Neobanks can lean on data and rich client information to protect themselves from fraud attacks.
Almost all neobank activity is accomplished through mobile devices, which makes digital institutions targets for fraudsters, Matt DeLauro, chief revenue officer at fraud prevention and anti-money laundering platform Seon, tells Bank Automation News on this episode of “The Buzz” podcast.
However, neobanks can work proactively when it comes to fraud prevention if they collect the proper client data.
“Gathering the richest amount of information on users and meeting them where they’re at in the customer journey is probably the most important thing to do,” DeLauro said. “If you don’t have the data to be able to take action, then you’re not going to be able to react [to fraud attacks].”
For example, neobanks can check the IP range of devices, monitor cookie hashes and device hashes that are available through Android and Apple and make sure that they have the correct email addresses for clients, DeLauro said.
Listen as Seon’s DeLauro discusses how neobanks can prepare their operations to proactively fight fraud.
The following is a transcript generated by AI technology that has been lightly edited but still contains errors.
Whitney McDonald 0:01
Hello and welcome to The Buzz a bank automation news podcast. My name is Whitney McDonald and I’m the editor of bank automation News. Today is October 26 2023. Joining me is Chief Revenue Officer of fraud fighting FinTech Seon Matt DeLauro. He’s here to discuss how Neo banks can fortify their operations to combat fraud. Thanks for joining us.
Matt DeLauro 0:22
My name is Matt DeLauro. I’m the Chief Revenue Officer at cion. I’ve spent about the last 18 years of my career, both building as an engineer but also delivering and selling solutions from a software vendor perspective into retail and fintech and InsurTech. And at cion, where we get the mission of transforming how fraud and risk teams manage their customer journey, right? We provide fraud prevention and anti money laundering and counterterrorism financing platform for businesses that are really is focused on detecting and preventing potential threats before they happen. Rather than investigating and doing the sort of autopsy after it’s already taken place. The big shift in the industry has been towards API for solutions, which is the sort of solution that we’re anchored in so that these things can happen in a frictionless way for customers, when they onboard. And, you know, creating the kind of digital profiling and unique social footprints that are available when we look at onboarding customers through that experience. So that fraud teams can efficiently scale without having to rely on black box machine solutions that are known for things like false positives and bad correlations.
Whitney McDonald 1:33
Great. Well, thank you, again, for being here. Before we get into all the fraud talk and how CNN works, I’d like if we could first set the scene here with neobank adoption, we’re going to be talking about digital banks and Neo banks and how as the adoption grows, the fraud concern grows as well. But may we kind of talk first through what you’re seeing as neobank adoption grows?
Matt DeLauro 1:57
Sure. Yeah. I mean, it’s very strong in the European market. It’s a much more diverse ecosystem, just like it is with, you know, traditional banks, the US and the EU look a little bit different. So there’s more players and more diversity within the marketplace and EMEA. But there’s far more adoption in the aggregate in terms of the number of users in the US by far. So it’s sort of the tale of two stories related to neobank adoption is there’s fewer players with much larger sort of customer pools in the United States and abroad. There’s a lot more selection and a lot more focus, but not nearly the installed base of neobank users.
Whitney McDonald 2:37
Now, maybe we could talk through what you’re seeing, from the Seon perspective, when it comes to fraud. What are some of those examples? What are some common types of fraud that you’re seeing that neobanks need to be monitoring for watching for and fighting against?
Matt DeLauro 2:53
Sure, a lot of a lot of the neobanks, you know, worked very closely with either brokerages or Kryptos, or exchanges, particularly across the pond. And we’re seeing sort of a Back to the Future moment, which is like one of the one of the worst things that’s happening. And so the most prevalent is a lot of confidence scams, we’re seeing a lot of people that are you know, getting access to phone numbers and calling up users and instructing them on how to use the app, that sort of real time ability to transfer funds very quickly, anywhere, anytime, has sort of brought to the forefront this confidence, scam fraud, where people are calling up users and convincing them to make certain investments or to make deposits, or representing the bank themselves. And, you know, trying to do credential stuffing. And so a lot of that just happens so much more quickly. Now when I can talk to you on the phone and give you instructions on what to do while you’re typing in the app at the same time. So like that vector of attack is just something that fraudsters have gravitated towards with neobanks.
Whitney McDonald 3:53
Now, when it comes to prepping your operations, let’s talk through the bank side of things. What can what can you be doing to prep for this prep your systems prep your operations to combat these fraudsters?
Matt DeLauro 4:08
I think the gathering the richest amount of information on users and meeting them where they’re at in the customer journey is probably the most important thing to do. You know, historically, we would probably look at things like you know, in, you know, an email address when we’re onboarding and see if it’s deliverable. And the attacks are a lot more sophisticated today. And so, you know, we need to make sure that that email address is deliverable will maybe check the IP range also look at things like device information. That’s the real big paradigm shift is that in neobank, in almost all the activity is done on mobile. So like, if you’re not collecting very rich device information, Cookie hashes, device houses, all these kinds of things that are available on Android and iOS, then you probably don’t have the data points and the variables you need to be able to identify these fraud patterns and shut them off vulnerabilities will be found, right? But it’s really important to be able to react If you don’t have the data to be able to take action, then you’re not going to be able to react.
Whitney McDonald 5:05
Now, speaking of that data, the technology component, having those pieces in place to be monitoring what you need to be monitoring, maybe we can talk through the technology of see where that comes in, what your clients are looking to you for?
Matt DeLauro 5:22
Sure, I think it starts right away where most of the places we touch customers is when we onboard them. So if a neobank is onboarding a customer, we’re number one, trying to make the determination whether that’s a legitimate human being, right, and in many cases, Neo banks are not doing things like ID verification, so they need much more subtle cues that are far less expensive. The customer lifetime value associated with a user of a neobank is far less than a traditional bank, right? They don’t have all the loan products and the car financing and all these things to get to them. So most neobanks have trouble justifying doing like a hard ID verification check for everybody that comes on board the platform. So they have to look at like more subtle cues to be able to validate identity. So really starts right up front with the customer onboarding.
Whitney McDonald 6:06
Now, when it comes to what your clients are asking for, maybe you could give us an example or to some of your clients that do this, well work with you well, and and some of the successes that they’ve had with having some of this fraud monitoring in place, where it stood before, what they’re looking at now with having some of this technology in their back pocket to monitor fraud.
Matt DeLauro 6:33
Yeah, I mean, the people that are the best at that we work with some of the names you’d recognize, like revolute, or new bank, they number one, they have very good data science teams, right. And their data science teams aren’t just looking for like upsell opportunities and transactional like value out of the customer. But there they have components of their data science model that are focused on fraud and risk, right, and where they use us as they feed us into their model. And so we’re one of the layers that they use, with respect to doing login monitoring and event monitoring and transaction monitoring, and, you know, customer onboarding. And they’re looking to us for things that are very hard to get, you know, we provide a social relevancy score that’s associated with onboarding a new customer. So if you see an email address, we can tell you the longevity of it, we can tell you, you know, leading social media profiles where there may be an account associated with that email address, which is something that’s very difficult for a fraudster to replicate.
Whitney McDonald 7:30
Now, with using Seon, I know that you mentioned being API based, maybe you can give us a little bit of insight as to how long it would take to be up and running. What does that entail? How do your clients actually leverage this technology? And how quickly could you be up and running fighting fraud?
Matt DeLauro 7:48
Yeah, you know, with neobanks, it’s relatively straightforward. I think the fight with you know, traditional banks has always been access to the resources were times fraud and risk lives within the product and engineering like in the r&d team at a neobank. So, you know, there are oftentimes resources available. So we like to say we can move as fast as they can. But when you’re when you’re doing like very simple REST API calls and accepting like decisioning, from Seon, we find customers go live in as little as a week and incorporate us into their model or decisioning. So that’s just the value of being API. First is the integration is simple. It’s using standard protocols. Any web developer at any bank can sort of pick up see on and play around with it. We even offer a free trial of our application. And oftentimes, we get customers that implement it without us even being aware of it, and then come to us to cement a contract.
Whitney McDonald 8:40
Okay, great. Thank you. Now, being in in the fraud fight in the fraud game, of course, this year, we’ve seen technology evolve, vastly use of AI, fraud seems to be one of those major components, one of those major use cases where AI is fitting in, maybe you can kind of talk us through how the evolution of fraud fighting has progressed. And then we can kind of get into a more future look, but maybe first, you could just kind of set the scene of what you’ve seen, even in the past year, but maybe even beyond that, how fraudsters have evolved, but also how the Tech has evolved.
Matt DeLauro 9:16
Yeah, I think it’s with so much of our information being available on the internet. You know, we used to rely on things like network data to fight fraud, like, Oh, this is a fraudulent user. I’ve seen them some other place. And the relevancy of that network data is vastly like rapidly approaching zero, right? These are sophisticated attacks, mostly scripted, a lot of them are velocity based. So they’ll identify a security hole, either at a traditional bank or at a neobank. And then they’ll develop an attack that can take advantage of that, you know, 100 times 1000 times 5000 times within 30 seconds. And so having an understanding of the sort of velocity basis of an attack, sometimes using you know credential rules that are legitimate, you know, you can develop a lot of synthetic identities and have those consumed by a bot, and really take advantage of a financial institution for very serious losses within a very rapid amount of time. So this, this concept of being able to catch fraud later on, or identify it later is like, really, you need to be preventing fraud, not identifying it. And that’s, that’s really the trend is, you know, can you get assurance in a Manila, you know, sub second, you know, 500 millisecond or so response time when you’re about to proceed with a transaction for a customer?
Whitney McDonald 10:31
Yeah, absolutely. We hear all the time the the proactive approach rather than the reactive, of course, you you still have to have those those things in place when you are reacting. But getting ahead of that is something that’s key that we’ve definitely heard about. Forward, look here, where where’s this fraud tech, anti fraud tech going, I should say, What do you want to see? Or what are you working on at CNN that you’re excited about? Within the fraud landscape?
Matt DeLauro 11:01
Yeah, I think continuing to look at things that are real time and available, that’s publicly available information on the on the internet to validate identity, being able to provide neobanks with, you know, the confidence to be able to validate identity without like a lot of friction in the customer experience. So looking at, like always making big investments and performance and scalability on our side, and reducing response times. Because we know that we’re like a really intricate part of the customer journey. But, you know, add on the back end of it, when it comes to the fraud examination, and the things that do get flagged to like, you know, we’ve put it implemented a lot of really common sense machine learning. So the things that might have taken a fraud exam or a long time to do and then weren’t as scalable to implement when a Fraud Examiner identified it, you know, we’re looking to support that Fraud Examiner with a lot of machine learning capabilities, so that those patterns can get learned by the model. And then they can be more effective, and they can really stop those vulnerabilities. Because it’s yeah, it’s a never ending battle against the fraudster, they’re gonna find a security hole. And our job is to plug it as fast as we can, and then implement a series of gates, or defensive measures to make sure that that’s covered.
Whitney McDonald 12:11
Right, the technology gets stronger, and the fraudsters get more creative. It’s
Matt DeLauro 12:17
gone are the days where you’re gonna get like a poorly worded email with grammar mistakes in it from a Nigerian prince. Now it’s going to look exactly like an email from your bank. And it’s going to, you know, be very hard to identify some of these spear phishing attacks and things like that. The fraudsters just have tools at their disposal that are really highly scalable, and in some cases, more scalable than the financial institution. And really, you know, the message that we have that we’ve learned from a lot of our neobank customers is it’s really all about fraud prevention, right? It’s about instrumenting things at the very front end when you first onboard a customer and having things done in real time, because the velocity of the fraudster is just getting faster and faster every year.
Whitney McDonald 12:58
You’ve been listening to the buzz, a bank automation news podcast, please follow us on LinkedIn. And as a reminder, you can rate this podcast on your platform of choice. Thank you for your time, and be sure to visit us at Bank automation news.com For more automation news,