Building Community with Bad Fraud Advice

Community Building Among Fraud Fighters

Ronen Shnidman: You’ve been very involved in setting up communities in the fraud space in the past couple of years, and I find it very interesting to see how both among fraud fighters and among fraudsters, communities are evolving all the time and sort of changing in a variety of ways. Can you speak to that a little bit, about what you’re doing first of all and then maybe we can talk about other people?

Brian Davis: Yeah, if you work long enough in fraud, you realize it’s not even the dark web criminals are communicating on. It’s WhatsApp, it’s Telegram, it’s Facebook groups, it’s X/Twitter. It’s all right there out in the open. It’s on social media in front of you. 

The fraudsters have a way stronger sense of community and collaboration than we do as the good guys. And even though we say we want to work together, we just don’t. And that’s just always been a thing that stuck with me. The criminals work so well together. Why do we wait if we’re lucky enough to get budget to travel to one conference a year to talk for four days in a row about what we’re doing? What do we do the other 360 days of the year? We just sit in our own silos. We hope that the criminals go away. We kind of look at how they’re talking to each other. There just is nothing really for us fraud fighters on the day to day of what are you seeing? What tools are you using? I’m facing this. I haven’t faced this type of ATO. I’m seeing a little bit of a different spin here. Is anyone else seeing this?

Sometimes just a little bit of validation would be good. For example, people saying that the way you’re thinking about something is really good, you’re ahead of the curve on that or I actually want to ask you questions. We work in silos in our own companies as well. It’s like, “You’re the fraud team, kick it over there, they deal with these sketchy weird things.” So let the fraud team or the risk team or the trust and safety team, whatever your company calls it, handle it.

Often you will feel that you are the only one that gets this. No one else understands your work in the company, even if you try to communicate about it. And then you don’t feel comfortable because your company doesn’t want you talking about it. It’s not necessarily like you need to share all of your fraud rules and what’s hard coded in or who exactly your vendors are publicly. But you are probably sharing 0% or maybe even 5%, and you can probably share a whole lot more to help others. 

That’s been the piece that’s just really bothered me for years of just seeing the gap of there is a huge desire to share and work together on our side. I’m always trying to find ways for how we can better collaborate. How can we support each other in growing our careers in this day to day grind of putting out a fraud spike here and then a fraud spike there and rinse and repeat.

What’s Held Back Existing Community Resources

RS: But why are fraud fighters starting to collaborate only now? There have been anti-fraud resources that have existed for 10, even 20, years to train fraud fighters. They may be few and far between, but they existed. I’m thinking of The Fraud Practice by David Montague, the guy who used to be VP Fraud & Risk at Expedia. He did some early stuff with just training on e-commerce fraud. Merchant Risk Council (MRC) has been investing in training for fraud fighters for a couple of years with their licensing certifications. There are organizations and people that jump in here or there to fill some of the gaps but they’re not at the same level of motivation and organizations that the fraudsters have. And I’m wondering if there has been a lack of motivation until now? Has it been inertia and corporate barriers to sharing and working together that prevent you from doing stuff outside of your company?

BD: There’s multiple levels from just what I hear and have seen in my own experiences. I may have zero budget for new tooling, zero budget for a conference, and maybe a Learning and Development spend of $500 per year. If you’re lucky, maybe a thousand dollars for L&D. If you’re not part of a much bigger company, what can you really do with that? I can’t get one of those bigger training programs. I can’t travel to a conference. I can’t get those certifications. I have to go above and beyond to get approval for the Certified Fraud Examiner (CFE) study program, which has long been the gold standard of certifications. Although as fraud has gotten more nuanced across different industries, I think you’ve seen the MRC certification come in and try to become the gold standard. It’s still too early regarding certifications to tell if companies will really care about employees getting those letters added to their names. That’s all TBD. I’m hopeful though. 

So one piece is that if you don’t have the structure and you don’t have the support financially, you’re not going to get any of any of those resources because they cost money. And that’s just the way business is. Another piece is  a lot of us that work within the space like the heads down work approach. I want to get to solving my problem. I want to kind of pull in some strings. I want to investigate this. It’s a lot of heads down work. By the time you need to look up and say, “Hey, we have a big problem,” or “We need to start training people,” or “I need an additional person to help,” no one knows what you’ve been doing. It may be that you’ve been eating all the shit sandwiches for the company so that they can eat the cake. But if you don’t communicate your work, your value, what you’ve been doing to the people you need support from to say, all right, we’ll give you an extra $5K, $10K or whatever it is relevant to your business situation, then people don’t know you exist. 

They’re not going to give you money just because you say, “Hey, I got this problem.” Everybody’s got problems and you will have to fall in line until you’re able to make that business case. So that’s another level that complicates things more. If you don’t have those relationships so people outside your department really understand what you’re doing, you will find it really, really hard to get budget, which makes it hard to get this new tool. 

You have to explain why you want it. Why does your existing fraud tool now all of a sudden cost more money? I thought it cost X but now it’s up by 10%. Well, we’re growing by 20%. That actually there’s a variable cost that affects margins there. If people don’t really understand what and how you are doing things, they might see you as a fixed cost.

Depending on your platform provider, tools aren’t necessarily fixed costs. There’s a lot of variable costs that grow with it. So when you look at the budget year over year, people might say, well you’re getting more this year,  but you’re actually not in reality. It just might cost more because your company is growing. 

Inspiration for the Bad Fraud Advice Newsletter

RS:  Were your experiences explaining yourself and needs to non-fraud colleagues where your newsletter Bad Fraud Advice comes from?

BD: It all started with the idea that if you’ve worked in this space long enough, or honestly, even if you’ve worked in it for about a year, someone’s imposed upon you advice around how you should be running fraud. And more often than not, it’s bad fraud advice. Honestly, it started as a joke with me and a couple people of just different stories. Then, when I moved to the vendor side a handful of years ago, I decided that I would take the opportunity to start sharing more of my stories because there’s no one in the space that talks about these things. There was no competition. It’s not like sales or marketing where there’s 1,000 people just creating content, some great, some mediocre, some learning, some improving, some not. In fraud, there was next to nothing, maybe two, three people that would post consistently.

So I saw that this is an opportunity for me to share my story. I’m not associated with a company anymore on the merchant side, so I felt more comfortable. People at my company won’t think that I’m talking about them because I’m clearly not at a merchant anymore. As long as I don’t share some details, it’s kind of hard to say which company that I was at which I am referring to. And I’ve gotten way better at that. So I now know my boundaries that I can share about 80% or even 90 % of the stories, but if I leave out the rest, that’s just enough for me to not overshare and get myself in trouble. So when I talk about the gap of most people maybe sharing  5% of what they’re going through, if I know I can push 80%, there’s a demand for that.

You’ve been helpful for me, giving me feedback through the years and you also have to put yourself out there. My content has gotten better. I have found my voice.

RS: Yeah, there’s no question that you’ve found your sweet spot.

BD:  But it’s practice. Like you’ve been doing this way longer than I have. It takes time to find your voice in each channel. And when you write in these, mostly channels or speak even in a channel like this, you put yourself out there for people to have opinions, some good, some bad. 

I opened myself up to a lot of good. There’s been a lot of opportunities for myself because of this. And then there’s also been a lot of feedback and criticism and opinions of just me sharing, me being vocal, me talking, me trying out different styles or talking about different things, me just being a human and having not just one interest and saying, I have other interests. I like writing about other things.

I am very interested in AI and the impact that it can have on fraud teams. But there are some things that will come at the cost of some people in some roles, and I do believe that. And when you have opinions and you’re able to stand on something, you put up a fence. Some people will be on one side, some people on the other.

The Art of Selling to Fraud Fighters

RS: One thing I think people appreciate about you and Jordan Harris, especially, is that we lack a merchant perspective and the perspective of people who fight fraud for merchants because of everything you’ve already said: people keeping their heads down and other people assuming that you’re talking about your current employer. 

You have to  obfuscate what you’re talking about, like who you’re talking about. Both of you guys are great at bringing that about. As a past marketer in the space, I can tell you that we want to hear from the practitioners more. The good marketers, anyway, want to hear more about how you’re using our product, how you’re using our competitors’ products, and what are the real pain points for you. It’s really hard to get it out of merchant practitioners even at the conferences. 

Now that you’re affiliated with a conference, this can be a little bit of feedback for you ahead of your first one. It’s a problem that practitioners often don’t want to talk to vendors they don’t already know.

BD:I’ll say that I’ve heard it differently. And there’s a reason why. It’s like you walk into somewhere to shop and depending on where you live, I know there’s some cultural differences of how you handle walking into a store, but the basic tendencies are usually the same. You don’t want to be sold to, but I like buying.

At least in America, a lot of times people will say to salespeople at the store if asked if they have any questions, “No, no.  I’m okay. I’m just looking.” And then you’ll think to yourself, “I actually do need some help, but I can’t go back to that person.” The same type of thing happens with events. And when they’re held within busy exhibit halls and the vendors are sending people who have sales quotas to fill the incentives are backwards. You have so many people who are like, I got to make a deal. I’m gonna try to find them, and the conversation will be sales motivated.

So instead of having a normal conversation where you can probably get more information out of people and just kind of learn and see how they think, see how they talk, what they care about, you’re experiencing a sales discovery call live. Fraud professionals are a very highly attentive and observing audience and they go on high alert. They can sniff that out very easily and quickly. So when you as a salesperson go into discovery mode, the wall goes up and it’s like, “I’m just looking,” and you don’t want to go back. 

I don’t want to gatekeep necessarily. I don’t want the venue choosing who gets to go and who doesn’t. Pricing also needs to be accessible to vendors of different sizes, especially now that AI is reshaping the market. There are some big companies who are actually investing a lot of money in building a good AI product on top of their legacy infrastructure. But now there’s also some AI native companies who have the infrastructure built for what I assume is moving forward of how integrations will go, how team usage will go and when you price out those companies, especially right now at a very pivotal moment. How am I supposed to discover anything? I know the big vendors. I have my relationships there. I want to discover some of the other players out in the space. How do you facilitate that?

And who are you facilitating it with? Sales is a hard job, so this isn’t a knock on any SDRs or AEs, but when professionals are starting out their discovery process and learning, they are more apt to want to meet and learn from the heads of product, heads of data science. They want to learn from the co-founders or an SME the vendor brings. They want to learn from the C-suite and the people building the product.That’s a lot different from a sales conversation. 

What Safeguard’s May Event Will Be Like

RS: For the Safeguard event that you’re holding in May, are you inviting product people from vendors or who are you inviting?

BD: The Safeguard event is taking place May 3-6, and it’s really skewed to the practitioner side. We can only accommodate 700 people in total and 500 of them will be practitioners. That leaves only 200 vendors on the builder side. That means the vendors have to be selective in who they send. Our programming is based on double opt-in networking. So if you send an SDR, no one’s going to meet with them because it requires both sides to opt in. You’re not going to see some of these bigger companies send armies of people. So you’re not going to have this imbalance between new companies and the strong players in the market. It’s going to be a little bit more balanced. It’s not like Money 20/20, where 55% of attendees are vendor employees.

We did an analysis and actually 55% of attendees at Money 20/20 were on the vendor side. And fraud is just a small track at these big events. So when you go to try to meet your peers, it’s not a coincidence that you can’t find them and you bump into salespeople everywhere because that is the math and the breakdown of the attendees.

RS: Any final thoughts you want to share about Safeguard?

BD: Sure, one last plug on Safeguard: If you’re a host practitioner through our hosted practitioner program, we give a complimentary ticket to a five star resort. It is our AI deep dive and we also give a $750 travel reimbursement. We know budgets are tight, and we want to make it’s easy for the right people to be there.