Founder and CEO of Kevari Shares Insights on Combating New Account and Account Takeover Fraud

Rich Alterman  00:04

You're syncing up and tuning in to the Lending Link Podcast powered by GDS Link, where the modern-day lender can dive deeper into the future of data decisioning and Credit Risk Solutions. Welcome to the show, everyone. I'm your host, Rich Alterman, and today we're syncing up with Adam Elliot. Adam is the founder and president of Kevari, a national leader in identity fraud prevention company first came to the market in 2003 as ID Insight, and was rebranded as Kevari in September 2022 with unique and powerful fraud intelligence platform that combines machine learning with numerous consortium velocity and identity networks, Kevari detects fraud signals in real time. 1000s of banks and credit unions, financial service companies and other business rely on Kevari to help them with preventing fraud losses, reducing customer friction and avoiding reputational damage. Prior to launching the company, Elliot was the president of ChexSystems Inc, a subsidiary of FIS Global, a leader in providing risk and fraud solutions for the financial services industry. He also held data science leadership roles at Deluxe Time Life and finger hut under Adam's leadership, Kevari was named to the Inc 5000 list of America's fastest growing companies in 2020 company has also been recognized as a Minnesota cup finalist and has been the recipient of many other awards and accolades. Adam is a frequent speaker at industry conferences and has been quoted and published by financial industry publications. Adam holds his BA in mathematics, statistics and Computer Science from St. Olive College, and his MA in statistics from Pennsylvania State University. In this episode, Adam and I will be discussing different types of fraud. Join in Adam's extensive experience fighting fraud and Kevari offerings and so much more. But before we dive into the interview, please head over to our LinkedIn and Twitter pages at GDS Link, that's G D S  L I, N, K, and hit those like and follow buttons if you have not done so already. Please subscribe to our podcast on Apple podcast Spotify, or wherever you prefer to listen to your podcast. All right, now let's get synced with GDS Link. Welcome Adam. I hope you're having great week so far. Where are you joining us from?

Adam Elliot 02:15

I am having an okay, not too bad week. My wife wouldn't want me to say anything different, because I can't complain, but I am joining from lovely Minneapolis today.

Rich Alterman  02:25

Great. Well, thank you for being my guest today and joining our podcast and sharing some of your expertise related to identity fraud prevention. But before we dive into business, let's get a bit personal. I understand you're a bit of a hockey nut. What got you started in hockey, and do you still find time to get on the ice?

Adam Elliot 02:42

Well, if you're from Minnesota and you grew up, it's kind of hard to avoid being a hockey nut. But my start happened at church one Sunday when I was five, and Mr. Dares came up to my dad and said, is and I'm going to sign up for hockey this week. And my dad said, “You want to play? And I said, Sure. So that was the beginning. And played through youth, in high school, and even a little into college and starting to slow down. But my daughter was born, so I had the luxury of being able to coach her squad for about 10 years in youth before she moved up to the high school ranks. And the last time I got on the ice was actually over the holidays. She was home on break. She plays college hockey now, and I got to go out skating with her, which I hadn't done probably in about five years.

Rich Alterman  03:24

So, matter of fact, I think when your phone rings through to my phone, I get a picture of your daughter in her hockey uniform.

Adam Elliot 03:30

Yeah, I get I get to have it. She's a senior next year, so it'll be my last year of being able to 1520, years later. So, there we go.

Rich Alterman  03:37

So, when we were prepping for our podcast today, you mentioned that you do some coaching for the Minnesota warriors hockey team, which I understand is a program that works with disabled veterans. Can you please share more about this unique program?

Adam Elliot 03:50

Yeah, I've you got involved around 2019 But long story short, 2008 a couple veterans that were both hockey players got injured over in Iraq, and we're sitting at Walter Reed recouping, and they got some free ice time, and kept talking, and they said, hey, you know, this would be awesome if we could provide an outlet for veteran disabled hockey or people to play hockey. And so that was the humble beginning. It's a 501, 3c, and there's at the Nationals this year. I think there were 800 veteran disabled hockey players there, representing across 15 states. And how I got involved is one of my best friends since childhood, who I grew up playing hockey with, and through high school. He was a Navy vet, combat disabled and got involved, and he started the team up in Duluth, Minnesota, and wasn't long after that, I became convinced that this is a pretty good cause to help heal combat vets with disabilities through the sport of hockey. So, we got involved in Kevari Spend the sponsor since, I think about 2019 and I'm kind of the honorary coach. I don't coach a lot, but once in a while, we'll go up there and put on a clinic, and I've been to their national turn. Met a couple times on the bench, and I'll just say it's very special to be in that locker room, and it's a great cause, and we're glad to be a part of it.

Rich Alterman  05:07

Well, thanks for sharing that, and thanks for giving your time to our veterans. Very much appreciated. So, let's start with some background on Kevari. You renamed the company from ID insight to Kevari in September 2022 certainly the name ID insight made it easier for a business to quickly draw a conclusion about the type of services to provide, not as evident with the name Kevari. So why did you decide to change the name to Kevari, and what is the message you wanted to convey?

Adam Elliot 05:30

Yeah, great question. Like you said, Id kind of immediately draws you to kind of what we do, but the fact is, we were actually starting to go beyond that, so that was part of it. Also, it has kind of been overused a bit. And so, there's a lot of times confusion in the marketplace, like, are you anxiety inside ID analytics, anxiety this, Id that? So that was a big piece. We considered doing a rebranding. And so, kind of the New World Order, which is different than the old-world order before, you kind of had to get really descriptive, so you wouldn't spend so much money on what you do. And haven't explained it, but, you know, with the Internet of all things here, it's like, it's much easier to do that. It's not such a cost burden. So, it was kind of nice, because it kind of freed us up to just think differently. So, as we jumped to Kevari, we said, you know, we came up with every name on we had people come in and help us. And it was kind of a really fun exercise, but we got down to brass tacks, right? We really wanted something that evoked kind of this notion of strength. Had kind of a technology field rolled off the tongue, maybe didn't describe anything specifically, so that was behind it. And if you get to the actual name Kevari That came from, it's a kind of a little bit of a tangent from we started thinking about all these words and what they mean and how they, you know, what they flow together. But it's actually the inspiration for the name came from a river in India which a lot of people from India know it, Kaveri, which is a little differently spelled, and really the hidden meaning, if you will, is, and where it came from was the Kaveri river in India flows through a town in India where one of the most famous and mysterious mathematicians of all time, Ramanujan, grew up. And so that we have a big India influence here at Kevari. And I've been, you know, since I was at Penn State, we've always had influence and part of our culture. And so, we now have an offshore team also in India. So, they're, you know, very important part of who we are as a company. And so that was kind of it. It was the town of Ramanujan, the river that flowed out to the ocean and bringing technology to the world really sounds a little cheesy, but, you know, it actually means something to us.

Rich Alterman  07:39

Well, thanks for sharing that. Prior to starting Kaveri, you held some very senior roles, including the president of ChexSystems. Now what was the catalyst for breaking out on your own and starting the company?

Adam Elliot 07:49

Yeah, basis, I may sound circa 2003 when I was at ChexSystems, which was part of the locks, around 2000 we got spun off as E funds, went through an IPO, and let's just say.com two years through an IPO, I didn't really have the greatest time at the end, and I decided I needed to find something different. Had always wanted to do something on my own. Did not know what that was. So crazy as it may sound, my wife was having our first child on I guess, our only child, but she had quit the bank, and so she was home, and so we worked it out, however long ago that was I had more hair, but we worked it out some that when the call came in to go to the hospital because the baby was coming, I walked away from corporate America and salary and benefits, and yeah, we went and had the baby, and for the next three months, I we didn't have salary benefits or anything else, and just said, Hey, let's go figure out what we're going to do next. And in that, you know, next few months, being home with Kelly and Abby, eventually focused in on identity fraud, and we realized there was a major gap in the solution set at the time. And so that was the humble beginnings of IB insight.

Rich Alterman  09:00

Okay, well, congrats for taking the leap, and it's always great when you have a supportive partner that can help you through those challenging times when you walk away from a nice, paying job. I know I've done it a couple of times myself.

Adam Elliot 09:13

Early on, I went to a conference show, and I'm learning, right? It's a brand-new company driving a company, you know, two people in the garage, and I went and talked to someone who had already done it. Hey. I said, How do you do it, man? And he said, Hey, I sleep like a baby every night. I'm like, what like because I'm stressed. And he goes, Yeah. He goes, I wake up about every two or three hours, kicking and screaming and crying. I'm like, okay, that makes a lot of sense. So, I borrowed that one.

Rich Alterman  09:38

There you go. Well, thanks for that. So based on a review of the Kevari website, two of the main use cases for your platform is to prevent new account fraud and account takeover. So, before we continue, why don't you take some time kind of giving us the true or the best standard definition of each of those types of fraud, once again, new account fraud and account takeover. Because I think understanding that. Okay, for our listeners, is going to be critical as we talk more today.

Adam Elliot 10:03

Yeah, I'll give you definitely my definition, our definition. I think it's pretty close to what somebody might say standard or what might be out their wiki, but really on the new account fraud side, right? It's whether it's banking or card issuance or lending. It's somebody coming in, whether it's into a branch setting or through application, whether it's a paper or online, but with this intent to commit fraud, right, which is always tough, right at the end of the day, when the bank looks like you're going to say, was there intent there? Which can be hard to measure, but you can through data. So, what's typical, like in the world that we serve in banking, a new account fraud. Really, we look at it and kind of define it as identity fraud. So, I go to chase.com wherever.com and I say, I'm rich. Alterman, here's my social date of birth, and I use all of your credentials to open the account, right? So, in that case, you're a victim of third-party fraud. And then, of course, the other ones are first party fraud, where I go into chase.com with my own credentials, and then later maybe claim that it wasn't me that did that. And then the third one, which is kind of a derivative, is synthetic. So that's kind of how we categorize new account fraud. Is trying to open an account with a malice intent to eventually commit fraud. And then on the account takeover side, this is identity fraud, the second form of identity fraud, and that's when I get a hold of your credentials rich and look to take over an account that you've already established. And I can typically do that in one of two ways, either the initial way, which we'll talk about probably at some point, is change the address and request like a replacement card. So, you live in Alpharetta, I call your bank and say I'm rich. Here's my last four digits of social. I just want to let you know that I've moved from Alpharetta to Minneapolis, and, oh, by the way, could just send me a new card. And then the other way to typical way to commit account takeover is to for me to log into your online bank account and change a lot of your information and then request the funds to be wired out to some other account. That's probably the lion shape.

Rich Alterman  12:10

Well, thanks. That will be a good primer for some of our discussion moving forward in prepping for the call, I just went out quickly and did some look up of some statistics. Found a website company called security.org and they had done some research back in 2021 and kind of did a refresh in 2023 where they had gathered information from a little over 1000 Americans. And some of the key findings, just for interest to our listeners, 29% of people have experienced account takeover and increased from 22% in 2021 about one in five victims said their account takeover happened within the last 12 months. Social media accounts were most commonly hacked, accounting for 53% of account takeover with bank accounts. Second, at 42% the typical victim of account takeover lost about $180 and 40% of victims also experienced identity theft as part of that. And then this was kind of alarming. 70% of victims reported that their compromise account data didn't have unique passwords, making them susceptible to having multiple accounts stolen. And certainly, the number of friends I have that tell me they use the same passwords for every single one of the accounts is kind of mind boggling. And then secondly, from fraud.net I found some stats on new account fraud, although it's a bit dated, in 2022 the number recorded new account bank fraud cases rose to nearly 111,000 that kind of sounds small to me, a significant increase from 84,000 once again, showing the trend which I think is more important. And according to the Department of Labor, businesses suffered $163 billion in losses due to account fraud opening and credit card new account fraud emerged as the most prevalent form of identity theft in 2022 up 13% and cy cyber security analyst stated as much as 50% of new US accounts in 2021 were fraudulent, an increase of 109% Wow. Undoubtedly, his numbers are going to continue to increase over time. And I guess a real big question is, is there any light at the end of the tunnel? And hopefully we can draw some conclusions about that as we walk away at the end of the podcast today. So, let's take a trip back in time when you first started to vary. What was it? What were the main use cases in fraud prevention you were looking to address? Because I'm sure, once again, we know things have gotten a lot different and the same at the same time over the last 20 years.

Adam Elliot 14:20

yeah, going into that period when we had the baby in between diaper changes, we were looking at what was going on, right? And at the time 2003 it was really just before identity fraud became front page news. It was Gartner and Forrester, you know, saying, you know, it's growing at 40, 50% and we were here in the banks, right? I was just loving chick systems. We were hearing the banks talking about it more and more, and so we said, hey, we got to go back and peel that on, peel that onion back and see what's that, what's going on here. And really, there were a couple things. If you talk to the banks, which we did the fraud people, they'd be like, Oh yeah, Adam, it's simple. I mentioned it before, but if somebody gets a hold of Rich's data, they'll call up the bank and. Say, here's my last four digits of social. Move me from I'm moving from alpha to Minneapolis, and then they would request a replacement card that was ATO circa 2003 and we realized there really weren't any controls around that, right? So, if you talk to the bank, they've done a couple things, but for the most part, it was that easy. And then the other thing that was actually being up on the hill in congressional testimony, because now identity fraud is a thing, right? And victims were saying, yes, somebody in Dallas, Texas, of all places, opened up three credit card accounts and bought a Dodge Ram pickup in my name. And it's like, Well, how'd they do it? Well, they applied exactly like the victim. They just changed the address on the new account application. So, it got approved through the credit bureau because, you know, I've got good creditor rich. So, they were getting approved, and of course, all the cards and statements were going to Dallas, right? And only later would they find out. So that was kind of the beginnings. And we really that gap that I talked about was this notion of address is big time leading indicator address discrepancy in the new account setting where the person's applying in Dallas, but maybe lives in Minneapolis or Alpharetta, and then, of course, on the address chief side, we saw it there too. So now you put your fraud hat on and data hat and go, Wait a minute, we know where fraudsters tend to hang out. It's not where rich and Adam hang out. They tend to frequent very anonymous, nomadic address points. So that was the beginning. So, we went and worked with some of the big lenders and issuers up here in Minneapolis area, and said, Hey, can you send us all your account or your address changes that led to account takeover and those that didn't goods and bads? And can you, you know, like, you know, with a large retailer, can you send us all your new accounts where they apply to Dallas? But we think the bureau said they lived in Minneapolis, and sure enough, we got the data appended everything we could to it around, you know, that person at that address and just at a high level, in both use cases, new account where there's discrepancy, the math was almost the same, but essentially be like, That's odd. Why is this person rich, moving from this really nice, you know, 2500 600,000 suburban owned home in Alpharetta to Minneapolis, 1700 miles away, and it's a vacant property in the highest crime part of Minneapolis. And five other people have also moved there to Alaska. And so, we realized that, so that's where we spent all of our time on the patents and the technology. And, of course, it ended up coming out as our, in fact, our first client was a major retailer had a fraud problem around exactly what I said, where they're walking in and applying in Minneapolis in the store, and the bureau would come back. But at the time, you know the incident rate, the reason identity fraud was spiking, just because. And I talked to that retailer and said, you know, why are you not stopping the transaction when they're moving, you know, for Alpharetta and you can't verify them at Minneapolis. And he made a very crystal clear, he goes the identity fraud so small as a percentage, so it's kind of like the baby with the bathwater. We can't really stop it, because doing so we lose, like because about 10 to 20% of all new account applications have an address discrepancy when you pull a bureau. So that was the issue. Eventually they plugged us in. That was our first client. They went live, stopped the fraud. And so, everything we had done up till then was fraud. And then somewhere in 2004 a friend of mine called me and said, Hey, are you guys’ swimming in cash? It sounds like fun, like, I don't know that sounds like a lot of fun, but what are you talking about? And he said, this new fact that, right, I'd never heard of it. The Fair and Accurate Credit Transactions Act 2003 was signed into law by President Bush. It did not go live till 2008 but in there the whole it was a new regulation sometimes referred to, maybe more would be referred to as the red flag guidelines and but there were two. It was really a focus on identity front because of everything I just talked about. But there were two new prescriptive things that it said you had to do. It said, hey, if rich calls and changes his address from Alpharetta to Minneapolis. You have to take action. You can't send a card up there until you make sure it's not identity fraud. And on the new account side, it said, Hey, if you're a major retailer and you pull a bureau and it says they're not different address, you no longer get to just approve it. You have to take action to make sure it's not identity fraud. So, the reason I bring that up is because even today, suddenly we became not just fraud, but compliance, especially on ATO, yeah, just because of the way that's structured.

Rich Alterman  19:29

So, let's kind of talk about the adoption of your solution. You know, how are things going after 20 years?

Adam Elliot 19:38

They're going fine, Rich, thanks for asking. We actually, you know, on the two use cases that I just walked through, we have more than 3000 financial institutions that are running that at some level. For those two, we also have some clients in like part issuing and wealth management, home equity and some others. But our sweet spot probably because of the ChexSystems influence and our understanding and relation. Chips, and banking has always been with checking, savings or demand deposit accounts, aka DDA accounts, and you hear the number 3000s like, wow, that's a lot of busy work. The reason we were able to get there is we're connected to a lot of the larger banks, core processing platforms, and we have FinTech partners that are reselling and delivering us to their clients to stop the problem, as we talked about.

Rich Alterman  20:25

Now, does your company operate under some type of a give to get type model? Are your clients, you know? Do they need to report in that they actually experience fraud on particular accounts?

Adam Elliot 20:36

We don't mandate it. We have the ability for them to report it, because a lot of them, most of them, use our software. So, because of that, they will report back to us, which allows us to rebuild models, etc. But yeah, there's a couple ways to do it, but we haven't mandated it, but we do, you know, see the transaction. So, like man I mentioned in my one example when we see five people changing their address to the same address, or five people moving the same address in the same week. You know, that is the transactional data that we, you know, hold on to make sure that if we see a lot of activity at an address, it's very likely to be fraud.

Rich Alterman  21:15

Yeah, a lot of this, for me, is reminiscent of my time at a city back in actually, the Bank of Boston, banking 85 when Visa MasterCard had rolled out their issuer Clearinghouse solution, right, which was basically a data sharing that was mandated, I think, for Visa MasterCard issuers not to use it, but to report it. And it was one of the, one of the, really the first consortium platforms right for trying just combating fraud.

Adam Elliot 21:41

The other thing, just on that front too rich, is interesting. It just goes way back to the ChexSystems days, because we would have meetings at like, defining the different types of fraud. It's gone back to what I mentioned before, with the intent. It's like, were they intending to, well, you never 100% No, right? So even at like, ChexSystems. We have the ability for the FCRA clients, where they're saying, hey, those I had an account close for cause an FCRA event, we give the ability to report fraud, and they really are hesitant, right? Because it's like, do I want, especially on the FCRA records, like, do I want to say fraud? Like, I can't prove, prove it right? And so that's always in what type of fraud, it's always been a great difficult because you're looking, you're trying to say, Can I measure the intent in their head? And sort of, but not. And so that's always been kind when you get into those reporting structures. Why it can be difficult?

Rich Alterman  22:34

I guess that's where the Minority Report with Tom Cruise steps in, right? If we could figure out what is the intent and time. So, you know, when we compare today to 2003 certainly, once again, fraud has been evolving. It's getting more complex and more challenging, more sophisticated. So, what steps do you guys take to keep the Kevari platform, fraud intelligence platform, you know, up to date, reflective of the new realities?

Adam Elliot 23:01

Yeah, I think the number one thing is data. So if you're in our spaces and try to screen everything there is to know, you have to be constantly researching new sources of data, especially to your point networks and consortiums, because they are beginning to grow, like if you go back five years, compared to the networks that we can access to do what we do today. It's been astounding, and it's just going to keep rolling. So, staying up on it from and especially the digital side of it, right? Like, I need to know everything there's to know about email and IP and device on top of physical identity elements. So that's a major one. Is always staying in front of the game with new things that can bring value. And say that back to the intent piece, it's like something's wrong, right? So that's a big chunk of it. Machine learning for us, in the last, you know, three years has been we've deployed multiple machine learning because at to your point on reporting we do for our various use cases. Do get frauds reported back to us. And so, it's been a lifesaver on many fronts, but you can keep it ahead of you know, even if it's one step ahead, is what you're trying to get to, and keep ahead of them. So as the fraud patterns change, which they do, that we can be on top of it, right, and not be in the old world. You might build a model every two years or five years right now, it's like we have it structured to go every month we have a new model that goes into production.

Rich Alterman  24:22

Wow, That's cool. So, I want to touch base. You mentioned the word software. So, do you also offer some type of case center workflow platform for fraud analysts as part of your solution?

Adam Elliot 24:35

Yes, it's interesting. One of our first large clients were sending us all their ad exchanges, and they said, Well, how do we go work? I don't use the word; how do we go work with high-risk cases. So, we built, kind of a Hugo, basic transportation. I think you go, just stated, a little bit basic transportation, kind of, they could go in and look at it, and we've spent a lot of time on it, so kind of think of it as a case management system for free use cases. You. Right? And it's not like it's fully fledged, but it does allow them to report the fronts. It gives us all kinds of insight, because there's notes where they say there's this is what was wrong with this case, and that was what was wrong with that case. What's a little different about it is you think of address change, right? And that rich moves from Alpharetta to Minneapolis and then requests a card as an example, the bank doesn't lose money the day the address change happens, right? You don't have the card. You're not going to get the card for three, four days. So that's why they go out to our software, because they have some time, right? And if you go to new account, especially DDA and their here comes a new account application. We also have hundreds of clients that go out to our software to look at all the high-risk new account applications from yesterday. And again, it's because they typically haven't lost any money yet, right? They might have put in $100 of legit money. They got cleared, went through, you know, whatever sell or whoever they're using. So that all works. Because they typically, the bank won't lose money till, you know, day 30, day 90 when that, you know, they look good. Everything looks good about the account, and then I'll cook. Here comes that $1,500 fraudulent deposit. They make the funds available to the customer, and they're gone, right? So that's probably, that's why that's that works for them. It's clear, as we move more digital, it's working into, I don't want to do that investigation. We have many clients that are in especially in the online space, new account moving to, hey, just tell me the scores and the attributes, and I'm going to send a message back that says, Sorry, we can't complete your application right now. We're going to have to have you come into a branch example, right?

Rich Alterman  26:31

Okay, great. So, at the beginning of the podcast, I referred to some stats I found out on the internet, what type of trends are you seeing that you could share with the audience that would be really interesting for us to digest?

Adam Elliot 26:45

Yeah, I think a couple things. One, back in 2007 it just, just put a little light on this. First, it'll talk about some of the trends. But back in 2017 one of the major FinTech providers came to us and said, Hey, we need you guys to build kind of this next generation, best in class, new account, DDA, fraud detection platform for our customers. So, we did that back in 17 when we turned that on, immediately, we started seeing millions of transactions from about 6000 banks and credit unions across the country, which we hadn't seen before, right? And it was new account applications. And so, we suddenly had access to this Treasury trove of info about how fraud was occurring in the new account DDA space overall, even today, we're seeing about 60% of all new account DDA transactions. So, I give you that backdrop because, because we can see that we see the fraud. And what I mean is we'll see them. You could take your pick of banks from the top five to one branch credit unions, but we see them using the same credentials and going across multiple banks, and no different than any other fraud, looking for the soft spots, right? So, for example, you'll see the same social showing up across five different banks in a week, or 10 different socials showing up at the same address across five different banks, you know, in a month. So I give you that backdrop because then, as you start to your more direct question on trends, what maybe one of the most interesting ones to us as we look at this is when we started in 17, about we see both online and branch transactions for the banks, those 6000 and back in 17, about 20% of the volume we saw was coming through the online channel. And if you mapped it out today, it's well over 50% approaching 60 and it's not slowing down. And people said it was all driven by covid, and actually covid was right in the middle, and there was a little spike rate, because all the banks shut down for a while, but it came right back onto this linear trend. So that was probably the most interesting. And if you think of that environment back in 17 and before, if you're a bank, you know what would typically happen, you'd say, hey, you know, somebody in management like, we got to get online. We got to get digital, you know, online account opening, DDA, checking, savings. And banks would do it, and they would get absolutely hammered with fraud and back out. And what's different today, it's competitive, right? It's like you have to be in digital if you're going to be relevant, if you're a bank of any size. So there's like this, this confluence of, you know, an explosion in fraud, and then you couple that with the fact that we talk about all the credentials, they're legit, we like to say it, but if you look at traditional KYC or ID verification, it used to be pretty powerful tool to say, that's not right, that's not rich. Now, the fraud guys typically verify at a higher rate than the good guys. You know, if you look at it, can I match the name to the social the fraud guys know going in, right? That is that they need good credentials, because they know everybody's got KYC in front. Well, it's rendered it meaningless, almost from a from a fraud aspect. So that's so. Of the trends. Also, it's just It's so chaotic. And we have clients that are big that you'd know the name, where 90% of the applications they get are fraud, 90 and so, and yet they have to stay there. They have to be relevant. And so, it's like we're kind of all working on the fly to try to keep that 90% from hitting the front door, and we had one client. So, two months ago, they averaged, forever, about 4000 applications a month. One month, they had 185,000 and they were all those incremental were all fraud. And so those are the things that you know we see day to day, just because of, you know, we see all the transactions across these institutions.

Rich Alterman  30:41

So, when you see a spike like that, do you like send out an alert in real time, or are you able to proactively notify your clients that this fraud ring has appeared?

Adam Elliot 30:52

Yeah, we'll typically reach out to it. And a lot of these clients that I'm talking about, they're not necessarily actively running the fraud solution. They might just be in the network, right? So, so yes, so we would notify them and say, Hey, and they're, you know, so they're very interested in hearing when we see something going on, to go back to them. And then you just reminded me of one other thing. In fact, it was hot off the press. We're getting ready for a conference, I think, two weeks out. So, we're having our data scientists do some checking. And really interesting thing happened on the way to the talk about how the broad verified better than the goods. So, we went and looked for the ones that were like all the transactions we have goods and bads, right? And so we went and looked at all the ones that were fraud. And we said, of all the records reported to us as fraud, what is the name to address? Verification rate where they had the right name to the right address? In the last five years, it's gone from 50% had the right address, name and address, to 69 and it couples directly with what we're seeing is, if you go back in time a little bit, third party fraud was a big deal, and then it's the pendulum swung pretty wildly back to first party fraud, and now it's all back to third party so and it's because the credentials are out there and available, and they know how to distribute them, and that's why we've seen some of the trends we're seeing.

Rich Alterman  32:19

Going back to the company that you reference, where their volume went up to 180,000 apps in a month, or whatever it was. Have you done any analysis to look at the type of product being offered can lead to a higher level of fraud? So, for example, if one bank is offering a teaser rate of 4% on an account opening, whereas another is offering no teaser. Rate. Is there anything that seems to be drawing fraudsters to particular products out of curiosity, thinking that that might be a better target?

Adam Elliot 32:52

Yes, a little bit. Most of it, where the fraudsters try to go, right is they try to go where they're they can get access to a checking account. That's what they really like, right? So, if you think of an online presence in banking, you know you can offer checking savings, CD, money market. Well, if you talk to any banker, they're like in money, let's start with money market and CD hard to get burned there for the obvious reasons, right, even savings. But so that's part one. But yes, there was a very large bank last when was last year, the year before, I won't name it, it, I think it was kind of public, but they came out with, to your point, like a really unbelievable is, this is before interest rates. I mean, like money market rates and savings rates went crazy, but they came out with a deal where you could get cash back on your debit card. Well, they just became the target, because they opened it up online, and the fraudsters tried to flood in, and it wasn't the 2% they were interested in. It was that they were going to get all hung up, and they had to shut down things for a while, to clean things up. They're back. So yeah, definitely the offer can attract more. And certainly, checking is more than the other CD, money market, etc.

Rich Alterman  34:12

Yeah, that makes sense. Obviously, today people think about digital, digital, digital, and we read all these statistics about how the younger generation may never even step into a branch. But are we seeing or do branches see fraud as well, or at any level near the online guys?

Adam Elliot 34:27

Yeah, certainly, just a couple that we have these conversations all the time, right? And so, if there was one word I would use, especially as you get into bigger institutions that you know are going to have, by design, more fraud, even in branch. And you heard me mention that, you know, today it's 40 to 50% of the volume that was branched. I would say the one that comes up more than others is vulnerable. And if you think about it, it makes sense, right? Because it's I got to direct funds in. Investment at the digital channel, because I'm, you know, getting killed in fraud. And so, the branch is sitting there. And so, for some of our clients woke out of the blue, I'll be like, Oh my God, we just got hammered with fraud in the branch last month. And like, one common pattern is there. And this is analogy they use, so I'll use it. They said, Yeah, Adam, to give you a visual, they literally show up with like, 10 recruited homeless people or whatever. People dress decently, they get out of the van, they march into the bank, and one by one, they go apply for new accounts, they get them opened, and then they hand it over to whoever they're selling it to for one or 200 bucks. So, it is kind of, you know, in a way, first party fraud. So that's a big chunk of it. Is recruiting and homelessness that still happens quite a bit. And the other kind of factoid is, and also makes sense, is, when they get hit by fraud in the branch, a lot of times the numbers are typically a lot higher than the online fraud. We had one larger customer last week. They said it's over 10 times as big, so the incident rate is much less. But if it's 10 times as much from a fraud loss, because if you think about it, this person is going into a bank. This is purely when they get the fraud it's intent. A lot of times the online guy, they get the account open, and never opened the account up, because, you know, it's like, they're doing 10s of 1000s when they're selling the accounts and doing things like that. So, I would say the big thing, yes, it's still there. Don't forget about it under and that's where the vulnerability they're like, I kind of forgot about and it's so, you know, we talk to them, they're like, Yeah, we need to have some simple tools to make sure, because it's still a big number, incident rates a lot less, but it don't ignore it. That's kind of what we would say.

Rich Alterman  36:48

Yeah, I'm having a little flashback to when I ran a security and fraud at Bank of Boston, from which now Bank of America. I think, from 85 to 88 and our fraud team went off to training seminars where they would be taught on how to identify certain slants in how one national, nationality dotted their eyes and slanted their eyes on an applicant to identify fraud. So, think about how far we've come. Of course, you know, the internet didn't exist at that time, but I remember having to learn how to, like identify the handwriting, common handwriting themes. So, I attended a really good conference. In fact, you were there two weeks ago in Charlotte on fraud, put on by proof, and I learned about a new topic that they talked about something called mule accounts, and just hoping that you could explain to our audience what a mule account is and whether you're able to leverage your platform to try to detect those.

Adam Elliot 37:45

Yeah, it's kind of our topic of interest. If you read, you know, in the banks, it's like you said in Charlotte, there's this notion that there are a lot of these mule accounts being opened. And when we say mule, an account that's being used for illicit activity or nefarious activity, a big chunk of that activity being like scams, like romance scams, or, you know, work for home, work from home, scams where witting or unwitting people are being brought into it. It's gotten worse, I think, because now it's like, if you're doing like a romance scam, or, for example, you can open a mule account with identity fraud. You don't need another person involved in it. You can just use the credentials. And so, we know what's happening a lot of the time. One way to identify meal accounts is they get opened, and then, like, within a month, there's, like, hundreds and sometimes 1000s of other accounts attached to that same account, withdrawals, deposits, and it's clear there's something. It's not AML, right? They're avoiding the AML route. But a lot of what we hear about is the scams that are being run out of these, these meal accounts. We know that some of these are being opened and simply sold to somebody that needs access to a bank account to move money from a romance scam or whatever it might be, ransomware. Take your pick, right?

Rich Alterman  39:01

Interesting. You know, at the beginning of the podcast, I gave those statistics, and I made a comment, you know, is there any light at the end of the tunnel? You know, when you think about the evolution of your company? And you know, certainly at GDS, through our Modellica platform, you know, where we interface in the US, about 100 different data bureaus. Certainly, fraud is very big category. You know, this is definitely a cat and mouse game, right? And there's times that you feel that the criminals are winning the battle. Now, what, what's your view? Is there, is there some light at the end of the tunnel, or is this just going to be a constant battle where, unfortunately, the good guys are catching up?

Adam Elliot 39:40

I guess I must be too much of an optimist. I think we're at a point where we're at a pretty dark point in it. I think covid contributed all the breaches. They know how to monetize that now this push to online, you know, account opening, I have to do it. It's got us in a pretty dark place. Would I feel the optimism? As I mentioned? Earlier, the data networks, like our network, we've seen 60% of DDA. That is very impactful when you look at the next one coming in. Because you know, if you're not in the network, I bet we're seeing these broad rings that are hitting you as well. To your point on GD and others, you know, the orchestration hubs, I think, are critical more than ever before, because they can, and we can, however we do it, connect the networks, right? So if I think of my friends like any Carta, they have a network, or my friends at deduce they have a network, that's really good stuff, and how we connect these networks, and just to your point of consortium, it's becoming much more a reality that we can do that, and that's part of what we're doing. But from a high level, I see that as a critical path, and it's happening. And that's why I bring up, like a Nakata at deduce and others, that over the last five years, those networks are exploding, right? So that leads me to, in the old world, it would be really effective to say, is this really rich? Does the name match the social match the date of birth matches the address that was it maybe Phil, and there was this really good signal there. That signal is almost gone. So, if you think of the future, right, you got those physical things that were there, always from the KYC that have lost value. But now, as we look at it, your identity is your digital identity. Those physical things, yes, they're pieces of it, small pieces. But if you think about me, or you think about all the breadcrumbs that you're leaving, whether it's Amazon or signing up for Netflix or this and those companies that are emerging and then we're getting access to are saying there's Adam again, he's got the right credentials that email, Yep, I've seen that 200 times. We've seen an email from Adam 200 times. In this particular one, we've seen 180 the other 20 are some other similar or the same email, but different. One my home, one maybe, and same thing, like with IP and device. So, to me, that's how we're going to get ahead of it is to go Adam's no longer Adam at the social at the state of birth of this address. It's here comes Adam again through the digital world. And I've never seen, I've seen IP three IP addresses associated with Adam over the last two years. This one I've never seen. I've seen 200 previously. That's a problem. So just from a high level, we have the ability to connect those things. And then the other one, we saw some of it also too rich in Charlotte. Was I, there's been a, there was just a whole bunch of startups in like, kind of liveness checking, that will be a part of it. One of the most fascinating talks we heard in Charlotte, I thought was Blake Hall from ivy.me. Anyway, he got up there. It was fascinating because, as we all heard about, like, PPP fraud and then unemployment fraud during covid, and they got brought in in like, however many states, and they basically shut it down by over 90% by putting liveness check in, right? So, it can't go everywhere. You can't have every transaction have a liveness check, but it does have its place in the ecosystem and other things like that, like scanning. So, you know, I'm more of the optimist that we, you know, we're going to be challenged to keep going. And right now we're, I think we're a little bit of a dark spot, but I think over the next, you know, five years, we're going to, you know, get back and maybe a half a step ahead.

Rich Alterman  43:12

Anyway, it's interesting, because in so many of our conversations with clients, you know, we talk about time to fund and how much friction you're introducing into the process. And, you know, I can remember, back in my days running collections, you always had the battle between the marketing people that kind of wanted to approve everybody, and the risk of saying, no, no, Time out. Time out, you know. And I think there's obviously the same thing going on now today, where the more friction you introduce, you may have more false positives and that, and that becomes a problem. So, you gotta find that that right balance. But, you know, it's interesting when they change the card fraud rules, where basically, consumers were really only on the hook for like, up to 50 bucks, and now pretty much, they're not on the hook for anything. You know, I always wondered if that kind of made consumers somewhat lazy and that we don't scan our, you know, credit card statements as closely as we should. If we catch it, you know, the next time we'll report it. So, it seems like on the data side, there's a level of collaboration, like you said, No one it's a team effort, right? There are always solutions, and some of them are competing, but some of them are complimentary, and that's where platforms like GDS and others can let you put in that waterfall and whatnot. But do you think that ultimately, this is a group effort that not only includes the lenders and the and the vendors, but then the actual consumer right that, Hey, would I be willing to be inconvenienced a little bit, a little bit, to really make sure that, you know, I am who I say I am.

Adam Elliot 44:43

I think so absolutely. And you know, if you go back in time too, it's like, it's interesting, back to the battle between, say, marketing and whoever you know, fraud has always been more of a common enemy. So that's why there's, I think, been more collaboration, you know, across the banks in the. Shores, they're much more willing to collaborate on fraud consortiums, whatever you have it. And I do think consumers too. I think we're at a little dark point too, with consumers as they got, you know, I'll just say kind of lazy with the way things have changed and where we're at there. But certainly, I think that that's possible to be a little more team oriented.

Rich Alterman  45:24

Yeah, so I had a question that I thought about, but you kind of answered it, but I'll put it out there again and let you answer regardless. And it was if I'm hiring Adam Elliot to come and consult to my company and the fraud department, and maybe this is a good thing as we kind of get to the end of the podcast, what are some of those best practices that you would recommend? You know, clearly you have already identified there's not one solution that solves this problem. So, you know, how would you go about helping me identify and vet out all the different providers in the market and really try to put together the best waterfall, the best flow to combat as much fraud as I can without introducing friction that basically would turn everybody away.

Adam Elliot 46:07

Couple things. So, you this presents challenges as well, but Right? So, you start with the inventory, right? What do you got? And it's kind of a legacy problem in banking, a bit. And here's why, you know, we had a problem at one point, so we plugged this in, and then we had a second problem. And so, we plugged that in, and here we are, 1520, years later. And here's the five things that I got. I got an email detector, I got an IP detector, I got a KYC thing, I got a and so you've got this legacy. So obviously you would take an audit of where what they currently have, and then I, you know, try to identify whatever gaps for me. And I think, very importantly, what vulnerabilities we talk about branch be like, what vulnerabilities you might not have a problem, but you're ripe for the pickings, so almost solving things that haven't hit you yet, but are going to hit you someday if you don't take care of it, and then you jump into what's available, and then how available, right? Because integration is a big piece of it, right? So, if I get a lot of things through one switch, that's good. The one thing I see all the time and I get it is when you go, let's say you've got five things in your arsenal, and now you're looking at, let's say us number six, a tough one is it's always additive. Right where it says, Well, I'm looking to see if I can add you as a six when, in theory, if you do the math, you should be going, No, no, Let's optimize. It might be e6, might be seven, but either way, can we step back in time and optimize based on value and cost, to say, hey, that sixth thing you just brought in actually does three things that I already have, that I no longer need. I'm actually going to save money by plugging in number six. That's a hard conversation, given these legacy programs, given the rules that they have around you know, like, No, this is the way we do it. You have to. So that's a hard part. So as a consultant, you know, I would probably be talking about that and saying, can I convince you that you should look to optimize it as few hops as possible? You know, on the integration side, vendor management, all of the above, right?

Rich Alterman  48:15

Okay, good. Well, we're coming up on our on our time here. So, I think I'll end with one question or one prediction. There's not a day now you can't escape the realities that we're facing with generative AI and especially as it relates to deep fakes, which seem to be getting more sophisticated exponentially. Do you see anyone coming on the market that is really going to help solve that problem of deep fakes, which is really becoming alarming, especially as we're coming up on the election, and can easily be fooled.

Adam Elliot 48:48

I think that's true. It's kind of scary stuff. I do know there's technologies coming out that are analyzing deep fakes, but it won't stop the stupid, simple stuff, right? Like can probably be used to stop the more intricate, bigger ticket item stuff that's new, right? The deep fake stuff is kind of scary stuff, right? When you get into some of this stuff, but the other one on generative AI, what I see the next kind of Frontier battleground is, I'll just at a high level, everything we talk about today and rich some your comments and experiences is really around structured data. And I think the next frontier is going to be unstructured data. And we've been looking at that pretty closely, natural language processing, whether it's generative AI, whether it's customer complaints, social engineering is analyzing unstructured text to identify fraud and fraud patterns and so that's still emerging. You know, Watson came out with, with IBM. It's, it's got a piece of that. But I think there's going to be way more in the unstructured data world, because there's so you know, of all the world, the data, most of it's unstructured, and it has great meaning. We just haven't harnessed it to this point.

Rich Alterman  49:56

Well, thanks Adam. This has been rich Altman. We've been syncing up with that. Elliot, president and founder of Kevari, formerly known as insight, want to thank Adam for spending time with me today to share more about Kevari and how its fraud intelligence platform is helping lenders and card issuers combat the ever increasing amount of fraud being experienced in the industry, which is growing not only in size but in complexity. For our Jeopardy fans, we now know that Kevari is a river in India, and we know that Ramanujan is a famous mathematician from India. So, if those questions come up on Jeopardy, you have Adam to thank here. We hope you've enjoyed the podcast. Please stay connected with GDS Link in the Lending Link to listen to future podcasts and catch up on the ones you missed. Thank you and make it a great day. Thanks for listening. If you've enjoyed today's episode. Please be sure to subscribe on Apple, Spotify, Google or wherever you listen to your podcast, and be sure to leave us a review. Follow us on LinkedIn and connect with us on Twitter, at GDS Link that's at G D S L I N K. Have any questions for the show, or have a specific topic you want us to cover? Hit the link in the description to drop us a note. Thank you for lending us part of your day. Make it a great one.