reputational risk, and then regulatory risk as well. I've dealt with with regulatory risk, and it's not fun.
And so I think it's not rocket science. It doesn't need to be a complicated, complex conversation. Fraud is going to hit you, whether you're in C-stage or startup, do you want it to hit you when you have the tools in place and ready to go? Or do you want to be reactionary toward it instead of proactive?
And so I just approached it in that conversation and look at the industry, look what's happening. Look at this company they were hit with a million in one month or explain it in that atmosphere and I think they get it. You talk money to CFOs, the light bulb goes on. They understand where the investment needs to go."
"I'm going to give kind of two examples and Scott, you're going to pick up on one, I'm sure. I'll start with this one.
So when a regulator like FINRA or the SEC is coming to you and asking a tremendous number of questions about how well you are reporting on your fraud cases and how timely, and how accurately you're filing your SARS for your fraud cases, and you don't have a good answer, or you just don't have your processes well in place, or you don't have the proper collaboration coming back to your FRAML question with your AML team for how all that's getting handled, you're at risk of massive fines and worse.
And so, that's one way to start thinking about the problem from an operational standpoint. And that's frankly where FRAML really comes in on the operational side. Those two teams need to have common tools and need to work together.
Now on the flip side, there is an exciting trend where Fintechs are starting to understand that fraud teams are on the opposite side of the coin from growth, and they are starting to work in collaboration with the product teams.
The reasons for that are really simple, I'm gonna kind of remove all names from this and not gonna name the organization, but this has happened to me at multiple places where some a payment product team is out there releasing a new product into the market.
They start to ramp it up and have all of their nice tooling, able to offer it to a particular portion of the customer base and it starts to ramp up, and everything's looking great, and can we now release it to more people?
And then suddenly, you're hit with a massive at scale fraud attack and you did not think of, because the product team did not work very closely with your so-called fraud team, and they did not think through all of the end-to-end controls through your user experience and your middleware and kind of backend.
And now you have to pull your product out of the market.
It is such a major reputational issue and is such a drag on the growth of the business. And so if you do, those are pretty easy conversations to have. Frankly, I've been in a position of letting a team like that fail and get egg on their face, and that gets you into the conversation pretty quickly. You hope not to be in that position and to have the necessary collaboration between your product, your growth, and your fraud teams to be able to think proactively before putting anything into market.
Because your first customers for anything today, anything, your first best customers will be the fraudsters. They're going to test every single feature, every journey, every click, they're going to be all over it."
"There's also this perception when we have the discussion about 'building versus buying' that if you build it, somehow it's free. You know, well, because we're using our internal resources, our staff to build this so somehow, well, because this is a sunk cost, were paying these people anyway, it's really not going to cost us anything to build that.
We can argue that I guess, in different ways, but certainly from my perspective in the position that I've always taken is perhaps so. But when you take someone who works in compliance or legal, or product, or engineering, or whatever team it is that they're on and they're contributing to this initiative, then engineering is going to be involved one way or the other, we know that.
But when you pull these people away from these other things, that means their attention is taken away from something that could potentially be a revenue-generating initiative for the company. This could be delaying, inhibiting the rollout of a new product, a new service.
Try to put it in that perspective, and sometimes it's successful, and other times it is not. But I think that's an excellent point to consider as well."
"Yeah, I agree. Something that all three of you touched on is that just viewing fraud in itself it really is a very myopic view because the best way to reduce fraud is you shut down your business. No transactions, no fraud, everything's all good.
But ultimately, you have to view it with respect to growth, with respect to the resources you're putting towards growing. And I really hope that we get to a place where when companies talk about the growth metrics, they also talk about the fraud metrics.
And it's in the same all-hands presentation. It's in the same board presentation. It's not viewed as a back-office operation.
The last question I have is, you all have and are having amazing careers in the space of fraud and AML, what is one piece of advice that you would leave the audience with on how to grow as a fraud fighter?"
"Well, I think something that we've all talked about, treat your fraud, your risk, or FRAML as a competitive advantage, not a cost.
Don't wait for regulatory bodies to come out and say do A, B, and C. Get ahead of the game and provide the investment to your teams to grow and scale and put that at the forefront of the business as these gentlemen have led on too. It's the best way to think of it as it being a competitive advantage."
"You know, I found the fraud domain to be so collegial, and I think my best advice for anybody's fraud career is to find people in the industry to be friends, your mentors.
There's a lot of give and take in exchange in folks in this domain and kind of pulling each other up and helping folks get educated and helping one another. And it's an amazing part of our industry, and I've had incredible mentors all along the way, and I encourage you all to find the people who've done this, and done that, and ask them questions, and ask them to be your mentors, and stick with them, and you'll grow."
"I would say this more so as a compliance person than anything else, but I think it's tremendously important to involve yourself in the day-to-day of your product teams, your engineering teams to establish relationships with them, to understand what it is they do, to understand how you have shared goals, how your missions are intertwined. You need that.
You need to advocate for them, and in turn, you want them to advocate for you. That is tremendously important. You do not want a situation where you, as a compliance person, you're talking about your monitoring system for the prevention of money laundering. You don't want to be in an adversarial situation.
You know that is something you must make every effort to create. And not just create, but then maintain. I think that's tremendously important. And it's a point that can't be lost, and in some ways, it might be the most difficult thing in this whole journey, this whole discussion of a transaction monitoring solution.
Because again, whether you build it or you buy it, there's still going to be those resources that are required and those relationships are just tremendously important if it's going to work properly."
"Yeah, my main takeaways are three things.
One, build relationships with your team so that you can grow together. The second is building relationships within the community which I really hope that this event our first in New York, and the many more that we hope to do will be a ground for.
And the third is really changing the perception of fraud from being a cost center to be a competitive advantage, which can drive business growth and unlock new opportunities for the business.
Thank you, all of you for taking your time and sharing your experience, your wisdom with all of us here. We will open up for a few questions from the audience."
Watch the video above to hear the Q&A!