Fraud Prevention in Payments: Through the User Journey - Ofer Golan, Wix
Fighting Fraud on the Front Lines: Krista Williams, Senior Fraud Manager
As Senior Manager of Fraud and Chargeback Operations at a leading ticketing website, Krista Williams has seen online fraud attacks developing in “fast and furious” mode as fraudsters constantly evolve new attacks and tools and try them out against the tempting target of digital goods.
Her experience in e-commerce and also in the insurance industry has persuaded her that the best way for fraud fighters to take an effective stand against the fraudsters is to work together with one another across companies, as well as with colleagues in other departments and other companies in the intricate world of payments.
Thanks for joining us, Krista! It’s great to talk to someone with experience of such varied industries — ticketing, travel, insurance, financial services. What’s so interesting is that they’re all high risk industries. What’s the main thing you’ve learned from all this experience?
I’ve learned that the constant, no matter the industry, is customer experience. That’s at the forefront of the job, for me.
You don’t want to be so focused on stopping loss through fraud that you enable loss through lost business — false positives, friction that annoyed customers so much that they left, etc. That’s what resonated with me about Identiq — that you were focused on identifying good customers, so that their transactional path can be smooth.
Right, finding the right balance between stopping fraud and supporting great customer experience is such a difficult task. Probably the greatest challenge of fighting fraud. How do you help the teams you’ve managed deal with that?
The truth is that fraud prevention is always a high pressure role. I mean, I started off in US insurance and benefits, where it was real life or death stuff — Can you afford this brain surgery? — so everything else, since then, has been easy by comparison, and that’s a valuable perspective to have. I do try to share that with my teams.
But even with that in mind, being a fraud fighter isn’t easy. You’re always reacting to the next scheme. It’s get it right, right away — or lose out. That’s why I think it’s so important to focus on helping the good customers, so that you can see how you’re contributing in a positive way, as well as preventing negative outcomes from occurring.
It’s the same when you’re training a new fraud analyst. It can feel a little dark, explaining that you need them to think like a criminal, or get creative about how to find more information to give greater clarity about a case. So you need to keep it light as well — tell teams to think like they’re creeping an ex, for example!
It’s so important for the team to feel good about what they do, because it’s a hard job, and because performance is often primarily judged by how much loss a team member has let through. You need to give them a more positive perspective — and also educate upper management so that they understand the bigger picture as well. All of that is part of my job as a manager. It’s not just about stopping fraud.
So collaboration with other departments is an important part of your profession?
Absolutely, but you have to phrase it right — so you’re not stepping on anyone’s toes, implying they’re doing it wrong. Fraud isn’t something everyone wants to be aware of. It’s a slow and tactful educational process, to help other departments to see how your work impacts theirs, and vice versa, and how you can do better together if you sync regularly and try to think of the ways your decisions impact each other.
Fundamentally, it’s all about customer experience, and you have to help people see that. It’s better to explain from that angle anyway, because if you talk about a cost center, then you’re more likely to be back of line in people’s priorities. So you have to plug customer experience. But sometimes they won’t see the red flags until something goes wrong. Of course, when that happens, you have to be ready to jump on it as an opportunity to educate, and to change things for the future.
What really matters is developing a good relationship, where everyone feels like they’re working towards the same goals, even if their focus is different. Good relationships and trust is crucial — otherwise they won’t listen, no matter how convincing your numbers are.
You’ve worked with credit card issuers and merchant banks to discuss trends and formulate best practices for implementation. Would you say a similar trust-based relationship is relevant there as well?
It’s totally trust-based. Keep in mind, this is a partnership, on both sides. We need the banks and the issuers, for sure — merchants couldn’t function without those connections. But in reality they need us just as much, especially when you can work as a group with other companies who want the same things as you. So you have to try to create a relationship where everyone understands how important all the players are, and wants to work together to get the best result for everyone.
If you manage to create a strong connection, then it’s invaluable in really stressful situations — like chargebacks in the pandemic, when customer behavior was changing, and merchant policies were changing, and even regulations were changing — to adapt to what documentation was needed, for instance.
In that kind of situation you desperately need everyone involved on the payments and fraud side to share a mentality that it’s not us versus them, it’s collaborative. Fortunately I had those relationships, and I was impressed by and grateful for the way different parts of the payments process were willing to discuss what was going on, work to make sure other people knew the situation, and find a resolution that could work for everyone.
You’ve worked in so many industries where fraudsters famously specialize, targeting lots of companies in the same industry. Have you ever been able to leverage that to “gang up” on the fraudsters with fraud fighters from other companies?
I’ve always wanted to, because it obviously makes sense. And I’ve been feeling that even more strongly recently, with the growth of friendly fraud. But the answer has always been that you’re not allowed to, except in very narrow ways, because of privacy. Canada takes data privacy very seriously, and that’s something that I have to respect.
Of course that was exciting when I heard about Identiq — that there are these new technologies which mean you can leverage other companies’ data, without ever actually sharing any. It’s early days for this tech, but I’m really interested to see where it goes. I don’t think I’m the only one who’s been wanting to collaborate for a long time already!
I think collaboration is more crucial now than ever. Bad actors are harder to identify — fraudsters are outsourcing parts of the process, with the newly developing fraud gig economy. It makes it so easy for them to fake profiles, or use a multitude of real ones, leverage real people all over the world who need the money too much to think too carefully about what they’re contributing to… When fraudsters are leveraging real users who are actually working with them, it’s so difficult to catch them. But we have to. I don’t see it happening without collaboration.
You can’t cure fraud, but you can deter it — if you collaborate.
The changes over the last year have certainly made things challenging for a lot of fraud fighters. Is there one trend you think is likely to make waves which people haven’t really noticed yet?
Anti-money laundering. Merchants haven’t started thinking in that direction yet, because it hasn’t typically been part of their remit, but since I come from a financial institution mindset, it’s always in the back of my mind, and recently I’ve seen the risk increase tremendously. Fraudsters aren’t just going for banks or even large marketplaces anymore — now anything that stands in as money, which a fraudsters can easily resell, can be part of a money laundering scheme, from gift cards to vouchers to loyalty points.
Fraudsters are always ahead of the game. It’s their job. They look for every loophole they can find, and when they find it, they blow it wide open. They’ve found this one, but many merchants aren’t aware of it yet.
The problem is, what fraud teams need right now, more than anything, is just time, to breathe and evaluate their fraud strategy. Things changed so fast over the last year, and teams just had to react. Now is the time to look back at what changed, and how your systems adapted, and work out where the vulnerabilities are and what needs to happen next. But finding the time to do that is hard for a lot of companies because things are still moving fast.
I think managers need to be very aware that a lot of teams are facing burnout right now, and take steps to mitigate that. Your team is your best and most powerful resource. You can’t afford to have them compromised — you need to look after them. And you need to invest in tools and technologies that can help your team with the new challenges they face.
Looking beyond right now, then, since you’re right that this period is uniquely challenging — where do you see things headed over the next five years?
In fraud, I think we need to be aware of the growth of friendly fraud. Between the gig economy and the sheer financial hardship many people are now facing, fraud prevention professionals need to be more aware that normal, real customers are looking at their own budgeting and spending during these challenging times and experience more buyer’s remorse over their previous purchases. Of course, sometimes it’s easy to fight, like a chargeback that comes for a concert ticket when the customer posted photos of themselves at the concert, but unfortunately it’s not always that easy.
Looking at the bigger picture, I see more emphasis being placed on fraud fighting generally now, in organizations. It’s becoming a selling point, for a company to have a great anti-fraud effort — both the customer experience piece of the puzzle, and also the fact that companies want to be able to assure customers that their accounts and the details they’ve saved with the merchant are protected. I see that becoming an even bigger deal over the next five years. So I see fraud becoming more integrated into the rest of the company, working with marketing, sales, customer service, product, and so on, so that all aspects of the customer journey are protected.
The other thing I really see developing over the next five years is more sharing of best practices — and more sharing of data, within privacy limitations. What Identiq is doing is really important — to find a way for merchants to band together to leverage the attributes in a way that doesn’t expose anything personal, but allows the fraud team to verify good customers, and identify bad ones.
If you were asked to give one piece of advice to someone just starting out in fraud prevention, what would you tell them?
But do it with both possibilities in mind — it could be fraud, but also maybe this is a good customer, who lost their way in the sales process. Don’t assume fraud just because looking for fraud is your job. And never assume that because you’ve seen something correlated with fraud before that it’ll always be that way. Fraudsters adapt all the time, fast. There’s no one pattern you can look for. You need to stay flexible, to keep up with them.
On the other hand, remember — Nothing is as it seems online!
This blog post is part of our Fighting Fraud on the Front Lines series, bringing the expertise and experience of veteran fraud fighters to a wider audience. Identiq is all about collaboration, and we firmly believe that the more we pool our knowledge (though not our data!) the stronger we become as an industry.
Do you have something burning to share with the community? Or do you know someone who has a lot of fraud prevention wisdom to share? Reach out to us!
What’s a Rich Text element?
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
Static and dynamic content editing
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
How to customize formatting for each rich text
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Identiq is SOC2 Type II Certified - and Constantly Committed to More Than Compliance
Fraudology Podcast: Karisse Hendrick Discusses the Holy Grail of Fraud Prevention