Career Overview: What I Do As an Anti-Fraud Analyst
At a time when millions of transactions are taking place on the network, someone has to watch out for fraud. Fraud analysts work hard to weed out those who use stolen information or deception methods and to identify criminal trends to prevent them in the future.
To learn a little about how this seemingly indomitable work is happening, we spoke with Gilit Saporta, an analyst at the fraud prevention startup Forter .
First, tell us a little about yourself, your current position and how long you have been in it.
My name Gilit Saporta, I am a mother of two lovely babies and analyst on issues of fraud FORTER , startup fraud prevention. Basically, I spend time researching different ways to differentiate e-commerce transactions by criminals and e-commerce transactions by legitimate buyers, and educate others to do the same.
Forter works with retailers to prevent scams on their websites – not everyone knows about it, but if the scam happens in an online store, the retailer pays for it. This makes fraud prevention critical for e-commerce merchants. I have been with Forter for about six months, but have been doing fraud analysis for almost 10 years.
I got my start in fraud prevention as a student, studying theater direction, and although I chose the career path to analyze fraud, I kept the theater next to it most of the time – one of the great things about being a fraud analyst is that the hobbies outside of work are actually help develop your analytics skills. The more perspectives you can assess, the deeper your vision, the better you will perform.
Forter Fraud Analysts is a multidisciplinary team of behavior experts and forensic investigators. We think of ourselves as “fraudulent philosophers” because we enjoy thinking about complex scenarios for shaping Forter’s expert decision-making system.
What prompted you to choose your career path?
I was looking for an interesting part-time job to help fund my degree, and in a way, I almost fell for it. I was attracted to flexible schedules, smart people and the feeling that there is always another hill to climb. On the other hand, it was a natural coincidence – I have always enjoyed solving puzzles, I had experience in military intelligence, and my pre-college test results showed that I had a high level of analytical ability.
When I was a student, I worked for a company called Fraud Sciences. We were a small startup with big ideas. They introduced me to a problem that still fascinates me: how to distinguish a legitimate buyer from a fraudster.
After university, I knew that I wanted to continue working on this problem. I got an error – fraud analysis was intellectually stimulating, extremely satisfying, and accompanied by an adrenaline rush that I never expected to find when working in an office.
How did you get a job? What kind of education and experience did you need?
Not many people realize the diversity of the fraud analyst experience. People often think that you need a doctorate in statistics and perhaps some police experience, but this is not the case.
What you need is an inquisitive mind, a determination to see through things and creativity to discover new sources of information and use the data you have in different ways. A diploma is useful because it helps train your analytical skills, teaches you to think, but this is not necessary. And it doesn’t have to be in the “appropriate” area – look at me and the theater production.
As for how I got to my current position … well, PayPal is known to have acquired Fraud Sciences for $ 169 million when the payments giant saw the results we could have achieved. I loved being part of PayPal, but I missed the startup vibe.
When I heard that three very impressive people I knew from the science of fraud were starting their own company, I jumped at the opportunity to work with them again. I would say this is vital if you are thinking about working in the fraud analysis field. Choose your company and team wisely. I have seen fraud analysts at other companies that are constrained by a culture that does not encourage innovation and does not consider new ways of doing business. There is no bureaucracy in Forter, and this makes real influence much easier. I have independence and flexibility associated with responsibility. I would advise people to look for this.
What are you doing besides what most people see? What do you actually spend most of your time on?
Well, people imagine that I spend most of my time reviewing transactions and figuring out if they are fraudulent or not, and it is true that many companies do hire fraud analysts to do this. But this is not part of my job.
Although I spend a lot of time executing transactions, the purpose of this is not to decide if fraud is present – the system has already done this, and has done it well, and in real time. I treat deals as research material. I select and analyze all the individual elements and think about which ones might be useful in developing our automated fraud detection algorithm and how.
I spend a lot of time talking to various members of our fantastic programming team, as well as our inventive data scientists, trying to bring my ideas to life. They enable us to take on a process that delivers excellent fraud detection and scale it up. I now know much more about the technical aspects of system design than I did before!
What normal people are not aware of is the involved thinking. You have to be open to what the data tells you – we say to “see the history” behind the transaction. It is both a history of a fraud and a history of a real transaction, and you have to see both at the same time and balance them. It definitely influenced me. I have reached the stage of constant internal dialogue. I always see two sides of any question – as a result, I am terribly good at winning arguments.
Can you provide a typical example of a scam you might find? (Stolen credit card transactions or what?)
Fraudsters are creative people by nature – they must be such as to bypass the security measures established against them! It is difficult to define “typical”. But let me give you an example that I ran into recently.
There was a customer trying to buy a Mac. At first glance, it looked like a regular purchase, but our automated system rejected it. Why?
Well, on the one hand, while the IP address looked like a good match for the same location as the credit card billing address, it was actually reached via a VPN. The buyer really was somewhere completely different, which we can tell from the proxy firmware. The shipping address also looked convincing, but it was actually a re-shipment address that happened to be in the right area.
Fraudsters will use every trick they can think of, including technologies designed to be used by other criminals, in order to succeed. In a sense, there is no such thing as “typical” fraud or transactions. You must always be impartial.
What misconceptions do people often have about your job?
Nobody knows anything about my work! People think analyst means financial analyst. Or, if they expand their imaginations to figure out what a fraud analyst can do, they assume that you are the person who calls them about your credit card when you spot a mismatch. They never think about the prior stage – the people stopping fraudsters from using their credit card details in the first place!
What’s your average uptime?
A full-time fraud analyst is likely to work 45 hours a week. But there are many part-time analysts and they can work anywhere from 20 hours a week. Flexibility is inherent in work because you work as a team and can rely on each other.
Sometimes there are especially busy times, and then some of us may choose extra time on weekends or evenings, but this is not a standard thing. Plus, it’s easy to work from home part time with our dedicated IT and infrastructure professionals.
What personal tips and shortcuts have made your job easier?
I would say the most important thing is to let go of the ego and be open to criticism. You always learn from this job – criminals come up with new methods and you have to catch them before they become a problem, otherwise the new payment system will create new problems.
And there are so many different aspects of fraud analysis that you will never be the best at all of them. A newbie who has been here for two months may be ahead of you in one area. It is important to understand that being surrounded by experts in different fields is a great opportunity. Just accept the fact that your job is to learn all the time. We’re looking for smart but humble people – and I think that says a lot about the nature of the job.
In this regard, I would say that it is very important to ask questions. You must give up the idea that some of the questions look stupid or might make you look stupid. It takes courage to ask questions, but it’s always worth it.
If you are analyzing millions of transactions for fraud, you obviously are not doing it manually. What tools are you using?
In fact, this is a very interesting question in fraud prevention today. Believe it or not, there are retailers who manually verify many of their transactions. On average, more than a quarter of transactions are manually verified!
I know this sounds downright crazy considering the number of e-commerce transactions in the world today, and in many ways it is; it means a slower and more tedious process for customers, is costly and sounds like something from the next decade.
But this is a common fraud prevention practice that leads to conservative behavior by rejecting a relatively large number of good transactions. This attitude makes other departments resent Risk so much – they always seem to say no.
I’ve seen risk management teams around the world work this way – eyes glazed over, automatically clicking to approve or reject depending on how high or low the score is, as many of these teams use “risk scoring mechanisms” that give ratings for the likelihood of risk. I hate to see this. In such an environment, there are very smart people who rush to complete manual checks as quickly as possible, hate Mondays because of the accumulated transactions over the weekend, frightened by the holiday periods …
Forter, where I work, provides a system that is 100% automated, which means every transaction gets an instant, real-time approval / rejection decision. It’s better for customers, retailers, and fraud analysts. We do use an internal system that we have designed, built and maintain ourselves thanks to the support and ingenuity of our fantastic development team. We use it for research – it helps us choose patterns among important attributes, provides a structure for considering transactions, and so on.
What’s the worst part of a job and how do you deal with it?
Sometimes I feel bad because we do what we do so well. I mean, we can track many of the crooks we block back to developing countries, to areas where poverty is widespread and difficult to get out of. I understand why they are using one of the few assets available – the Internet – to try and make more money in a day than they would probably otherwise have ever seen in a year.
But I still want to make our system as good as possible, because even if it’s understandable, it’s not right. After all, this is not a victimless crime. The retailers we work with should not have to pay for fraudulent transactions and should not be allowed to fear fear of fraud hinder their development.
It also annoys me how difficult it is for people to shop online – you see people doing all sorts of weird things to get around the fraud protections that flag them as false positives – people who look like scammers but really aren’t are.
I hate to see signs that people have experienced this kind of attitude in the past. They tie themselves in knots, trying to look legitimate, which they really are. We know this without their painful efforts, and I would just like to tell them about it. It is a constant reminder that we live in an imperfect world.
What is the most enjoyable part of the job?
I would say the highlight of my week is always the weekly team meeting. Sitting with the whole team, everyone brings their own knowledge and experience – electricity is in the air.
I also love talking to our buyers, the retailers we work with, and helping them learn more about how fraud is affecting their business, and sharing tips and ideas.
Plus, oddly enough, I love that the stakes are high. Forter is so confident in our system that it offers a 100% money back guarantee – which means that if the system is wrong and fraudulent, Forter pays for it, not the retailer. We approve more transactions than most systems can do, so the warranty reassures our retailers that we are not doing this at their ultimate expense. This makes my job as an analyst, bringing the system to an ever-increasing level of accuracy, both crucial and exciting.
What advice can you give to clients who need to use your services?
I tell new analysts to ask me all the questions in the world. I would say the same to new clients. They may want to jump to conclusions about scams and scams based on their past experiences, but we need to start a dialogue and work out our priorities together and find ways to help them improve their system and grow their business as a result. …
To be a fraud analyst, you really need to be able to listen to the customer. Different retailers have different priorities: one might want to approve more transactions and be willing to accept a slightly higher risk of fraud, while another might want to avoid chargebacks at all costs. Our job is to listen, hear their concerns, give advice and adapt to their needs.
Forter was originally called the Risk Academy – and the idea of sharing knowledge, investigating fraud and fraud, and helping businesses grow with the knowledge gained remains an important part of our motto and motivation. We’re researching this area, we’re figuring out what’s going on. We are the e-commerce criminology department.
What are you doing differently from your colleagues or colleagues in the same profession? What are they doing instead?
The decisive difference is manual verification and automation. Forter is very unusual in its quest for automation, and as you can imagine, it has a direct impact on the way we work as fraud analysts. We do not check; we investigate.
One of the things I love about this job so much is that I work closely with our developers and our data scientists, so I do research that is very fast. If I have an idea and it turns out to be effective with our data, it could become part of the system in a matter of days or even hours.
Most companies don’t do that, but after seeing it in action, I totally believe. You simply cannot rely on statistics and control groups – you are always three months behind the scammers. While we can develop ways to counter a new threat, a new way of being scammed after first being spotted. Is it any wonder that my job makes me happy?
In addition, I would say that what is unusual about Forter is that fraud analysts are encouraged to develop business sense as well as intuition and understanding of fraud. Things like what the customer fraud prevention experience will be like, how it will affect the conversion rate … Most anti-fraud teams don’t need to focus on these issues. Their main role is to prevent fraud. But in my opinion, best practice for fraud prevention doesn’t just block fraud – it goes without saying. Fraud prevention best practices make combating fraud a business asset.
We can take more orders than most systems and we make sure the process is so smooth that real customers won’t even notice. All of this has a direct positive impact on the company’s revenue, which, in my opinion, underlines how important our work is.
How are you “progressing” in your field?
Fraud analysis is, in general, a rapidly developing field. Here’s Forter, we’re growing fast, so new teams are being created that need new managers, so this is one way.
But I wouldn’t underestimate the importance of specialization. We have analysts turned into expert developers, we have undercover analysts who focus on the fraud community, we do a lot of different research, we have analysts who focus on the business impact of fraud prevention.
I would say: use your strengths. Pick an area that you like, focus on it and become an expert.
What do your customers underestimate / overestimate?
I love that we can give our clients very impressive profits. For example, at one retailer, a month after he joined us, the rate of decline in their number dropped sharply. Plus, their chargebacks quickly dropped to near zero. This result is not uncommon. And that’s great. It’s good that in the end there is a good number, and I understand why our clients pay attention to it.
But for me it is more pleasant to explain that this week we noticed a very interesting kind of attack using a technique never seen before. I think the level of creativity that scammers have to innovate to catch them is definitely underestimated. But on the other hand, I don’t want to stress this too much, because I don’t want to scare them!
It’s great if there is an interested person on the client’s team and you can explain without disturbing them. But mostly they think of us as a magic wand, a system that takes the fear of fraud off their shoulders.
What people lose sight of is that we are truly focused on growing the business, that through what we do, our customers can expand into new markets, leverage new payment streams, optimize for mobile, and more.
What advice would you give to those who want to become your profession?
Learn everything. Self-taught people do well in this job. Almost everyone who applies here passes the test, and it is he who determines whether they will go to the second round. So it really is a matter of merit. Everyone has a chance.
In fact, at Forter, we don’t ask too much about your resume in interviews. We solve puzzles and ask questions to find out how your brain works and how you think. If you are ready for such a process – well, this work might be for you too!
I would say … don’t try if smart people scare you. There are many smart people in this area. They probably wouldn’t have had good results if they hadn’t. But you must have enough confidence to learn from them and know that they, in turn, can learn from you.