Fraudsters innovate. So should you- Q&A with Lou Anne Alexander
Lou Anne shares her prior experiences with fraud and network-based consortiums in banking, and her outlook for fintechs
Fraud and its perpetrators keep evolving, making it a tough problem to solve — one that requires a wealth of industry expertise and sophisticated tooling. To make this a reality, the Fintech Fraud DAO is excited to partner with a banking veteran with decades of success behind her — Lou Anne Alexander. Lou Anne has spent the last 30 years in the banking space, 15 of which were spent building out the industry-defining Early Warning Services (EWS) as a solution to fraud in the traditional banking industry, and led the launch of Zelle — the now ubiquitous real-time payments network.
Today she spends her time advising up-and-coming startups to help shape the next generation of fintech innovation, including the Fintech Fraud DAO project. We had the opportunity to pick her brain on all things fraud, her thoughts on Web3 and DAOs, and much more.
Q1: What are the types of fraud that you have seen and dealt with during your time with Early Warning Services?
A: It is interesting how many fraud attacks and associated descriptors have been added to our vocabulary over the last few decades. If you go back to check frauds, all of which continue to this day, we focused on forgeries, kiting, bogus and counterfeit checks, and check washing. And of course, there is the simple fraud of writing bad checks — for money you know you don’t have. Enter the popularity of card-based payments and we began to deal with hacking and card skimmers to create bogus plastics or make purchases in a card not present channel. Masses of stolen personal identity information led to rises in application fraud, and synthetic identities which are now maturing in account portfolios enabling highly effective revolving credit bust outs. More recently, with our ability as a consumer to transfer money in real-time, we are experiencing far more sophisticated account takeover schemes and scams where fraudsters trick an unsuspecting customer into sending money.
At its core, managing most types of fraud boil down to this question:
Are you able, with a high level of certainty, to identify who you are transacting with in real-time, and is the behavior exhibited a normal behavior or an anomaly?
Prevention of fraud ties directly to an organization’s ability to resolve customers’ identities. As we developed Zelle, I’ve always said, “It is easy to move money faster, but it is hard to know who you are moving money for”.
Fraudsters are rewarded for coming up with new methods to perpetrate fraud. It’s a cat and mouse game between fraud prevention teams and those that devise new attack vectors as their day jobs. Identifying new schemes quickly is key to keeping losses low. Organizations need to be nimble and to be able to react to new attack vectors within minutes and seconds as opposed to weeks and months.
In conclusion, fraud continues to evolve, and sophisticated tooling is the way for fintechs to stay ahead of the curve by reacting to perpetrators in near real-time.
Q2: How much do regulations impact the way financial institutions think through fraud or prioritize their specific needs?
A: When it comes to traditional banks, they generally prioritize all product enhancements that are a result of changes in laws and regulations, over product innovation.
With fintechs, given their often distributed regulatory structures (think Non banking financial institutions) the process becomes a bit less clear.
Technically, fintechs have a lower barrier to entry when it comes to banking regulation. While banking partners are required to ensure adherence to banking regulations, all players in the financial space, regardless of their structure, must (and typically do) take some degree of responsibility with respect to regulatory compliance.
Q3: Do traditional banks face different challenges vs. fintechs when it comes to fraud?
A: Although banks may more frequently be liable for fraud losses, there’s very little distinction when it comes to attack vectors — fraudsters go after the weakest link. Fintechs often collect very similar personal identification and account related information that banks collect.
During my time with Early Warning, I saw even the largest of banks struggle to contain fraudsters without help from others in the industry. This industry sharing of data necessary for identifying and authenticating customers with a high level of certainty is paramount to success in containing fraud. My advice to fintechs — if one of your competitors is experiencing fraud that isn’t showing up on your radar just yet, don’t sit on the problem — inevitably, it’ll come for you too.
Fraud prevention and detection should not be a competitive advantage or disadvantage. But rather, the issue of containing fraud is collectively an issue for all financial services stakeholders. With that said, participation in data-sharing initiatives is one way to future proof your company and your user base. There’s no room for complacency when it comes to protecting our global financial system.
Q4: What is your thought process around incentivizing early adopters? How do you ensure that they cross the chasm?
A: The data sharing consortium should not be thought of as a feature set that’s designed to be a competitive moat. The goals of any such network should be to create a self-regulated fintech ecosystem that rewards all players.
In my opinion, this should be a collaborative effort that is seen as a ‘must have’ rather than as a ‘nice to have’. The first set of adopters will typically be those with a current and growing needs in fraud or money laundering detection.
Further members will join with either or both of the following motivations:
- To protect their position(s) in the market
- To future proof their services against evolving attack vectors.
- Because it is the right thing to do for their customers and their business.
With the Fintech Fraud DAO, participants are offered multiple modes of data integration — an API interface for those with technical resources and a user interface that those without technical resources can use. This will make integration easier for a risk/operations team.
Q5: What are your thoughts on Decentralized Autonomous Organizations (DAOs) — and what drew you to the Fintech Fraud DAO?
A: The Fintech Fraud DAO preserves a lot of aspects that have been formulas for success over decades, such as the network-based participation and give-to-get data sharing. Web3 by definition (Read, Write, Own) plays well into the give-to-get principle. Over and above these, the evolution of encryption technology and its adaptation to suit these use cases helps potentially alleviate or even eliminate a few of the following hurdles:
- Data security and encryption — The use of bloom filters means that no clear-text PII ever touches the Fintech Fraud DAO database. That being said, a combination of multiple bloom filters helps in accurate identity resolution enabling the DAO to collect data across a number of data sources matched to a specific single human or entity.
- Participant incentivization — It is important to provide incentives for the largest as well as the smallest of participants. During my time with Early Warning, we were challenged to provide incentives to the largest banks who provided the majority of data, but at the same time cater to the smallest of financial institutions who had less scale and therefore less influence over the network.
The DAO model is promising in helping incentivize participation across small and large players, no matter what role they play in financial services. The DAO model stands well placed to create a fair system, open to a variety of financial institution players and stakeholders.
This is truly an opportunity for the consortium model to go across all participants in the industry — every player and stakeholder can be involved in shaping the future
Q6: In your experience, what are some best practices in building successful data-sharing and governance consortiums?
A: Listed below
Trust and community — Creating an engaging and collaborative environment with trusted organizations as the first wave of participants will help foster a community for fraud fighting.
Working agreements — Creating working agreements and standards among the members will ensure everyone is playing by the same rules. Harnessing the group’s ability to enforce the working agreements and standards set within the DAO will be crucial.
For instance, ensuring data completeness and data quality (give-to-get) among the members, and notifying members of exceptions if any.
Fraud forum — An open forum helps to establish trust. Members should feel like they are in this together — their competitors are partners when it comes to protecting against fraud and helping to meet regulatory requirements.
Forum members can discuss (among other things)
- Ongoing fraud attacks, investigations and remediations
- Questions about shared data
- Proposals for new data that can be helpful to remediate attacks if it were provided
Legal/compliance forums can also be established as subsets of these to allow these stakeholders to have a voice in the program.
External audits — From a data management and privacy perspective, trust is heightened when there are audit capabilities, both on security and data usage. Impartial external reviewers who report on security standards and compliance to data privacy laws are immensely helpful.
The Fintech Fraud DAO is taking steps even in its infancy to create a Slack community where discussions like the ones mentioned above will be frequent, valuable and engaging.
Q7: How do you see your role evolving with the growth and development of this DAO?
A: My personal beliefs are in alignment with the principles of the Fintech Fraud DAO. I am personally invested in its success. I hope to see the project through and see it be prominent in fintech.
In my advisory role, I will
- Be available for roundtables and industry conferences
- Help shape various product areas on an as-needed basis
- Be a subject matter expert for fintechs that wish to gain more than users’ data and to be part of a self regulating community
- Bring other subject matter experts in banking and the regulatory environment to the table
In conclusion, most industry insiders’ smart money is on network-based solutions as a means to combat fraud. With in-built data security, privacy and collaborative governance, the Fintech Fraud DAO aims to enable fintechs to take control of their fraud prevention.