Fraud Technology Podcast
Join us on the Fraud Technology Podcast as we delve into the rapidly escalating world of fraud, where the stakes are high and the pace is relentless. In an era where financial institutions find themselves in a perpetual game of catch-up with ingenious fraudsters, we stand firm in the belief that united efforts are the key to victory. Our mission is simple yet bold: to foster a collaborative community that stands up against fraud's onslaught. Tune in as we engage with the sharpest minds in the field, seeking insights, strategies, and stories from the very best in the business. Together, we unveil the strategies, innovations, and resilience that pave the way to effective fraud prevention. Welcome to the Fraud Technology Podcast, where we forge a powerful alliance against the forces of fraud.
Fraud Technology Podcast
Episode 2: Avoid chasing the next shiny fraud technology
In this podcast episode, George Rhodes warns against blindly following the latest tech trends, especially when it comes to fraud prevention. He notes that some organizations fall into the trap of chasing after the newest, shiniest system, often featuring buzzwords like artificial intelligence or machine learning, hoping it will be a one-size-fits-all solution to their fraud prevention needs. However, he advises that in reality, these systems often require substantial customization and adjustments to align with an organization's unique processes and risk tolerance. In essence, it's crucial not to let the system dictate your approach; instead, ensure it fits seamlessly into your established processes and risk strategy.
Thanks to George Rhodes from Perenna (www.perenna.com) for the insights.
In conversation with Ravi Madavaram from Regulo (www.regulo.ai)
Hello, listeners. Welcome back. This is Ravi from technology fraud podcast and joining with me, we have George Rhodes from Newcastle, England. And please welcome me in welcoming George here. he comes with a lot of experience, a lot of varied experience as well. I'm fascinated. I'm looking forward to listening to about his So George, welcome. And looking forward to hearing from you. Would it be great if you can talk a little bit about your journey of how you have
George Rhodes:Yeah, sure thing. Thanks for having me on Ravi, really appreciate it. So my name is George Rose and I'm currently working as a fraud and financial crime manager here at Perenna, up in Newcastle. I suppose I've been lucky to have worked in a number of different roles and organizations over what's been a relatively short career, I think, in fraud and financial crime prevention. A lot of it has been really quite operationally focused. Where I've worked within teams of four professionals, as well as managing teams as well, all the way through to more client facing, I suppose, consultancy type roles, where I've been able to peer into financial crime workings of a number of other UK firms, which has been really useful to help us get that breadth and understanding of how other teams work. All of that is, really what's brought us to where here I am now at Parana, where we're looking to launch our unique mortgage products by the end of the year. And my responsibilities within that to assist build of the financial crime function here and take it all the way through to our launch
Track 1:little
George Rhodes:will be with the
Track 1:a deeper about your journey itself. So I remember, you started as a recruitment consultant and
George Rhodes:Yeah.
Track 1:I see uh these are really you went into a vendor, which is TransUnion, then eventually you are here, right? So, different kind So I want to understand, how, these things have helped you and how did you end up in the, in crime space? I mean, you studied criminology, was this something that you are looking towards?
George Rhodes:yes. Yeah. So I guess the motivation behind studying criminology was, in truth partly because I got to the end of sixth form at school and thought I need to do something. So I thought, let's go to uni. Criminology seemed like an interesting one, but I've always had an interest in law enforcement and crime prevention. Originally the ambition was to do something within the police. But after learning more about. different typologies and different theories around financial crime. It was something just really piqued my interest. Falling into recruitment was an interesting one. It was, again, one of those things where it got to the end of university. There wasn't any jobs available, within Newcastle To start in financial crime. So I picked up a role with a very good recruitment company, I must say, which I guess was my first foot in the door of the working world. and it taught us everything around, hunter mentality, work ethic. And it meant that by the time that I was able to, put myself forward for a financial crime role, I'd had that work life experience, to be able to put forward, coupled that with my degree in education and my interest in the space. And I'll. Thankfully landed myself a role at Bone But I can appreciate reading my profile. It's probably a bit all over the place with different roles. So Newcastle
Track 1:caught my attention it of fraud And you talked about law enforcement and police itself, right? So was the uni itself is where you learned about typologies
George Rhodes:that's right. It was more about, I suppose the, the theoretical side, which I think a lot of people tend not to consider when it comes to crime prevention, because I think they think of like the. The cop shows on TV where they see people getting nicked and all that. Whereas for me, it's more about the strategies go behind that and the work that goes in prior to all the stuff that actually you would see on a TV show. that
Track 1:So you also
George Rhodes:all
Track 1:just going to launch your unique, mortgage product. So I wanted to understand how in such a early stage, right? You don't even have any data coming from, the market. So how do you go about, preparing yourself,from a fraud prevention standpoint itself? So how do you prepare for this?
George Rhodes:Yeah. So I guess the plan for fraud prevention for us is really centered around three key pillars. So those are people, processes and systems. With Perennis specifically, we're wanting to be a digital first bank. So we want to, Remove the manual and paper heavy processes that are so common here in the UK when it comes to doing a mortgage application And really make it as seamless for the customer as possible So from a system perspective naturally, we're going to need some pretty sophisticated tech And we've got some great people in place to be able to deliver those systems however, I think the people and processes pillars are probably equally if not more important than the systems because ultimately If you've got substandard people or substandard processes, that's going to make your systems fall over regardless of how effective they are. So from a people perspective, we really want to make sure that as we build out the team, we're getting the right level of experience and expertise through. And then from a process perspective, making sure that. We've got all our procedures documented. They're all clear. So that when somebody comes through the door, they fully understand what our task is and what the processes are. And then that, that then means that we're leading the system. The system isn't leading us, which I think is also quite important to note.
Track 1:rather than you leading the system. So what do you mean by that?
George Rhodes:So I think having worked as in a vendor organization before, I think that there's. potentially the tendency for people to be led by the next shiny thing that's on the market where they'll see a brand new system come out which uses artificial intelligence or machine learning as buzzwords and they think if they take that out of the box it's going to solve all their problems from a fraud prevention perspective in reality there's probably quite a lot of configuration and tweaking that's needed so that's what I mean by not being led by the system you need to make sure that system aligns with your processes and your risk appetite not the other way around
Track 1:You talked about having processes that are efficient, in that sense, right? can I understand a little bit about what do you mean by that? What does it mean to fraud itself? When you efficiency from a process point of view?
George Rhodes:so I think historically Some fraud prevention teams could also probably be classed as processing teams, because, as an industry, we're guilty of settling for a lot of false positives without really much benefit. So you're recruiting people with, 5, 10 plus years experience into a fraud prevention role, but then just making them clear what is essentially useless alerts or useless referrals that come through into a work queue. And that has two issues. I think the first is that for. that the analyst or the investigator working in that role, that doesn't motivate them. I worked in teams where we've been absolutely hampered by, false positives and it can cause a bit of dissatisfaction and then cause them to go move elsewhere. But also I think from a resource perspective, you're recruiting them in, you're paying them, fairly large salaries these days. But you're not getting the best out of them, and it can really prevent you from seeing the wood from the trees, because if all you're doing is working false positives, by the time something genuine comes up that you need to look at, you're that zoned out and thinking, Oh, this is just going to be another false positive that you could actually miss something. So that's what I mean by efficient. It's about getting the most out of the people that you have place and sure that your procedures don't have any unnecessary wasted time within
Track 1:to
George Rhodes:in making them
Track 1:understand, Okay. So one is, I've seen a lot of industry experts talking about false positives. It's a very well understood problem. Now, what I also have heard is that false positives is a problem that is here to stay. And the way you were talking about is That's actually a waste of time. And I'm trying to understand here from a scale point of view. Let's say there are 80% false positives and you're like what does efficiency mean? Efficiency means 0% false positives or does it like 50% false positives? What are you talking about when you're talking about efficiency? And let's say these are we, the false positives itself.
George Rhodes:I think it's probably less about a percentage game and it's more about making sure that your analysts are engaged and that they know that when, say, an alert comes through into a work queue, they know that it's something that they're actually going to need to pay some attention to. I've seen a lot of solutions on the market recently that use things like artificial intelligence and generative AI to almost have be like an assistant on the shoulder of the analyst to be able to. Tell them, or maybe work through some of the false positives, leaving them the ones which are actually, the juicier cases, if you like, that they'll need their attention to. So yeah, I guess it's less about percentage of false positive because naturally every business is going to want to say, I want zero false positives. In reality, if you had zero false positives, you'd probably be worried about what you were missing. So I think there will always have to be that tolerance within that, but it's just making sure that it's weighted the right way. Towards the matches that all the alerts that need your focus. it's really
Track 1:Now we talked about not just false positives, right? Talking about inefficiency here. And, inefficiency and how it impacts fraud analyst, motivation or even ability effectiveness itself, right? Sometimes you can't really differentiate. And I've also seen, I have been living in for the last 44 years. So the regulator also talked a little bit about this, that when you have similar looking. Alerts and one is a false positive. A lot of them are false positives and one is not. It's very hard for an analyst to look at. And you said, to have, the analyst know what to do in such situations, right? What do you mean by that? How do you go about doing it?
George Rhodes:I think it's really a point of training. So I think you need to make sure that, even if you do work in an organization where there are. loads of false positives that you'd see on a daily basis. I think it's important to have your staff trained to a point that in the event that there is something they need to look at, it clicks in their head and they know exactly what to do. I think that's where your procedures come in. That's where your training comes in. That's where your quality checks come in as well. You could also bolster that with some external training, or you can bring across external consultants from other organizations where. Maybe they've got a different environment that allows them to re engage with the mission for financial crime prevention, and exercise and really channel back to the importance of what it is that they're doing in those tasks.
Track 1:how did you go about, build the fraud stack? I know you've worked in a lot of companies, where you've been responsible for fraud, right? So for a company like Perana and where you're launching a new product, right? What were you looking for in the technology itself? Because you don't have, test data to be able to say, this is better than that. So what were you looking, what was your decision? parameters like when deciding something,
George Rhodes:Yeah. So for us being a relatively small organization in what we would call the build phase, obviously we want to scale to be much bigger eventually, but. Where we're at currently, obviously resources finite, we don't have massive tech teams like the other banks do to be able to keep track of where all these APIs and connectivity points are sitting. So with us, we just wanted a solution that would really give us everything that we needed to the ability to plug into multiple other suppliers where needed all via one single access API integration point. So for us, it was more the simplicity and ease of integration that was important. Obviously, we needed to make sure that the outputs of that system and that platform were sufficient for what we needed. But by going through robust testing processes, consulting with peers across the industry as well, I think sharing insights and experience that other people have had with the same platform was also important to get that broad exposure to them. But yeah, it was just a case of making sure that we could tweak it to how we wanted to. And the aim is we can eventually expand our footprint with that platform, or we can maybe introduce new ones within but it's really about ease of integration at the moment. So I guess that's the short term need that we're looking to fulfill. it the
Track 1:transaction monitoring and now fraud I'm assuming that Perana also you have the fraud anti money laundering as well.
George Rhodes:Yeah, it's an interesting one that when I look at my job title and says fraud and financial crime, because I think for me, I think if somebody is a fraud analyst, they shouldn't just be focused on fraud. there's the wider, more holistic picture there to look at where if you're just looking at things from a fraud lens, you could totally miss it from a money laundering perspective. So I think, Big banks often create silos within their teams where they'll have a fraud team and an AML team and a KYC team. And it can seem quite disjointed to an extent. So what I want to build here at Perenna is a team where it's a financial crime team. It's not a fraud team. It's not an AML team. It's a broad financial crime team. And that means that we've got a cohesive approach to financial crime not just for prevention or anti money laundering prevention
Track 1:I believe that, anti money and or money laundering and fraud essentially are merging. to understand a lot these practices need to be looked more holistically and that's essentially what you're So one thing that I do want here is when you look at money laundering, and fraud, they're merging and probably the problem statements or the approaches that people take to solve these problems are also similar. But. The kind of support that is available for money laundering from a regulator from FATF globally and a lot of global organizations and sanctioned bodies and things like that. So you have a lot of support there. But for fraud, there is very minimal. And how do you see this? going and my view is it has to merge somewhere unfair to look at fraud in a silo compared to money laundering basically.
George Rhodes:Yeah, no, I see your point. It's similar, but also dissimilar. I guess here in the UK, we've got, fraud tends not to be a regulated subject. I think that the regulator here is starting to put more of a focus on it and making sure that, Especially newer firms and challenger banks like us have appropriate fraud controls in place. We quite heavily rely on consortia data here in the UK. So what I mean by consortia data is intelligence sharing platforms where if we find a fraud in one of our applications, we can ping that into the network. And then if they apply with another bank that hits an alert in it, it would contribute into the wider industry effort there. So, there is. Certainly a lot more attention being put on it now from a government perspective as well. Again, some of my peers across the UK will know that the government released the fraud strategy a few months back, which is aimed to try and reduce what is seemingly a bit of a pandemic when it comes to fraud, where fraud now represents, I think the latest statistic was over 40% of all crime reported, which is huge. And I understand that we're not an outlier. I think that's across the globe, really. but I do think from a, from an intelligent sharing perspective, there are the mechanisms there. It's just making those more widely available to everybody as opposed to a select few.
Track 1:and new banks are, do have fraud controls or not. So does this mean there is a higher fraud risk or a fraud incidence for new banks, which are the larger banks?
George Rhodes:I think because the larger banks will still have more traditional banking processes is the stereotype that's out there. I think that the conception is that as a digital bank, there's, you're not doing any sort of verification on the customer, so anybody can have an account with you, which clearly isn't the case, there's. Technology has moved on substantially over the last few years where, there's biometric verification, there's device checks, there's email and mobile checks, I think you can verify a person's identity at 10 different data points now, as opposed to 15 years ago, you would have to walk into a branch and provide a passport and a driving license. I think fraud's definitely on the radar for a lot of companies within the UK. as I mentioned, fraud rates are sky high at the minute. Fraud losses in particular. All time high as a result of the fact that fraudsters just seem to be continually evolving their methodologies to a point where banks are really struggling to keep up. and whilst banks are doing as much as they can, I think there's also reliance on other companies, within, the social media sphere, the government, this fraud strategy is great, but we need much more from it as well in order to be able to have a more collaborative. Effort for fighting financial crime because look, the fraudsters, they're playing by different rules. They don't have to stick to regulatory red tape around data sharing or, different jurisdictions. They can work together however they want. It's us who have got to try and fight it the right way. Sometimes almost with our hands tied behind our backs.
Track 1:most typologies that are coming out. What are the common type of frauds? That you see, and, what are some examples that you can talk about type the types of
George Rhodes:So I think rather than looking at the most common, I think it's important to look at a fraud holistically first because I think scams in the UK tends to get the most headlines these days. And I think the reason is that the impact that has on the victim from not only a financial perspective, but also a psychological one as well. And the business as well, obviously in terms of fraud and trying to recuperate those where they can. I think That tends to mean that other, I suppose what you'd call more traditional fraud types, like impersonation fraud, false documents, they tend to get the backseat because scams is the new thing that's everywhere. Whereas realistically, impersonation fraud and false documents, if you take those two examples, are still as rife as ever. I guess the only difference between now and 10 and 15 years ago is, it's probably easier to impersonate somebody given... The more banks are operating in digital environments or, a fake document, you can create one in about 10 minutes online now for free. So I think it's important to consider the typologies overall. Obviously, us at Perenna, we're concerned with impersonation, fraud, false documents, less so scams because it doesn't really impact our products. Not directly that is obviously we've got considerations for our customers who might become scammed. But yeah, I think fraud typologies as a whole is something that's continuously evolving where the more traditional ones grow arms and legs and become something else completely different.
Track 1:scams right Singapore, for example, has a, central identity that is supported using biometrics, right? And I think it is far ahead of a lot of countries. And is there any other mechanisms that can help? You talked about collaboration between different parties, right? Is there any other ways that there can be help to combat this fraud itself? Because we are like fighting, as you said, with hands behind our back, right? So are there ways that can help us?
George Rhodes:think education is something I'm a big advocate of, and I think education traditionally within fraud prevention has been these sort of generic campaigns that bank would release that go out to every single customer. And realistically, I can't imagine a large percentage actually look at it. I think having more tailored education strategies and using tools to help tailor those education strategies as well. So things like, I've worked with a couple of banks previously where they've used predictive analytical models to predict which segment of their customer population is most susceptible to scams and then provide and targeted education towards them. And they found that the actual. take up rate of that education was much, much greater. So I think more work needs to be done around that because that's typically only done currently for, the elderly generation or people who are more vulnerable, whereas really that's leaving quite a big group of people as a result, who. People who are affluent and who live in really nice houses, they're just as susceptible to scams as well. So I think it's important to try and make it as tailored to each individual as possible, which is a mammoth task, but it's, it's something that we need work out. consumer We want to make a nation of happy homeowners. We've got no target population. We want to make sure that we reform the UK mortgage market as much as possible. So we're going all the way through from, young people who are first time buyers all the way through to lending in retirement, which will, all these products will come as part of our evolution as a business.
Track 1:of the lending that you're doing is actually at a much higher ticket size. So you can actually afford to do more due diligence, customer compared to a company, which is doing like a half 500 can I understand what would be the differences? Because in such a high ticket Your decisioning doesn't need to be real time. So how would it differ vis a vis where you have a high volume, kind of product vis a high ticket size product that let's say like you have, what would be the differences structure?
George Rhodes:So I suppose where, providers who offer payment based accounts, they need to be doing quite a lot of scrutiny throughout the entire customer life cycle. I think I was a weighted probably more towards the application phase where, like you say, it's quite high ticket sizes, we're offering hundreds of thousands to these people over a very long period. So once we're in a business relationship with them, it's very difficult to get out of it. If we find any fraudulent activity or suspect activity. So really for us, it's making sure that all the information they give us throughout the application stage, we verify as much of it as possible. So that goes beyond their name, address, and date of birth, which everybody does. We also want to make sure that the income information that they're telling us that they're using to pay their mortgage is actually valid. We want to make sure that the thing, even things like the email and mobile details that they provided with us, given that we're a digital bank, we'll be using those details quite a lot to contact them. We want to make sure that they actually belong to them and that they're free from fraud risk as well. So it's really making sure that. Everything that they give us, we can attest that. Yeah, this actually belongs to this person. We're happy to enter into a business relationship with them.
Track 1:That would Okay. You're still in the early stages, so you don't have a plan to go to other countries as well, right? be additional, risks that you're gonna. expose yourself, as well. And I want to understand a little bit about, how you talked about teams and how it is important to keep them, satisfied. And you talked about how different teams can be merged together. So can I understand how you are structuring your own people and teams itself? How would go about? Because I would assume that people coming in, let's say they have been analysts before and then come in to be a fraud analyst because They are, let's say they are certified in a particular, and you have ACAM certification, right? In itself is actually a harder thing to achieve as well. So I wanted to understand how are you achieving that you were saying, let's have a blended responsibility, if I understood correctly.
George Rhodes:Yeah, no, absolutely. I think whenever I get asked that question, I always look back to how I like to be treated when I was an analyst and I had a really good manager when I worked at, my first organization, and I think it's really about continually. Developing your own skillset. I think as soon as you get to a certain point within a career, you think, I'm just gonna have to go do something else now, cause there's nothing else to learn. So I think so long as you're continuously learning and whether that be through things like a cams, ICA within the UK here, making sure that you, if you want to broaden your horizons and look outside your own product set, so maybe you look after savings accounts, but you want to then go and see what mortgages is like, or you want to go see what current accounts is like, I think broadening your horizons so that. When the time comes that you do need to leave, you do need to go to another organization, you've got the skills there to be able to do it, but then it also, it reflects well in the organization because ultimately people who you can develop from within will tend to pay back with loyalty and good work as
Track 1:mean
George Rhodes:will well as a
Track 1:I not everyone fits into the mold, I'm guessing you have a particular style that you want to achieve here, right? So what's the type of attitude that you think should be in a fraud analyst? What would them to success if a fraud analyst had such, characteristics?
George Rhodes:the word that springs to mind would be inquisitive. I think you've always got to be asking questions in this sort of role. I think the day you stop asking questions is the day you should go look and do something else. Because, going back to that point around false positives, you might end up coming across something which requires further investigation. And unless you ask the right questions around that customer or that sort of activity, you might miss it. Similarly with if you're being asked to do something by another department, it's always about making sure you ask the right questions to understand the reasons why. So it goes beyond fraud in a way, but, making sure that you can ask the right questions to understand the processes and make sure that fulfill what's being asked you properly. Yeah, I think inquisitive is the word I'd go for.
Track 1:And
George Rhodes:of
Track 1:multiple things. Where do you think, because I've seen fraud teams fitting in different places. And ML teams fitting in typically under the compliance team, but fraud sometimes can be in very different places. Right? So where do you think fraud is best placed? And I'm assuming because the way your role structured as well. I don't know whether it's actually falling under compliance or how is it structured and what do you think is the best practice there?
George Rhodes:So I guess technically I report to an operations function, but I suppose to answer your question about where fraud should sit and where I'm trying to embed within Perenna is fraud really sits at the center of everything to do with the business. I quite thinking of it is almost like a bike wheel where right in the middle you've got fraud and then all the spokes that are coming out of that go out to the different departments around the organization where, we're all responsible for fraud prevention at Perenna. But the fraud and financial crime team, they're the ones who have ultimate responsibility over making sure that the processes and controls that we have in place are working properly. And we've got all these other departments with their own awareness of their own processes what looks right and what looked at what doesn't look right. Feeding into that central hub. Yes.
Track 1:you HubSpark and the spokes are, different business units, it's okay. Okay. in the basically looking at a fraud and, compliance risk based decision making, company, so where does, let's say a credit risk kind of a thing would fit because at the end of the day, I know you in as part of KYC, there's a check around. income, right? Which kind of has a implication to risk as well. So where would a credit risk fit in this ecosystem?
George Rhodes:Yeah. Very closely. be a lot of overlap between myself and our credit risk teams as well. And, the people who have been in place to build up within parental currently have done a smashing job of it. But, there's a lot of work to be done around making sure that the income that we're verifying for the customers is actually legitimate. And it's not just picking a number out of thin air in order to get a really big mortgage. So I think like credit risk, like other departments, like collection servicing, there's going to be a crossover into multiple different departments for fraud and financial crime. And I guess that's why that sort of analogy of the bike wheel is I tend to use more often than not because it rings true in a number of cases.
Track 1:And I question, as well, right? as in the current role or as a leader in the fraud it's What is the thing that you feel is lacking, or what is the thing that you feel like, ah, this should be done, but it's not happening. What is that frustration that you have, that you think should be done, but has not happened?
George Rhodes:So I think that the biggest frustration for me, and I'm sure a lot of colleagues would share this would be, data sharing, and I think back to the point I mentioned previously, where we are sometimes held back by. Quite a lot of red tape that makes share with other banks quite difficult. And as I said before, fraudsters aren't playing by, GDPR, or they're not asking for consent from their victims to share their data with other people. It's just, they just don't do it. Whereas obviously for us, if we need to go out and speak to another bank, we have to have the right memberships. We sometimes need to get consent from the customer. So I think. While data sharing and the principles of GDPR and everything like that, they're absolutely right and they're right for the consumer. I think there does need to be a bit more leniency for instances where we do just need to go and ask a question to another bank because ultimately that'll help us inform our decision
Track 1:mean this
George Rhodes:conversely help us reduce fraud. Yeah, exactly. Yeah,
Track 1:as well to this, the frustrating for me see that, every company kind of reinvents wheel for themselves. And, it feels, and definitely I can share that, frustration and anything else that you want to share, judge, before we close this conversation.
George Rhodes:It's been a really good conversation. I think I'm always keen to get involved in discussions like this and I'm looking forward to seeing the other episodes for the other people you've had on as well, because whilst understand that they think they're from the US or different countries, it's regardless. I think
Track 1:Thank
George Rhodes:the same fight. Yeah, it'd be to hear more about the guests you have on the podcast.
Track 1:you. Thank joining.
George Rhodes:good
Track 1:share, the links with you. Thank you so much. Have a nice day.
George Rhodes:Nice one. Thanks, Ravi.
Track 1:Thank Bye.