With Fraud, the More Things Change, the More They Stay the Same

Gilit Saporta is an experienced fraud-fighter and product leader with over two decades in the field, currently acting as VP Product for the Fraud Lab at DoubleVerify. She is the co-author of “Practical Fraud Prevention” and the upcoming “The Fraud Fighter’s AI Playbook: Strategies for the GenAI Era,” and the co-chair of the annual FraudCon conference at Tel Aviv University’s CyberWeek. 

Starting her career at Fraud Sciences, a startup renowned for pioneering innovative accuracy in online fraud prevention, Gilit has trained hundreds of fraud analysts, data scientists and researchers at PayPal, Forter, Simplex, and now DoubleVerify. In addition to her professional roles, Gilit supports several fraud-fighting and women in tech communities. She co-hosts the Israeli Fraud Fighters meetup series and previously led the Israeli branch of RiskSalon.org, a roundtable forum for risk professionals. She is also a strong advocate for collaboration and inclusivity in fraud prevention and the broader tech industry.

In this Fraudbeat interview, we ask Gilit to take a wide view on her career and discuss what major changes have occurred in fraud since she started fighting it over two decades ago. We also cover what she looks for when hiring fresh fraud analysts and how those entering the industry can expect things to develop in the near future. The interview has been condensed and edited for length and meaning. For the full-length interview click on the embedded video or go to Fraudbeat’s Youtube channel here.

Ronen Shnidman: You’ve been around the block, so to speak. How have trends evolved over the course of your career in fraud?
Gilit Saporta: At the same time things have evolved dramatically and yet remain surprisingly the same. 

Fraud is still out there only getting more scalable with time as we all know and with the new technologies that are being introduced into our lives. And yet with all this scale, some of the patterns have remained the same. 

Fraud continues to look for the path of least resistance, always targeting the most vulnerable parts of our society, for example, the elderly. And fraud has continued to be a game of follow the money. 

Which trends are we seeing? It’s always more of the same schemes that were out there and more creativity in trying to find the easiest path to gain more out of every attack.
 

RS: So you’re saying there’s a lot of recycling of old methods, but you also mentioned the adoption of new technologies in your answer. Which new technological advances have fraudsters incorporated since you started fighting them at Fraud Sciences, way back during Web 1.0.

GS:   Yeah, I was lucky enough to be here for the first days of e-commerce and the first days of social media platforms. This is definitely an opportunity to reflect on how in one sense things have uh evolved from trying to hide behind a low-quality VPN provider just because you want to use Napster, if you remember. Back then you would see a lot of us computer geeks  hiding our – I don’t know if I want to call it benign – but not necessarily financial fraud-directed operations behind all kinds of evasion schemes. 

That exists today, but it has gradually become more of an evasion-as-a-service. Users that are not considered technologically advanced will be using these VPNs even without realizing it. Sometimes it’s turned on by default on your device. 

This blurs the line between what was previously considered a bad signal for fraudulent activity and just normal behavior that is part of our lives today where we access information and resources on every part of the globe and we are not even thinking about it anymore. Streaming has become something that is a normal part of every of our day-to-day lives.
One of the challenges that I don’t remember having back in uh 2005 when I started this  journey is to make sure that you make sophisticated fraud schemes easy enough to understand for the organizations who get hit by them and by the consumers who get hit by them.

RS: Let’s dive in on that a little bit because you worked at a variety of very interesting companies and especially the current one, DoubleVerify, is very different from the ones you started at I would say. So what are the differences and the similarities between your work at Fraud Sciences and then PayPal and I guess Forter, then Simplex, and now DoubleVerify?

GS:  I agree that protecting the consumers and the e-commerce merchants and fintech operations from the financial impact of fraud schemes was a theme shared by the first three companies. But then both Simplex that came afterwards, which was a cryptocurrency focused startup that was later acquired by Nuvei, and then DoubleVerify today, both of these later organizations are more focused on let’s say digital goods. There’s no physical product that needs to be shipped somewhere. 

These are still areas where the first step of being scammed for being a victim in all of these operations where I was lucky enough to take part of the first part is to trust someone that is just lying to you. And that goes back to how senior citizens are going to click some uh promoted campaign on social media that will take them either to something that will convince them to buy a fake Louis Vuitton fashion item or they can equally click on a sponsored campaign that will take them to an investment scam that will tell them to buy crypto without them realizing it. Or they will click on something that will make them install an app that will end up being this malware on their device that will show up as fake traffic or intrusive traffic at DoubleVerify. The weakest link in many of these cases remains the human factor.

RS:Yeah, it’s interesting. The social engineering aspect of it and the human factor is where you know fraud and cyber sort of overlap and there sort of I think your your current job is also in that gray area where it’s almost becoming a little bit like cybersecurity.

GS: Yeah, I agree. When I’m looking at a hijacked device that’s been impacted and it could be that mobile phone that someone was duped into installing some bad code or it can be a TV streamer at home that might be infected at a network level. I agree that this takes us way more into the cyber protection realms in terms of the volumes of data, the type of data, the types of signals that we are analyzing.

Surprisingly enough, or at least this is my interpretation of the analytic side of our playbook to mitigate these cyber attacks, it’s always important to keep things as simple as you can. Go back to where the first line of defense was falling short. And I feel that as as long as I can ground it back to things that are similar to getting someone to to fall for a crypto investment scam, as long as we can keep it closest to what people already know from financial scams, I feel that we’re, um, more effective in helping the industry understand the magnitude of this problem and what they need to do in order to stay safe.

The world of the greater economy is usually super-psyched about new technological opportunities. AI is of course the greatest example. And they always want to race forward as quickly as they can and open up more opportunities for revenue which makes a ton of sense. However, you and I are likely always going to be the ones saying, “Okay, just make sure that you’re not leaving a huge loophole for fraud to sneak through.”

RS: Right, well let me ask you, as someone who’s trained a great many fraud analysts in her time, what traits or skills are you looking for in a fraud analyst? Whether it is to be able to explain the nature and magnitude of problems to internal stakeholders or whether it is to catch the bad guys. What set of skills are you looking for?

GS:  I’m always looking for people who ask questions. We are always looking for that person who is going to first ask for the false positive scenario. Any piece of data that you’re trying to put together into this puzzle that tells your story, right? You’re always looking for the good story and the bad story. What could be a plausible complete cohesive explanation for this set of details to exist in a reasonable scenario? We’re always looking for user intent. Even if it’s not a human user, if it’s even an agentic bot interaction, what is the intent? What kind of prompts may have started this behavior?

It’s critical to be able to think like an agent as well these days because they are very often not very sophisticated manifestations of the original user prompt. A classic example, I ask via prompt to try and add something to my shopping cart like a particular brand of shampoo. The store ran out, but the agent doesn’t have the common sense to stop after trying once and seeing that the product isn’t available. They keep trying and trying and soon they start to look like a bot attack or like a DDOS attack just because they’re trying to be a very good obedient bot and complete the task that I’ve asked them to complete.

RS:  That’s actually very interesting. I never thought of things before on the agentic level. I actually want to zoom on one comment you said as a throwaway, but it’s super interesting. You said it’s going to be harder now for juniors to come in. Why is that? Is it because of AI or is it something else?

GS: Yeah, AI is a big part of it. Senior management across nearly every organization does expect AI to replace the more junior levels of data-driven work, and I see this in my team as well.
 Yes, we are able and we do certainly use a lot of AI to do the manual part of the investigation to confirm if a pattern that we’re seeing today is similar enough to the patterns that we’ve seen yesterday.  And you really don’t need a junior analyst to have this kind of manual, fairly simple investigation of detecting similarities. It’s not just AI. Clustering models have been doing this pretty successfully for a good six, seven years. So, I don’t need that type of role to expand my team or my investigations, but I do very much need people to come in with inquisitive minds to be the red team of any fraud prevention operation. That is where I think, yes, it is harder to come in with the sufficient level of curiosity and motivation to win this kind of opportunity. But it is in no way extinct. It’s just the next phase of evolution for fraud fighters.