How does a startup fight fraud? Meet Alison and Maty
With fraud being the most common crime in the UK with an estimated 1 in 10 falling victim, it’s important that we have a team here at Curve with a keen eye to prevent it. Despite the inevitability of businesses encountering fraudsters, our team are dedicated to stopping them in their tracks and keeping our Curve customers details safe and secure.
We caught up with Alison and Maty who want to give you an no-holds-barred insight on how they go about fighting the crime, as well as some experiences they've had along the way.
To begin with, what are your job titles at Curve?
My job title is Senior Fraud and Dispute Analyst, with the main aspect of the role being fraud prevention and helping customers who have fallen victim.
My job title is Senior Customer Operations Champion, with fraud prevention being one of my responsibilities.
Have you ever been worried that fraudsters have signed up to Curve?
Yes, without a doubt. We’ve had a convicted fraudster try and apply before - which we caught because we have certain checks in place when a customer signs up. He even tried to pay his court fees with cloned cards!
Unfortunately, you’ll never have a company that has zero fraud. There's a saying I've heard a lot: ‘If you don’t want any fraud, then you’ll have to shut your business down’. Fraud will always be a part of any business, but it’s how you handle it to be able to prevent it as much as possible which is what we strive for.
You're currently looking at a case with the police, could you tell us about that?
I came across an interesting case which involved business owners using stolen Curve cards to profit their business by making payments to their own business with stolen card details. It was flagged by our “Fraud detection system” that a few accounts had behaviour that indicated money laundering. Episode 4 of Dirty Money - 'Cartel Bank' sums up the way this works pretty well, watch it to get an idea (It's on Netflix).
Our detection system was right and we quickly shut down those accounts. We then looked for similar connections ourselves and made sure that we’d caught everything. Then we filed a Suspicious Activity report with the National Crime Agency.
We then presented the typology at an event with FFE - the FinTech Financial Crime Exchange. This is where lots of London fintechs get together and share their different fraudulent typologies that they may have seen or come across. On these events we can share our experiences whilst learning from other’s experiences as well.
When I presented the typology, an employee from another company in the fraud sector took an interest. Following this we had a separate meeting with them where we discussed the case in more detail.
They put us in touch with the police department from where we’d seen the activity. There was actually already a case being put together against them, but we helped contribute to it. We’ve just sent out a statement for further evidence, with the likelihood of the case going to trial.
It was great to be able to work with the police and assist them with reducing fraud, as it's a crime which is often very difficult to identify and prosecute the offender.
Have you ever helped other companies through Curve because our data allowed us to spot fraudulent activity?
I guess you could say that!
On one occasion, we started spotting online fraud on several accounts, including an employee’s account at Curve. They were all from the same retailer and the same patterns were appearing across all of the accounts. We investigated the activities in-depth to try and find a common denominator.
It seemed that all accounts affected by the fraudulent online transactions made a genuine transaction to the same retailer. However this was the common denominator which helped flag where the compromise had happened.
Following this, we reissued all of the cards to all of the affected customers with transactions to this retailer which helped to prevent more fraud from occurring.
You mention ‘typologies’ a lot - could you familiarise us with this term?
Typologies are a trend you may have seen more than once - it’s a recurring scenario. It’s then about looking at fraudsters’ behaviours, spending patterns and profiles within that trend. Taking these factors into account will form the typology, in which we can then analyse and spot fraudsters' behaviour.
‘Machine Learning’ is pretty big at the moment. How does this help your job?
Machine learning is a really hot topic right now, and it’s really useful in preventing fraud. We work with a machine learning company which risk-rates a customer's account based on their activity. The machine carries an algorithm which measures hundreds of different data points to spot if they could be a fraudster or been a potential victim of fraud.
The machine learning also takes our activity into account. For example if we block a user that is a fraudster, the machine will pick up the traits of the users’ profile, activities and behaviour and increase the risk score of similar users in the future to help catch future fraudsters.
Are there any skills that stand out to be essential for your job?
I’d say the main thing is having a passion for stopping fraud. The fact that I get excited when I’ve been able to prevent fraud from happening is really important. I also think having a strong sense of what is right and wrong is really useful for this job.
Being able to spot anomalies or identifying when something doesn’t look right is also key. I’ve grown to not believe in coincidences. If something looks suspicious, it usually is. Analytical skills are also important, being able to look at a set of data and analyse it to make connections.
It’s definitely important to be able to spot connections. There are often cases and accounts that are connected in some way; if we can spot them and find the common denominator, we can start to do some investigative work. This in turn helps us prevent more fraudulent activities in the future.
Just to finish up on... what's the number one tip you'd give future Curve users?
It would be to watch out for scams and phishing emails. If it looks too good to be true, it probably is. If you are ever asked to enter card information or sensitive data from an email you’ve received from HMRC or Paypal for example, don’t do it directly from the link in the email. Always go to the website itself!
Apart from that, please don't send us topless selfies during the verification process! We delete them immediately but we have to check your ID manually...