Open in app

Sign in

Write

Sign in

Why should you hire a Fraud Specialist?

Ivan Prokofyev
7 min readJan 25, 2023

--

Hi everyone.

My name is Ivan Prokofyev, I am a payment fraud lead and this is my first (hope not last) Medium post.

A bit more about myself. I have over 10 years of experience in the fraud prevention domain. In my career, I’ve spent time working at Tinkoff Bank, ForexClub(aka LibertEx), Gett, and Booking.com. I’ve also worked on a couple of projects with Sbermarket. I’m currently working in Bumble(Badoo). Experience in these companies allowed me to work in different domains and different business models where fraud prevention was part of IT, Security, Marketing, Finance, and Operations. Most of my fraud positions were related to payment fraud (everything which relates to credit cards, PayPal, and the rest of payment methods such as Klarna, boleto, etc). I also have experience working with marketing abuse (coupon, loyalty fraud), collusion, resellers, etc.

In today’s post, I’ll aim to answer the following questions:

  1. Do you need fraud prevention as well as cybersecurity?
  2. Why do you need a Fraud Specialist?
  3. Why is it hard for a Business Analyst to become a Fraud Analyst?
  4. Why does a fraud specialist have to know how to work with SQL ?
  5. Do we need fraud prevention if we already have cybersecurity?

Cybersecurity and fraud prevention are 2 different professions and they are responding to different things.

- Cybersecurity work includes more about access, ddos attacks, protecting devices, networks, data breaches, etc.

-Fraud prevention covers payment disputes, coupon abuse, testing fraudulent credit cards, reselling services or/and goods, etc.

There is of course overlap and both areas aim to protect companies from financial loss. However, expecting cybersecurity to do fraud prevention’ cases and vice versa is not the right approach and may cause issues from both sides because the focuses are so different. This would be the equivalent of expecting a Backend Developer to work on the Front end — it might be achieved, but the time and resources wouldn’t be used the most effectively.

TL;DR point 1:

  • Cybersecurity and fraud prevention are 2 different professions.
  • Cybersecurity is about protecting your infrastructure, while fraud prevention is about protecting your business processes.

2. Why do you need a Fraud Specialist?

Payment fraud losses were ± 41B$ in 2022. This is only the number of confirmed losses that have to be opened to the public, the real numbers are expected to be much higher. It was ± 17B$ two years ago in 2020 and the prediction for 2023 is ± 50B$. This should be reason enough! But let’s not stop there.

Whenever a company decides to start accepting payments there are several payment fraud prevention options:

  • In-house solution (An in-house fraud team).
  • Payment provider solution with guarantee high acceptance rate and low fraud decline rate.
  • An external solution that prevents all possible fraud.

However, it is important to remember when choosing one of the last two solutions you need to have someone on your side. Otherwise, solutions will focus on their own success, not the protection of your interests. What could go wrong? Without regular communication, the company can face an increase in reject rate, decline payments from genuine customers, and chargeback(dispute numbers) will grow, which can lead to consequences such as fraud/dispute programs from Payment systems (Visa, MasterCard, Amex, etc) and as a result initiate even more declines from banks because the company becomes risky and on top of this there will be a monthly fee, starting from 10k $. Fraud specialists will lead all conversations with providers, communicate about changes on the business side, feedback about false positive declines with requests to review solutions, and most importantly keep your company away from fraud/dispute programs.

You might think that if you’re not working with payments, you don’t need Fraud Specialists, and you might be right. It might be true. For example, in some regions even when you accept payments, domestic fraud is so low and you will never have a rate higher than 0.001%. But these markets have other fraud risks, which you might have never known about. Let’s take as an example “Invite friends”. I believe each of you knows about these marketing campaigns. After launching the campaign most of the time all dashboards/charts show only the growing number of new customers. But if you start to analyse “new” customers you might find that 20 new users are related to one email or phone. The main account already has a super high balance and 20 accounts will never have any activities after being created. In the end, you have misleading information and expectations from numbers. Businesses that work with 3rd party companies or people (for example delivery or taxi services) are faced with collusion and fake orders which cost a lot. For these cases, you have to have a fraud specialist, which will focus on analysing all these areas, work closely with the product team and find and resolve cases that affect company revenue. Also, preventing you from making a decision when you don’t have any fraud, but also don’t have any orders and customers. It is very difficult to prevent fraud and keep it under a specific level to make sure that the business is operating and all fraud prevention solutions aren’t affecting real customers and prevent only fraudsters.

TL;DR point 2:

  • Fraud losses are growing year over year.
  • The worse the economic situation, the more fraud there is.
  • External providers are good, but better to have someone on your side to focus on your company’s interests.
  • Fraud isn’t just about fake credit cards. It also relates to coupons, collusion, etc.

3. Why is it hard for a business analyst to become a fraud analyst?

I know some people who started out as Business Analysts and became amazing Fraud Analysts, but it’s not always the case. Usually, when Business Analysts are asked to work on fraud prevention, it starts with simple requests from the business side — define a fraud or find a fraud. This task doesn’t contain enough information or clarity about fraud and what fraud actually means. Analysts will usually start analysing traffic and identifying anomalous activity. For example 20 orders in a specific area and time you would usually find three. After a couple of these attempt approaches,% the percentage of fraud (usually it is 5–7%, in some cases 17–20%), and the “party” begins. Everyone stops their work and tries to find out why we have so much fraud. Unfortunately, finding anomalies is not enough even if it is a good process. But finding anomalies, reviewing the number of orders, finding a pattern, linking issues, and explaining why they are fraudulent is different. On top of this, fraud prevention requires most of the time manual work and it becomes boring for business analysts. They lose motivation and are ready to switch to another project. Finding a pattern is not the end of the story, the hardest part is to make a decision and say — yes it is fraud and we have to block these accounts and refund money back to prevent more losses. Plus, need to mention that a business analyst usually rotates between departments, but fraud is an area where you have spent all your focus only on fraud. Because you have to know trends and where they are going. Finding fraud after 3 months when you are calculating EBITDA will be challenging because there are no manuals or descriptions of how to find it.

TL;DR point 3:

  • Business Analysts can make excellent Fraud Analysts but the skills needed for the roles are very different.
  • Not every analyst wants to find fraud, review orders, and review conspiracy theories.
  • Fraud Analysts can’t be rotated as you’ll have a risk of missing trends.

4. Why does a fraud specialist have to know how to work with SQL?

Quick one. It is much easier to find an issue or calculate a problem if you have the tools to do it. Finding suspicious orders, find how many were created before and what is the trend. That is easy to do via a request to DataBase using SQL (python, R, etc). Compare multiple excel files or fine order one by one and save them in a text document, might take so long that the trend is finished and a new one has started by the time you complete it. If you do decide to hire a fraud specialist without SQL experience, it might make sense only under these circumstances:

  • You have an external provider and the main focus is to review orders one by one.
  • You are ready to dedicate an analytic resource for full support.
  • They are Junior Specialists who will support a team or person, who knows how to work with DB.

Should you hire a person with Python or R experience? It is a good tool and it will open other options on how to work with data and find patterns. My opinion is that SQL is enough. However, in some companies, even big ones, the main requirement remains excel and SQL is a nice-to-have.

TL;DR point 4:

  • Without SQL, Python, or other tools that allow you to work with big data, you can work to a maximum of 50 orders per day.
  • SQL is a must-have.

The information above is based on my experience and situations that I have encountered in different companies.

— — — — -

“The views and opinions expressed in this article are solely my own and do not express in any way nor are endorsed by my employer. They are not based on my experience as an employee of Bumble”

Fraud Detection

--

--

Ivan Prokofyev

Written by Ivan Prokofyev

2 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams