Hi everyone.

My name is Ivan Prokofyev, I am a payment fraud lead and this is my first (hope not last)

HackerNoon post.

A bit more about myself: I have over 10 years of experience in the fraud prevention domain. In my career, I’ve spent time working at Tinkoff Bank, ForexClub(aka LibertEx), Gett, and Booking.com. I’ve also worked on a couple of projects with Sbermarket. I’m currently working in Bumble(Badoo).

Experience in these companies allowed me to work in different domains and different business models where fraud prevention was part of IT, Security, Marketing, Finance, and Operations. Most of my fraud positions were related to payment fraud (everything which relates to credit cards, PayPal, and the rest of payment methods such as Klarna, boleto, etc). I also have experience working with marketing abuse (coupon, loyalty fraud), collusion, resellers, etc.

In today’s post, I’ll aim to answer the following questions:

  1. Do you need fraud prevention as well as cybersecurity?
  2. Why do you need a Fraud Specialist?
  3. Why is it hard for a Business Analyst to become a Fraud Analyst?
  4. Why does a fraud specialist have to know how to work with SQL?

Let’s get to it!

1. Do we need fraud prevention if we already have cybersecurity?

Cybersecurity and fraud prevention are 2 different professions that respond to different aspects of a business.

There is of course overlap and both areas aim to protect companies from financial loss. However, expecting a cybersecurity expert to handle fraud prevention cases and vice versa is not the right approach and may cause issues for both sides because the focuses are so different.

This would be the equivalent of expecting a Backend Developer to work on the Front end — it might be achieved, but the time and resources wouldn’t be used effectively.

TL;DR point 1:

2. Why do you need a Fraud Specialist?

Payment fraud losses were ± 41B$ in 2022. This is only the number of confirmed losses that have to be opened to the public, the real numbers are expected to be much higher. It was ± 17B$ two years ago in 2020 and the prediction for 2023 is ± 50B$.

This should be reason enough! But let’s not stop there.

Whenever a company decides to start accepting payments there are several payment fraud prevention options:

However, it is important to remember when choosing one of the last two solutions that you need to have someone on your side. Otherwise, solutions will focus on their own success, not the protection of your interests.

What could go wrong?

Without regular communication, the company can face an increase in reject rate, decline payments from genuine customers, and chargeback(dispute numbers) will grow, which can lead to consequences such as fraud/dispute programs from Payment systems (Visa, MasterCard, Amex, etc) and as a result initiate even more declines from banks because the company becomes risky and on top of this there will be a monthly fee, starting from 10k $.

Fraud specialists will lead all conversations with providers, communicate about changes on the business side, feedback about false positive declines with requests to review solutions, and most importantly keep your company away from fraud/dispute programs.

You might think that if you’re not working with payments, you don’t need Fraud Specialists, and you might be right. It might be true. For example, in some regions even when you accept payments, domestic fraud is so low and you will never have a rate higher than 0.001%. But these markets have other fraud risks, which you might have never known about.

Let’s take as an example “Invite friends”. I believe each of you knows about these marketing campaigns. After launching the campaign most of the time all dashboards/charts show only the growing number of new customers. But if you start to analyze “new” customers you might find that 20 new users are related to one email or phone. The main account already has a super high balance and 20 accounts will never have any activities after being created.

In the end, you have misleading information and expectations from numbers. Businesses that work with 3rd party companies or people (for example delivery or taxi services) are faced with collusion and fake orders which cost a lot. For these cases, you have to have a fraud specialist, that will focus on analyzing all these areas, work closely with the product team and find and resolve cases that affect company revenue.

Also, preventing you from making a decision when you don’t have any fraud, but also don’t have any orders and customers. It is very difficult to prevent fraud and keep it under a specific level to make sure that the business is operating and all fraud prevention solutions aren’t affecting real customers and prevent only fraudsters.

TL;DR point 2:

3. Why is it hard for a business analyst to become a fraud analyst?

I know some people who started out as Business Analysts and became amazing Fraud Analysts, but it’s not always the case. Usually, when Business Analysts are asked to work on fraud prevention, it starts with simple requests from the business side — define fraud or fish out fraudulent activity. This task doesn’t contain enough information or clarity about fraud and what fraud actually means. Analysts will usually start analyzing traffic and identifying anomalous activity.

For example, 20 orders in a specific area at a time you would usually find three. After a couple of these attempt approaches, the percentage of fraud (usually it is 5–7%, in some cases 17–20%) is erroneously defined, and the “party” begins. Everyone stops their work and tries to find out why we have so much fraud.

Unfortunately, finding anomalies is not enough even if it is a good process. But finding anomalies, reviewing the number of orders, finding a pattern, linking issues, and explaining why they are fraudulent is different. On top of this, fraud prevention requires manual work, most of the time, and it becomes boring for business analysts. They lose motivation and are ready to switch to another project. Finding a pattern is not the end of the story, the hardest part is to make a decision and say — yes it is fraud and we have to block these accounts and refund money back to prevent more losses.

Additionally, it's important to note that while business analysts typically rotate between departments, focusing solely on fraud allows for a deeper understanding of emerging trends and potential risks. With fraud, there are no established manuals or descriptions outlining how to identify it, so it requires sustained focus and expertise. Waiting three months to uncover fraudulent activity while calculating EBITDA can prove challenging without this specialized knowledge

TL;DR point 3:

4. Why does a fraud specialist have to know SQL?

It's much easier to detect issues and solve problems when equipped with the proper tools. For instance, identifying suspicious orders, analyzing historical data, and recognizing current trends can be done swiftly through SQL queries (or Python, R, etc.). Conversely, manually comparing multiple Excel files or examining orders individually and recording them in a text document can be a time-consuming process that may result in outdated information by the time the task is complete.

If you intend to employ a fraud specialist without SQL expertise, it may make sense under specific circumstances, such as: outsourcing work to an external provider whose primary focus is reviewing individual orders, having a dedicated analytical resource to provide full support, or employing junior specialists to assist a skilled individual who understands how to work with databases. While Python or R may offer additional options for data analysis and pattern recognition, my view is that SQL suffices. Nonetheless, some companies, including large ones, still require expertise in Excel, and SQL is viewed as an added advantage.

TL;DR point 4:

Also published here.

Lead image from giphy.