Fraud Prevention in Payments: Through the User Journey - Ofer Golan, Wix
An International Approach to Fraud Prevention - Elena Michaeli, Shutterstock
I’ve worked in fraud analysis in e-commerce, in P2P payments, in banking, and even a media chat platform. All of those fields had their own differences, and each was fascinating in its own way. But the differences between those industries pale into insignificance, compared to the difference in approaches I’ve seen between fraud teams in two different countries.
I’m always willing to learn and expect to see different points of view, but I was surprised to find such disparity. What I’ve found is that we could all benefit from a more international approach. And there’s one big thing which, if we all worked together to change, could have the biggest impact of all.
What I Love About the American Approach #1: Customer Experience
American companies are based around the customer. You feel it at work, in KPIs and in meetings, but also everywhere in the industry. Live events, keynotes, webinars, you name it. Customer experience is king.
This is great generally speaking, but it’s also very challenging from the fraud prevention perspective. Fraud fighters are naturally geared towards, well, fighting fraud. We aim to block fraud, catch fraudsters, prevent chargebacks. It’s practically in our DNA.
The emphasis on customer experience in US companies is really valuable, because it acts as a constant balancing force so that fraud teams always consider the impact of their system on the customer. We have to think: This change might improve our accuracy slightly, but it would have a dramatic negative impact on customer experience — so is it worth it? Maybe not.
I’ve found it also makes American fraud prevention teams more focused on trying to identify false positives — and find ways to stop them happening in future. That’s a big win for customer experience but also for fraud analysis — over time, you make your system far more accurate that way.
What I Love About the American Approach #2: Respectful Environment
The other thing I’ve noticed is that the calmer, slightly more formal and respectful American culture leads to an atmosphere where more people are willing to share ideas. As a fraud fighter I’ve learned that everything is connected, and that fraudsters evolve extremely quickly, so having more voices suggest possible new trends or approaches is helpful.
I do love the higher levels of passion and energy you get in some international companies, but it can sometimes overwhelm quieter voices, and when that happens, in the end we all lose out.
What Makes The Israeli Approach Work #1: Cybersecurity
The start of my career was all in Israel. There are 320 multinational companies active in Israel, of which more than 300 have R&D activities across 360 different offices — not to mention more than 6600 startups, and 225 hubs, including accelerators and entrepreneurship programs. As you can imagine, all this makes working in “The Startup Nation” often a wild ride, with new companies and technologies popping up all the time.
In Israel, at least in my experience, there’s always a close connection between the fraud prevention team and the cybersecurity team, which usually work jointly in the security department. You can even see it in the org chart, sometimes; likely, both teams report to the same place, whereas in the US, fraud might come under Finance or Legal or Product or even Marketing. In which case, you might lose the power of fraud and cybersecurity joining forces under one larger umbrella: Security.
The relationship between fighting fraud and fighting other forms of cybercrime is tight — often, you see the same groups operating across different types of crime, and similar trends and even techniques. The criminals don’t make the distinction; so nor should we.
I’m lucky to be working at a rare exception to this rule — at Shutterstock, US. This unique synthesis is known and respected, and made a part of how we work. I would love to see this become more of a norm in other American companies as well.
From my perspective, it just makes sense. You want an ideal customer experience, right? Customers want to feel safe.
What Makes The Israeli Approach Work #2: Tailoring and Vision
In my experience, if Israelis have something in mind, they want it. And they’ll build it internally if it doesn’t exist in the market yet.
In Israel, where possible, companies prefer to build an in-house system. They’re happy to use external tools or resources, but they’ll choose carefully how to incorporate those into their own system, in ways that mean they still feel in control, and confident that they’re benefiting from those extra tools in the right ways for them.
In the US, companies are much more likely to go for something ready-made and try to tweak it to their needs. I do see the appeal here — certainly, when you’re starting out, it’s much faster — but in the long-term I think you end up with something that isn’t as tightly tailored to you and your needs.
It feels easier to have a system run by someone else, but your company is unique; no one will ever know it as well as you do. Over time, you’ll develop the shrewdest sense for when things are changing — or even for when something just doesn’t look right.
Small example — I’m trilingual, so I’m very sensitive to differences in language and how people use it. I’ve found ways to incorporate what I’ve analyzed into the in-house systems I’ve worked with. You don’t get that from a third party.
You also don’t have the same level of control; Do you have updates in place to reflect the sale you’re having next week? Is that new tool being promoted one that’s really relevant for you? Is the data safe? Where’s it going? Where might it be used in future, once it’s out of your hands?
In my experience manual review, filtered by manual rules, is much better, even for huge numbers of transactions, when you have more control over your own system. You know where the changes are likely to be needed, and you can make them right away, on the fly, when you need them. There’s no negotiation or lag. You can adjust to fit your needs as a team.
What No One Gets Right Yet: Collaboration
The main place I feel that both Israeli and American companies have a long way to go is collaboration — both between companies, and between the departments in our own companies.
Fraud prevention is often thought of as running by itself in the background. Our job is to stop fraud, so that shouldn’t be anyone else’s problem, right? So wrong.
Compartmentalization must exist as the fraud team handles very sensitive data, information and analysis that shouldn’t be shared with any other department beyond what’s really necessary. That’s even more true of the conclusions you draw from the analyses: We don’t want anyone (unknowingly) to share by chance our findings with possible fraudsters. But outside those limitations, collaboration is crucial.
- Fraud prevention needs a close relationship with Marketing — otherwise, just for one example, we might block people from your new campaign because they’re coming from a new geography in a suspicious wave, or because you were targeting a population who are notably high risk.
- We need a working relationship with Sales, or that great offer they’re pushing might backfire when the fraud rules shut it down because we weren’t in the loop.
- Also with Product — otherwise changes to the UX the customer sees might cause changes to the platform that make it possible for users to do something they shouldn’t, or could cause changes in user behavior that throws off our models, causing false positives — which is the opposite to the experience you intended to give users.
- With IT — the sneakiest fraud case I ever solved was one that looked fine on the surface. I only started digging because of that elusive feeling that “something smells wrong. ”It turned out that the fraudsters were leveraging a loophole created by a software update we didn’t even know about.
- Even with Legal — now that there’s so much data privacy legislation around, you need to know you’re covered regarding how you use data, and that you’ll be able to react to any data requests you receive through GDPR or CCPA in an appropriate way. And data is so valuable to a fraud team — you need to be able to get as much information about your users as possible, so that you know them well and can give them the best customer experience possible.
And so on.
Collaboration with other companies has been limited until now, partly because it’s hard for people to be totally frank with each other, and to put their egos aside for the common good, especially if things are challenging. Partly because until the providerless trend, directly comparing data wasn’t an option since obviously no one wanted to share data with a potential competitor. It will be interesting to see if that changes, and I’ll be keeping an eye on it.
Conclusion: Learn from Each Other
I’ve always had a data-first mindset, even in my private life, and it impacts everything — even my desire to fact-check details in casual conversation. But even so, I couldn’t have reached this point in my career alone. I feel really lucky that I’ve been able to thrive in my career by learning from great and constructive managers, leaders and colleagues in every company I’ve worked in. And they’ve taught me — learn from everywhere and check the data (never accept assumptions!).
We often restrict learning to our own small circle. But there’s so much I’ve gained from experiencing the way fraud prevention works in two very different (yet sometimes so similar!) countries.
I think, for fraud leaders and analysts who are open-minded enough to really think it through, and honest enough to admit that no one has found the perfect approach yet, we could all benefit so much from sharing what works, and what doesn’t, and working out how we could all do it better.
- Israelis — Think about the customer, and Listen to each other.
- Americans — Leverage a relationship with your Cybersecurity team, and Tailor tightly. More than that, if your fraud team have a Vision, enable them to develop and support it.
- Everyone — Collaborate. More. Better. Deeper. Together.
Elena Michaeli has been working in fraud analysis for more than seven years. Before Shutterstock, she was Senior Fraud Analyst at Pepper, leading fraud investigations for the digital bank and its P2P application, putting her in the front line against innovative fraud tactics. Her experience spans working in banking, ecommerce, cybersecurity and media chat and this diversity has been very valuable in enabling her to build up a broad understanding of online fraud in all its forms.
This blog post is part of our Fighting Fraud on the Front Lines series, bringing the expertise and experience of veteran fraud fighters to a wider audience. Identiq is all about collaboration, and we firmly believe that the more we pool our knowledge (though not our data!) the stronger we become as an industry.
Do you have something burning to share with the community? Or do you know someone who has a lot of fraud prevention wisdom to share? Reach out to us!
What’s a Rich Text element?
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
Static and dynamic content editing
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
How to customize formatting for each rich text
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Identiq is SOC2 Type II Certified - and Constantly Committed to More Than Compliance
Fraudology Podcast: Karisse Hendrick Discusses the Holy Grail of Fraud Prevention