May 10, 2023
Combating Fraud Attacks In Banking
Fraud is on the rise — bad news for banks and customers alike. In today’s digital world, criminals have more tools at their disposal than ever before. And financial institutions, government and consumers all have a part in defeating them. In this...
Fraud is on the rise — bad news for banks and customers alike.
In today’s digital world, criminals have more tools at their disposal than ever before. And financial institutions, government and consumers all have a part in defeating them.
In this episode, Rakesh Mirajkar, Head of Consumer Bank Fraud and AML and Managing Vice President at Capital One joins the show to examine the multi-pronged approach that countering bank fraud requires and how individual organizations can play their part.
We discuss:
- The resurgence of fraud post-pandemic and the impact of digital activity
- New fraud scams
- Why consumer engagement and education plays a critical role in mitigating fraud risk
- The future of fraud-risk controls
WEBVTT
1
00:00:02.879 --> 00:00:07.799
You're listening to Leaders and Lending from
Upstart, a podcast dedicated to helping consumer
2
00:00:07.879 --> 00:00:13.519
lenders grow their programs and improve their
product offerings. Each week, here decision
3
00:00:13.519 --> 00:00:17.719
makers in the finance industry offer insights
into the future of the lending industry,
4
00:00:18.039 --> 00:00:22.839
best practices around digital transformation, and
more. Let's get into the show.
5
00:00:23.399 --> 00:00:26.280
Welcome to Leaders and Lending. I'm
your host, Jeff Keltner. This week,
6
00:00:26.280 --> 00:00:31.120
I'm joined by Raksh mirage Car from
Capital One and also from the CBA
7
00:00:31.160 --> 00:00:34.679
Fraud Committee. So we're going to
talk about I'm not no bade and switching.
8
00:00:34.679 --> 00:00:38.920
We're talking about fraud and talking about
fraud because I want to start.
9
00:00:38.920 --> 00:00:42.320
You know, you help lead the
CBS Committee on Fraud. What's the topics
10
00:00:42.320 --> 00:00:44.479
that are top of mind for the
committee this year? Imagine it's it's a
11
00:00:44.479 --> 00:00:48.159
pretty interesting time in the fraud space
because there's so much turbulence in the market,
12
00:00:48.200 --> 00:00:52.640
overall interest times, fils a little
thank you fund inviting thank you for
13
00:00:52.679 --> 00:00:57.119
joining us. So if I think
a lot of the most prominent falcakes that
14
00:00:57.159 --> 00:01:00.079
could we have been discussing in the
Fraud Committee. We have seen a very
15
00:01:00.119 --> 00:01:06.159
big resurgence of our So when we
went into the pandemic. The banking industry
16
00:01:06.200 --> 00:01:11.680
saw substantial death infraduct to me,
really, and that was because fraudusters were
17
00:01:11.680 --> 00:01:17.239
attracted by all the government funds that
were available. Their whole focus was on
18
00:01:17.359 --> 00:01:23.599
PPPE, stimulus checks free and stimulus
checks and anything, and then that money
19
00:01:23.719 --> 00:01:26.879
right up. And we always knew
that they're going to come back at every
20
00:01:26.920 --> 00:01:32.680
financial the stations, and they did, and it was very The pace at
21
00:01:32.719 --> 00:01:38.239
which they came back was insignificant.
The other thing that happened during that transition
22
00:01:38.719 --> 00:01:44.319
is as an industry, we went
and adopted a lot of digital ways of
23
00:01:44.400 --> 00:01:51.159
contracting, so consumers were transacting more
and more, not in person but digital,
24
00:01:51.359 --> 00:01:55.439
and that's always an area where frousters
like because they're not going to be
25
00:01:55.599 --> 00:01:59.879
required to be in person. So
those two things happened that they wanted to
26
00:02:00.120 --> 00:02:04.599
back and find a new avenue,
and we had opened up and created a
27
00:02:04.599 --> 00:02:08.360
lot of features that are digitally available, and so it created a perfect environment
28
00:02:08.439 --> 00:02:13.919
for them to come. So we've
seen a lot of fraud and lots of
29
00:02:13.960 --> 00:02:19.759
different ways. Just a heard thing
that had happened along these waves. Imagine
30
00:02:20.919 --> 00:02:29.319
that everybody started to work from Homeziba
started doing digital activity. Consumer data was
31
00:02:30.400 --> 00:02:36.240
more large scale, compromised across lots
of different institutions. So now frosters have
32
00:02:36.360 --> 00:02:42.800
this amazing set of cleaned ristine data
that they carried against the financial stations.
33
00:02:43.560 --> 00:02:49.039
So we saw fraud at scale.
We saw a lot of fought activity.
34
00:02:49.800 --> 00:02:53.240
They saw a lot of week en
identities come through the rules. As an
35
00:02:53.240 --> 00:03:00.199
industry, not a lot of banks
have very sophisticated defenses, so they were
36
00:03:00.199 --> 00:03:07.120
able to recognize it prevented. But
it's a nuisance factor constantly getting targeted and
37
00:03:07.199 --> 00:03:10.120
attacked on lots of different ways,
and I know some of the banks had
38
00:03:10.159 --> 00:03:15.639
to rearly up their game move from
badge defenses to real time defenses and all
39
00:03:15.680 --> 00:03:23.479
those ignorant happen. We saw also
activity that we considered as traditional fraud.
40
00:03:23.120 --> 00:03:29.680
Checks fraud were like the old school
the old schools where me saw the check
41
00:03:29.759 --> 00:03:35.039
fraud because a lot of stolen mail
and for us to picking up the check
42
00:03:35.120 --> 00:03:38.240
from the mail and then making a
connossy and then trying to call that at
43
00:03:38.280 --> 00:03:45.479
scale. And then we saw obviously
some interesting fraud in the digital space.
44
00:03:45.919 --> 00:03:51.000
We opened up digital, consumer started
adopting digital and yeah, so that's what
45
00:03:51.199 --> 00:03:55.759
the fraud isn't going to go because
it's real time, it's instant, and
46
00:03:55.919 --> 00:04:00.800
we did see that. And then
the last thing I would say, which
47
00:04:00.840 --> 00:04:04.919
I think you have hold a lot
in the industry is emergence or scams.
48
00:04:05.639 --> 00:04:14.759
So as as the fraud community realized
that banks have built really sophisticated signals and
49
00:04:14.840 --> 00:04:19.360
defenses, so instead of coming against
and trying to find gaps, they still
50
00:04:19.399 --> 00:04:25.920
do that in the bank's architecture,
they started going and compromising the customers.
51
00:04:26.399 --> 00:04:30.560
So a lot of impersonation, yeah, the weaker, the weaker link in
52
00:04:30.600 --> 00:04:34.360
the chain, so to speak,
and the social engineering. We saw a
53
00:04:34.360 --> 00:04:39.959
lot of that has come up and
they preclanding to be either the banks,
54
00:04:40.000 --> 00:04:45.079
of government agencies or whatnot. And
so scam is through the roof as as
55
00:04:45.120 --> 00:04:47.560
an industry. Are these like real
shifts from what you were seeing pre pandemic
56
00:04:47.600 --> 00:04:50.160
when you said, it's kind of
fascinating me that the fraud kind of dial
57
00:04:50.480 --> 00:04:55.680
there was easier money to cheat for
and so you targets of opportunity, right,
58
00:04:55.720 --> 00:04:57.759
and then it comes back. But
when it came back, are these
59
00:04:57.800 --> 00:05:00.000
like different trends and you were seeing
before it looks similar to what was happening
60
00:05:00.360 --> 00:05:03.480
in twenty nineteen twenty eighteen. In
terms of the kinds of fraud, they
61
00:05:03.519 --> 00:05:10.439
are most prevalent. I think the
difference that we found was it's most automated
62
00:05:11.560 --> 00:05:18.639
ZACT scale. The piece of the
fraud activity is tremendous. So what they're
63
00:05:18.639 --> 00:05:26.800
trying to do is open act scale
thousands and vidions of accounts and financial institutions,
64
00:05:27.439 --> 00:05:30.399
and then as they open it,
they wanted to try and make fud.
65
00:05:30.759 --> 00:05:32.439
Yeah, they're trying to nink accounts, they're trying to move money.
66
00:05:32.920 --> 00:05:38.120
So the base at which this is
moving has really on a One of the
67
00:05:38.120 --> 00:05:41.439
trends we noticed in our systems.
I'm curious if you've seen this more broadly,
68
00:05:41.560 --> 00:05:46.759
is a slow kind of I'll call
it almost probing, and then there's
69
00:05:46.759 --> 00:05:48.519
like, okay, we're trying little
things, and then when we can figure
70
00:05:48.560 --> 00:05:50.920
out the playbook, like if I
do this and then this and then this
71
00:05:51.000 --> 00:05:55.399
and then this and then this and
this and this very specific to our institution,
72
00:05:55.680 --> 00:05:58.680
then all of a sudden, band
there's like one hundred thousand people.
73
00:05:58.680 --> 00:06:00.839
It's like we found a little hole
and we're a jam as much fraud through
74
00:06:00.839 --> 00:06:03.959
that hole as we can until that
I think the expectations of it will be
75
00:06:03.959 --> 00:06:06.720
closed relatively rapidly. But it's like, oh, we find a little hole
76
00:06:08.079 --> 00:06:10.639
we got to then then all of
a sudden, just like how are there
77
00:06:10.680 --> 00:06:14.319
a hundred thousand applications an hour from
like des Moine? Like that doesn't it
78
00:06:14.439 --> 00:06:16.279
doesn't make any sense. And we
see a lot of things to National CAFIC
79
00:06:16.360 --> 00:06:25.319
come so IP addresses that are not
US based IPS or the glue outside and
80
00:06:25.319 --> 00:06:28.920
when the banks amize that and they
are putting controls, they picked the switch
81
00:06:28.959 --> 00:06:32.839
to IP addresses studifferent locations. So
yeah, the scale of sophistication has gone
82
00:06:32.879 --> 00:06:35.720
up. Yeah. The thing that
surprised me most when we saw shifting of
83
00:06:35.800 --> 00:06:41.519
IP addresses was shifting to even residential
network blocks where either were talking about you
84
00:06:41.560 --> 00:06:45.959
know, Comcast households and whatever in
midwestern city and you went, oh my
85
00:06:45.959 --> 00:06:47.879
god, like that's not even like
a big server IPEd block or something.
86
00:06:47.920 --> 00:06:53.319
It's like, it's very very hard
to distinguish those kind of IP addresses from
87
00:06:53.319 --> 00:06:57.600
normal ones. I agree, And
then I think the interesting thing that was
88
00:06:57.639 --> 00:07:01.319
different from bad one was scans as
a very different thing. We haven't seen
89
00:07:01.319 --> 00:07:05.319
the scale all the scams. What
kind of scams are you seeing like,
90
00:07:05.360 --> 00:07:11.759
what's the typical tack look like in
that space? Good question. So the
91
00:07:11.759 --> 00:07:16.000
new ones that we have started seeing
is because online marketplaces I've explored, they
92
00:07:16.079 --> 00:07:20.920
tried to be pretend to be sellers. So more than one puppy scans or
93
00:07:21.040 --> 00:07:27.079
concert ticket scans. Did your tailor
swift tickets over in the swifty shiites again,
94
00:07:27.959 --> 00:07:31.160
so you think that you're actually paying
were to somebody legitimate that you will
95
00:07:31.199 --> 00:07:36.720
get this really nice cute puppy with
all the pictures and everything is very clear,
96
00:07:36.839 --> 00:07:42.160
and you send three thousand dollars to
somebody and Okay, it's no show.
97
00:07:42.439 --> 00:07:46.800
Yeah, so that has definitely gone
up. The concert tickets is the
98
00:07:46.839 --> 00:07:51.560
same thing. So there is that
level of scams that's happening. And then
99
00:07:51.600 --> 00:08:00.360
the other one that we have seen
is typically fraudsters take advantage of the fear
100
00:08:00.680 --> 00:08:07.439
if consumers have so not of scam
that we see is taking advantage of the
101
00:08:07.519 --> 00:08:11.920
fear. So we see things such
as government scams, so they pretend to
102
00:08:13.000 --> 00:08:18.920
be from IRS or someplace. If
conversation goes as, hey, you haven't
103
00:08:18.920 --> 00:08:22.720
paid access and we're sending FPI,
it's going to be at your door in
104
00:08:22.759 --> 00:08:26.759
two hours, but you have a
were like, you can actually send money
105
00:08:26.839 --> 00:08:31.879
right now, I can take care
and prevent from happening. And it's really
106
00:08:31.879 --> 00:08:37.159
trying to pay the dynamics of whatever
is the social situation in any residence that,
107
00:08:37.360 --> 00:08:39.960
oh my god, my spouse forgot
to find the axes. I don't
108
00:08:39.960 --> 00:08:43.200
want the cops to come over and
let me go ahead and make this payment,
109
00:08:45.120 --> 00:08:50.240
and they take advantage of that.
We had a really good conversation yesterday
110
00:08:50.360 --> 00:08:58.840
around they're targeting vulnerable customers, particularly
in the adult population, and there are
111
00:08:58.840 --> 00:09:03.279
lots of different variations of that that
happens as well. Grandparent scamps is a
112
00:09:03.279 --> 00:09:09.240
classic one. So they pretend to
be your grandkids calling in saying that they're
113
00:09:09.279 --> 00:09:13.200
in trouble and couldn't send some money
to get him out of the tuble.
114
00:09:13.639 --> 00:09:18.360
Yeah, yeah, um. And
we have seen versions of I was actually
115
00:09:18.519 --> 00:09:22.919
visiting this country and they have arrested
me for something, and here's a parent
116
00:09:22.960 --> 00:09:28.480
and taking oh my god, my
parents something silly and there's a parents.
117
00:09:28.720 --> 00:09:31.879
Yeah, it was just something about
that, and they have with send money
118
00:09:33.440 --> 00:09:37.159
and the money's gone. That's interesting, you know, it's this fascinating question
119
00:09:37.159 --> 00:09:41.120
to me. When the scams shift
to the consumer, is the target,
120
00:09:41.240 --> 00:09:46.360
because there's kind of question of like
how responsible is the bank ultimately like attack
121
00:09:46.360 --> 00:09:50.519
credentials or these are often like real
customers doing real activities and you're saying,
122
00:09:50.559 --> 00:09:54.240
well, you want me to not
do what you say with your money,
123
00:09:54.399 --> 00:09:56.759
and yeah, you don't. You
want to be made whole when you're cheating
124
00:09:56.759 --> 00:10:00.240
a scam like this, and you
know, there's I think consumers if we
125
00:10:00.320 --> 00:10:03.519
had a guest on recently who was
talking about how they educated their consumers about
126
00:10:03.559 --> 00:10:07.440
some fraud and scam attacks because we
were walking into the bridge, this is
127
00:10:07.480 --> 00:10:09.240
what you told me about the scammers
on the fund right now trying to give
128
00:10:09.240 --> 00:10:11.720
my money in the bank. Was
very proud they've done that. But do
129
00:10:11.759 --> 00:10:16.039
you see a role for government or
other institutions to help on the consumer education
130
00:10:16.039 --> 00:10:20.960
side. It doesn't feel like it's
entirely the responsibility of the banks to educate
131
00:10:20.000 --> 00:10:24.320
consumers end up help prevent on that
attack factor because it's not in some real
132
00:10:24.320 --> 00:10:28.440
way attacking the bank. It's a
very different kind of thing, and it's
133
00:10:28.440 --> 00:10:33.279
such a great question. We should
all work as a community to help out
134
00:10:33.320 --> 00:10:37.320
within us. The banks definitely need
to play a role, and I'll talk
135
00:10:37.360 --> 00:10:41.600
about that developments can't very huge role
here, so they have clustered, they
136
00:10:41.600 --> 00:10:48.600
have fun they can reach moscare consumers
in affective area and it's not about one
137
00:10:48.639 --> 00:10:52.720
bank doing it, it's about the
entire community getting ready for that. We
138
00:10:52.799 --> 00:10:56.759
have seen some really effective campaigns,
particularly in the European countries. The good
139
00:10:56.879 --> 00:11:03.080
news is we have seen a lot
more awareness and interest on moment. Agency
140
00:11:03.159 --> 00:11:09.360
particularly CFPP has shown keen interest in
how they can leaning and how and they
141
00:11:09.360 --> 00:11:11.360
have budget as well, so we
hope that they actually go in the direction
142
00:11:11.399 --> 00:11:18.320
of usually effectively effectively if I look
on them. Education banks can play a
143
00:11:18.320 --> 00:11:22.840
lot of all two because consumers trust
their banks. So we have been doing
144
00:11:24.000 --> 00:11:31.000
a bunch of campaigning and consumer education
both in person in branches and for Capital
145
00:11:31.080 --> 00:11:37.080
and its cafes like also emails and
reaching consumers where they are and telling them
146
00:11:37.080 --> 00:11:41.720
about common schemes and what to watch
out for. And we see the huge
147
00:11:41.799 --> 00:11:46.720
impact of those campaigns. The other
thing that I feel is important for banks
148
00:11:46.759 --> 00:11:52.600
to do is just like you're trying
to spot fraud even if your consumer is
149
00:11:52.679 --> 00:11:56.559
making a transaction and you can recognize
that in the moment, can you tell
150
00:11:56.600 --> 00:12:03.960
the consumers that watch out for these
camps and the information right there and that
151
00:12:03.159 --> 00:12:09.440
has been extremely effective. Interesting,
he wants a tuning the transaction and then
152
00:12:09.480 --> 00:12:13.159
they pause and then you pick on
it and then you read about, oh
153
00:12:13.200 --> 00:12:16.519
my god, that's exactly what's happening
to me. Maybe I should call my
154
00:12:16.600 --> 00:12:18.600
grandson before I send the money to
get him out of prison and see if
155
00:12:18.639 --> 00:12:24.720
maybe no, Mom, I'm home, no problems exactly, that's that's so
156
00:12:24.879 --> 00:12:30.480
what a helpful figure it back way. And then of course law enforcement can
157
00:12:30.519 --> 00:12:37.559
play usual as well. Um,
some of these fraud and scam activity is
158
00:12:37.600 --> 00:12:45.320
happening internationally. Yeah, and while
it's coming from international and they're partnering with
159
00:12:45.559 --> 00:12:50.200
the law enforcement in those respective comparty
setting planning to break that cost for that
160
00:12:50.279 --> 00:12:54.039
world. But interesting, have you
seen anybody I imagine the answer this is
161
00:12:54.039 --> 00:12:56.440
no, But it comes up like
I know, and in many companies you
162
00:12:56.519 --> 00:13:03.440
get the IT security department sending seemingly
like sending the fake scam, and then
163
00:13:03.440 --> 00:13:05.240
when you click how it, they
go just so you know, yeah,
164
00:13:05.519 --> 00:13:09.240
like you failed the test and then
we got at I've always enjoyed because there's
165
00:13:09.240 --> 00:13:11.200
a little button in our system where
I could see, like I think this
166
00:13:11.200 --> 00:13:13.960
one spam and that they send you
the target test and you get it.
167
00:13:13.960 --> 00:13:16.240
They're like you will, Okay,
I call it. You can't fool me
168
00:13:16.360 --> 00:13:18.320
with this one, guys. But
I don't know if it's gone to that
169
00:13:18.399 --> 00:13:22.120
kind of shaking attacks on their consumer. It maybe too much for the consumer.
170
00:13:22.600 --> 00:13:26.320
But that maybe I don't know,
that maybe going a little too beyond.
171
00:13:26.360 --> 00:13:33.120
But um, yes'm I also get
design from d r T security.
172
00:13:33.279 --> 00:13:37.120
Yeah, but I think it is
more about the education and how you can
173
00:13:37.360 --> 00:13:41.879
engage with the consumer months. Um, So me do a bunch of campaigns
174
00:13:41.879 --> 00:13:46.840
in our cafes, um and then
we also plot every National Council of Aging
175
00:13:46.000 --> 00:13:54.360
for creating some virtue and workshops.
But chicken in the oulderly populations and they
176
00:13:54.440 --> 00:14:01.120
understand how they can be impouting them
to use tissue technologies. The other thing
177
00:14:01.159 --> 00:14:05.399
that we have observed we keep looking
at what kind of frauds are coming up,
178
00:14:07.279 --> 00:14:09.600
But this tech support scam is a
big thing. What is that?
179
00:14:09.960 --> 00:14:16.759
So consumers when they're on their computers, they suddenly get or they can get
180
00:14:16.759 --> 00:14:20.360
a phone call or an email,
but they say they give message saying hey
181
00:14:20.159 --> 00:14:24.519
we detected virus on a computer.
Some things around happening. This is Amazon
182
00:14:24.600 --> 00:14:30.639
all officially what the tech company is
callers, and then the consumer calls.
183
00:14:30.679 --> 00:14:35.799
Of course they're talking to the camera, and then the camera says pretends to
184
00:14:35.840 --> 00:14:39.000
be doing a service for them and
say that I need to get into you
185
00:14:39.600 --> 00:14:45.120
ntin it? Oh god. So
they give live access remote access of their
186
00:14:45.159 --> 00:14:48.639
computer, so a gains. All
the frausters are coming in and they're putting
187
00:14:48.679 --> 00:14:54.159
all these kind of fake analytics on
their computer saying, hey, we detected
188
00:14:54.440 --> 00:14:56.919
thousands of virus, and then they
show a ticker as if it's cleaning up
189
00:14:56.960 --> 00:15:01.879
those virus. At this point,
the emails a completely beaming that oh my
190
00:15:01.960 --> 00:15:03.879
god, that was in a bad
shave tank. God, this listener is
191
00:15:03.919 --> 00:15:09.039
helping me. And then now they
have anymore access and they get into a
192
00:15:09.399 --> 00:15:16.159
mansion organization. Stop thinking confection,
Oh now it's I mean, I just
193
00:15:16.159 --> 00:15:18.080
spent a lot of time with my
kids. If I'm like when you get
194
00:15:18.080 --> 00:15:22.000
an email, like if I get
a call from American Express, when I
195
00:15:22.000 --> 00:15:24.639
get an email from MX or Capital
wants, hey, you've got to confront
196
00:15:24.639 --> 00:15:24.720
of your card. What do you
do? You think I do this?
197
00:15:24.879 --> 00:15:28.000
You call the number in the back
of the car. You don't, yo,
198
00:15:28.399 --> 00:15:30.639
who respond to the email. You
don't call the number of the email.
199
00:15:30.679 --> 00:15:33.720
You pick up your card and go
call on this number. So just
200
00:15:33.799 --> 00:15:39.279
trying to teach the basics. I
loved your point about the real time intervention
201
00:15:39.399 --> 00:15:43.679
for scams when you can like help
someone in the momentum who's maybe about to
202
00:15:43.679 --> 00:15:46.480
complete the transaction to a scammer,
and you say, hey, have you
203
00:15:46.519 --> 00:15:50.399
thought about this or have you is
this what's happening? Um? The thing
204
00:15:50.399 --> 00:15:54.639
that occurs to me is that kind
of real time identifying of that and reacting
205
00:15:54.679 --> 00:15:58.080
to it requires quite a bit of
both data and the intelligence in terms of
206
00:15:58.200 --> 00:16:00.799
real time systems, an analysis to
see it in real time, and then
207
00:16:00.799 --> 00:16:03.480
the data to actually be able to
analyze that and look at it. There's
208
00:16:03.480 --> 00:16:07.399
a lot of bit investment in that, and I'm curious how you think about
209
00:16:07.399 --> 00:16:11.120
the investments that are being made and
the technology shifting and where the priorities are,
210
00:16:11.120 --> 00:16:14.000
because it's like that's a very sophisticated
thing to be able to do.
211
00:16:14.320 --> 00:16:15.759
But if you said, hey,
we do a batch process every night,
212
00:16:15.799 --> 00:16:19.399
so tomorrow morning, I'm going to
tell fifty people that I felt victim to
213
00:16:19.399 --> 00:16:22.960
a scam, But it doesn't help
me in the moment, how or how
214
00:16:22.960 --> 00:16:25.559
do you see people investing. What
are the recommendations you have for how you
215
00:16:25.600 --> 00:16:27.759
invest the technology to allow you to
move to kind of like that real time
216
00:16:27.840 --> 00:16:33.960
nature, because that's not that's pretty
sophisticated. Batch is completely old school avality.
217
00:16:33.960 --> 00:16:37.320
It shouldn't think about that. When
the world has more prio time,
218
00:16:37.720 --> 00:16:41.320
payments have more PRIOD time, you
have been closed and each media, and
219
00:16:41.440 --> 00:16:47.799
it's important to even internalize what careod
time really means because for some people earlier
220
00:16:47.919 --> 00:16:52.399
time could be that pretty second and
for some people to be affuming itself and
221
00:16:52.519 --> 00:16:57.320
in the world of prid time,
you and seconds matter. Yeah. Oh,
222
00:16:57.360 --> 00:17:02.360
I was talking to a coodique from
one of the banks and they were
223
00:17:02.399 --> 00:17:06.440
having some fraud issue and I was
asking them, but don't you have defenses
224
00:17:06.440 --> 00:17:10.160
that are in your time? And
her response was as reach you. But
225
00:17:10.359 --> 00:17:14.440
by the time this thing happens and
we get it into our defenses, there's
226
00:17:14.440 --> 00:17:18.960
a sifteen minute gap and then that's
a real time in It is a too
227
00:17:18.000 --> 00:17:22.240
long a time for frances to take
advantaitore. Yeah, I think the way
228
00:17:22.319 --> 00:17:27.359
we want to think about this is
just as the technology and data has exploded,
229
00:17:29.079 --> 00:17:36.440
you can take advantage of that because
you get access to thousands of features
230
00:17:36.480 --> 00:17:41.400
and variables on any given transaction that
consumers are trying to do. And if
231
00:17:41.400 --> 00:17:47.279
you're creating your systems that can listen
and consume those signals in real time,
232
00:17:48.079 --> 00:17:52.039
use them, consume them, create
analytics, create models, and then credit
233
00:17:52.160 --> 00:17:56.359
that is this really something that your
consumers are trying to do or is it
234
00:17:56.440 --> 00:18:00.200
somebody else? The power of that
real time detection can be tremend us.
235
00:18:00.640 --> 00:18:06.359
A lot of technology changes are happening. We can now consume large sets of
236
00:18:06.480 --> 00:18:12.440
data and the big seconds micro seconds. The computing power has increased, so
237
00:18:12.480 --> 00:18:17.640
we can crunch the data into your
time like I hear it wasn't possible a
238
00:18:17.640 --> 00:18:23.119
few years ago, and the morning
techniques having drammatically gbms and others, it
239
00:18:23.160 --> 00:18:27.839
can be very surgical. I always
get into this conversation. Also, we
240
00:18:29.000 --> 00:18:33.920
have fraud colleagues from the banks that
there is tremendous pressure on cost efficiencies and
241
00:18:34.079 --> 00:18:38.920
things doing bad. But if you
think about what you're doing with fraud risk
242
00:18:40.000 --> 00:18:45.200
controls, aid's the right thing to
do. You're preventing acting the consumers is
243
00:18:45.240 --> 00:18:48.359
a bottom line impact. You're preventing
bank against our losses, But the real
244
00:18:48.440 --> 00:18:52.680
impact is what you can enable on
the other side with their business. Meaning,
245
00:18:53.640 --> 00:18:57.440
so if your fraud controls are tremendous, you can enable a lot more
246
00:18:57.480 --> 00:19:03.079
things for consumers to do. You
can now allow and open up your time
247
00:19:03.079 --> 00:19:11.000
activity. It's why a clouds actions
can do everything sitting in the living room
248
00:19:11.839 --> 00:19:15.559
a small device in their hat.
The only reason we don't allow them to
249
00:19:15.640 --> 00:19:21.519
do as much is because we fear
that we won't have fraud. The other
250
00:19:21.599 --> 00:19:25.279
thing I'd love to get your take
on is I think when you move to
251
00:19:25.359 --> 00:19:29.759
the kind of model based world versus
kind of an old school rules based approach,
252
00:19:30.240 --> 00:19:32.519
you end up with this kind of
layering of defenses, which is like,
253
00:19:32.519 --> 00:19:33.519
I don't have to be a one
hundred percent sure and the real times
254
00:19:33.559 --> 00:19:37.200
I wanted to be the guy got
a bunch of signals, and each signals
255
00:19:37.279 --> 00:19:38.640
like pushes me a little bit.
This looks more like fraud, a little
256
00:19:38.640 --> 00:19:41.200
bit more like fraud. And I
don't have to say you can't complete the
257
00:19:41.240 --> 00:19:45.599
transaction, mister Cosmo. I'd like
you to talk to an agent first,
258
00:19:45.640 --> 00:19:47.759
which I may do a little bit, or I need you to do a
259
00:19:47.839 --> 00:19:51.599
knowledge based authentication, or I need
to get a text message, like there's
260
00:19:51.640 --> 00:19:53.480
all sorts of layering of what is
the kind of friction I might put in
261
00:19:53.519 --> 00:19:56.160
the process. I don't have to
be like one percent sure this is fraud,
262
00:19:56.160 --> 00:20:00.160
I'm stopping now, I'm this looks
like a higher risk. What what
263
00:20:00.920 --> 00:20:03.680
level of friction or additional process can
I layer in? And there might be
264
00:20:03.799 --> 00:20:07.720
multiple of those layers, So talking
about how you design that, because I
265
00:20:07.720 --> 00:20:10.519
think that's so important to say,
how do I go from yes, no,
266
00:20:11.200 --> 00:20:12.200
like this is or isn't fraud,
I'm going to stop it or allow
267
00:20:12.240 --> 00:20:15.039
it to Like, how do I
introduce a little friction to try and reduce
268
00:20:15.079 --> 00:20:19.359
the likelihood that the frauds are can
complete a transaction as my risk perception increases.
269
00:20:22.000 --> 00:20:26.240
So there are some transactions or signals
that people think are Bay BAYPO signals
270
00:20:26.480 --> 00:20:30.240
if you can take a decision,
yeah, just and clearly of the m
271
00:20:30.799 --> 00:20:34.799
customer and customer. Yeah, it's
somewhere in the mind that when all this
272
00:20:34.960 --> 00:20:40.440
complexity comes in and for us,
the way we want to think about this
273
00:20:40.880 --> 00:20:45.960
is we are in this together without
consumers. So when you are in that
274
00:20:45.160 --> 00:20:49.240
kind of uncertain phase, how do
you reach out and engage with the consumers
275
00:20:49.559 --> 00:20:53.359
to confirm Because there's one person who
can always tell you if they are making
276
00:20:53.400 --> 00:20:57.960
the confection or not. It's consumers
um. But then you have to create
277
00:20:59.119 --> 00:21:03.240
systems that you dejected to time.
How can you reach the consumer serio time
278
00:21:03.799 --> 00:21:07.039
in the channels that they prefer,
so that it's not just limited to one
279
00:21:07.720 --> 00:21:11.279
And then when they're responding, how
do you consume that response and then let
280
00:21:11.319 --> 00:21:15.720
them continue with the transactions that I
kind of do. So that system that
281
00:21:15.839 --> 00:21:22.680
requires such an often investment and thinking
and design and cladique of messages for the
282
00:21:22.759 --> 00:21:26.359
consumers, all of that you have
to think one. Yeah, I also
283
00:21:26.440 --> 00:21:30.519
love your point about thinking about the
other sides. I feel like this when
284
00:21:30.519 --> 00:21:33.960
we approach this, it's always this
kind of battle between how much can you
285
00:21:33.039 --> 00:21:37.759
make things instant and immediate? And
of course you can do one hundred percent,
286
00:21:37.759 --> 00:21:40.839
it's really easy. You just have
a lot of fraud and you can
287
00:21:40.880 --> 00:21:45.240
have you know, zero risk of
fraud and everything be super painful. In
288
00:21:45.519 --> 00:21:48.880
the battle is like how far can
I push the limit on instant and keep
289
00:21:48.920 --> 00:21:52.599
the frauds low at the same time. And I do think in the world
290
00:21:52.640 --> 00:21:55.799
of digital you're in a world where
like the instant actually is a pretty tremendous
291
00:21:55.839 --> 00:22:00.759
differentiator or at least requirement to be
competitive in certain environments. So allowing the
292
00:22:00.880 --> 00:22:04.599
lack of sophistication on your froadside to
prevent that is like that's becoming a large
293
00:22:04.640 --> 00:22:07.920
or larger liability. I think for
banks not to be competitive on the consumer
294
00:22:07.960 --> 00:22:11.720
side, I totally agree on that
one, and I think it's a share
295
00:22:11.759 --> 00:22:17.720
of response. It's not just banks
job to do it. I think it's
296
00:22:17.759 --> 00:22:21.039
consumer's job to prevent and protect them
as well, for sure, And it
297
00:22:21.200 --> 00:22:25.960
is a government's job to actually helpless
designer solution or an environment that's going DC
298
00:22:26.359 --> 00:22:30.400
banks and consumers to welcome this thing
together. So collectively, I think you
299
00:22:30.480 --> 00:22:33.880
can do it. The international countries
have made tremendous focus on those events.
300
00:22:36.119 --> 00:22:41.839
I go to India vacations and I
see that in India's completely digital now and
301
00:22:42.079 --> 00:22:47.680
they have all created really sophisticated ways
of banks and consumerusly acting and interact.
302
00:22:48.160 --> 00:22:52.519
Interesting. I do want to slide
back to your comment on the shift to
303
00:22:52.559 --> 00:22:56.720
digital, because with a lot of
what we talk about is digital influenced.
304
00:22:56.759 --> 00:23:00.799
But I'm curious what are the is
more and more transaction are going digital,
305
00:23:00.880 --> 00:23:03.880
what are the trends and fraud are
the investments you see people making that are
306
00:23:03.920 --> 00:23:07.920
related to the kind of like I
think so many of particularly smaller community banks,
307
00:23:07.920 --> 00:23:10.960
maybe not Capital one, but are
you know, have a little more
308
00:23:11.039 --> 00:23:12.279
just like in the lending space,
we bring you in and check your ID
309
00:23:12.440 --> 00:23:17.079
and like feel pretty good when Jeff
comes in with Jeff ID and jeff social
310
00:23:17.119 --> 00:23:19.559
security number. And there so many
of the processes that are kind of the
311
00:23:19.640 --> 00:23:25.480
fraud mechicines are oriented around in person
experiences and as you move digital, you
312
00:23:25.599 --> 00:23:27.720
got to find a new way to
handle that. And I'm curious what you're
313
00:23:27.720 --> 00:23:32.079
seeing as the trends in that kind
of shifting the fraud detection as we move
314
00:23:32.119 --> 00:23:34.319
and the prevention as we move pure
digital, and so many of our transactions
315
00:23:34.359 --> 00:23:38.039
that used to be face to face
mediated and it had very different mechanisms of
316
00:23:38.039 --> 00:23:42.680
protection that aren't available. I agree
with you, but I would also say
317
00:23:42.799 --> 00:23:48.519
that digital it provides its own unique
way of kind of slumming the identity of
318
00:23:48.640 --> 00:23:53.880
an individual. Your device has so
many signals. If you're able to bind
319
00:23:53.960 --> 00:24:00.839
deer device to your consumers very very
cry, then that is actually a tremendous
320
00:24:02.000 --> 00:24:07.400
way of detecting who is performing the
transaction, not frosts are always trying to
321
00:24:07.519 --> 00:24:11.799
emulate devices and see if they are
care or not, but there is I
322
00:24:11.920 --> 00:24:19.200
actually think that in some regards,
the transactions that happen digitally can be safe
323
00:24:21.079 --> 00:24:26.519
if a bank is able to consume
all the information from those adigional transactions.
324
00:24:26.680 --> 00:24:33.160
And bigger banks have put a tremendous
amount of investment to presume those real time.
325
00:24:33.759 --> 00:24:37.680
But even for smaller community banks,
there are lots of players that are
326
00:24:37.759 --> 00:24:41.039
out there in a fit that can
actually make it easy for them so they
327
00:24:41.079 --> 00:24:45.359
don't have to do it on their
own. But there are so many cares,
328
00:24:45.440 --> 00:24:48.920
Like even in this conference, you're
seeing that there are so many players
329
00:24:48.000 --> 00:24:53.559
out there reading solutions then the banks
can plug into. Yeah, maybe the
330
00:24:53.599 --> 00:24:59.079
advice I would give to the smaller
banks and listeners like one of the one
331
00:24:59.119 --> 00:25:02.720
of the flaws I is trying to
when you digitize, I think of digitizing
332
00:25:02.759 --> 00:25:06.799
the current approaches and to your point, I think it's like you lose a
333
00:25:06.839 --> 00:25:10.440
few signals I get, but trying
to replace those by uploading a driver's license
334
00:25:10.519 --> 00:25:14.000
and having a video call at the
same time saying Hey, I'm trying to
335
00:25:14.119 --> 00:25:15.880
do the same thing in the digitally, It's like well, no, there
336
00:25:15.920 --> 00:25:18.839
are now unique signals that were not
available to you before, and you should
337
00:25:18.839 --> 00:25:22.519
be you should be taking advantage of
those and rebuilding your approach based on that.
338
00:25:22.960 --> 00:25:26.680
Otherwise you can, like, I
don't think they're trying to make it
339
00:25:26.039 --> 00:25:29.880
feel like you're in the branch on
your photo idea is gonna it's gonna be
340
00:25:29.880 --> 00:25:33.519
the way to do it and not
us. These technologies up getting on and
341
00:25:33.640 --> 00:25:37.480
more sophisticated. You should an indignation
on the apples me. It's so many
342
00:25:37.559 --> 00:25:44.640
thanks, so much more fluent.
Yeah, and as this technology jstaing Bulo
343
00:25:44.759 --> 00:25:52.640
is, you can wind did entitys
and indivisio very clearly and enable that friction
344
00:25:52.720 --> 00:25:57.279
less in real time transaction capability.
So last question for you, what's like
345
00:25:57.400 --> 00:26:00.680
for people out there listening go,
hey, I see these problems to I
346
00:26:00.759 --> 00:26:03.799
said, what's your advice on how
they prepare for the future investments that they
347
00:26:03.799 --> 00:26:07.480
should be focused on making to be
in position to you know, actually defend
348
00:26:07.519 --> 00:26:12.200
most effectively against these kinds of things
moving forward. Yeah, So I would
349
00:26:12.240 --> 00:26:21.240
say that it's a never ending makes
it fun, makes it fun, but
350
00:26:21.680 --> 00:26:25.079
there is there's so much of advantage
that you get when you get it right
351
00:26:26.559 --> 00:26:30.480
but don't rest on your moils.
So you know at sart is always going
352
00:26:30.559 --> 00:26:33.799
to change. Now we have seen
things such as chat, GPT and all
353
00:26:33.880 --> 00:26:40.480
these artificial intelligence tooths I'm going to
come, so we will see a very
354
00:26:40.519 --> 00:26:45.400
different level of challenge. The moist
recognition is going to be difficult. The
355
00:26:45.680 --> 00:26:51.440
almost late in old school, you
would get a spoofed email. It will
356
00:26:51.519 --> 00:26:56.759
have typo errors and you would know
that if least nabled person reads the email
357
00:26:56.799 --> 00:27:00.079
out that I don't think this is
a professional email. But big things like
358
00:27:00.200 --> 00:27:03.680
chat, GPT, that thing is
going to feel more professional. Field war
359
00:27:03.880 --> 00:27:10.160
yea. The populated setting it so
trends will keep changing and you almost have
360
00:27:10.400 --> 00:27:14.640
to be on front of that trand
change and disappeared where it is going and
361
00:27:14.759 --> 00:27:18.039
start building your solutions right away.
It's a race that's going to happen between
362
00:27:18.160 --> 00:27:22.799
the banks as well as between the
front community on how do you left place
363
00:27:22.839 --> 00:27:26.400
the technology to be ahead of either. So there is no point in relaxing
364
00:27:26.440 --> 00:27:30.720
and saying, oh I did all
this investment, I can relax north like
365
00:27:30.799 --> 00:27:36.599
them, you would constantly be on
your toes, so I think for but
366
00:27:36.759 --> 00:27:40.000
take advantage of it. So there's
a tremendous amount of capability that's coming to
367
00:27:40.039 --> 00:27:45.960
the banks as well. The second
thing I would say is engage with your
368
00:27:47.000 --> 00:27:52.000
consumers. It's important to educate your
consumers. It is important to take them
369
00:27:52.039 --> 00:27:56.519
into confidence. The more your consumers
are digitally savvy and know what to watch
370
00:27:56.559 --> 00:28:00.799
out for, the better you would
be. So it's an alienating important to
371
00:28:00.880 --> 00:28:04.759
do that. And as a consumer, I would say, just we have
372
00:28:04.759 --> 00:28:08.799
attension. It's your money. You
need to take a look at it.
373
00:28:10.200 --> 00:28:15.039
I always tell about thanks and family
that look at your banking accounts, how
374
00:28:15.119 --> 00:28:18.640
much habit to look at them almost
every other week, even if you're not
375
00:28:18.920 --> 00:28:22.960
using them. You don't know who
else is your So just holding umber statements
376
00:28:23.000 --> 00:28:29.640
and see how how your transactions are
because it's irresponsibility. If you find something
377
00:28:29.799 --> 00:28:33.359
bad are unexpected, you're the one
who need to contact the backs and tell
378
00:28:33.440 --> 00:28:37.559
them, yeah, I've I've actually
pushed myself and my family working more like
379
00:28:37.680 --> 00:28:41.160
real time alerts, like you know
I find looking through my likes a credit
380
00:28:41.200 --> 00:28:44.920
card. It's a simple example.
Looking through the statement once a month takes
381
00:28:44.920 --> 00:28:47.799
a lot of time. Getting real
time alert saying hey you just bought something
382
00:28:47.839 --> 00:28:49.400
away. I know, no big
deal. And real time much says you
383
00:28:49.440 --> 00:28:55.640
just bought something I did? Yeah? Uh quit Wait, so I'm accusially
384
00:28:55.680 --> 00:28:59.480
called my wife on I don't recognize
this company for this charge this I'm not,
385
00:28:59.640 --> 00:29:00.359
I'm not. It's not a problem. It's okay to spend the money,
386
00:29:00.400 --> 00:29:03.359
Like, I just want to make
sure that was you and not somebody
387
00:29:03.400 --> 00:29:06.599
else. But that real time nature, for me is makes it more digestible,
388
00:29:06.680 --> 00:29:08.440
right, more not so much as
saying, hey, what all did
389
00:29:08.480 --> 00:29:11.000
we spend last month? Did they
go to the gas station on the thirty
390
00:29:11.039 --> 00:29:15.640
first? Yeah, so you've been
trying to do that as a consumer cognizant
391
00:29:15.759 --> 00:29:21.000
is important. And how about the
community among banks? It feels like this
392
00:29:21.200 --> 00:29:25.160
is a bit of a collective problem
and a collective sharing of information is Is
393
00:29:25.200 --> 00:29:29.599
there a good collaboration among peers to
help like identify what's coming and see how
394
00:29:29.640 --> 00:29:33.359
we can all respond effectively. Yeah, is one. We have the banks
395
00:29:33.400 --> 00:29:37.759
collaborator pretty heavy as we are finding
the same game against the bad people.
396
00:29:38.559 --> 00:29:42.680
So we had all in it together, so we shared. Our best practice
397
00:29:44.039 --> 00:29:48.519
is connect to you, maybe go
off there the fun stars hun good coming
398
00:29:48.559 --> 00:29:52.519
to you out here. And CBA
is a very lidability community. So excellent.
399
00:29:52.640 --> 00:29:56.319
You share that plan and so what's
happin how do we lene from each
400
00:29:56.359 --> 00:30:00.880
other um to look that we are
doing as banks collect you on Zell and
401
00:30:02.079 --> 00:30:07.839
BNC conversations on fraud and stands on
Zell has been tremendous. The performance dad
402
00:30:07.960 --> 00:30:12.480
has been amazing. Fund industry to
FA levels. How tremendously come bound there.
403
00:30:12.720 --> 00:30:17.640
Now it's showing up in other nadias. I'll flout other B to B
404
00:30:18.359 --> 00:30:23.319
companies, but Verdio collaborate and you
work together. I think you have named
405
00:30:23.319 --> 00:30:27.599
blond page or the bad case.
Excellent. O gosh, thanks so much
406
00:30:27.599 --> 00:30:30.319
for joining me to this is a
fascinating conversation. I appreciate your bag at
407
00:30:30.319 --> 00:30:34.039
the time. Thank you for inviting
me. If that's fun. Upstart partners
408
00:30:34.079 --> 00:30:38.480
with banks and credit unions to help
grow their consumer loan portfolios and deliver a
409
00:30:38.559 --> 00:30:45.119
modern all digital lending experiments. As
the average consumer becomes more digitally savvy,
410
00:30:45.440 --> 00:30:49.240
it only makes sense that their bank
does too. Upstarts AI lending platform uses
411
00:30:49.279 --> 00:30:56.759
sophisticated machine learning models to more accurately
identify risk and approve more applicants than traditional
412
00:30:56.799 --> 00:31:02.759
credit models. With fraud rates near
zero, Upstarts all digital experience reduces manual
413
00:31:02.880 --> 00:31:07.480
processing for banks and offers a simple
and convenient experience for consumers. Whether you're
414
00:31:07.519 --> 00:31:12.000
looking to grow and enhance your existing
personal and auto lending programs, or you're
415
00:31:12.039 --> 00:31:18.000
just getting started, upstart can help. Upstart offers an end to end solution
416
00:31:18.119 --> 00:31:22.000
that can help you find more credit
worthy borrowers within your risk profile. With
417
00:31:22.200 --> 00:31:26.680
all digital underwriting, onboarding, loan
closing, and servicing, It's all possible
418
00:31:26.720 --> 00:31:32.359
with Upstart in your quarter. Learn
more about finding new borrowers, enhancing your
419
00:31:32.400 --> 00:31:37.599
credit decisioning process, and growing your
business by visiting upstart dot com Slash four
420
00:31:37.839 --> 00:31:42.559
dash banks. That's upstart dot com
slash foward dash Banks. You've been listening
421
00:31:42.599 --> 00:31:47.319
to Leaders and Lending from Upstart,
make sure you never miss an episode.
422
00:31:47.559 --> 00:31:52.000
Subscribe to Leaders in Lending in your
favorite podcast player using Apple Podcasts. Leave
423
00:31:52.039 --> 00:31:55.079
us a quick rating by tapping the
number of stars you think the show deserves.
424
00:31:55.400 --> 00:31:56.319
Thanks for listening until next time.
1
00:00:02.879 --> 00:00:07.799
You're listening to Leaders and Lending from
Upstart, a podcast dedicated to helping consumer
2
00:00:07.879 --> 00:00:13.519
lenders grow their programs and improve their
product offerings. Each week, here decision
3
00:00:13.519 --> 00:00:17.719
makers in the finance industry offer insights
into the future of the lending industry,
4
00:00:18.039 --> 00:00:22.839
best practices around digital transformation, and
more. Let's get into the show.
5
00:00:23.399 --> 00:00:26.280
Welcome to Leaders and Lending. I'm
your host, Jeff Keltner. This week,
6
00:00:26.280 --> 00:00:31.120
I'm joined by Raksh mirage Car from
Capital One and also from the CBA
7
00:00:31.160 --> 00:00:34.679
Fraud Committee. So we're going to
talk about I'm not no bade and switching.
8
00:00:34.679 --> 00:00:38.920
We're talking about fraud and talking about
fraud because I want to start.
9
00:00:38.920 --> 00:00:42.320
You know, you help lead the
CBS Committee on Fraud. What's the topics
10
00:00:42.320 --> 00:00:44.479
that are top of mind for the
committee this year? Imagine it's it's a
11
00:00:44.479 --> 00:00:48.159
pretty interesting time in the fraud space
because there's so much turbulence in the market,
12
00:00:48.200 --> 00:00:52.640
overall interest times, fils a little
thank you fund inviting thank you for
13
00:00:52.679 --> 00:00:57.119
joining us. So if I think
a lot of the most prominent falcakes that
14
00:00:57.159 --> 00:01:00.079
could we have been discussing in the
Fraud Committee. We have seen a very
15
00:01:00.119 --> 00:01:06.159
big resurgence of our So when we
went into the pandemic. The banking industry
16
00:01:06.200 --> 00:01:11.680
saw substantial death infraduct to me,
really, and that was because fraudusters were
17
00:01:11.680 --> 00:01:17.239
attracted by all the government funds that
were available. Their whole focus was on
18
00:01:17.359 --> 00:01:23.599
PPPE, stimulus checks free and stimulus
checks and anything, and then that money
19
00:01:23.719 --> 00:01:26.879
right up. And we always knew
that they're going to come back at every
20
00:01:26.920 --> 00:01:32.680
financial the stations, and they did, and it was very The pace at
21
00:01:32.719 --> 00:01:38.239
which they came back was insignificant.
The other thing that happened during that transition
22
00:01:38.719 --> 00:01:44.319
is as an industry, we went
and adopted a lot of digital ways of
23
00:01:44.400 --> 00:01:51.159
contracting, so consumers were transacting more
and more, not in person but digital,
24
00:01:51.359 --> 00:01:55.439
and that's always an area where frousters
like because they're not going to be
25
00:01:55.599 --> 00:01:59.879
required to be in person. So
those two things happened that they wanted to
26
00:02:00.120 --> 00:02:04.599
back and find a new avenue,
and we had opened up and created a
27
00:02:04.599 --> 00:02:08.360
lot of features that are digitally available, and so it created a perfect environment
28
00:02:08.439 --> 00:02:13.919
for them to come. So we've
seen a lot of fraud and lots of
29
00:02:13.960 --> 00:02:19.759
different ways. Just a heard thing
that had happened along these waves. Imagine
30
00:02:20.919 --> 00:02:29.319
that everybody started to work from Homeziba
started doing digital activity. Consumer data was
31
00:02:30.400 --> 00:02:36.240
more large scale, compromised across lots
of different institutions. So now frosters have
32
00:02:36.360 --> 00:02:42.800
this amazing set of cleaned ristine data
that they carried against the financial stations.
33
00:02:43.560 --> 00:02:49.039
So we saw fraud at scale.
We saw a lot of fought activity.
34
00:02:49.800 --> 00:02:53.240
They saw a lot of week en
identities come through the rules. As an
35
00:02:53.240 --> 00:03:00.199
industry, not a lot of banks
have very sophisticated defenses, so they were
36
00:03:00.199 --> 00:03:07.120
able to recognize it prevented. But
it's a nuisance factor constantly getting targeted and
37
00:03:07.199 --> 00:03:10.120
attacked on lots of different ways,
and I know some of the banks had
38
00:03:10.159 --> 00:03:15.639
to rearly up their game move from
badge defenses to real time defenses and all
39
00:03:15.680 --> 00:03:23.479
those ignorant happen. We saw also
activity that we considered as traditional fraud.
40
00:03:23.120 --> 00:03:29.680
Checks fraud were like the old school
the old schools where me saw the check
41
00:03:29.759 --> 00:03:35.039
fraud because a lot of stolen mail
and for us to picking up the check
42
00:03:35.120 --> 00:03:38.240
from the mail and then making a
connossy and then trying to call that at
43
00:03:38.280 --> 00:03:45.479
scale. And then we saw obviously
some interesting fraud in the digital space.
44
00:03:45.919 --> 00:03:51.000
We opened up digital, consumer started
adopting digital and yeah, so that's what
45
00:03:51.199 --> 00:03:55.759
the fraud isn't going to go because
it's real time, it's instant, and
46
00:03:55.919 --> 00:04:00.800
we did see that. And then
the last thing I would say, which
47
00:04:00.840 --> 00:04:04.919
I think you have hold a lot
in the industry is emergence or scams.
48
00:04:05.639 --> 00:04:14.759
So as as the fraud community realized
that banks have built really sophisticated signals and
49
00:04:14.840 --> 00:04:19.360
defenses, so instead of coming against
and trying to find gaps, they still
50
00:04:19.399 --> 00:04:25.920
do that in the bank's architecture,
they started going and compromising the customers.
51
00:04:26.399 --> 00:04:30.560
So a lot of impersonation, yeah, the weaker, the weaker link in
52
00:04:30.600 --> 00:04:34.360
the chain, so to speak,
and the social engineering. We saw a
53
00:04:34.360 --> 00:04:39.959
lot of that has come up and
they preclanding to be either the banks,
54
00:04:40.000 --> 00:04:45.079
of government agencies or whatnot. And
so scam is through the roof as as
55
00:04:45.120 --> 00:04:47.560
an industry. Are these like real
shifts from what you were seeing pre pandemic
56
00:04:47.600 --> 00:04:50.160
when you said, it's kind of
fascinating me that the fraud kind of dial
57
00:04:50.480 --> 00:04:55.680
there was easier money to cheat for
and so you targets of opportunity, right,
58
00:04:55.720 --> 00:04:57.759
and then it comes back. But
when it came back, are these
59
00:04:57.800 --> 00:05:00.000
like different trends and you were seeing
before it looks similar to what was happening
60
00:05:00.360 --> 00:05:03.480
in twenty nineteen twenty eighteen. In
terms of the kinds of fraud, they
61
00:05:03.519 --> 00:05:10.439
are most prevalent. I think the
difference that we found was it's most automated
62
00:05:11.560 --> 00:05:18.639
ZACT scale. The piece of the
fraud activity is tremendous. So what they're
63
00:05:18.639 --> 00:05:26.800
trying to do is open act scale
thousands and vidions of accounts and financial institutions,
64
00:05:27.439 --> 00:05:30.399
and then as they open it,
they wanted to try and make fud.
65
00:05:30.759 --> 00:05:32.439
Yeah, they're trying to nink accounts, they're trying to move money.
66
00:05:32.920 --> 00:05:38.120
So the base at which this is
moving has really on a One of the
67
00:05:38.120 --> 00:05:41.439
trends we noticed in our systems.
I'm curious if you've seen this more broadly,
68
00:05:41.560 --> 00:05:46.759
is a slow kind of I'll call
it almost probing, and then there's
69
00:05:46.759 --> 00:05:48.519
like, okay, we're trying little
things, and then when we can figure
70
00:05:48.560 --> 00:05:50.920
out the playbook, like if I
do this and then this and then this
71
00:05:51.000 --> 00:05:55.399
and then this and then this and
this and this very specific to our institution,
72
00:05:55.680 --> 00:05:58.680
then all of a sudden, band
there's like one hundred thousand people.
73
00:05:58.680 --> 00:06:00.839
It's like we found a little hole
and we're a jam as much fraud through
74
00:06:00.839 --> 00:06:03.959
that hole as we can until that
I think the expectations of it will be
75
00:06:03.959 --> 00:06:06.720
closed relatively rapidly. But it's like, oh, we find a little hole
76
00:06:08.079 --> 00:06:10.639
we got to then then all of
a sudden, just like how are there
77
00:06:10.680 --> 00:06:14.319
a hundred thousand applications an hour from
like des Moine? Like that doesn't it
78
00:06:14.439 --> 00:06:16.279
doesn't make any sense. And we
see a lot of things to National CAFIC
79
00:06:16.360 --> 00:06:25.319
come so IP addresses that are not
US based IPS or the glue outside and
80
00:06:25.319 --> 00:06:28.920
when the banks amize that and they
are putting controls, they picked the switch
81
00:06:28.959 --> 00:06:32.839
to IP addresses studifferent locations. So
yeah, the scale of sophistication has gone
82
00:06:32.879 --> 00:06:35.720
up. Yeah. The thing that
surprised me most when we saw shifting of
83
00:06:35.800 --> 00:06:41.519
IP addresses was shifting to even residential
network blocks where either were talking about you
84
00:06:41.560 --> 00:06:45.959
know, Comcast households and whatever in
midwestern city and you went, oh my
85
00:06:45.959 --> 00:06:47.879
god, like that's not even like
a big server IPEd block or something.
86
00:06:47.920 --> 00:06:53.319
It's like, it's very very hard
to distinguish those kind of IP addresses from
87
00:06:53.319 --> 00:06:57.600
normal ones. I agree, And
then I think the interesting thing that was
88
00:06:57.639 --> 00:07:01.319
different from bad one was scans as
a very different thing. We haven't seen
89
00:07:01.319 --> 00:07:05.319
the scale all the scams. What
kind of scams are you seeing like,
90
00:07:05.360 --> 00:07:11.759
what's the typical tack look like in
that space? Good question. So the
91
00:07:11.759 --> 00:07:16.000
new ones that we have started seeing
is because online marketplaces I've explored, they
92
00:07:16.079 --> 00:07:20.920
tried to be pretend to be sellers. So more than one puppy scans or
93
00:07:21.040 --> 00:07:27.079
concert ticket scans. Did your tailor
swift tickets over in the swifty shiites again,
94
00:07:27.959 --> 00:07:31.160
so you think that you're actually paying
were to somebody legitimate that you will
95
00:07:31.199 --> 00:07:36.720
get this really nice cute puppy with
all the pictures and everything is very clear,
96
00:07:36.839 --> 00:07:42.160
and you send three thousand dollars to
somebody and Okay, it's no show.
97
00:07:42.439 --> 00:07:46.800
Yeah, so that has definitely gone
up. The concert tickets is the
98
00:07:46.839 --> 00:07:51.560
same thing. So there is that
level of scams that's happening. And then
99
00:07:51.600 --> 00:08:00.360
the other one that we have seen
is typically fraudsters take advantage of the fear
100
00:08:00.680 --> 00:08:07.439
if consumers have so not of scam
that we see is taking advantage of the
101
00:08:07.519 --> 00:08:11.920
fear. So we see things such
as government scams, so they pretend to
102
00:08:13.000 --> 00:08:18.920
be from IRS or someplace. If
conversation goes as, hey, you haven't
103
00:08:18.920 --> 00:08:22.720
paid access and we're sending FPI,
it's going to be at your door in
104
00:08:22.759 --> 00:08:26.759
two hours, but you have a
were like, you can actually send money
105
00:08:26.839 --> 00:08:31.879
right now, I can take care
and prevent from happening. And it's really
106
00:08:31.879 --> 00:08:37.159
trying to pay the dynamics of whatever
is the social situation in any residence that,
107
00:08:37.360 --> 00:08:39.960
oh my god, my spouse forgot
to find the axes. I don't
108
00:08:39.960 --> 00:08:43.200
want the cops to come over and
let me go ahead and make this payment,
109
00:08:45.120 --> 00:08:50.240
and they take advantage of that.
We had a really good conversation yesterday
110
00:08:50.360 --> 00:08:58.840
around they're targeting vulnerable customers, particularly
in the adult population, and there are
111
00:08:58.840 --> 00:09:03.279
lots of different variations of that that
happens as well. Grandparent scamps is a
112
00:09:03.279 --> 00:09:09.240
classic one. So they pretend to
be your grandkids calling in saying that they're
113
00:09:09.279 --> 00:09:13.200
in trouble and couldn't send some money
to get him out of the tuble.
114
00:09:13.639 --> 00:09:18.360
Yeah, yeah, um. And
we have seen versions of I was actually
115
00:09:18.519 --> 00:09:22.919
visiting this country and they have arrested
me for something, and here's a parent
116
00:09:22.960 --> 00:09:28.480
and taking oh my god, my
parents something silly and there's a parents.
117
00:09:28.720 --> 00:09:31.879
Yeah, it was just something about
that, and they have with send money
118
00:09:33.440 --> 00:09:37.159
and the money's gone. That's interesting, you know, it's this fascinating question
119
00:09:37.159 --> 00:09:41.120
to me. When the scams shift
to the consumer, is the target,
120
00:09:41.240 --> 00:09:46.360
because there's kind of question of like
how responsible is the bank ultimately like attack
121
00:09:46.360 --> 00:09:50.519
credentials or these are often like real
customers doing real activities and you're saying,
122
00:09:50.559 --> 00:09:54.240
well, you want me to not
do what you say with your money,
123
00:09:54.399 --> 00:09:56.759
and yeah, you don't. You
want to be made whole when you're cheating
124
00:09:56.759 --> 00:10:00.240
a scam like this, and you
know, there's I think consumers if we
125
00:10:00.320 --> 00:10:03.519
had a guest on recently who was
talking about how they educated their consumers about
126
00:10:03.559 --> 00:10:07.440
some fraud and scam attacks because we
were walking into the bridge, this is
127
00:10:07.480 --> 00:10:09.240
what you told me about the scammers
on the fund right now trying to give
128
00:10:09.240 --> 00:10:11.720
my money in the bank. Was
very proud they've done that. But do
129
00:10:11.759 --> 00:10:16.039
you see a role for government or
other institutions to help on the consumer education
130
00:10:16.039 --> 00:10:20.960
side. It doesn't feel like it's
entirely the responsibility of the banks to educate
131
00:10:20.000 --> 00:10:24.320
consumers end up help prevent on that
attack factor because it's not in some real
132
00:10:24.320 --> 00:10:28.440
way attacking the bank. It's a
very different kind of thing, and it's
133
00:10:28.440 --> 00:10:33.279
such a great question. We should
all work as a community to help out
134
00:10:33.320 --> 00:10:37.320
within us. The banks definitely need
to play a role, and I'll talk
135
00:10:37.360 --> 00:10:41.600
about that developments can't very huge role
here, so they have clustered, they
136
00:10:41.600 --> 00:10:48.600
have fun they can reach moscare consumers
in affective area and it's not about one
137
00:10:48.639 --> 00:10:52.720
bank doing it, it's about the
entire community getting ready for that. We
138
00:10:52.799 --> 00:10:56.759
have seen some really effective campaigns,
particularly in the European countries. The good
139
00:10:56.879 --> 00:11:03.080
news is we have seen a lot
more awareness and interest on moment. Agency
140
00:11:03.159 --> 00:11:09.360
particularly CFPP has shown keen interest in
how they can leaning and how and they
141
00:11:09.360 --> 00:11:11.360
have budget as well, so we
hope that they actually go in the direction
142
00:11:11.399 --> 00:11:18.320
of usually effectively effectively if I look
on them. Education banks can play a
143
00:11:18.320 --> 00:11:22.840
lot of all two because consumers trust
their banks. So we have been doing
144
00:11:24.000 --> 00:11:31.000
a bunch of campaigning and consumer education
both in person in branches and for Capital
145
00:11:31.080 --> 00:11:37.080
and its cafes like also emails and
reaching consumers where they are and telling them
146
00:11:37.080 --> 00:11:41.720
about common schemes and what to watch
out for. And we see the huge
147
00:11:41.799 --> 00:11:46.720
impact of those campaigns. The other
thing that I feel is important for banks
148
00:11:46.759 --> 00:11:52.600
to do is just like you're trying
to spot fraud even if your consumer is
149
00:11:52.679 --> 00:11:56.559
making a transaction and you can recognize
that in the moment, can you tell
150
00:11:56.600 --> 00:12:03.960
the consumers that watch out for these
camps and the information right there and that
151
00:12:03.159 --> 00:12:09.440
has been extremely effective. Interesting,
he wants a tuning the transaction and then
152
00:12:09.480 --> 00:12:13.159
they pause and then you pick on
it and then you read about, oh
153
00:12:13.200 --> 00:12:16.519
my god, that's exactly what's happening
to me. Maybe I should call my
154
00:12:16.600 --> 00:12:18.600
grandson before I send the money to
get him out of prison and see if
155
00:12:18.639 --> 00:12:24.720
maybe no, Mom, I'm home, no problems exactly, that's that's so
156
00:12:24.879 --> 00:12:30.480
what a helpful figure it back way. And then of course law enforcement can
157
00:12:30.519 --> 00:12:37.559
play usual as well. Um,
some of these fraud and scam activity is
158
00:12:37.600 --> 00:12:45.320
happening internationally. Yeah, and while
it's coming from international and they're partnering with
159
00:12:45.559 --> 00:12:50.200
the law enforcement in those respective comparty
setting planning to break that cost for that
160
00:12:50.279 --> 00:12:54.039
world. But interesting, have you
seen anybody I imagine the answer this is
161
00:12:54.039 --> 00:12:56.440
no, But it comes up like
I know, and in many companies you
162
00:12:56.519 --> 00:13:03.440
get the IT security department sending seemingly
like sending the fake scam, and then
163
00:13:03.440 --> 00:13:05.240
when you click how it, they
go just so you know, yeah,
164
00:13:05.519 --> 00:13:09.240
like you failed the test and then
we got at I've always enjoyed because there's
165
00:13:09.240 --> 00:13:11.200
a little button in our system where
I could see, like I think this
166
00:13:11.200 --> 00:13:13.960
one spam and that they send you
the target test and you get it.
167
00:13:13.960 --> 00:13:16.240
They're like you will, Okay,
I call it. You can't fool me
168
00:13:16.360 --> 00:13:18.320
with this one, guys. But
I don't know if it's gone to that
169
00:13:18.399 --> 00:13:22.120
kind of shaking attacks on their consumer. It maybe too much for the consumer.
170
00:13:22.600 --> 00:13:26.320
But that maybe I don't know,
that maybe going a little too beyond.
171
00:13:26.360 --> 00:13:33.120
But um, yes'm I also get
design from d r T security.
172
00:13:33.279 --> 00:13:37.120
Yeah, but I think it is
more about the education and how you can
173
00:13:37.360 --> 00:13:41.879
engage with the consumer months. Um, So me do a bunch of campaigns
174
00:13:41.879 --> 00:13:46.840
in our cafes, um and then
we also plot every National Council of Aging
175
00:13:46.000 --> 00:13:54.360
for creating some virtue and workshops.
But chicken in the oulderly populations and they
176
00:13:54.440 --> 00:14:01.120
understand how they can be impouting them
to use tissue technologies. The other thing
177
00:14:01.159 --> 00:14:05.399
that we have observed we keep looking
at what kind of frauds are coming up,
178
00:14:07.279 --> 00:14:09.600
But this tech support scam is a
big thing. What is that?
179
00:14:09.960 --> 00:14:16.759
So consumers when they're on their computers, they suddenly get or they can get
180
00:14:16.759 --> 00:14:20.360
a phone call or an email,
but they say they give message saying hey
181
00:14:20.159 --> 00:14:24.519
we detected virus on a computer.
Some things around happening. This is Amazon
182
00:14:24.600 --> 00:14:30.639
all officially what the tech company is
callers, and then the consumer calls.
183
00:14:30.679 --> 00:14:35.799
Of course they're talking to the camera, and then the camera says pretends to
184
00:14:35.840 --> 00:14:39.000
be doing a service for them and
say that I need to get into you
185
00:14:39.600 --> 00:14:45.120
ntin it? Oh god. So
they give live access remote access of their
186
00:14:45.159 --> 00:14:48.639
computer, so a gains. All
the frausters are coming in and they're putting
187
00:14:48.679 --> 00:14:54.159
all these kind of fake analytics on
their computer saying, hey, we detected
188
00:14:54.440 --> 00:14:56.919
thousands of virus, and then they
show a ticker as if it's cleaning up
189
00:14:56.960 --> 00:15:01.879
those virus. At this point,
the emails a completely beaming that oh my
190
00:15:01.960 --> 00:15:03.879
god, that was in a bad
shave tank. God, this listener is
191
00:15:03.919 --> 00:15:09.039
helping me. And then now they
have anymore access and they get into a
192
00:15:09.399 --> 00:15:16.159
mansion organization. Stop thinking confection,
Oh now it's I mean, I just
193
00:15:16.159 --> 00:15:18.080
spent a lot of time with my
kids. If I'm like when you get
194
00:15:18.080 --> 00:15:22.000
an email, like if I get
a call from American Express, when I
195
00:15:22.000 --> 00:15:24.639
get an email from MX or Capital
wants, hey, you've got to confront
196
00:15:24.639 --> 00:15:24.720
of your card. What do you
do? You think I do this?
197
00:15:24.879 --> 00:15:28.000
You call the number in the back
of the car. You don't, yo,
198
00:15:28.399 --> 00:15:30.639
who respond to the email. You
don't call the number of the email.
199
00:15:30.679 --> 00:15:33.720
You pick up your card and go
call on this number. So just
200
00:15:33.799 --> 00:15:39.279
trying to teach the basics. I
loved your point about the real time intervention
201
00:15:39.399 --> 00:15:43.679
for scams when you can like help
someone in the momentum who's maybe about to
202
00:15:43.679 --> 00:15:46.480
complete the transaction to a scammer,
and you say, hey, have you
203
00:15:46.519 --> 00:15:50.399
thought about this or have you is
this what's happening? Um? The thing
204
00:15:50.399 --> 00:15:54.639
that occurs to me is that kind
of real time identifying of that and reacting
205
00:15:54.679 --> 00:15:58.080
to it requires quite a bit of
both data and the intelligence in terms of
206
00:15:58.200 --> 00:16:00.799
real time systems, an analysis to
see it in real time, and then
207
00:16:00.799 --> 00:16:03.480
the data to actually be able to
analyze that and look at it. There's
208
00:16:03.480 --> 00:16:07.399
a lot of bit investment in that, and I'm curious how you think about
209
00:16:07.399 --> 00:16:11.120
the investments that are being made and
the technology shifting and where the priorities are,
210
00:16:11.120 --> 00:16:14.000
because it's like that's a very sophisticated
thing to be able to do.
211
00:16:14.320 --> 00:16:15.759
But if you said, hey,
we do a batch process every night,
212
00:16:15.799 --> 00:16:19.399
so tomorrow morning, I'm going to
tell fifty people that I felt victim to
213
00:16:19.399 --> 00:16:22.960
a scam, But it doesn't help
me in the moment, how or how
214
00:16:22.960 --> 00:16:25.559
do you see people investing. What
are the recommendations you have for how you
215
00:16:25.600 --> 00:16:27.759
invest the technology to allow you to
move to kind of like that real time
216
00:16:27.840 --> 00:16:33.960
nature, because that's not that's pretty
sophisticated. Batch is completely old school avality.
217
00:16:33.960 --> 00:16:37.320
It shouldn't think about that. When
the world has more prio time,
218
00:16:37.720 --> 00:16:41.320
payments have more PRIOD time, you
have been closed and each media, and
219
00:16:41.440 --> 00:16:47.799
it's important to even internalize what careod
time really means because for some people earlier
220
00:16:47.919 --> 00:16:52.399
time could be that pretty second and
for some people to be affuming itself and
221
00:16:52.519 --> 00:16:57.320
in the world of prid time,
you and seconds matter. Yeah. Oh,
222
00:16:57.360 --> 00:17:02.360
I was talking to a coodique from
one of the banks and they were
223
00:17:02.399 --> 00:17:06.440
having some fraud issue and I was
asking them, but don't you have defenses
224
00:17:06.440 --> 00:17:10.160
that are in your time? And
her response was as reach you. But
225
00:17:10.359 --> 00:17:14.440
by the time this thing happens and
we get it into our defenses, there's
226
00:17:14.440 --> 00:17:18.960
a sifteen minute gap and then that's
a real time in It is a too
227
00:17:18.000 --> 00:17:22.240
long a time for frances to take
advantaitore. Yeah, I think the way
228
00:17:22.319 --> 00:17:27.359
we want to think about this is
just as the technology and data has exploded,
229
00:17:29.079 --> 00:17:36.440
you can take advantage of that because
you get access to thousands of features
230
00:17:36.480 --> 00:17:41.400
and variables on any given transaction that
consumers are trying to do. And if
231
00:17:41.400 --> 00:17:47.279
you're creating your systems that can listen
and consume those signals in real time,
232
00:17:48.079 --> 00:17:52.039
use them, consume them, create
analytics, create models, and then credit
233
00:17:52.160 --> 00:17:56.359
that is this really something that your
consumers are trying to do or is it
234
00:17:56.440 --> 00:18:00.200
somebody else? The power of that
real time detection can be tremend us.
235
00:18:00.640 --> 00:18:06.359
A lot of technology changes are happening. We can now consume large sets of
236
00:18:06.480 --> 00:18:12.440
data and the big seconds micro seconds. The computing power has increased, so
237
00:18:12.480 --> 00:18:17.640
we can crunch the data into your
time like I hear it wasn't possible a
238
00:18:17.640 --> 00:18:23.119
few years ago, and the morning
techniques having drammatically gbms and others, it
239
00:18:23.160 --> 00:18:27.839
can be very surgical. I always
get into this conversation. Also, we
240
00:18:29.000 --> 00:18:33.920
have fraud colleagues from the banks that
there is tremendous pressure on cost efficiencies and
241
00:18:34.079 --> 00:18:38.920
things doing bad. But if you
think about what you're doing with fraud risk
242
00:18:40.000 --> 00:18:45.200
controls, aid's the right thing to
do. You're preventing acting the consumers is
243
00:18:45.240 --> 00:18:48.359
a bottom line impact. You're preventing
bank against our losses, But the real
244
00:18:48.440 --> 00:18:52.680
impact is what you can enable on
the other side with their business. Meaning,
245
00:18:53.640 --> 00:18:57.440
so if your fraud controls are tremendous, you can enable a lot more
246
00:18:57.480 --> 00:19:03.079
things for consumers to do. You
can now allow and open up your time
247
00:19:03.079 --> 00:19:11.000
activity. It's why a clouds actions
can do everything sitting in the living room
248
00:19:11.839 --> 00:19:15.559
a small device in their hat.
The only reason we don't allow them to
249
00:19:15.640 --> 00:19:21.519
do as much is because we fear
that we won't have fraud. The other
250
00:19:21.599 --> 00:19:25.279
thing I'd love to get your take
on is I think when you move to
251
00:19:25.359 --> 00:19:29.759
the kind of model based world versus
kind of an old school rules based approach,
252
00:19:30.240 --> 00:19:32.519
you end up with this kind of
layering of defenses, which is like,
253
00:19:32.519 --> 00:19:33.519
I don't have to be a one
hundred percent sure and the real times
254
00:19:33.559 --> 00:19:37.200
I wanted to be the guy got
a bunch of signals, and each signals
255
00:19:37.279 --> 00:19:38.640
like pushes me a little bit.
This looks more like fraud, a little
256
00:19:38.640 --> 00:19:41.200
bit more like fraud. And I
don't have to say you can't complete the
257
00:19:41.240 --> 00:19:45.599
transaction, mister Cosmo. I'd like
you to talk to an agent first,
258
00:19:45.640 --> 00:19:47.759
which I may do a little bit, or I need you to do a
259
00:19:47.839 --> 00:19:51.599
knowledge based authentication, or I need
to get a text message, like there's
260
00:19:51.640 --> 00:19:53.480
all sorts of layering of what is
the kind of friction I might put in
261
00:19:53.519 --> 00:19:56.160
the process. I don't have to
be like one percent sure this is fraud,
262
00:19:56.160 --> 00:20:00.160
I'm stopping now, I'm this looks
like a higher risk. What what
263
00:20:00.920 --> 00:20:03.680
level of friction or additional process can
I layer in? And there might be
264
00:20:03.799 --> 00:20:07.720
multiple of those layers, So talking
about how you design that, because I
265
00:20:07.720 --> 00:20:10.519
think that's so important to say,
how do I go from yes, no,
266
00:20:11.200 --> 00:20:12.200
like this is or isn't fraud,
I'm going to stop it or allow
267
00:20:12.240 --> 00:20:15.039
it to Like, how do I
introduce a little friction to try and reduce
268
00:20:15.079 --> 00:20:19.359
the likelihood that the frauds are can
complete a transaction as my risk perception increases.
269
00:20:22.000 --> 00:20:26.240
So there are some transactions or signals
that people think are Bay BAYPO signals
270
00:20:26.480 --> 00:20:30.240
if you can take a decision,
yeah, just and clearly of the m
271
00:20:30.799 --> 00:20:34.799
customer and customer. Yeah, it's
somewhere in the mind that when all this
272
00:20:34.960 --> 00:20:40.440
complexity comes in and for us,
the way we want to think about this
273
00:20:40.880 --> 00:20:45.960
is we are in this together without
consumers. So when you are in that
274
00:20:45.160 --> 00:20:49.240
kind of uncertain phase, how do
you reach out and engage with the consumers
275
00:20:49.559 --> 00:20:53.359
to confirm Because there's one person who
can always tell you if they are making
276
00:20:53.400 --> 00:20:57.960
the confection or not. It's consumers
um. But then you have to create
277
00:20:59.119 --> 00:21:03.240
systems that you dejected to time.
How can you reach the consumer serio time
278
00:21:03.799 --> 00:21:07.039
in the channels that they prefer,
so that it's not just limited to one
279
00:21:07.720 --> 00:21:11.279
And then when they're responding, how
do you consume that response and then let
280
00:21:11.319 --> 00:21:15.720
them continue with the transactions that I
kind of do. So that system that
281
00:21:15.839 --> 00:21:22.680
requires such an often investment and thinking
and design and cladique of messages for the
282
00:21:22.759 --> 00:21:26.359
consumers, all of that you have
to think one. Yeah, I also
283
00:21:26.440 --> 00:21:30.519
love your point about thinking about the
other sides. I feel like this when
284
00:21:30.519 --> 00:21:33.960
we approach this, it's always this
kind of battle between how much can you
285
00:21:33.039 --> 00:21:37.759
make things instant and immediate? And
of course you can do one hundred percent,
286
00:21:37.759 --> 00:21:40.839
it's really easy. You just have
a lot of fraud and you can
287
00:21:40.880 --> 00:21:45.240
have you know, zero risk of
fraud and everything be super painful. In
288
00:21:45.519 --> 00:21:48.880
the battle is like how far can
I push the limit on instant and keep
289
00:21:48.920 --> 00:21:52.599
the frauds low at the same time. And I do think in the world
290
00:21:52.640 --> 00:21:55.799
of digital you're in a world where
like the instant actually is a pretty tremendous
291
00:21:55.839 --> 00:22:00.759
differentiator or at least requirement to be
competitive in certain environments. So allowing the
292
00:22:00.880 --> 00:22:04.599
lack of sophistication on your froadside to
prevent that is like that's becoming a large
293
00:22:04.640 --> 00:22:07.920
or larger liability. I think for
banks not to be competitive on the consumer
294
00:22:07.960 --> 00:22:11.720
side, I totally agree on that
one, and I think it's a share
295
00:22:11.759 --> 00:22:17.720
of response. It's not just banks
job to do it. I think it's
296
00:22:17.759 --> 00:22:21.039
consumer's job to prevent and protect them
as well, for sure, And it
297
00:22:21.200 --> 00:22:25.960
is a government's job to actually helpless
designer solution or an environment that's going DC
298
00:22:26.359 --> 00:22:30.400
banks and consumers to welcome this thing
together. So collectively, I think you
299
00:22:30.480 --> 00:22:33.880
can do it. The international countries
have made tremendous focus on those events.
300
00:22:36.119 --> 00:22:41.839
I go to India vacations and I
see that in India's completely digital now and
301
00:22:42.079 --> 00:22:47.680
they have all created really sophisticated ways
of banks and consumerusly acting and interact.
302
00:22:48.160 --> 00:22:52.519
Interesting. I do want to slide
back to your comment on the shift to
303
00:22:52.559 --> 00:22:56.720
digital, because with a lot of
what we talk about is digital influenced.
304
00:22:56.759 --> 00:23:00.799
But I'm curious what are the is
more and more transaction are going digital,
305
00:23:00.880 --> 00:23:03.880
what are the trends and fraud are
the investments you see people making that are
306
00:23:03.920 --> 00:23:07.920
related to the kind of like I
think so many of particularly smaller community banks,
307
00:23:07.920 --> 00:23:10.960
maybe not Capital one, but are
you know, have a little more
308
00:23:11.039 --> 00:23:12.279
just like in the lending space,
we bring you in and check your ID
309
00:23:12.440 --> 00:23:17.079
and like feel pretty good when Jeff
comes in with Jeff ID and jeff social
310
00:23:17.119 --> 00:23:19.559
security number. And there so many
of the processes that are kind of the
311
00:23:19.640 --> 00:23:25.480
fraud mechicines are oriented around in person
experiences and as you move digital, you
312
00:23:25.599 --> 00:23:27.720
got to find a new way to
handle that. And I'm curious what you're
313
00:23:27.720 --> 00:23:32.079
seeing as the trends in that kind
of shifting the fraud detection as we move
314
00:23:32.119 --> 00:23:34.319
and the prevention as we move pure
digital, and so many of our transactions
315
00:23:34.359 --> 00:23:38.039
that used to be face to face
mediated and it had very different mechanisms of
316
00:23:38.039 --> 00:23:42.680
protection that aren't available. I agree
with you, but I would also say
317
00:23:42.799 --> 00:23:48.519
that digital it provides its own unique
way of kind of slumming the identity of
318
00:23:48.640 --> 00:23:53.880
an individual. Your device has so
many signals. If you're able to bind
319
00:23:53.960 --> 00:24:00.839
deer device to your consumers very very
cry, then that is actually a tremendous
320
00:24:02.000 --> 00:24:07.400
way of detecting who is performing the
transaction, not frosts are always trying to
321
00:24:07.519 --> 00:24:11.799
emulate devices and see if they are
care or not, but there is I
322
00:24:11.920 --> 00:24:19.200
actually think that in some regards,
the transactions that happen digitally can be safe
323
00:24:21.079 --> 00:24:26.519
if a bank is able to consume
all the information from those adigional transactions.
324
00:24:26.680 --> 00:24:33.160
And bigger banks have put a tremendous
amount of investment to presume those real time.
325
00:24:33.759 --> 00:24:37.680
But even for smaller community banks,
there are lots of players that are
326
00:24:37.759 --> 00:24:41.039
out there in a fit that can
actually make it easy for them so they
327
00:24:41.079 --> 00:24:45.359
don't have to do it on their
own. But there are so many cares,
328
00:24:45.440 --> 00:24:48.920
Like even in this conference, you're
seeing that there are so many players
329
00:24:48.000 --> 00:24:53.559
out there reading solutions then the banks
can plug into. Yeah, maybe the
330
00:24:53.599 --> 00:24:59.079
advice I would give to the smaller
banks and listeners like one of the one
331
00:24:59.119 --> 00:25:02.720
of the flaws I is trying to
when you digitize, I think of digitizing
332
00:25:02.759 --> 00:25:06.799
the current approaches and to your point, I think it's like you lose a
333
00:25:06.839 --> 00:25:10.440
few signals I get, but trying
to replace those by uploading a driver's license
334
00:25:10.519 --> 00:25:14.000
and having a video call at the
same time saying Hey, I'm trying to
335
00:25:14.119 --> 00:25:15.880
do the same thing in the digitally, It's like well, no, there
336
00:25:15.920 --> 00:25:18.839
are now unique signals that were not
available to you before, and you should
337
00:25:18.839 --> 00:25:22.519
be you should be taking advantage of
those and rebuilding your approach based on that.
338
00:25:22.960 --> 00:25:26.680
Otherwise you can, like, I
don't think they're trying to make it
339
00:25:26.039 --> 00:25:29.880
feel like you're in the branch on
your photo idea is gonna it's gonna be
340
00:25:29.880 --> 00:25:33.519
the way to do it and not
us. These technologies up getting on and
341
00:25:33.640 --> 00:25:37.480
more sophisticated. You should an indignation
on the apples me. It's so many
342
00:25:37.559 --> 00:25:44.640
thanks, so much more fluent.
Yeah, and as this technology jstaing Bulo
343
00:25:44.759 --> 00:25:52.640
is, you can wind did entitys
and indivisio very clearly and enable that friction
344
00:25:52.720 --> 00:25:57.279
less in real time transaction capability.
So last question for you, what's like
345
00:25:57.400 --> 00:26:00.680
for people out there listening go,
hey, I see these problems to I
346
00:26:00.759 --> 00:26:03.799
said, what's your advice on how
they prepare for the future investments that they
347
00:26:03.799 --> 00:26:07.480
should be focused on making to be
in position to you know, actually defend
348
00:26:07.519 --> 00:26:12.200
most effectively against these kinds of things
moving forward. Yeah, So I would
349
00:26:12.240 --> 00:26:21.240
say that it's a never ending makes
it fun, makes it fun, but
350
00:26:21.680 --> 00:26:25.079
there is there's so much of advantage
that you get when you get it right
351
00:26:26.559 --> 00:26:30.480
but don't rest on your moils.
So you know at sart is always going
352
00:26:30.559 --> 00:26:33.799
to change. Now we have seen
things such as chat, GPT and all
353
00:26:33.880 --> 00:26:40.480
these artificial intelligence tooths I'm going to
come, so we will see a very
354
00:26:40.519 --> 00:26:45.400
different level of challenge. The moist
recognition is going to be difficult. The
355
00:26:45.680 --> 00:26:51.440
almost late in old school, you
would get a spoofed email. It will
356
00:26:51.519 --> 00:26:56.759
have typo errors and you would know
that if least nabled person reads the email
357
00:26:56.799 --> 00:27:00.079
out that I don't think this is
a professional email. But big things like
358
00:27:00.200 --> 00:27:03.680
chat, GPT, that thing is
going to feel more professional. Field war
359
00:27:03.880 --> 00:27:10.160
yea. The populated setting it so
trends will keep changing and you almost have
360
00:27:10.400 --> 00:27:14.640
to be on front of that trand
change and disappeared where it is going and
361
00:27:14.759 --> 00:27:18.039
start building your solutions right away.
It's a race that's going to happen between
362
00:27:18.160 --> 00:27:22.799
the banks as well as between the
front community on how do you left place
363
00:27:22.839 --> 00:27:26.400
the technology to be ahead of either. So there is no point in relaxing
364
00:27:26.440 --> 00:27:30.720
and saying, oh I did all
this investment, I can relax north like
365
00:27:30.799 --> 00:27:36.599
them, you would constantly be on
your toes, so I think for but
366
00:27:36.759 --> 00:27:40.000
take advantage of it. So there's
a tremendous amount of capability that's coming to
367
00:27:40.039 --> 00:27:45.960
the banks as well. The second
thing I would say is engage with your
368
00:27:47.000 --> 00:27:52.000
consumers. It's important to educate your
consumers. It is important to take them
369
00:27:52.039 --> 00:27:56.519
into confidence. The more your consumers
are digitally savvy and know what to watch
370
00:27:56.559 --> 00:28:00.799
out for, the better you would
be. So it's an alienating important to
371
00:28:00.880 --> 00:28:04.759
do that. And as a consumer, I would say, just we have
372
00:28:04.759 --> 00:28:08.799
attension. It's your money. You
need to take a look at it.
373
00:28:10.200 --> 00:28:15.039
I always tell about thanks and family
that look at your banking accounts, how
374
00:28:15.119 --> 00:28:18.640
much habit to look at them almost
every other week, even if you're not
375
00:28:18.920 --> 00:28:22.960
using them. You don't know who
else is your So just holding umber statements
376
00:28:23.000 --> 00:28:29.640
and see how how your transactions are
because it's irresponsibility. If you find something
377
00:28:29.799 --> 00:28:33.359
bad are unexpected, you're the one
who need to contact the backs and tell
378
00:28:33.440 --> 00:28:37.559
them, yeah, I've I've actually
pushed myself and my family working more like
379
00:28:37.680 --> 00:28:41.160
real time alerts, like you know
I find looking through my likes a credit
380
00:28:41.200 --> 00:28:44.920
card. It's a simple example.
Looking through the statement once a month takes
381
00:28:44.920 --> 00:28:47.799
a lot of time. Getting real
time alert saying hey you just bought something
382
00:28:47.839 --> 00:28:49.400
away. I know, no big
deal. And real time much says you
383
00:28:49.440 --> 00:28:55.640
just bought something I did? Yeah? Uh quit Wait, so I'm accusially
384
00:28:55.680 --> 00:28:59.480
called my wife on I don't recognize
this company for this charge this I'm not,
385
00:28:59.640 --> 00:29:00.359
I'm not. It's not a problem. It's okay to spend the money,
386
00:29:00.400 --> 00:29:03.359
Like, I just want to make
sure that was you and not somebody
387
00:29:03.400 --> 00:29:06.599
else. But that real time nature, for me is makes it more digestible,
388
00:29:06.680 --> 00:29:08.440
right, more not so much as
saying, hey, what all did
389
00:29:08.480 --> 00:29:11.000
we spend last month? Did they
go to the gas station on the thirty
390
00:29:11.039 --> 00:29:15.640
first? Yeah, so you've been
trying to do that as a consumer cognizant
391
00:29:15.759 --> 00:29:21.000
is important. And how about the
community among banks? It feels like this
392
00:29:21.200 --> 00:29:25.160
is a bit of a collective problem
and a collective sharing of information is Is
393
00:29:25.200 --> 00:29:29.599
there a good collaboration among peers to
help like identify what's coming and see how
394
00:29:29.640 --> 00:29:33.359
we can all respond effectively. Yeah, is one. We have the banks
395
00:29:33.400 --> 00:29:37.759
collaborator pretty heavy as we are finding
the same game against the bad people.
396
00:29:38.559 --> 00:29:42.680
So we had all in it together, so we shared. Our best practice
397
00:29:44.039 --> 00:29:48.519
is connect to you, maybe go
off there the fun stars hun good coming
398
00:29:48.559 --> 00:29:52.519
to you out here. And CBA
is a very lidability community. So excellent.
399
00:29:52.640 --> 00:29:56.319
You share that plan and so what's
happin how do we lene from each
400
00:29:56.359 --> 00:30:00.880
other um to look that we are
doing as banks collect you on Zell and
401
00:30:02.079 --> 00:30:07.839
BNC conversations on fraud and stands on
Zell has been tremendous. The performance dad
402
00:30:07.960 --> 00:30:12.480
has been amazing. Fund industry to
FA levels. How tremendously come bound there.
403
00:30:12.720 --> 00:30:17.640
Now it's showing up in other nadias. I'll flout other B to B
404
00:30:18.359 --> 00:30:23.319
companies, but Verdio collaborate and you
work together. I think you have named
405
00:30:23.319 --> 00:30:27.599
blond page or the bad case.
Excellent. O gosh, thanks so much
406
00:30:27.599 --> 00:30:30.319
for joining me to this is a
fascinating conversation. I appreciate your bag at
407
00:30:30.319 --> 00:30:34.039
the time. Thank you for inviting
me. If that's fun. Upstart partners
408
00:30:34.079 --> 00:30:38.480
with banks and credit unions to help
grow their consumer loan portfolios and deliver a
409
00:30:38.559 --> 00:30:45.119
modern all digital lending experiments. As
the average consumer becomes more digitally savvy,
410
00:30:45.440 --> 00:30:49.240
it only makes sense that their bank
does too. Upstarts AI lending platform uses
411
00:30:49.279 --> 00:30:56.759
sophisticated machine learning models to more accurately
identify risk and approve more applicants than traditional
412
00:30:56.799 --> 00:31:02.759
credit models. With fraud rates near
zero, Upstarts all digital experience reduces manual
413
00:31:02.880 --> 00:31:07.480
processing for banks and offers a simple
and convenient experience for consumers. Whether you're
414
00:31:07.519 --> 00:31:12.000
looking to grow and enhance your existing
personal and auto lending programs, or you're
415
00:31:12.039 --> 00:31:18.000
just getting started, upstart can help. Upstart offers an end to end solution
416
00:31:18.119 --> 00:31:22.000
that can help you find more credit
worthy borrowers within your risk profile. With
417
00:31:22.200 --> 00:31:26.680
all digital underwriting, onboarding, loan
closing, and servicing, It's all possible
418
00:31:26.720 --> 00:31:32.359
with Upstart in your quarter. Learn
more about finding new borrowers, enhancing your
419
00:31:32.400 --> 00:31:37.599
credit decisioning process, and growing your
business by visiting upstart dot com Slash four
420
00:31:37.839 --> 00:31:42.559
dash banks. That's upstart dot com
slash foward dash Banks. You've been listening
421
00:31:42.599 --> 00:31:47.319
to Leaders and Lending from Upstart,
make sure you never miss an episode.
422
00:31:47.559 --> 00:31:52.000
Subscribe to Leaders in Lending in your
favorite podcast player using Apple Podcasts. Leave
423
00:31:52.039 --> 00:31:55.079
us a quick rating by tapping the
number of stars you think the show deserves.
424
00:31:55.400 --> 00:31:56.319
Thanks for listening until next time.
