Stefania Bonà, Data Science Product Manager at Checkout.com, revealed her insights from the world of payments.
Following their $450 million Series C funding round, Checkout.com has solidified its position as one of the world’s most innovative and most valuable fintech unicorns.
In order to become a leading payment service provider, the importance of leveraging market knowledge data to amplify product development is vital; however, the threat from fraudsters is always present.
SEON CCO, Jimmy Fong sat down with fellow University of Edinburgh alumni Stefania Bonà (Data Science Product Manager at Checkout.com) to discuss the delicate balancing act of juggling security, friction, and usability every day.
Inside the Mind of a Cybercriminal
With a Master of Science in Cybercrime and International Law as well as experience at one of the world’s leading retailers, Stefania possesses an understanding of risk that fraudsters should be scared of!
“I did not realize that what I started already at university could have been used in real life with real applications. I learned this job at one of the most famous online retailers these days. Starting exactly as an operational analyst and then working my way up into owning my own program around gift vouchers and setting up fraud for detection programs across multiple business lines in Europe. I was seeing risk from every side – from the buyer’s side, the merchant, if you’re selling online and then also money laundering, KYC.”
The combination of cybercrime academia and career progression in risk has made Stefania become incredibly well versed in the world of fraud.
“One thing that I really made mine after the master’s degree was the mentality of ‘thinking thief.’ You always have to think ahead. So what are cybercriminals going to do next? Are our systems good enough? Are our policies good enough to stop crime and fraud, and you always have to think a step ahead.”
Fraud is a Constant Conflict
Now working on the product management side of things, Stefania credits her background to be instrumental in any decision-making.
However, Stefania’s dissertation topic immediately presents the analytical mind necessary to understand the manipulative mind of a fraudster.
“Since the course was completely new, some criminology theories were trying to be applied in the cyber world. One of the theories was what’s called situational crime prevention. I argued in my dissertation that you can put bigger locks and bigger hurdles, but the cybercriminal is not going to give up. They will always try to find a way around that obstacle, to cheat and to have and to gain an advantage.”
Thus came the idea of ‘thinking thief’, a concept that Stefania keeps in mind every single day…
“We don't want fraudsters to go around our hurdles and that's also what keeps me up on my toes, why we have to deploy models on a very regular basis, because fraud is always changing. You need to be a step ahead to stop that.” Click To Tweet
“I think that’s where it comes to the mentality of, okay, let’s think thief and let’s make sure that we plan ahead.”
Every department of a business has its own goals but two collective goals that every company will have are to ensure that no fraudsters manage to abuse your company’s products and to continue generating revenue but at what cost?
“As I grew within my career you understand that, you don’t want rules or models that are very restrictive, that then you’re not going to have conversion and you’re not going to make money on. You don’t want to put too much friction to discourage your customers. It’s always, what’s the balance and how we can use data to make sure that we have a very low touch, frictionless experience. But at the same time, we don’t encourage fraud. Of course, I don’t have the magic wand, but it’s always like, okay, let’s try to find that balance so we can at least try to make everyone happy.”
FaaS – Fraud as a Service?
With the pandemic giving people more time than ever, Stefania raised an interesting point that fraudsters are now offering people to hire them for their skills.
“You find people committing crime because cybercrime has become a service. So if you want to, for example, carry out a denial service attack, and would like to try all that out, there’s someone online that sells you that as a service. Definitely cybercrime is hardly enforced and then it has also become a service.”
Yet despite the increase in activity over the past year, Stefania did point out that many techniques have not developed so the fight continues.
“Frauds have not become more complicated or more complex, but there’s definitely a tonne more, which means it’s good news because if the fraudster is not at the top end of their capabilities – it’s going to still be fairly easy to catch but just the amount of fraud, it’s definitely increased. Though you see people that you wouldn’t expect committing cybercrime because they decided to become software as a service pretty much.”
Key Takeaways – Understand the Fraudster, Understand the Game
We named the podcast after the renowned colloquial ‘Cat and Mouse’ because risk management is a constant power struggle shifting between the criminal and the fraud fighter.
The importance of understanding the motives for those against you, learning whenever they do succeed and communicating with all key stakeholders is the only way we keep the advantage on our side.
As fraudsters become more sophisticated and tailored with their offerings, we fraud fighters have to keep on our toes to ensure consumer protection and encourage collaboration at every opportunity.
Learn more about our products
Jimmy is the CCO of SEON and brings his in-depth experience of fraud-fighting to assist fraud teams everywhere.