Enjoying the podcast? Don’t miss out on future episodes! Please hit that subscribe button on Apple, Spotify, or your favorite podcast platform to stay updated with our latest content. Thank you for your support!
Every bank and fintech company has a suite of anti-fraud tools that they use to keep the bad guys out. Few tools are 100% effective, however, and often the implementation of these tools, along with their interfaces with other system leave gaps. And the fraudsters will exploit these gaps. So, how do you get a holistic view of your anti-fraud arsenal and discover where these gaps are?
My next guest on the Fintech One-on-One podcast is Jerry Tylman, the co-founder and partner at Greenway Solutions and the founder of their Fraud Red Team. The Fraud Red Team is all about discovering the gaps, where the weaknesses in the anti-fraud systems are. They are 100% focused on financial services, working with many of the largest banks in the country as well as several fintech companies.
In this podcast you will learn:
- How Greenway Solutions became focused on financial services.
- What a pen test is and the groundbreaking work they do with fraud controls.
- The different attack vectors that fraudsters use.
- Why banks and fintechs need the services of the Fraud Red Team.
- How successful they are in penetrating the fraud detection systems.
- How they interact with the anti-fraud providers to banks and fintechs.
- An example of a recent test they have done that penetrated anti-fraud systems.
- How they tackle the challenge of account onboarding.
- Why behavioral technology is a key piece of the puzzle.
- How deepfake video and audio are being used by fraudsters.
- The fascinating way that the Fraud Red Team works with deepfakes.
- Why companies have to completely rethink their internal authentication today.
- Some of the fintechs they have worked with recently.
- How they work with check fraud and why it is a growing problem.
- Why all financial institutions cannot stop investing in anti-fraud tools.
Read a transcription of our conversation below.
FINTECH ONE-ON-ONE PODCAST NO. 527 – JERRY TYLMAN
Jerry Tylman: So think about a bank, they have a branch, they have a call center, they have a mobile app, they have a website. So you have lots of different products and channels and life cycle stages that you have to protect against an array of threats. So, the threat landscape is actually quite large. And when we think about protecting customers, we have to think about protecting them across all these different dimensions. And each of those has multiple products in place to either prevent fraud or detect fraud. And any time that you have layers, then you have gaps and you have weaknesses in those layers. And that’s where the fraudsters live. And so, our whole goal is to try to bring some light to where those gaps and weaknesses are ahead of the fraudsters so that you don’t incur losses and you don’t incur lots of disrupted customers.
Peter Renton: This is the Fintech One-on-One Podcast, the show for fintech enthusiasts looking to better understand the leaders shaping fintech and banking today. My name is Peter Renton and since 2013, I have been conducting in-depth interviews with fintech founders and banking executives. Today on the show, we are talking fraud, but covering this topic a little bit differently. Over the years, I’ve had the CEOs of many of the leading fraud detection companies on the show, but today we are taking this a step further. I am delighted to welcome Jerry Tylman, a Partner and Co-Founder of Greenway Solutions and the creator of Greenway’s Fraud Red Team. Jerry explains in detail what the Fraud Red Team does, but basically they go into banks and fintechs and try to penetrate all their anti-fraud systems. Then they report back their findings to the client. Much more detail coming up in the interview. Now let’s get on with the show.
PR: Welcome to the podcast, Jerry.
JT: Thanks, Peter. Happy to be on.
PR: Let’s kick it off by giving listeners a little background. Maybe could you introduce yourself and tell us about what you’ve done in your career to date?
JT: Yeah, so I’ve been in the business since 1985, long time now, 40 years.
PR: You don’t look that old.
JT: Thanks, I appreciate it. But I started as a mainframe programmer and then made the progression from mainframes to PCs to the internet. And in about 1999, I left and started my first company, and we were primarily working with large banks to internet-enable their mainframe systems. And so we did that for a few years. We successfully sold that company. And then, one of the people that worked there, he and I decided that we wanted to start a new boutique consultancy. And so we started Greenway Solutions back in 2004. As just luck would have it, our first customer was Bank of America. They were dealing with the new FFIC guidance on stronger authentication, meaning that user ID and password were no longer strong enough to protect customers, and they needed a strategy, how to strengthen that particular authentication control. So we were selected to work with them and over the next three or four years, we worked with them on many of the new fraud prevention technologies that they put into place. And that just kind of created a niche for us. So was sort of like customer security, fraud prevention. And because we were working with Bank of America, and they probably had 10 million customers before anybody else had 5 million customers, we became sort of specialists in this little niche-y world. We were subsequently hired by probably over half of the top 20 banks over the next several years to help them think through their strategy in these areas, too. And just one interesting thing that we’re going to speak more about is about six or seven years into that, one of our clients that we were working with asked us if we had ever sort of pen tested any of the fraud controls that we were talking to them about implementing. And we had said we had never done it, and they wanted us to look into if anybody in the cyber world was doing this. And it turned out that nobody was doing that. And so they subsequently asked us if we could create a methodology for pen testing fraud controls. And that became our Fraud Red Team service that we rolled out probably in 2011 and have been working on ever since.
PR: Okay. So, let’s back it up just a second. What is a pen test?
JT: That’s when you assume an adversarial position and you’re trying to break into something. So it could be you want to break into a house or a bank branch, or you want to break into a bank network. So what you’re trying to do is you’re trying to get around the controls that are in place to prevent you from accessing something. And so, while a lot of companies were doing that in the network security space, nobody was doing that in the fraud prevention space. And so we kind of wrote the book on how to get around identity verification controls or how to get around authentication controls or transaction monitoring controls from sort of an adversarial position where we will tell you what we did as opposed to get in, steal money, and…
PR: So you get in, but you don’t go steal money.
JT: We do steal money from our own accounts, but we’re not impacting real customers.
PR: Gotcha. Gotcha. Okay. So that’s interesting in and of itself. So that’s what the Fraud Red Team does, is this, and pen test stands for penetration test, right? Is that what the Fraud Red Team does?
JT: Yeah, to fraud controls.
PR: Right.
JT: So we create accounts, the real accounts in the production environment. We fund the accounts, and then we act as the bad guys. And we’re trying to do all kinds of fraudulent things to see how well the controls work. And sometimes they catch us, which is good. They’re supposed to. You get green marks for that. And sometimes they don’t. And we point those failures out, not to embarrass anybody, but to say that we found a gap or a weakness. This is how we were able to exploit it. And this is our interpretation of what could go wrong, and how scalable this might be. And therefore, you should do some immediate remediation on this particular exploit.
PR: Interesting. I mean, fraud prevention is such a hot topic right now. I mean, I was watching the CEO of Plaid’s kind of annual predictions thing for 2025 a couple of months ago, and fraud was right up there. If it’s not top of mind for every fintech and every bank, I mean, it’s one of the top three things that they’re focused on. And it seems that we live in an age now where fraud is happening more, and happening at scale more. So maybe we could just talk about how companies can protect their customers from fraud. And how do they prevent fraudsters from actually setting up accounts in the first place.
JT: Yeah, there’s a lot there. And so we primarily work with financial services companies and fintechs, and some crypto companies. And one thing that they all have in common is that they have to onboard customers. So there’s a new account process. And then when you have an account, you have to access that account. So there’s an authentication process. And then when you’re inside that account, either changing your email address or moving money, there’s a monitoring thing. So we think of these controls as prevention and detection controls, right? And everybody should have layers of these controls across their different set of products. So you might have credit cards, you might have deposit accounts, you might have loans, you might have brokerage accounts, right? And then you also have to have layers of controls across all the channels that you have to protect. So think about a bank, they have a branch, they have a call center, they have a mobile app. They have a website. So you have lots of different products and channels and lifecycle stages that you have to protect against an array of threats. So the threat landscape is actually quite large. So when we think about protecting customers, we have to think about protecting them across all these different dimensions. And each of those has multiple products in place to either prevent fraud or detect fraud. And anytime that you have layers, then you have gaps, and you have weaknesses in those layers. And that’s where the fraudsters live and trying to exploit those things. And so our whole goal is to try to bring some light to where those gaps and weaknesses are ahead of the fraudsters so that you don’t incur losses and you don’t incur lots of disrupted customers.
PR: So when you say ahead of the fraudsters, aren’t the fraudsters already there? I mean, like if you’re a large bank or even a large fintech today, fraudsters are trying to attack you every single day, right?
JT: Yeah, exactly. Who needs us, right? Fraudsters are doing it.
PR: Well, maybe you can answer your own question there. Why do people need you guys?
JT: I like to say this: the fraudsters aren’t doing this for free.
PR: They’re not sending a report at the end of the day. This is how we got in.
JT: All that money they steal, that’s the cost of the fraudsters, right? So they get paid in losses, and you don’t have just the losses, you also have the operational expenses and the disrupted customers. So you’re dealing with a lot there, right? And you’re right, they don’t write reports. They don’t tell you what they did, how they did it, was it easy or hard and how you could have made it harder. So I guess the way that we differentiate ourselves is that we write reports and we tell you what we did. And we show you the evidence of what we did and how we did it. And we give you what we believe are the implications. This is very scalable, what we did, right? And here’s how we did it. And here are the things that you could have done to make it impossible or to make it a lot harder. So that’s what kind of differentiates us from these guys. And I would cover one other point is that we don’t go in to just tell you what you already know. Like I’m reminded of that Donald Rumsfeld quote where he said in war, there are the known, knowns, the known unknowns and the unknown unknowns. And so what we’re working on primarily are the known unknowns, which is, I’m getting beat here, how? Could you replicate that problem for us? And we’ve done that successfully for lots of financial institutions. Or what don’t I know about, right? The unknown unknowns. And we’re trying to live in those two categories for our customers.
PR: Right, gotcha, gotcha. So, then, do your tests always succeed? I imagine it’s a spectrum, right? There are some companies that are probably really easy to break into, and there are others that are really, really difficult. I mean, what can you tell us about that?
JT: The good news is we don’t always succeed. And when you think about it, that should be the normal case because in this day and age, everybody has layers of controls in place. So sometimes, it’s almost equally important to know that you’re strong in a particular area, right? And so sometimes reporting back with a green finding is just as valuable to our customers as reporting back with a red finding, okay? We’re really strong. And one of the other things that we’ve noticed over the years is that as we’ve taken on more and more customers, the nature of our testing has changed a little bit in the sense that we used to go in and just run our playbook. But now our customers come to us with really explicit things that they want us to test, kind of in that known unknown category. We’re getting beat here, how? And so if a large top-five bank comes to us with that type of test question, and then we execute that test, what we found is everybody else that’s part of the Fraud Red Team community probably wants that test run too, to see if they can defeat that exploit or if there’s a weakness or a gap there too. Sometimes, you know, and that’s reassuring to know that, hey, this happened at a big bank, but it didn’t happen with us.
PR: Right, right. Yeah. As you’re talking, a question just came up: there are lots and lots of anti-fraud providers out there; there are lots of companies doing very well. What is your relationship with those people? Cause you’re, in a sense, you’re attacking a lot of their systems. Not a lot of this is developed in-house, maybe at some of the big banks, but a lot of it is acquired by anti-fraud fintechs, for example. I mean, how do you relate to those people?
JT: Well, so in particular, like the vendors that offer an anti-fraud solution, right? So we have great relationships with these guys because they recognize that sometimes the weakness in their controls might not be the control itself, but the implementation.
PR: Right.
JT: So, I mean, we’ve been on calls, we’re like, you know, we did this exploit, we got away with it. And if you have this tool in place, it would catch that. I think there’s like this silent pause on the phone, and they’re like, we have that control in place. So our point is, we’ll check the signal. It might be that it alerted, but something else downstream overrode that. So what we realized is that the implementation is so critical to a vendor’s success. A lot of times it might not be the tool, but it might be the fact that their tool is one of eight layers. And they might have signaled this is fraud, but three other things happened that overrode it. so being able to test in a production environment is something that makes us unique. And I think that it’s something that helps both our customers as well as their vendors. They want to know these things. Nobody wants to fail. And the fact that some good guys are out there testing it, I think is good for everybody.
PR: Right. Right. And you’re not only testing the software, you’re testing the implementation and how it fits together with everything else. So, because I imagine that’s going to be a little different every time it sounds like. So, anyway, maybe you could just detail, I know you’re not going to sort of, don’t give away your secret sauce. I don’t think that’d be possible anyway, on a show like this, because it’s highly complex, I’m sure, what you actually do. But maybe you can share with us some details about a test that you’ve done recently that actually succeeded, and you were able to penetrate the anti-fraud controls.
JT: Sure. So I’ll give you a couple of examples, right? So, in the known unknown category, we had a big bank that was getting beat pretty bad on the redirect of one-time passcodes inside of Zelle. And so it was happening at such a frequency that there was no way that many customers were being socially engineered. And there was some disconnect between the fraud folks and the IT folks. The IT folks are saying, no, the customers are giving away the one-time codes because nobody’s changing the password. Nobody’s changing the phone number in account maintenance. So it’s impossible for that code to go anywhere but that phone number. And so they gave it to us, and they said, what do you think? Is it possible? And we were able to figure out that, yeah, on the fly, you could redirect the phone. You could redirect where the OTP was going to a new phone number. And we gave them the evidence, and we said, here’s how we did it. And they were like, looking at the screenshot that we gave them, they were like, no, send us a video of you doing it.
PR: They didn’t believe you?
JT: So we sent them a video in real time and they’re like, okay, this is a SEV-1 problem. And it was fixed immediately. It shut down a huge amount of fraud that was taking place through Zelle.
PR: Huh. That’s really interesting. So then what about, like you touched on before, account onboarding is something that’s that I’m interested in because it happens everywhere in fintech. It doesn’t matter really what your product is. You’re onboarding someone new all the time. And you know, some of these fraudsters will go and set up an account, and it all looks legitimate, and they’ll just let it sit there, or they’ll do legitimate kind of, you know, operations there, how are you kind of dealing in that with that? I mean, it feels like that’s a tougher problem to solve than what you described in some ways, because account onboarding can look legitimate, right?
JT: Totally, and a lot of times it is, right? So as companies get better and better at sifting out sort of either the manufactured identities, meaning, let’s say, Peter, I have your name, your social, your date of birth, right? And then I append to it an address that I control, or an email that I control, or a phone number that I control. That’s kind of a manufactured identity. And they’re getting better and better at saying, ah, that’s not Peter. That phone number doesn’t match, and that email doesn’t match, right? And so another way was to just create a complete synthetic where you just manufacture data, got that data out onto a credit bureau somewhere, and just kept trying and trying and trying to use it. And eventually, it built a big enough history that somebody said, yeah, I’ll open an account for this person. And all of a sudden, you have a synthetic, everything is manufactured. And we do tests on both of those. And I would say that as companies and the tools that are out there get better and better at detecting that stuff, then what’s a fraudster do? He just starts recruiting legitimate people where all the data is real, and he just makes them part of his crime ring. He might trick them into doing it, or they might absolutely know that they’re part of the crime ring. Now, I have legitimate people in the system where I can use those accounts for, say, mule activities.
PR: So then how do you stop that?
JT: Well, that’s where the layers come in, right? And so that’s where now your detection technology comes in and your behavioral technology comes in, which is, what does the profile of our customers look like? So if you’re a fintech or a big financial institution, you generally know how people in this zip code and this age range and this demographic, how they operate, right? And so maybe it’s $5,000 a month comes into the account, they spend it on all these kinds of things, that’s what normal behavior looks like. But an account that just gets set up and sits dormant and dormant and dormant, and then $100,000 shows up, that’s not normal, right? And so what you need are these layers to be able to figure out, how do I profile that person, that type of transaction behavior, maybe that device, right? And when you find the anomaly, you investigate it. And if you say, that’s a fraudster, then there are all kinds of other tells associated with that fraudster that you should be looking for. Like, have I seen this device before? Have I seen this IP address before? Have I seen this email, this address, right? Do I have a network of fraudsters that share the stuff inside of my company?
PR: Okay. So then we are, we are almost 20 minutes into our conversation, and we haven’t actually explicitly talked about AI yet. I want to; I mean, obviously, a lot of what the fraudsters are doing is using AI. And obviously, there are deepfakes that are becoming better and better. And I see in the, just in the AI platforms out there that there’s new video creation technologies just available to the general public now. So, a lot of the fraud detection now requires live video. That’s where deepfakes can come in. I mean, maybe you could talk about how much you think deepfakes are actually causing problems today, and how much will they cause problems in the future?
JT: They’re causing lots of problems today, and they’re going to cause more and more problems. What we saw with deepfakes was the original stuff that we saw was like, extortion, right? Where they deepfake images, right? And they could take an image of you, and they could, you know, put a person in a compromising position and say, hey, we’re going to release this out on the internet if you don’t pay us some money. And that was terrible. That led to fraud. That led to all kinds of mental anguish of people who were caught up in that. And then we saw the scams, like the grandma scam, where they would target elderly people and it would be the grandchild calling up in the middle of the night saying they’ve been arrested and they need money. And you would see that kind of fraud. And then it quickly sort of morphed over into the commercial world with like business email compromise, where instead of sending emails, now it’s you’re on the phone with your CEO and he’s saying, move some money. And there he is, right? He’s on the video. He’s telling me to move the money. It seemed totally legit. I went ahead and moved the money, and now the customer, not the bank, owns that particular loss. So we’re seeing audio, video, images, going back to account opening where there are liveness checks between, say documents and a person. We’re seeing a really good fake document be created and then an image of the person whose face is on the document. And that could be matched between the two of them. So, document verification is another area where deepfakes are being used. Where we come into play is that there are a lot of vendors now in this space that are making claims that they can detect 98 percent of the deepfakes, whether it’s documents or images or voices. In some cases, they absolutely can catch 98 percent. But where we come into play is to say, okay, well, let’s test this and see if the test set was large enough, and let’s see if they can detect 98% across all the things that we could think of testing. And so where we’ve worked with our clients is to say, let’s create a test bed of voices, right? And so what we might do is take male, female. We might take young, middle-aged, older. We might take different ethnicities, right? And then what we do is we say, with background noise or with no background noise. And then we go out to 11 different AI engines or 12 different AI engines and create versions of all of that. And we have our test subjects speak for like five minutes, one minute, and 30 seconds. And so we create this enormous test bed, and then we play that against the tools, and we say, now what’s your effectiveness in detecting these deepfakes, right? And what we find is that it varies. And again, this is going back to our relationship with the vendors as well as our customers. It’s not that we’re trying to embarrass anybody. It’s just that we’re trying to assess the effectiveness of claims and give them more to go back with and work with and very quickly upgrade their tools, and then we can retest. And all of a sudden, we can see in those cells where their effectiveness might’ve been 5%. Six months later, it’s at 95%.
PR: Interesting, interesting. The thing that really is scary, I read about a case just a couple of weeks ago about someone who sent $25 million because he got the okay from his boss, on video, and it was not his boss. I mean, how do you combat that? That feels like as a user inside a company, do you need like a secret code word or something? I mean, what do you do?
JT: Yeah, so companies are going to have to rethink their authentication now, right? In this case, though, let’s take a $25 million wire. All right, so a $25 million wire is probably going to require two people to sign off on that wire. So maybe it’s the CFO and maybe it’s somebody else in the company. So hopefully that second person might go, wait a minute, $25 million? Yeah, the CEO told me to do it. Well, I’m going to call the CEO. A lot of times there’s a control and commercial banking called dual control, which requires two people to sign off on that. Right? And then the bank should also have some detection technology in the background that goes, these guys have never sent a $25 million wire to that beneficiary in that country before. We’re going to call them, and we’re going to double-check and make sure they meant to send that wire. So the banks have another layer of defense that’s in there, but if that second person just goes along with the CFO and they call the CFO and say, did you mean to send it? And the CFO says, yes, then it goes, right? And so, in that case, what the banks are also doing is making their customers more and more aware of these types of scams and helping them put more process controls in place to be able to defeat this type of scam in the future.
PR: That makes sense. So the internal controls become really, really important. So anyway, I know that you’ve been working with big banks for a long time. You mentioned since 2004, but you also working with fintechs now. So maybe…can you share some of the names that you’re working with in the fintech space?
JT: Well, so that was one of the interesting things, right? We started looking at all the fintechs that we’ve worked with over the last several years, and we were like, wow, we have worked a lot of fintechs, right? And we have never sort of concentrated on fintech as a vertical before, right? And we’re like, you know, we’ve done work with SoFi in the past and Varo Money and BlockFi and Gemini and Bill.com and Credit Karma and Robinhood and a bank up in Canada called Neo Bank. And I think we counted like 14 different fintechs that we’ve worked with over the years. What we found, again, is that any company that moves money, that creates accounts, has debit cards, they all have the same thing in common with the big banks, which is they onboard new accounts, you have to access the account, you have to maintain the account, and you have to be able to move money. And if you have those characteristics, we can either help you from, say, an advisory perspective because we’ve got our consulting group still, as well as from a Red Teaming perspective. And that’s what’s got us so excited about the fintech community.
PR: Right. So you will provide just a, you go in, your consulting arm can go in and just look at everything and provide advice on that, or you can go directly to penetrate their anti-fraud system. So you have both of those things available for fintechs, right?
JT: Yeah, I mean, so, obviously, we’ve been working with the big banks for so long. We’ve got this whole best practices that is out there. So we could review anybody’s set of fraud controls and say, here’s how we think you line up against what we see as industry best practices. But the testing piece is sort of that trust, but verify, right? Where they say, yeah, we’ve got controls in place for that. We’re like, great, we’ll do some tests. We’ll see how they’re working.
PR: Okay. Okay. So then, I want to talk about check fraud because that seems to have a resurgence in the last two or three years. And it seems strange to me. I mean, people obviously are still writing checks. It’s not as many as they used to, but they’re still happening. Is that part of your purview as well? Because it’s not like you’re penetrating a system as such here, but check fraud is a problem. How do you work with it?
JT: Yeah, so there’s a couple of ways that we’re working on check fraud. So one is we are partnering with the American Banker Association, and we’re leading a feasibility study into something they call the National Check Verification System, which would be sort of a centralized data store of checks that depositing banks could then access and say, hey, is this check real or is it altered? Right? So we’re working with the ABA and partner banks and vendors and regulators to assess the feasibility of that type of solution. So we’re sort of really into it there, but our Red Teaming group, gosh, we’ve been testing counterfeit checks and altered checks for years now. And we’ve always thought this is going to be big because when you think about it, I mean, I go online, I was online last night. We were doing a Red Team test. An ACH transfer, my limit, at a top 10 bank is $2,000 a day. That’s the max I can do on ACH. But I could take a check, right? And I could empty out all the money in the account. That account had $100,000 in it. I could write a check. So it’s the thing theoretically with the least controls built into it and the maximum amount of money that could be spent on it, right? And so it’s just sort of, you know, you can see why the fraudsters are just focused on that. And so, yeah, there are all kinds of problems with checks being stolen, washed, altered, deposited, and then counterfeits created, forged signatures, right? And banks are always trying to balance the sort of convenience of banking with the friction associated with it. And they don’t want to put too many holds on too many accounts. And they can only look at so many check images on a daily basis, right? And so the industry is really sort of looking into this because even though check usage continues to decline, it’s still relatively large. I mean, people write like hundreds of millions of checks per year, right? In the trillions of dollars. So it’s declining. And at the same time as it’s declining, the fraud’s just going through the roof. And so, we’re working in a consortium fashion to do it, but our Red Team is constantly testing the controls in place because we’ve got people who actually wash checks, and they test the differences between blue ink and red ink and black ink and red gel and blue gel. And if you use black gel, that’s like the hardest thing to wash. So maybe everybody should get a check with black gel in it or something like that.
PR: Well, then, because you have the problem of not knowing how this check is going to be deposited. They could just go straight into a bank branch, physically deposited in person, or they could obviously use an app. Whatever they’re doing, you’ve got to take multiple channels where this can happen, right?
JT: Yeah. And if you make it too hard to do, like if you put a limit on the amount of a check that you can do through mobile deposit, then what am I going to do if I’m a bad guy? I’m going to send somebody into the branch with a fake ID, and I’m going to say, cash this check.
PR: Right.
JT: Right? So now I’ve got to make sure that my branches have good identity verification controls in place to be able to spot that fraudster walking in, trying to cash that check.
PR: Right. So then maybe as we close, I’d love to kind of get your perspective here, because, with the tools that are in place today, it feels like it’s getting easier and easier for fraudsters to scale attacks now. But you know, the work you’re doing, I would love to kind of get your perspective on how are fraudsters evolving? They’re using all these latest tools. We know that. But how can we keep ahead of the bad guys, and is that a winnable game?
JT: I like to say that fraud is a persistent threat now. Because if you look at the amount of money that is lost to fraud on an annual basis, just in the FBI’s IC3 report, which I think is through 2023 or something, I mean, the number was over $12 or $15 billion or something like that. And that’s just from the reported incidents to the FBI. There were like 800,000. So you know that that’s probably miscounted by a factor of five because most people don’t report the fact that they’ve been defrauded to the FBI. I’ve seen estimates anywhere from, you know $50 billion to, you know, $500 billion lost to fraud. So fraud is clearly an industry. These guys aren’t going away. They are persistent. Now, in the scheme of all the money in the banking system, you know, it’s relatively small, but on an aggregate basis for fraudsters is quite large. So it’s always going to be with us. It’s kind of a cat-and-mouse game, but leading financial institutions recognize that it’s a persistent threat and that you have to continuously upgrade. The minute that you stop investing in your fraud controls, is the moment that your fraud losses are going to go up. And we’ve worked with a couple of financial institutions where we’ve actually tracked this. We’ve looked at a 10-year period when they made investments and when they did not make investments. And when they invested, the fraud went down. And then, when they took a breather and didn’t invest, the fraud went right back up. So you have to look at it that way, and just recognize that to maintain fraud at a certain level means that you have to maintain investment in this area at a certain level also.
PR: Right. Well, that’s a good place to close it, Jerry. I mean, it’s important work you’re doing. We have to do everything we can to try and make it safe out there for all of the banking and fintech customers. And, you know, I think you’ve got good job security because, man, the fraudsters aren’t going to take a breather. We know that. Anyway, thanks for coming on the show today, Jerry.
JT: Thanks, Peter. Appreciate it.
PR: That last point that Jerry makes, I think, is super important. When banks and fintechs stop investing in anti-fraud, then fraud rates go up. And with the ability for fraudsters to use generative AI to scale their attacks much easier now than in the past, that is going to become even more true as time goes on. Fraud is no longer a problem to solve. It is an area of the business that you need to continually invest in to get better. If you don’t, the future consequences could be much worse. Anyway, that’s it for today’s show. If you enjoy these episodes, please go ahead and subscribe, tell a friend or leave a review. And thank you so much for listening.