CEO warns banks must adapt security posture for instant payments.
Moderator: Alijah Poindexter, Associate Editor Bank Automation News
Interviewee: Naftali Harris, Co-Founder, CEO SentiLink_______________________________________________
Alijah: What is your role at SentiLink?
Naftali: I’m SentiLink Co-Founder and CEO which means I oversee operations and set strategy, and I’m responsible for recruiting an amazing team. Our company prevents fraud for banks, lenders, and financial institutions. We work with over 100 in the U.S. ranging from top 10 U.S. banks to new startups. We stop different types of application fraud. That includes identity theft, and synthetic fraud which is when someone makes up a fake person that doesn’t exist and uses that to try to steal money from banks and lenders.
Alijah: What are your chief takeaways in terms of fraud in 2021?
Naftali: A huge amount of fraud was not really seen by the public. There’s been a huge amount of fraud related to government benefits programs. The fraud related to the Paycheck Protection Program (PPP) is better known, but there’s also a huge amount of fraud related to unemployment insurance. What’s happening here is a fraudster will steal the identity of a consumer, they’ll claim to be unemployed, and go to the state’s unemployment insurance agency and say I’ve lost my job. The state will be fooled by that fraudster, and start giving unemployment benefits to the fraudster who has claimed to be someone who has lost their job. This has cost a huge number of losses for different states. In total it’s tens of billions of dollars. What hasn’t been publicized as much is having stolen all of this money, the fraudsters had to move it into the financial system. Every bank and credit union and fintechs - all of them saw a huge influx in identity theft attempts. The fraudsters weren’t trying to steal money, they were just trying to launder it. They were just trying to open up any account that allows you to transfer funds in order to move the money that they’ve stolen. Fortunately, we were able to stop that, but we’re seeing that across the industry.
Alijah: Do you see this continuing on in the post-COVID environment?
Naftali: Certainly do. One of the unbelievable things is that this has really emboldened the fraudsters. This was perhaps the greatest year ever for a fraudster. Having seen how easy this was to do, when the government benefits dry up, they will realize how profitable a business this is, and they will continue doing it for other targets. I do expect as these benefit programs end, they will move on to other things. They will be more aggressive and creative than they’ve ever been.
Alijah: How does SentiLink work in preventing fraud?
Naftali: We work with credit card issuers, small business lenders, banks and credit unions. Suppose a bank wants to open a new credit card for someone. Before they do that, the bank will send information about that application over to us. We’ll receive information like the name, date of birth, SSN, address, phone number, email, IP address and so on. We get that via API in real time. We take the information and analyze it. We run it through every type of fraud vector we’ve ever seen and compare it against all of them. We check each element of that application against known lists of fraudsters we’ve identified and ultimately run it through machine learning models. This all takes 300 milliseconds. We return all the risks we’ve identified, if any, back to the bank and so the bank will see different risk scores, attributes related to risk, and flags. From that the bank will make the determination about whether or not it wants to open that credit card or instead to ask for additional information or take some other kind of action. It’s extremely fast, real-time and scalable. We do over 1MM identity verifications everyday and are able to help financial institutions stop this kind of fraud. We do the same thing for small business lenders, checking accounts, savings accounts, BNPL, auto loans, installment loans, utility companies, insurance etc.
Alijah: With the rise of real-time payments (eg. rent, paying collections) how are ID verifications providers adapting to the rise in near real-time consumer payments?
Naftali: Short term the stakes are raised. If you think about an ACH transaction, the fact that that takes several days to clear is a really big deal. You can do a lot in a couple days. It allows you to be more lenient up front with some of your identity verification - if you review something later and realize something is not good, you can go and cancel it. With real-time payments, of course, it’s a lot faster and you may not have that luxury. Many organizations will be more conservative for starters just so they don’t lose a ton of money from this. The time delay for some payments is actually a security feature. And, we’re removing one of those security features by going to real-time payments. Longer term, many organizations will move toward real-time solutions like SentiLink because they have to. The standards that consumers expect are raising and real-time payments is a reflection of that. Service providers and financial institutions will have to keep up with that.
Alijah: How do you see that happen on things like business to business, business to government and payroll?
Naftali: You might start to see more fraud prevention techniques in some areas where you haven’t seen that in the past. Take payroll for example. Signing up for payroll as an employee is straightforward. You rely on the employer to do the identity verification. If you remove the security feature of time, you’ll see organizations like that take more stringent steps for identity verification in order to support those real time use cases.
Alijah: Back to banking, there will always be institutions that lag behind. Do you think it will become necessary for them to change?
Naftali: Over time people’s expectations will increase, but it will probably take longer than most people think. Financial services is one of the slowest moving industries. The stickiness with people’s relationships with their banks is really high. For most people their primary bank account is their first bank account they opened when they first started working. People’s expectations have risen, largely because of tech companies. People are used to using Google or Facebook or Twitter that have a really nice online presence, and really streamlined user experiences. There is a material portion of the population that is happy with financial institutions that serve them. Even for those unhappy, the switching cost is high. Over the long run, absolutely, different banks and financial institutions will be forced to compete to serve people’s higher expectations. But, it will be slower than many people expect because of the stickiness with people’s relationships with their bank.
Alijah: Do you think this will give fraudsters in the future higher opportunity to attack people banking with legacy banks?
Naftali: Any organization that doesn't adapt to the changing fraud and security landscape will see things start to happen to them. Fraudsters don't respect your timelines of planned security releases. Organizations will be forced to adapt to fraud and security issues more than customer demand. Anyone who doesn’t adapt will be taken by fraudsters by a significant amount if they have open vulnerabilities. Whether that’s banks in more rural areas serving underbanked just depends on whether those banks adapt with security features that keep up with changes in fraud and security.
Alijah: General predictions for 2022?