Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Insights from the E-Fraud Global Forum on Online Scams and Countermeasures, with Uri Rivner, CEO, Refine Intelligence
573 Plays1 year ago
Join us for an informative episode as we explore the world of online scams and gain insights from the e-Fraud Global Forum at RSA Conference. Our guest, Uri Rivner, CEO of Refine Intelligence, shares his expertise on the challenges faced by institutions in detecting scams and the operational aspects of resolving cases. We discuss the role of mule accounts in scams and their implications. Discover the strategies, technologies, and collaborations used by financial institutions to combat scammers and protect consumers. Tune in to this episode to stay informed and empowered against digital threats.
This podcast is hosted by Ayelet Biger-Levin https://www.linkedin.com/in/ayelet-biger-levin/ who spent the last 15 years building technology to help financial institutions authenticate their customers and identify fraud. She believes that when it comes to scams, the story starts well before the transaction. She has created this podcast to talk about the human side of scams, and to learn from people who have decided to dedicate their lives to speaking up on behalf of scam victims and who take action to solve this problem. Be sure to follow her on LinkedIn and reach out to learn about her additional activities in this space.
Also check out https://scamranger.ai if you had received a message that you suspect is a scam
Recommended
Transcript
Introduction to Scam Rangers Podcast
00:00:03
Speaker
Scam Rangers, a podcast about the human side of fraud and the people who are on a mission to protect us. I am your host, Ayelet Bigger Levine, and I'm passionate about driving awareness and solving this problem.
00:00:21
Speaker
Welcome to Scam Rangers.
Yuri Rovner's Background in Fraud Technology
00:00:23
Speaker
Today's Scam Ranger is a veteran in the fraud fighting technology space. Yuri Rovner has been fighting financial crime for over 20 years, working closely with the world's largest banks on developing strategies against online fraud. Prior to founding Refine Intelligence, Yuri was co-founder at behavioral biometrics company Biocatch and before that head of new technologies at RSA.
00:00:48
Speaker
So hi, Yuri, welcome to the podcast. It's so great to have you here. Thanks. Pleasure to be in your podcast. You know, I want to share with the audience that my first encounter with Yuri was actually my first encounter with the world of cybersecurity and fraud when I joined RSA in 2008. And Yuri was delivering the new employee training and teaching us all about how
00:01:13
Speaker
we collect information and device information, network information, other types of intelligence to be able to learn about patterns of good and bad behavior and how data sharing, which is now a trend that everyone's talking about, how important it is. Back in 2008, you were a big advocate for data sharing and you created a tool for that and you preached for that.
00:01:41
Speaker
I wanted to hear a little bit about your journey into the world of cybersecurity and fraud, and then we'll talk a little bit about RSA Conference as well.
Pioneering Risk-Based Authentication
00:01:50
Speaker
Awesome. So I started my career in fighting flash of crime in a small startup, Israeli startup called Sayora. Today, many of you know what risk-based authentication is, but until Sayora, it did not exist. Sayora started providing verified by Visa, MasterCard, secure codes, really secure, you know, these sort of services to credit cards. But at some point, it was very clear that just the Proko itself,
00:02:17
Speaker
was not really protecting the customers or the banks and came up with, sort of came up with the notion of analyzing transactions in real time and then assigning an elevated security if the risk was high, known as risk-based authentication. Started with credit card transactions online,
00:02:36
Speaker
but then moved to online banking.
Understanding Fraud as an Ecosystem
00:02:40
Speaker
And at that point, the company was acquired by RSA. I became head of new technologies at RSA. And yeah, I remember fondly all of these employee training sessions. I basically tried to explain that fraud is not like a lone person doing fraud. You don't have like a fraudster. You actually have
00:03:01
Speaker
a very big ecosystem where each of these components are basically providing a service, something that the industry, the fraud industry needs. And it's very, very competitive in nature, actually. That was the first time that I met you. At RSA, we were fighting fraud across multiple banks, national institutions.
RSA Attack and BioCatch Discovery
00:03:24
Speaker
And I think at that time, it was mostly around trojans. Well after the fishing years,
00:03:30
Speaker
scans, which we're going to probably talk about today, were a very minor issue these days. It wasn't like the sort of tsunami that we're currently witnessing. So a can take over fraud was essentially almost all of it.
00:03:44
Speaker
2011 was an interesting year because RSA was actually attacked by a foreign state. I wrote a blog called Anatomy of Attack that explained what happened and over that year I was basically looking for new technologies that are interesting that can help the fight both in cyber and in cybercrime.
Transition to Anti-Money Laundering Tech
00:04:05
Speaker
and came across BioCatch. BioCatch, behavioral biometrics, a very intriguing new field of science back then did not actually have any actual deployments with financial institutions. And at some point, the founders of BioCatch asked me to join as a co-founder that was in 2012. Today, BioCatch and behavioral biometrics is used
00:04:28
Speaker
across the globe by many financial institutions, mainly around account takeover fraud, but also account opening fraud, anything to do with online account opening, as well as scam detection, and your detection and anything like that. And then a couple of years ago, I started to look at an adjacent field, a different field.
00:04:48
Speaker
which is the AML field, anti-money laundering. It's quite interesting because for many years it wasn't a field that was heavily focused on technology. It was heavily regulated. But technology came a little bit later when banks realized, look, we do need to invest here, create good detection models, use machine learning.
00:05:12
Speaker
the majority of the banks started to see that they really need to invest in AML and grow their operations side.
Founding Refine Intelligence and Industry Storytelling
00:05:22
Speaker
That's something that is an issue across the globe. The size of the operations team in an AML program, those are massive teams. And the other thing to remember is most of the alerts that they go through on a daily basis,
00:05:37
Speaker
they're essentially legit customer activities that are basically false positives. So it's a very interesting field to look at in terms of what can be done? How can this be changed? And I decided to set up a new company called Refine, Refine Intelligence. Great.
RSA Conference Insights and EFRAUD Forum Highlights
00:05:54
Speaker
So one of the characteristics you have besides being an expert in cybersecurity and cybercrime and everything fraud,
00:06:02
Speaker
is your ability to tell stories. And you're one of the best storytellers I know, not only in our industry, but in general, which is why you get invited to speak at many venues, many conferences, many industry conferences, interviews with the media. And I think it's so important that you can communicate the challenges, you can communicate the threats, and you can communicate the solutions in a way that really brings
00:06:30
Speaker
the concepts to everyone and makes it accessible to multiple stakeholders in the industry, also fosters not only better understanding of the problem, the solutions and the options, but really fosters collaboration. And one of my favorite activities that you do every year is your presentations at RSA Conference. So what I wanted to do is shift a little bit to talk about
00:06:55
Speaker
RSA Conference. I have serious FOMO because this is the first year since 2009 that I have not attended the conference. And here are some of your takeaways from RSA Conference about scams. So tell us a little bit. Actually, let me start by sharing with our audience because not everyone is familiar with RSA Conference. RSA Conference is a very large cybersecurity conference.
00:07:19
Speaker
I'm going to say that at the peak there were around 50,000 attendees the year before COVID. It's been picking up and I think this year there were about 30,000 attendees officially. There are probably a lot more people that attended the ancillary events and adjacent
00:07:35
Speaker
meetings, et cetera. And it's mostly focused on cybersecurity threat awareness and EDR and all the, and identity, of course, and all the different types of cybersecurity enterprise, cybersecurity solutions. But there is also a fraud track. And most importantly, there's an event called Efraud Global Forum, which is actually a pre-conference event that hosts the leading financial institutions globally.
00:08:02
Speaker
And it's a closed event, but you always had access to it because you are a leader in the industry. And I would love for you to share kind of a little bit high level. What is the EFROD Global Forum?
Scams and Global Regulations
00:08:15
Speaker
What happens there? So typically the EFROD Forum starts at the first day of RSA conferences that are based in San Francisco.
00:08:23
Speaker
around 100 to 150 leaders across the globe, banks, credit issuers, financial institutions, e-commerce organizations, marketplaces, and anything in between. The idea of this forum is really collaboration and exchanging ideas.
00:08:43
Speaker
In any time that I went to ifro, there were always new faces, but also some of the folks that are there all the time. So it's a very, very good sort of glue, if you think about it, in terms of the event itself.
00:08:59
Speaker
The topics are what is interesting for the fraud fighting community, mainly around banking fraud, I would say. That's like the focus as opposed to e-commerce fraud. You have a lot of other conferences focused on e-commerce. I think the most interesting thing about that event, a very, very good program committee where you have the fraud fighters, people from the banks,
00:09:20
Speaker
and that you know me to discuss the themes and the specific topics for each year very good organization and this year scams were heavily discussed and it was a major
00:09:33
Speaker
sort of concern
Role and Evolution of Mules in Financial Crime
00:09:34
Speaker
and theme. Obviously we can talk about scams and why they're so, you know, dangerous and prevalent these days and how they evolve over the years. But I think one of the most interesting things that happened last year was really the liability shift around scams globally. Both in the UK, you know, the PSR
00:09:59
Speaker
legislation that is coming as well as similar things that are happening in the U.S. The combination of scams, instant payments and liability
00:10:12
Speaker
together basically spell disaster. So that was obviously very interesting for the audience. So IFR was definitely one of the highlights for RSA Conference on my end. You mentioned a talk that we gave Erin from a bio-catch myself at RSA Conference, and that was a learning lab, which is almost like a workshop, a two-hour workshop focused on mules.
00:10:38
Speaker
mules are the oxygen of financial crime. You cannot really operate without mules. And mules have developed over the years. It used to be people that have been recruited, some of them knowingly, some of them unknowingly, to participate for operations. But today is also possible to be your own mule by just setting up a new account. So account opening fraud is heavily tied to the
Detecting Scams through Micro-Behaviors
00:11:05
Speaker
problem of mules. Some of these
00:11:08
Speaker
You know, accounts that are being opened can serve as mules for things that are not banking fraud. For example, a couple of years ago, the biggest problem was actually stimulus fraud. And billions of dollars in the stimulus pack fraud had to flow somewhere and they flowed into freshly opened accounts.
00:11:28
Speaker
using either identity theft or synthetic identities. And definitely mules are not just recruiting an existing person, but also creating a new way account. What we did in the workshop, we call it war games. And we split the audience into groups.
00:11:50
Speaker
each group sitting across the table and we presented real world scenarios. We gave some facts and then we offered additional data. Every team had to decide whether they want additional data or they want to make a call, like saying, hey, this is definitely a mule situation or no, it's actually a legitimate, genuine sort of activity. And it was a very interesting contest between the teams. So for example, what kind of data would you give them?
00:12:18
Speaker
So, I'll give you an example. Someone in the US, it happened in September last year, deposited exactly $10,000 in cash. Now, in the US, if you deposit cash over $10,000, there's actually an official report going to the government.
00:12:39
Speaker
a cash transaction report. And some people want to fly a little bit below that radar. An exact $10,000 cash deposit, certainly if a person never had that amount of cash being deposited in their account before, is highly suspicious. And in that specific case, the AML team actually picked it up using transaction monitoring as a suspicious activity that they wanted to investigate. So that's the scenario.
00:13:08
Speaker
Now let's talk about the additional data, right? So what sort of additional data is available?
00:13:14
Speaker
In that specific case, it was a digital outreach that collected the following. It was a gift from my parents. And the reason is I'm getting married. That's a data point to that investigation. And let's say that at that point, the team needs to make a decision. Do we need more information? Or we're ready to make a call, which could be, hey, that's a mule.
00:13:40
Speaker
or some sort of money laundering here, or it could be a legitimate person.
00:13:45
Speaker
The next set of data was around the person. They're 28 years old. The family lives in a high-income neighborhood, these sort of things. So most people, by that point, say, well, maybe it actually looks more like a legitimate sort of activity. You had to decide whether it's a mule activity or not. In any case, it was educational fun. People really liked it. You're not helping me with my FOMO, but fine.
00:14:15
Speaker
Let's uncover some of the conversations around scams. Now we'll kind of double click into that. I'm just going back to the beginning of our conversation today. You talked about account takeover fraud, new account fraud, mules, and all the methodologies that we used to use in order to
00:14:35
Speaker
be able to detect those types of behaviors. And I think the fundamental question that we asked ourselves through the technology is basically, are you who you claim to be? So for account takeover fraud, are you digitally representing the true human that owns this account, the account holder, or acting on their behalf? And we were able to detect that through device intelligence, network intelligence, behavior, and other characteristics. And
00:15:03
Speaker
Same for account opening. Are you who you claim to be with, you know, KYC, no, no, your customer and other controls like location and do they match your personal information? And do you behave
Bank Liability and Detecting Scam Intent
00:15:16
Speaker
like a new user? You mentioned behavioral biometrics who doesn't know the form and doesn't know the process. And we talked a lot about this a little bit in previous episodes as well. When it comes to scams, the question is fundamentally different. It's not are you who you claim to be, but really.
00:15:34
Speaker
We know that you are who you claim to be. We probably verified that with our account takeover tools. But the question is, are you acting under the right intent? Are you being coerced by someone? What I wanted to ask you is what were conversations at the conference about that challenge, about an approach we need to take?
00:15:52
Speaker
I know that there are a lot of conversations, and there is a sense of urgency because everything you mentioned, the liability, the faster payments, the liability in many countries, the conversations happening in Australia and in Singapore and in the UK and the US, of course,
00:16:11
Speaker
What are some of the observations that were raised in terms of the approach that we need to take into combating this problem of online scams that, as you mentioned earlier, a few years ago, it was a small problem. Now we know it's growing because the account takeover controls became so good.
00:16:29
Speaker
Yeah, so let me think about several angles in terms of solutions around the problem. When we think about scams, you're right. It's the most devious and difficult thing to detect.
00:16:47
Speaker
because it's the genuine person doing this. They're going to pass any kind of authentication. It's not a criminal. There's no remote access. There's no bot activity. It's the real person doing this. The first types of scams that actually hit the UK in 2016 or so were impersonation scams known as authorized push payments impersonation scams. Let's just give an example.
00:17:11
Speaker
Someone got a phone call from her mobile carrier in the UK. I remember this specific case because it was the first time I actually came across a scam like this. And she was told, hey, you're late on your fees. Can you please pay? She paid 60 pounds with her debit card. Five minutes later, she gets a call from the bank.
00:17:33
Speaker
We see some strange activity. Can you explain? She says, yeah, that's my mobile carrier. No, it's not. We can see you actually paid someone, but it wasn't your mobile provider. It was someone else entirely. Did you give your debit card? Oh, so that's bad because it's tied to your bank account. Unfortunately, we'll have to give you a new bank account number. And can you please move all of your money to this new bank account number? Now, remember that in that specific case, she was told, hey, you have too much money in your current account.
00:18:02
Speaker
You have like 26,000 pounds, so that's too much. How about you move 9,000 pounds, and then we'll see that it's in your safe new bank account, and then we'll tell you to move the rest. She actually did four payments. I was at BioCatch, and you're right. From an account takeover perspective, the score was perfect. Everything was fine. It's almost like the AI looked at it and fainted dead away, something like that.
00:18:29
Speaker
No, everything is fine here. It's not fraud. Initially, I actually thought that it's like, how would you detect something like this? It is the real person doing it. Just to explain to the audience, of course, the second call was part of the same scheme of the first call that was a bank impersonation scam. And they created credibility by knowing about the first call from the fake mobile carrier.
00:18:56
Speaker
And basically she lost all of her money, not just the 60 pounds. Exactly.
00:19:03
Speaker
How do you detect something like this? But then the data science team that looked at that specific case found something interesting. What they found is that she was waiting for something to happen. Like she moved 9,000 pounds. She was told to wait for several minutes. Something was strange, something that never happened before. She was randomly moving the mouse on the screen for like five minutes.
00:19:29
Speaker
That was a very odd behavior because if you think about it, people normally interact with mobile banking, with online banking. They don't entertain themselves. It's not an entertainment system. It's an online banking system. You're supposed to do something. She was not very focused on the actual session.
00:19:46
Speaker
Maybe she was bored. Maybe she was told to wait until she gets a confirmation. So she said, OK, I want to go away. Maybe the session would close or something. I'm going to keep it live. But regardless of the specific reason, that was a weird behavior. And interestingly enough, it wasn't the only case where this was observed. There were many other scams with a similar behavior, either this or someone just moving the mouse wheel up and down for several minutes.
00:20:15
Speaker
You know, these sort of behaviors were strange, which triggered an idea. Maybe there are some micro-behaviors. So it's not something that says, oh, it's not IELTS. It's like a different person. But something about the way IELTS is doing this session is weird, right? And then once you started looking at the data, it was clear that there are some micro-behaviors that could be observed.
00:20:39
Speaker
People are more hesitant. People are under duress. People are being guided. So there are some signs for being guided as well. It's almost like you're being dictated to. So the idea was to collect all of that through machinery and create a new AI that was looking specifically at scams. And indeed, today, a lot of banks are using such models using a combination of behavioral biometrics, which is pretty effective for impersonation scams.
00:21:06
Speaker
where you're being pressed to do something right now and it affects your behavior in addition to other signals. Those other signals mainly are related to data sharing. So what do we know about the beneficiary account? Is it a new account? When was it open? Who owns that account? Is it the business? So these sort of things as well. As well as transaction monitoring. What's the size of the, how much money are you moving? Is it an international money transfer? Et cetera, et cetera.
00:21:36
Speaker
The point is that for that specific type of scam, there are good solutions. So banks, even if they're now going to be liable for that, they're not that concerned.
00:21:48
Speaker
But over the years, the expectation from banks was to start being responsible not just for impersonation, like, hey, you're the bank. You're supposed to know the customers. So if someone impersonates the bank and kind of hits your customers, please protect them. The expectation, both from consumer rights groups as well as the regulators, was protect the customer against any type of scam.
00:22:16
Speaker
you know, investment scams, romance scams, crypto scams, buying puppies online scams, et cetera, et cetera, to a point where now banks in the UK, for example, are expected to reimburse customers. And a new legislation is basically saying, you're going to be liable for all of it. And half of the fraud loss will be the receiving end, not just the bank that is originating that. Right. And in the US, by the way, starting June 30,
00:22:46
Speaker
Zelle is going to also enforce liability for the receiving bank, 100% for the receiving bank.
Preventative Measures in Banking
00:22:52
Speaker
Which is going to be interesting. Let's actually understand what's going on here, right? So you're a bank. You could be a large bank, you could be a small bank. And there's a customer called Yuri, who opened an account, I don't know, a year ago, and now starts to receive Zelle transactions.
00:23:16
Speaker
Ayelet is now sending $2,000 to Yuri. Why? There could be any number of reasons. Maybe it's rent money. Maybe it's a gift. Maybe I'm doing a fundraiser. There are so many possibilities. If I'm the receiving bank, and this is instant payment, this happens instantly, if I'm the receiving bank,
00:23:42
Speaker
I have a very narrow window of opportunity to basically make a decision here. And it doesn't have too many signals, right? Because it's not related to online banking. It's not related to these sort of things.
00:23:56
Speaker
I just received something to my bank account. I didn't have to be online to receive it. So how would the bank at this point make an intelligent decision? Let's say that they have transaction monitoring and they have data sharing. Zelle is an amazing network. It's operated by early warning systems. There are all sorts of things that can be done here.
00:24:23
Speaker
But any kind of detection model here will have a lot of false positives, you know, 99% perhaps. Right, but you could definitely, and this is again something we tried to do at RSA many years ago,
00:24:37
Speaker
and first data sharing for bad accounts. So if there are multiple complaints for an account that it's associated with scams, then you can shut down that account. The problem is by the time they realize and collect all that data, they've already lost a lot of money in their liability situation. That's the point, yeah. And you get to a point where you have one mule per fraud and then you cannot really do anything there, right?
00:25:01
Speaker
It is going to be very difficult for the receiving end to defend themselves at this point. And I think beyond that,
00:25:11
Speaker
So if you think about it, again, you have the originating bank where at least you can see something going online, right? So there might be some signals, especially if this is impersonation. Less so if it's something like a romance scam or investment scam or these sort of things. It's going to be less obvious, right? But certainly when you receive money and you're supposed to be liable for a fraud if this was fraud,
00:25:35
Speaker
That's going to be very tricky.
Challenges in Scam Investigations
00:25:37
Speaker
At Ifroad Forum, one of the suggestions was, okay, limiting things. So, for example, let's say that you're the originating bank. You can limit new transfers to a new destination. If you are the receiving bank, you can say, okay, I'm limiting the person. First time that they receive money, like $75, et cetera, or, you know, put some sort of limitation. But this has far-reaching implications. If I'm actually
00:26:04
Speaker
telling people that are using my apartment to start sending me the rent money using Zelle. They used to use checks or, I don't know, cash. And now I'm telling them, no, no, no, there's something new called Zelle. I'm accepting Zelle.
00:26:24
Speaker
If you're now limiting this, they will not be able to move the rent money. So that's going to be a problem, right, for both ends. It becomes a usability issue. It becomes also an expectation issue. Putting controls is possible, but I'm just saying that limiting customers has some consequences that we have to think about. One of the things that was suggested, or one of the things that the UK now has a new initiative to fight scams with multiple
00:26:54
Speaker
scam hunters or criminal hunters and other elements of that proposal. And one of them is the ability for a financial institution to at times slow down faster payments. In other words, if they do suspect something, not necessarily block it, but have enough time for themselves to investigate it and slow down. Is that something that came up at all? It did came up and it's an issue I'll explain.
00:27:21
Speaker
I think the main difference between fraud and scam is actually not the fact that in fraud it's a criminal inside your account and in a scam it's you doing it. It's not about the detection. Yes, detection is going to be more difficult, but actually there's something that is even more interesting.
00:27:43
Speaker
And account take over fraud is the only type of fraud where you can ask the customer to resolve the investigation for you. So that's essentially meaning that if you have an account, right, and there is something suspicious in the account, I can ask you, hey, are you now moving $5,000? Or are you using your credit card right now, you know, somewhere and paying with your credit card, you know, $5,000 transaction?
00:28:13
Speaker
And then you can say yes or no. So you basically resolve the alert for me. I don't have to hire people to do any investigation, right? Right. And Banks told us that accounting over fraud resolution takes about half an hour to two, whereas scams is much lengthier process. So maybe you can get into that a little bit. So that's the point. The point is that if the customer is resolving the case for you, you don't need a big operations thing.
00:28:43
Speaker
But the point is that the other sides of financial crime don't behave like that. Let's take AML. First time that I started to look at AML, I found it very interesting to see how many people are in the analytics team versus how many people are in the operations team. One of the top 10 banks that we started working with, they have five people in the analytics team and 700 people in the operations team.
00:29:12
Speaker
That's the ratio. Some of the biggest banks have 10,000 people in their operations. Why? It's because you have a model, and you cannot ask the customer to resolve alerts for you. So I'm not going to send you a text message saying, hey, Ayelet, are you doing terrifying thing? Reply one, right? Same with e-commerce fraud. If you're on the e-commerce side, I'm not going to send you a text message saying,
00:29:40
Speaker
Is it okay? Are we going to get the charge back here? Reply one if there's going to be a risk of charge back. No, you cannot do that. You can only do it in account takeover. In scams, it's the same. You cannot ask the person. Why can't you ask the person? Because they're always going to say yes as well as the victims and the non-victims will behave in the same way. They will always say, yeah, I'm doing this.
00:30:04
Speaker
And just to add here, the victims are also told a story. They're manipulated by the cyber criminals. So even if the bank asks them very targeted questions and even says, I suspect you're being scammed, they already got the information from the criminal to persuade them. So let's actually summarize. High amount of false positives because it is more difficult than false. That's one.
00:30:29
Speaker
Second, you have to investigate anything that is an alert because you cannot ask the customer to resolve it for you. So let's say that you slowed it down and now you move it to someone to investigate. So now there's an investigation, but you have to do it across all of your alerts. The next thing is, let's talk about that investigation. An AML investigation
00:30:52
Speaker
Some people don't actually know that. It can take three months because the idea is not to stop the transaction. The idea is to report suspicious activity in the account. Maybe it's money laundering, maybe it's their financing, human trafficking, whatever. You look at the account, you start looking at some shorty things, you report it to the government. That's money laundering. Lesson that you slowed it down. How slow did you slow it? A day maybe, an hour, it's not going to be three months, right?
00:31:21
Speaker
Someone wants to send me the rent money, right? You need to make a decision. Let's say that you slowed it down. Someone is looking at this. They will have a few hours to resolve it. So you will have to investigate everything, meaning that you need to increase your operations capacity as a fraud team, not an AML team, as a fraud team, I don't know, 20 times.
Early Intervention in Scam Lifecycle
00:31:42
Speaker
But you have to do it one hundred times faster than your colleagues in your in the same black department of of the bank which is the am l your colleagues appears in am l so you have to do it very fast and you have to investigate everything that's gonna be a problem right so i think the point is.
00:32:02
Speaker
The conversation at eFraud was interesting because people are still considering what they will do once they switch on the scan detection model. It's not that obvious, right? You can put controls, you can try to investigate, but then you have to do it very fast.
00:32:19
Speaker
Four teams are not built in a bank, right, in a bank that is typically fighting a contact over fraud and is not liable today to cover scams. There's no liability right now today in the US for covering scams. They're not equipped to do these investigations. So that's a sort of interesting conversation because they know it's coming, but
00:32:41
Speaker
it's going to be difficult to actually accomplish. So that was, I think, one of the key takeaways from that event.
00:32:52
Speaker
Wow, that's a lot of work and a lot of thought. And the more we talk, the more I'm thinking we need to be able to stop scams way earlier in what I call a scam lifecycle or some other colleagues suggested the scam kill chain. But we need to start earlier because when the payment is already processed or going through or in the process, that's really hard. And the amount of work that has to go into that is going to be significant.
Hope for Future Fraud Prevention
00:33:18
Speaker
Thank you very much for sharing that.
00:33:20
Speaker
Before we wrap up, I did want to ask you, I always ask my guests what they're hopeful about. And you write a lot of big challenges in this ecosystem. I wanted to ask you, what are you hopeful about? What do you see happening that's going to be positive?
00:33:37
Speaker
What I'm hopeful about is that we've been there before, right? When there was like the huge wave of phishing attacks, banks looked at, you know, looked at the IT department and said, Hey, IT folks, what do we do? Right? Like you guys are supposed to be very secure.
00:33:54
Speaker
The customers just give away their passwords. It seemed to be mission impossible. But then the industry coped with that. Same with the wave of Trojan attacks. Same with the initial wave of impersonation attacks in scams. The point is that at some point, the industry does come up with solutions. And it's a matter of thinking outside of the box, getting some clever people to think about solutions, and adopting those solutions pretty fast.
00:34:24
Speaker
And so the industry is able to adapt to the new situation. By the way, we haven't touched upon one thing, which is obviously generative AI and the combination of that was deep fake. Because look, whatever scams we're seeing today, whatever level of social engineering is available at the moment, that's going to be multiplied over the next few years.
00:34:49
Speaker
So it's going to be very difficult to, you know, to defend against something that grows so, you know, exponentially as social engineering in the coming years. I think the bottom line, it's going to be interesting, but I'm hopeful because, you know, we're a clever industry, you know, not just the bad guys are clever. Also, the fraud fighting industry is a consistent of, you know, people that can help.
Conclusion and Call to Action
00:35:19
Speaker
Amen. I really hope, uh, we'll, we'll do it sooner rather than later, but I absolutely agree. And, uh, our industry has seen a lot of things in the past and we're on it. Thank you so much, Yuri. And, uh, maybe in the future we can meet again and chat about what you just mentioned, deep fakes and chat GPT and generative AI and how cyber kernels will use that and drive some hope into there as well. Thank you. Thanks.
00:35:46
Speaker
I really hope you enjoyed this conversation with Yuri. If you want to keep up with trends in online scams, regulatory developments, and everything news regarding this topic, follow me on LinkedIn. I yell at bigger Levine. In addition, if you encounter a message that looks like it's suspicious, you can now validate it through a new website called scamranger.ai.
00:36:09
Speaker
click on validate a message and you'll get both an evaluation of the level of risk of that scam and guidance on what you should consider to verify this message. Let me know what you think.