What Is Fraud Intelligence?
Fraud is evolving fast, and so must the ways financial institutions fight it. In this episode of The Purposeful Banker, Jeff Scott, Q2’s VP of Fraudtech Solutions, discusses Fraud Intelligence, a smarter, trust-first approach to fraud prevention. We explore how financial institutions can build trust without adding friction, the “See It, Stop It, Solve It” framework, and how AI fits into the future of fighting fraud.
Listen
Subscribe
Related Links
[Webinar] Building Trust, Not Friction: The Future of Fraud Prevention
[Ebook] Fraud Intelligence: Build Trust, Not Friction
Transcript
Jim Young
Hi, and welcome to The Purposeful Banker brought to you by Q2, where we discuss the big topics on the minds of today's best bankers. I'm your host, Jim Young. Welcome to the show.
We're taking a break this week from our Gen Z series and turning to a topic that is near and, frankly, not so dear to the hearts of our audience: fraud. With me today to talk about fraud is Jeff Scott. Jeff is the VP for Fraudtech Solutions at Q2. So there's no one better equipped to handle this critical topic.
In fact, he's going to be one of the main guests on a webinar we're hosting on November 13. It's called Building Trust, Not Friction: The Future of Fraud Prevention. We'll have a link to that in the show notes, but you can also find it at hub.q2.com/webinars.
Jeff's also the ideas guy behind an ebook we recently published titled Fraud Intelligence: Build Trust, Not Friction. You can also find that at q2.com/solutions/fraud-intelligence. And, again, we'll have a link to that in the show notes as well.
OK, after that long preamble, Jeff, welcome to the show.
Jeff Scott
Thanks, Jim. Glad to be here.
Jim Young
All right. Well, let's start off with, Jeff, nearly every presentation I see on fraud has at least one section which details how big the problem is and how, in a lot of ways, it's growing. I don't get the sense that bankers need to be convinced that fraud is a problem, but is there a stat or a factoid that you know when you put that one out, or maybe when it's been presented to you at some point, that still raises eyebrows when it comes to fraud and its impact on the industry?
Jeff Scott
Yeah, absolutely. Usually what gets the reaction is for every one dollar of fraud loss, a financial institution now spends almost six dollars when you include investigation, recovery, [inaudible] costs. In 2020, community and regional banks saw more fraud attempts through digital channels than through physical ones for the very first time. And so when you put those two things together, that's usually the thing that gets folks up out of their seat and they know that it's not, fraud is not an occasional disruption anymore. It's really now a daily operating cost. And that's usually the stat that that rings true.
And it continues to increase. So that's, you know, a couple of years ago, it was three bucks. Then it was four bucks. Now it's six bucks.
Jim Young
Yeah. And so to your point, like it's not just a, “Hey, this fraud attempt worked.” It cost, you know, we lost this amount of money out of the account. It's “This fraud attempt worked, and this is going to cost us this much out of the account. It's going to cost us this much in terms of how long it took us to investigate it. It's going to cost us this much because we're in danger of losing, you know, this customer, etc.” Just a huge ripple effect.
Following up on that, then if, generally speaking, again, when you're speaking to bankers, they're nodding along their heads when you're putting out these stats and you're telling them about the need to focus on fraud, what is it that keeps them from really taking the plunge and really investing in better fraud management?
Jeff Scott
Yeah, it's usually three things. First I would say is just fragmentation. So banks have multiple point solutions. They don't talk to each other. They sort of sit on their own islands, and that makes it operationally difficult and it's just difficult to figure out like where do we start?
I think the second thing is what I would call sort of fear of friction. So no financial institution wants to block a good customer in the name of security, and so catching your good customers in a bad fraud trap sort of keeps them at the sidelines from time to time.
And the third one is really just general fatigue because fraud is evolving so fast that even well-intentioned teams seem to struggle to keep up. So we see institutions, you know, spending more on point solutions and tools, but not getting sort of a unified defense. And then that can keep them from really thinking about it holistically because it's just such a fast-moving animal and the threat vectors are new and emerging on a constant basis. So sometimes they'll think, well, maybe I'll just wait and I'll see what else comes out. I'll see if there's a better mousetrap. And they sort of stay on the sidelines.
Jim Young
We had a customer … I think you sort of answered a little bit of my next question, which is like well-intentioned mistakes, that banks make when they're trying to set this fraud management. I'm curious, then I would pivot here to a little bit of a of a conversation I had with bankers recently where they had a fraud tool that they admitted they'd almost turned off, basically, because they basically said, “Well, we weren't we weren't catching any fraud.” And I said, “Well, you mean it wasn't effective?” And they said, “No, we weren't having any fraud attempts in that area. But then suddenly we were. All of a sudden it caught several hundred thousand dollars worth of fraud attempts. And so now we're really glad we had it.”
Do you run across that a little bit, too? Which is like, I guess I think of it almost like Homeland Security, where no one really cares about it until they have to really care about it.
Jeff Scott
Yeah, 100%. And I think we're all a little bit victim to the tools and the payment processes that we as an industry have used for the last decade, which is really about batch transactions. You have time to sort through flagged items. We don't have that time anymore. You’ve got to be able to have a holistic view in real time because of P2P or real-time payments. And so I think what happens to financial institutions is they're still so focused narrowly on the transaction and not enough on behavior. And so they're used to catching it at the time of transaction, but it's totally operationally heavy. And maybe they don't, you know, catch something, you know, in the recent past. So they think that the tool isn't being effective.
But your point about Homeland Security is absolutely right. And when these new and emerging threat vectors pop up, and they pop up quickly, it's really about the behavior of the individual. And how much can we know about them and how fast inside the session such that we can stop other forms of whether it's changing PII or getting to an SSL out, that would be something like Zelle.
Jim Young
Gotcha. OK. So I want to toe the line here between giving folks an idea of what they can expect from your November 13 webinar, but also, you know, without giving away the store here. I don't think I'm giving away too much by saying the focus of the webinar is a concept that we call Fraud Intelligence. Can you, and you've already kind of started touching on some of those themes that are within it, but can you give our listeners essentially maybe the long elevator ride pitch explanation of what we mean when we say Fraud Intelligence?
Jeff Scott
Yeah, 100%. So to me, fraud intelligence is a unified, real-time approach to fighting fraud. So it connects every signal. So think logins, transactions, devices, user behaviors across all products, all partners, and turns that data into intelligence that helps the financial institution be able to see their fraud. And so have a single pane of glass of all of the threat vectors, all of their speed bumps that they want to deploy. And it gives them real-time information and the ability to interdict real time and have all of that in one place. So I think about Fraud Intelligence as it's just not another fraud tool. It's not another point solution. It's the platform that ties all of those point solutions and tools and processes and data together, such that you can think about it like a one plus one equals three. So if you've got an application for transaction monitoring that's sitting on top of this unified intelligence layer, it should be net net smarter because it's publishing signals and consuming signals from that intelligence layer that it wouldn't otherwise have.
So across, just using Q2 as the example, across all of our applications, be it from a paper-based positive pay solution, an ACH positive pay solution, our dispute management solution, digital channel tools for events and for login data, for step-up data,and then for transaction monitoring, you've got sort of siloed pieces of information about a user or a fraud event, or a mule ring or a fraud ring that's in each of those applications. So we port that data down into the intelligence layer such that any one of those applications can consume that information back into their application. So then you start adding on things like the financial institution has another tool that they use that they want to have access to that data, or a partner is going to partner with a financial institution to build an agent or an application on top of that intelligence layer. And to that, it, you know, makes the whole better.
Jim Young
OK. All right. I'm just put a pin in this because I'm going to play the devil's advocate and have a slight pushback on that, but I want to dig a little bit deeper into this because one of the things that the webinar and the ebook that we published, they shared this phrase, “Build trust, not friction.” And you talked about it a little bit already, but I wonder if you could expand a little bit on when we talk about that, what do we mean?
Jeff Scott
Yeah. I think customers shouldn't have to choose between having their account holders feel safe and feeling served, I think is the nexus of it. So we wanted to design a full fraud posture or a fraud defense that really happens in the background. It's using better data, it's got better orchestration, and that allows legitimate users, you know, to move more freely while fraudsters hit the roadblocks and the speed bumps.
I think a lot of our customers … someone, one of our customers coined this phrase with me that they want to stop catching their good customers and a bad fraud trap. And so they're worried about the friction. And what we're trying to do with fraud intelligence is allow them to do more things for their customers. So if they want to get to a place where commercial customers can do real-time payments, they tell us that the No. 1 thing that's holding them back is not the functionality of real-time payments, it's the fraud mitigation tools. And are they up to snuff and are they there yet? And that in real-time payments is going to be about real-time information, about the user, about the journey and being able to orchestrate that information in such a way that we can risk score it and enough time. And I like to quote this, you know, stat of you've got basically 27 seconds from the time somebody logs in before they can do something you don't want them to do. And the only way you're going to do that is with an ingestion of a bunch of signals. And so our customers, in order for them to not catch their good account holders in a bad fraud trap, they've got to have that plethora of information.
The other thing … I was with a customer a couple of weeks ago. You know, we were trying to sort of talk to them about their full sort of fraud defense monitoring, their fraud stats. They came when we looked at their stats, they had dramatically decreased, and we were like, “Wow, how'd you do that?” They're like, “Well, we just shut everything off.” So, they just, like, didn't let their customers use Zelle. They didn't. And they're dealing with all this operational burden and customers calling in and upset. And, you know, that's the opposite of what we want to be able to solve here.
Jim Young
Yeah. That is a bit extreme. Yeah. I guess, you know, for me, just on a personal level, the little thing that I think about is like, you know, my bank. Not naming names here. You know, every time I want to log in, it's giving me … it wants to send me the push notification to my wife's phone text. So if she's in the house. cool. She can holler upstairs and give me the number that I need to fill in. If not, I’ve got to find her. Maybe she's not available. Then I can't log in, and that sort of thing drives me up a wall. Not enough for me to switch bank accounts. But, you know, if I was a major customer having to do some time sensitive, it might be enough. And again, it's one of those things of like, is there some way that you can make this, like, trust me, that it's me at this point? What else can I give you? What other signals can I give you that doesn't require you to do that every time? Or can you make it a little bit better so that you send it to me and my wife? Is that OK? That sort of thing.
Jeff Scott
So, yeah, I mean, I think on that point, we're getting to this world where secure access codes are those one-time passcodes that get sent to mobile, it's becoming archaic. And it's that's the friction we're talking about where the financial institution will say like, “Well, we don't have any other options right now except to ding everybody with a step-up authentication code to their phone. Like, that's all we have.” And so in order to get around that or to not have to do that, we need to authenticate you in a different way. And with the amount of signal that's available that we can now ingest in a very fast fashion. And then you, you know, start to put on top of that, like what we can do with AI, etc. There's an opportunity to say, is this really Jim? Because he's walking at a gait that isn't really his with this device or he's not going to the screens in the digital channel in the same fashion that he usually does, which maybe means it's not really him. And so there's all kinds of better signals that we can adjust, that we can get around just having that be the only method of defense.
Jim Young
Yeah. I want to also talk about this framework that we use to describe, you know, Fraud Intelligence in action. And it's, you know, I'll be the first to admit as a marketer here, it's markety. It's quick, and it's a saying it's called see it, stop it, solve it. Can you sort of, I think people might be able to get a pretty decent guess, at least on the first two, but can you kind of take us through, our listeners through that framework?
Jeff Scott
Yeah, sure. And just trying to keep it … not that it's simple to solve fraud, but it's really around …
Jim Young
I know you can go deep.
Jeff Scott
… around these around these three steps, you know? So, see it to me means you're detecting anomalies in real time. You're using … we're talking about all these signals. You're using behavioral analytics, device intelligence across the ecosystem. So we don't have that visibility today. So back to the siloed point solutions. They don't talk to each other. We can’t see it. We need that single pane of glass that gives us all that information about the user so that we can decide what speed bumps we want to introduce or what we do with this particular session.
So stop it is then the next step. It's the trigger. It's the active interdiction. It's automatically holding something or challenging risky activity before the user can go to a next step of the process that could be potentially damaging like we talked about, which might be like changing a beneficiary, changing PII, or, you know, getting to a transaction.
So solve it covers the back office. So it's resolving disputes faster with automation and compliance sort of built in. It's what we talked about at the beginning that for every one dollar of loss, which is what you're really doing with like see it and stopping it, the solving it adds the additional five dollars to get you the six bucks, which is like the reputational hit, the amount of people that have to be involved, the research you have to do, maybe the expense of like multiple different independent solutions that don't talk to each other is adding to that expense. So solving it is, you know, the last mile but probably one of the most important when it does happen, that's where all the expense is coming in.
So together, those three steps turn fraud management from reactive cleanup into a more proactive posture.
Jim Young
So all right I told you before to put a pin in it. I was going to have sort of my devil's advocate pushback on this. So here it goes. I mean, everything you've sort of outlined here for me makes sense. There's no massive logical leaps, you know. No offense, but you haven't blown my mind with any of this at all. A lot of it's like, yeah, OK. But then I think to if I'm in a bank and I'm in, say, Treasury, and I'm like, well, that's great, Jeff. My job is to deal with ACH fraud. So all this massive stuff of connecting systems and big views and all that don't really care, just need a good positive pay solution. And again, maybe to go back to that Homeland Security thing, it feels a little bit like FBI solves this problem, CIA solves this problem, you know, that sort of thing. Don't really know. You know, it's hard to get those things to work together. So I guess, what do you say to a banker who is like, “Great concept, just need this solution” basically. And how often do you run across that sort of pushback or objection?
Jeff Scott
Yeah, I think the thing I would say is, you know, most existing systems were built around single use cases. So to your point, ACH monitoring here, login security there. And our experience running these as point solutions, from time to time, they can generate more alerts than answers. And I think Fraud Intelligence unifies them.
And so, go to positive pay. So imagine if we had data in the intelligence platform that would help determine that what has been changed about this check is actually part of a fraud ring. And we've got that data. We can use it real time as our AI technology is scanning that check. It's pulling that information. And then conversely, if we've got that information about that account or about a bad actor from the positive pay solution, what if we could use that in the digital channel?
And so I think it to me, Fraud Intelligence has several use cases that would be advantageous to even just a point solution. And that is making that point solution net net better by giving it additional signal. Then you can have apps talk to each other like positive pay to your digital channel solution. And then the Holy Grail and where this would be headed is then you can start to build agents on top of that data to say, “What if we could help your back office positive pay administrator to do their job way faster and with much more accuracy and to help your commercial customers to be able to scrub their queues in a much faster fashion and be able to figure out which ones, which checks they want to return and which ones they want to let pay.” So that's how I answer that.
Jim Young
Jeff, much like a very good, Fraud Intelligence system, you were you were staying one step ahead on this, and you basically went right into my last question on here, which when you said the word “agent,” you know, AI is the thing that immediately pops into mind. And look, you know, let's be honest. You can't talk about anything today without AI getting added in somewhere. And fraud is no exception. But I wonder if you can talk a little bit, and you had addressed a little bit with that sort of use case about it, but I wonder if you can talk a little bit about when we're talking about AI with Fraud Intelligence, where it can make an impact, but also maybe where it can be a little bit of a distraction if you're not careful.
Jeff Scott
Yeah, yeah, 100%. So we've been using AI, you know, for a decade now, in machine learning, really, it started as rules-based, like machine learning. What's new is generative and LLM and then what you can do with, you know, an agent on top of that. And AI is phenomenal at pattern recognition. And so that helps reduce false positives. And so our Enhanced Payee Match in our positive pay solution, as an example, uses explainable AI to catch altered checks with much more accuracy than we had in the old OCR scanning technology, which is cutting down, you know, a ton of operational burden, a bunch of unnecessary reviews, etc.
I think we're at this precipice of AI can no longer just be a black box model, which I think is what it was for the last decade. Model risk management, transparency, they matter just as much now, especially for banks and, you know, their audits, etc., and credit unions. I think we treat AI as an assistant, not as autopilot. And it will be an amazing augmentation to this entire end-to-end process of pulling in a bunch of signals, being able to recognize patterns within those signals to produce a sophisticated risk score. And then from a workflow standpoint, being able to take that information and maybe for your back-office employee at the financial institution, the agent can do a ton of the work and get you to the 5-yard line, and then you can take it the rest of the way there. That allows you to spend much more time on more valuable fraud-fighting things, or thinking about the strategy, or looking at the single pane of glass that we've created, you know, with all the fraud signals at one place so that you can fine tune your policies, etc., on the front end.
So we just see an infinite amount of potential use cases. And back to the Fraud Intelligence platform, it's intra app, and then it's apps talking to each other and then it's being able to build agents on top that can roam throughout those applications and be able to facilitate, you know, work or jobs to be done essentially that helps the end customer or helps, you know, the financial institution themselves. And from a back-office perspective.
Jim Young
Yeah. That's great. And I would encourage our listeners, if they haven't already, you know, Corey Gross, you mentioned Payee Match, and Corey Gross, one of our AI geniuses here at Q2 presented on sort of what we did with AI to improve Payee Match. And he did that at CONNECT, and we've got a blog post on the site—I'll put a link to it in the show notes—where he goes through and outlines the whole thing of like AI is a tool. It's not an end, you know? So think about it again. You rolled through a lot of those use cases. Think about the use cases and figure out where you can apply it and sit back and let the—I don't want to say magic because some people think of it as that—but just let it do its work.
Jeff Scott
Yeah. Well, yeah. Well, even on that, on that point, Jim, so that team that built the Enhanced Payee Match tool, we gave them a use case, we gave them a problem. Like we've got this problem. There's probably a way that one of your tools can solve it. And they did. Then we said, OK, that same team with those same set of tools, we're like, all right, what we're really doing is, is we're looking for patterns. You know, what can we know about this? And how quickly can we determine an anomaly, you know, from what we thought it should be. So we're like, ”Where can we apply that same tool?” And so one of the things that we're working through right now is going back to the ingestion of all those signals and looking at our customers’ confirmed cases of fraud, where we'll have financial institutions say, “Hey, we had an event. Here's how it happened.” We document that, gave it to that team as a use case and said, “Here's an account takeover pattern that we're seeing.” They took that same tool for Enhanced Payee Match, and now they're pointing it at account takeover pathways. And so such that when somebody logs in and they go to this specific set of steps, within seconds, that model can detect that this is likely account takeover or business email compromise, or any of the number of other fraud journeys that are really, really hard to detect.
And it's amazing the results. So we took a financial institution that had a certain amount of confirmed fraud over the last year. They gave us all their data, we put it into the tool and within a 95% accuracy rate, this model found all of that fraud to, you know, within dollars of what they had lost. And so that's the power of AI.
So now if we could take that and put it at the front end of the process and say, sort of like we did with Payee Match, as we scan the check, let's have the model react in real time. That's what we're working toward at the front end of Fraud Intelligence. And then that gets back to why you want this shared intelligence layer that has information from all of these point solutions and partners and financial institutions, because the more you can feed that model, the more fraud we're going to detect, and then the more fraud we detect. The cycle continues because we're like, all right, there was some stuff that got through. We've got those confirmed cases of fraud. It makes the entire ecosystem better.
Jim Young
Yeah, great job of tying it back in there with that sort of flywheel concept on that, and well, listen, I could, listen to you talk about this sort of topic for hours, but I don't want to hog you. I want to make sure everyone else gets a chance to listen to you go in depth on it, again, in our November 13 webinar. Jeff, thanks so much for coming on the show.
Jeff Scott
Yeah, Jim, thanks for having me. That was fun.
Jim Young
And again, a reminder to register for that webinar. It's called Building Trust, Not Friction: The Future of Fraud Prevention. It's on November 13. Just go to hub.q2.com/webinars and you'll see it right there. And you can sign up. And that'll do it for this episode of The Purposeful Banker. And another reminder, please share your feedback on our podcast content on q2.com/podsurvey. All one word. And you can subscribe to the show wherever you like to listen to podcasts, including YouTube, Apple, Spotify, and you can see an archive of our past shows at hub.q2.com/podcasts. You can see I'm throwing out a lot of links, so just to encourage you to go there in general and explore. Until next time, this is Jim Young, and you've been listening to The Purposeful Banker.