Episode two of the Cat and Mouse podcast sees Jimmy Fong sit down with John Marsden to delve into how ID fraud has changed over the years and digitalization’s impact on both vendors and merchants.
John has vast experience within the antifraud space having been involved with industry-leading vendors such as Equifax and iovation where he led teams across European and APAC territories.
He now supports We Fight Fraud in their effort to provide you with unique insights into crime, enforcement, and financial crime through educational means.
How much of an impact does brand-to-consumer trust have when dealing with their sensitive information?
Brand trust is massively important. If you see how people deal with someone like PayPal, you can actually visibly see there’s a check going on and I don’t believe that’s not thought about. As a consumer, I can see some security is happening.
Out of a series of interviews I ran for an identity provider, we saw that certain individuals felt that the provision of ID established trust with that community, whether that be a bank, so they trusted over bank accounts that have gone through that process or Airbnb and an ID verified identity is found to be more valuable.
So you start to see that equation in the mindset and well I’m going through this and everyone else is going through this, so, therefore, it’s that there’s a level of trust in my mind to this organization and the network it supports. I think that is important.
Not many people in those surveys actually saw like I did that, that it was a hassle getting up from a desk and going to get my document – which perhaps is a bit of a surprise to some working in this space.
You also had everyone have a second moment of fourth before they passed over their identity details. All of them had moments of doubt and this is often where the breakdown comes.
I’m having a moment of doubt. If I know your brand and I trust your brand, I am more than likely to go ahead with the process and put it to one side. And that was evident in the interviews.
If I don’t know your brand, and I have any feeling that you may not be trustworthy, they will bailout.
One of those respondents was redirected to a third-party application that was branded as that provider’s brand.
They had no understanding of who that brand was or had any trust in that brand so they certainly were not prepared to put their own identity documents into something that they didn’t feel was safe.
We can recognize the consumer has this dialogue about trust going on in their mind. We just need to be mindful of that. I don’t think that the issue of friction is the prime issue but the issue of trust is probably the thing that’s breaking down, mostly in these relationships.
How does a criminal view fraud?
Looking at it from a criminal’s point of view, it’s as simple as where is the weakness. Yet we as vendors see this from a siloed point of view.
We think in different terms, we think about compliance. We think about ID. We think about fraud and ultimately we blend this into some professionalism.
But we’ve got to remember our criminals don’t think like that. They just look at opportunities. How can I break this?
Whilst you’re trying to concentrate on one thing, they’ve realized that the weakness is on the side.
For example, when it comes to APP, the weakness was the consumer. As a fraudster, I now can’t compromise your SMS easily. I can’t take over your bank account and transfer your money… but you can do that for me.
I’ll scare the living daylights out of you, I’ll manipulate you into thinking a certain way and you’ll press those buttons and pay me 20,000 pounds. Job done.
Even with something like a bank or government ID, you’ve got a person involved and the person becomes your point of compromise.
Why? Because the biggest threat right now is not the technology. It’s not the application. It’s not the account takeover. It’s you as a consumer, you are the weakest link.
If you look at someone like Barclays, how does Barclays make you the strongest link? I really admire their push for education with £10 million in above-the-line advertising to help consumers stop fraud. They’re not all your customers but there’s a genuine effort to educate and inform your average consumer.
What’s the risk of fraud-as-a-service?
Criminals are not like us, getting really excited about machine learning and algorithms and things like that. It’s again all about understanding the compromise and getting people onto your scheme to help exploit that.
We’ve got people who specialize in bit parts of each crime, we always have but now there’s more and more collaboration. Criminal networks and informal networks are developing more frequently on the open web.
All those people with a talent in one way or another to add to the gang like it was back in the day, that’s still going on. It’s going on in a digital way. People in Romania are hiring people in the UK to do bits that need to be physically done over here and they’re hiring them to do tactical bits.
It’s a huge economy. There are a million ways that they can be creative. And I think that’s probably one of the biggest learns from We Fight Fraud is the creativity.
That comes back to us thinking about silos, us thinking about structures, and us doing our learning. We’ve put many of our fraud fighters in a position of not being able to view things from an utterly creative angle; really it should be as simple as, what can I do holistically to compromise my own process? That’s one of the biggest learnings I’ve had since working with the team.