Fraud Prevention Tips from Rho's Head of Fraud
"Thank you so much everyone for coming. We have the great pleasure to host Ben, who is the Head of Fraud at Rho, who is also our customer at Unit21.
One question I like to ask fraud fighters is how did you get into this business? Because I feel like it's always a fascinating story."
"I don't think anybody goes, 'Hey, I wanna be a fraud fighter,' when they go to college."
And I actually started at a startup Fintech years and years ago and they had no fraud prevention, no fraud solution. And being that my background was in business intelligence and finance operations, they asked me if I'd be interested in taking over this dispute team.
I took over the dispute team. I'm sure many of you're familiar with Reg E. I had to get up to speed on that really, really quick and get that team compliant and operating with Reg E. And from there I started building out fraud solutions and building my own reports at SQL dashboards and Periscope and Looker and started catching fraud trends.
And then they're like, 'Oh, can you look at this compliance documentation?'
So, you know, in a short period of time, you're a compliance officer, you're doing auditing, you're doing Q and A, you're doing dispute auditing, and all that.
So that's kind of how it started for me."
"That's amazing. I think many people here can relate because obviously there's no school for fraud and there's no school for fighting fraud. It kind of makes sense that we all start from very awkward beginnings, but when we advance through our career. It really shapes you in very similar ways.
We start a very manual, like you said, like SQL queries, dashboards.
Those are all manual. It sucks, 100%
And we feel the pain that we truly need something to automate these processes and that's where we start looking for solutions, right?
So the next question for you is today, when you are involved in a hyper-growth Fintech company, what challenges do you see today fighting fraud?"
"You know, the challenges that I've come across, especially in startup Fintechs - those are in their seed stage and just starting - there's a couple of challenges that stand out to me that we must be aware of.
The organization wants to mitigate loss. They want to mitigate reputational risks. They want to stay out of regulatory trouble. But one of the challenges is, I feel there's a failure to really understand what fraud is and how to fight it.
They don't know how to, and so they, there seems to be this inherent, what I call, a pandemic of, oh well let's just build our own solution in-house and let's just build it ourselves. And so you're spending years, and hundreds of thousands of dollars of trying to build something that doesn't work, and fraud is changing and fast-moving.
To be successful, you need to be able to set up mitigation efforts, rules, or strategies to adapt to those new fraud trends quickly. And you can't do that in an area where you have to rely on your own engineers, and you have to wait for them to build something out when there are off-the-shelf solutions that can do that for you.
The second challenge too is what I found a lot, especially in the leadership organization, is they start chasing metrics on your strategy.
How do we measure your false positives? How much money are we losing versus how much money are we spending?
And so there's this inherent issue where, if you don't fix your strategy first, you're gonna chase your numbers. And so to get your metrics and your KPIs to align with your strategy, you need appropriate measurements there by getting that strategy fixed first."
"Yeah, that resonates with me. And I guess as a follow-up question, what best practices are you using today, or even, what advice can you give today's fraud fighters?"
"Well that would be one is invest in your people. I mean, don't wait till the fraud starts happening. Just like, 'oh, we need solutions.' Invest in it now, listen to your people.
I think for me, one of the biggest challenges is I started just documenting my cadence of doing investigations of what I was learning and what I was finding. I have this funny kind of quick story about looking for the yellow tiny house.
And what that means is, I was doing an investigation on an account that was suspected of doing some money laundering. Your typical cash in real quick, cash out real quick. And so the company had reported, you know, $2 million a month in revenue or something like that.
And I'm like, 'this doesn't make sense for the type of company they are, but there's not a data point out there that's going to say this doesn't make sense, look here.'
So I just googled the owner's address, and it was a little tiny yellow house in Florida, and I'm like, 'oh my gosh, no way this is legitimate.'
I checked out the website, and this website was someone who took pictures for sports teams. And then Google notified me that their security certificates were outdated, and the website looked like something my nine-year-old could do on Adobe Photoshop. I mean, it wasn't very good.
Just being able to take that information and say, 'yeah, this is 100% BS' and shut it down. We did, and it turned out that this was a person, who was working with someone phishing them, they had fallen into some type of scam or something like that.
Being able to look for those types of things is critical."
"I think, in general, looking outside the box is important.
I heard a story from a crypto company that had a customer who they carefully KYC'ed, and it was an elementary teacher, but they were holding $1.5 million worth of cryptocurrency, and this kind of doesn't make sense, right?
If you don't have an operational baseline today and you don't really measure how you fight fraud, it's a good idea to start measuring that. Measure your capabilities, and measure how many alerts you can handle every day. Measure how much time it takes you to handle each alert.
The more metrics you add to your baselines, the easier it will be for you to scale and to choose the right solution when it's time for you to move to a more automated approach to fighting fraud.
My last question for you is, do you have any predictions for next year? Where do you think we're going with fraud?"
"Like the type of fraud that we're going to see? Realtime payments. We're moving to that world we're realtime payments are going to be how the majority of all our payments are being transferred.
The historical way of tracking fraud of looking for anomalies and historical spending is just not going to be efficient anymore. We need real-time fraud detection, and it will hit hard within the next two years. That's my prediction."
"So that's a brand new payment rail that will be introduced, and I feel like we are about to see what we saw in the UK three years ago when the whole country suddenly became real-time, and the fraud skyrocketed. So I think we are heading precisely in that direction."