March 27, 2019
Empowering the Network to Fight Fraud
Posted January 17, 2019
In this episode Frank is joined by Dan Welch, SVP of Global Services at ThreatMetrix. They explore the power of the network approach to fighting fraud, the benefits of the champion/challenger model, and the upward trend of the mobile channel.
Frank: Hey, everybody. Welcome to another edition of Digital Identity 360. I am privileged and honored today to be joined by Dan Welch, Senior Vice President of Global Services at ThreatMetrix, a valued colleague here and really Dan, you live at the tip of the spear, as it were, as it relates to the implementations that our customers go through in onboarding the ThreatMetrix service. So, a pleasure having you, man. Thanks for joining.
Dan: I have to say, I see you doing these things in palatial resorts with palm trees and in front of huge auditoriums and we’re in this cramped studio, I mean, what gives?
Frank: Well, here’s what’s really cool, the green screen accomplishes everything we need to and I’m sure that our production folks are gonna have a fantastic backdrop as we go to market.
Dan: I want a palm tree.
Frank: There you go. But hey everybody, it’s really neat to have Dan here because Dan really does live right where our customers are implementing and using the service and it’s really fascinating, Dan, to hear some of the stories that come from your team because they’re really dealing with the nexus of the actual use case problem. Fraudsters, you know, returning good customers with too much friction, those kinds of things. Maybe talk a little bit about what you’ve seen as general trends and themes across our various verticals last year in our customer base. And then as we talk about that, we’ll jump a little bit into the power to predict and empowering the network and those kinds of things.
Dan: Great. Well, I’ve seen everything under the sun, Frank. We regularly hold QBRs, quarterly business reviews, with our customers and we’ve literally been demonstrating the portal and caught an attack in the meeting. Just because the network gives us that sort of visibility. We’ve also seen attacks where we’ve been able to go back and run multi-threaded queries and tell not only the history of the attack for that client, but everywhere in the network where that type of attack has occurred, and because then we can see the progression of the attack over time, we can spot new customers that are only just now in the first stages of the attack. And when I mean that it’s, stage one might be social engineering to get credentials, stage two might be changing a phone number in an account so that stage three, you can arrange a wire to yourself.
Frank: It’s interesting, really two cool concepts to take away from that. And they are really demonstrative of what our view of empowering a network. I mean, we’ve gone from building a network and global shared intelligence to really having now such critical mass that these vectors and these trends become really meaningful to other customers. And it’s amazing to think of the real time power of catching an attack mid-flight, while you’re demonstrating the network, right? And not equally importantly, the fact that you now have kind of a DNA strand of what attacks look like and can be predictive when you see that same kind of behavior repeating itself at another customer. And maybe a different vertical, just a different attack where you go, “Hey, there’s something about this attack and these attack points that are familiar to us.” And we deal with it.
Dan: And now, with the soon to be, I didn’t mean to talk over you. Soon to be introduction of consortium functionality, if anybody witnesses one of these attacks, they can share that data amongst themselves and say, “Hey, this persona is blacklisted as far as we’re concerned” and then other people in that consortium, you have to be in the consortium to play, but will be able to decide how they want to act on that information.
Frank: Yeah, everybody, one of the really cool features of now having built this network of such pedigreed and fantastic customers is that we really are independent enough that they view us as good stewards of consortiums. So they realize, “Look, I wanna participate in this and share data amongst ourselves, knowing full well that it only ever will be used for front interdiction or preventing these known actors from propagating the same attacks somewhere else.” Talk a little bit, Dan, about the expansion of the consortium from financial services and where we think that might wind up going.
Dan: Well, beyond financial services, there’s also other agencies and other joint ventures, if you will, by the banks and I’m forgetting the acronym right now, but it’s something like NFSTA or many letters like that, that basically exist to help these organizations cooperate and then take the next step into law enforcement.
Frank: Yes. That’s right. It’s very neat. I think there’s enough people realizing, we’ve always said here at ThreatMetrix that it takes a network to fight a network.
Frank: I think people are realizing it does take network to fight a network and I wanna be part of that, right?
Dan: Well, because there’s criminal consortiums.
Frank: That’s right. That’s exactly right. Swimming around so they can have a consortium model. One of the other interesting things, as you think about the deployment of our technology, has been the ability this year to bring physical attribution and digital attribution together. And this marks almost our first anniversary since the acquisition and there’s been a really concerted effort to say, how do we take the power of anonymous digital identities across the 1.6 billion or so identities that we have and inform them with very powerful physical attribution. How was your team seeing those two worlds coming together between our digital and identity issues and the physical world that Lexis brings to the table?
Dan: Well, first off, our client could elect to augment their data with Lexis data but they could go further and augment the digital identity with that physical data, which will allow them to get a much higher match rate on the personas and do much more data science off of that.
Frank: That’s right. Yeah. One of the interesting examples I like to use is imagine you’re a peer to peer lender and Frank shows up to apply for a loan and Frank’s digital identity is pristine but Frank’s digital identity is not predictive of credit worthiness. It simply means that Frank’s a good internet citizen, we’ve seen him operating within the bands of what’s normal behavior on the internet and yet, Frank’s applying for a $250,000 loan. And a quarter of a million bucks is enough for people to say, “Hey, is this guy gonna pay it back?” And I think the idea of being able to say in that same transaction workflow, his digital identity is great, we know who he is, we know how he behaves, we know a lot about Frank in terms of his digital identity and his behavior on the internet, and oh, by the way, we now have the ability to reach out to a record and say, “He’s also credit worthy. He’s never declared bankruptcy, he’s never missed a loan, his appropriate scores are where they are” and I think it’s really interesting in that same kind of context of an anonymous workflow, to be able to validate not just the risk of allowing the transaction to proceed, but also enriching it with ideas like, is there a credit worthy element to this individual? Are you seeing that kind of power manifesting itself, probably not yet, but sometime in the near future?
Dan: Yeah, I can see it. I haven’t seen it. One thing that you made me think about, about not only cross-organization but cross-industry is, in some of these investigations that we’ve done, we’ve noticed that people are very active in retail or other industries, not just attacks on banks.
Dan: So we might see them at three or four different banking institutions but also at a auction site.
Frank: Yeah, that’s right. I think the reality is most of the folks that we at deal with and here within the company are opportunistic. You know, wherever the point of least resistance is, I’m gonna try to take advantage of that. One of the interesting things, Dan, that we talked about getting ready for the digital episode, was this notion of champion/challenger. And one of the realities of how difficult it is in mid-flight, to assess whether or not you have the most efficient and proper deployment of a rule set. Talk a little bit about a champion/challenger in our opportunities this year.
Dan: First, it’s one of the most popular features that we’ve ever launched. Customers love it. As a former technologist, I would have loved it because one of the biggest challenges I had was developing a pristine sandbox, perhaps comprised of prior periods that I could rerun. But then curating that data to make sure it covers enough of types of examples and that the dates are current and so forth became difficult. So it was always a challenge to make sure that our sandbox environment had the right efficacy. Now we can put the production role and the challenger role in production at the same time and over time measure the efficacy of the rule and then you can decide whether or not to swap the two and say, “Now, I’m gonna put my challenger rule into production and develop a new challenger rule.” So it’s extraordinarily popular and it solves a big problem.
Frank: Yeah, here is the thing, one, it eliminates disruption. I’ve got a rule set I know works, it is a rule set that might be better and it’s being informed by real data. It’s not data in a sandbox, like you said, that we’re making up, it’s actually real data. And two, it really speaks to this theme we have this year of really empowering the network. I now have the opportunity to have these two streams work together, assess in real time and also looking back over history and saying, “Well, what did rule A catch and what did rule B catch?” And then, as you said, decide in mid-flight to say, “You know what, I think rule B is a far better rule and I’m gonna implement it.”
Dan: And as I think about it, I once worked on a charge authorization program for a large company and their sandbox testing was always suspect about management because they said, “Well, is that truly representative of the production?” When we did this sort of simultaneous testing approach at that level, they could literally see the ROI of going with the challenger rule. So we’re in that exact same mode now where we can say, “There is no difference in the data that’s being examined and we can clearly see that the results are better.”
Frank: Yeah. It’s fantastic. If you think of really this year being the year of machine learning for us and really empowering the machines of these co-existing kind of features like champion/challenger that allow us to better, as you said, indicate the efficacy of a rule set. And really, at the exciting coming together of physical and digital attribution, I think the reality for our team together and for our customer base is we have an exciting set of features this year that are really gonna be powerful but one of the most interesting things that we do, and it’s really a testament to your leadership in that group, is we’re big on talking about centers of excellence and best practices and one of the things that I think is really interesting about a global services group is you really are touching customers in all industries across all kinds of moments in their maturity and being able to bring that together to establish the best practice by vertical or by industry. Talk a little bit about how that process of thought leadership and really helping our customers determine where they wanna go has been helpful across the spectrum of nascent customers to more mature and established customers.
Dan: Well, first of all, we can see the developmental pattern of customers that are earlier in their life cycle with us so we know what’s gonna happen over time. We also are big on global communications so we’re sharing best practices across borders as a routine thing. We have a global PMO, that global PMO’s function is to pull these best practices back and forth. And we often, based on skills and ability, assign people cross-border, so there may be a guy in London working on implementation in Singapore, because he’s that good at what he does.
Frank: Yeah. Yeah. That cross-pollination is very interesting. Under the theory of predictions for 2019, to pivot quickly, what do you think are the top two predictions in your mind that we’ll see throughout the network this year?
Dan: Well, maybe by saying it, I could make it true. I think one of the things I’m most excited about is self-service machine learning. We’ve been able to work at it with the professional services organization to provide that service for our customers but we want to take the next step and allow them to be self-service and we think that we’ll see a lot of innovation there as a result. And then, I did kind of say it before, but the consortium functionality, I know sets of customers that are very excited about it. And at first, you’d say, “Well, hey, what if one company in a consortium is a little bit more productive than another, is that unfair?” But in talking with the customers, they say, “The one thing we don’t feel competitive about is stopping crime.”
Frank: Yeah. That’s right. Yeah, there’s a partnership there that’s natural. There’s no competitive tension. A couple predictions from my end. Network traffic is going very strongly towards mobile. Almost 60% of our traffic this year was mobile. I think we’ll see an acceleration of that in 2019. And then equally importantly, in the mobile world and in the kind of mobile first world, the tension between customer experience and cybersecurity and fraud prevention, how we work on applying friction at the right places in the workflow and decisioning workflow because customers want to get out quickly, wanna be recognized and at the same time, are accustomed to friction where it’s appropriate. And I think that scenario where your group really does touch the use cases that closely, where someone might say, Hey, Frank, returning to an e-commerce site, I should know it’s Frank, but at the same time, Frank is suddenly changing his profile page, it’s some anomalous behavior and I should step him up or challenge him or apply friction at that point. So, a couple predictions there.
Dan: Do we have time for a few comments on those?
Frank: Yes, go.
Dan: One of them is that a U.S. phenomenon, I think, is moving towards mobile but in many parts of the world, we’ve already seen that-
Frank: Strongly mobile, that’s right.
Dan: because it’s kind of a demographic thing in the US too, because I might be more prone to use my laptop but my son uses his mobile device exclusively.
Frank: That’s right.
Dan: So his whole relationship with his bank is all on his phone or tablet. And I don’t even think he has a laptop, come to think of it. The other thing that you were touching on before about the synergies of the acquisition and the combination of physical data and digital identities is cool but also the product line that’s come into our world as a result of the acquisition, we have more of a full suite that we can bring to bear, and so it’s not a collection of two or three point solutions, it’s all part of our fraud and identity suite.
Frank: Yeah, the fraud and identity catalog is incredibly rich. And I think we do have a comprehensive approach to address the issues that our customers are dealing with. So folks, there you have it. Dan Welch, you can tell, deep subject matter expert, fantastic leader in that group and really global, I mean, we’ve got amazing folks all over the world, serving your needs and current customers and prospects as well. So, Dan, pleasure, thanks for taking the time.
Dan: Thank you.
Frank: Thank you.