Entersekt's Pradheep Sampath tell PYMNTS that fighting fraud demands a blend of traditional data and a consortium approach.
Transcript
This is What's Next in Payments, a PYMNTS podcast. Forward-looking insights from industry leaders on the trends and technologies reshaping payments and fintech. In this episode, Entersekt Chief Product Officer Pradheep Sampath says fighting fraud demands a blend of traditional data and a consortium approach. He tells PYMNTS that AI with guardrails, strong governance, and privacy-preserving data practices will help turn the tide against evolving threats.
Hal Levey:Hey everyone, it's Hal Levey at pymnts.com and for the latest conversation I am having with Pradeep Sampath, who is Chief Product Officer at Entersekt. We're delving into the search for reliable signals in banking new data reality. Nice to have you back.
Pradheep Sampath:Hey Hal, it's good to talk to you again. How are you?
Hal Levey:Good. I think we can both agree there's a lot of controversy and maybe even some dismay here and there over whether or not government data, traditional data, is changing, will change, maybe is reliable or is not reliable. But we can both agree that certainly the debate is out there, which gives us this question. When you are looking at the fact that statistics, Maybe they go dark, maybe they go stale, maybe they refine to return. What alternative sources have to anchor risk, credit, growth, all sorts of business models and all sorts of operations? Not only what you have to have in place, but how do you get them?
Pradheep Sampath:Yeah, that's a great observation, Hal. We're certainly in a state of flux right now. And so when we're talking about government data and public data, at least here in the US, the industry has come to rely on data feeds from the likes of FinCEN, right, with their SAR, the Suspicious Activity Reports, the FTC's data book, which also has like a consumer sentinel network alerts. I've also come across extensive use of the Office of Comptroller of Currency, their fraud alerts, and the Federal Reserve have their payment fraud information, which also is made available as alerts. But in terms of cross-border, we as an industry often and also look at sources such as the Homeland Security's Cybersecurity Advisory or the Interpol or Europol's alerts. So the point I'm trying to make is that these data feeds have become ingrained in the financial services sector's sources and methods to deal with the efficacy of transactions. And a lot of it is being used during the new customer onboarding KYC process. But I think what we need to do as an industry is continue to rely on these data sources whenever available, but also look at industry and network data feeds. I'm talking about data feeds from card networks, card schemes, their alerts and insights to make sure that suspicious trends are detected faster by looking at sources beyond just government data feeds.
Hal Levey:So is it correct to say that the historical data still has value and will have value, but you can have as an adjunct some of these different feeds that are certainly newer, right? And they take into account, to your point, different things like alerts from the networks or alternatively, you're looking at behavioral data that's getting fed through the entire ecosystem. You've got a number of different things to look at. So what are you seeing there? If you can give us an example of where historical data can be augmented by some of these newer Yeah,
Pradheep Sampath:historical data is important. It's got a vital place because you got to look back to look ahead. And it also serves as a foundation. Any model that you have today has to look back. But we also need real-time risk radars because threats are evolving, evolving every week with new attack vectors. And you need to have new data sets and new signals to solve new problems. Looking back always can't really give you answers to evolving threat vectors that we as an industry are facing on a regular basis. So what we need are real-time, transaction-driven, behavioral device and geography-driven datasets. So what you need is to blend all of these signals for accuracy and for speed to protect the experience of the legitimate users while quickly fighting fraud vectors as and when they emerge and be adaptive to that, right? And so it's important that When you build a machine learning model, it's got to have the benefit of historical data, but it also needs to be able to detect new signals that are coming in from device behavior and location, but do so in a holistic manner.
Hal Levey:The holistic manner begs this question, right? You've got to use AI to get there. You certainly have the bad guys are using AI, so you've got to as well. So using AI to spot for means you also have to be aware of governance and, let's put it this way, the output of what you're getting. And you've got to look at that. So how do you take steps to make sure that everything is not just reliable, but is going to meet the ever-changing regulatory landscape?
Pradheep Sampath:Yeah, I think the way we've started thinking about it, and I think many of our cohorts in the industry, is it's a strong yes to the use of AI. but with guardrails. And a key principle is to make AI explainable, to make sure that it's not a black box, but you have an explainable way of model governance and bias checks. And many organizations, when they look for solutions, there is a quest to look for fraud-fighting solutions or authentication solutions that have the ability to explain what goes behind the model And there's also the need to trust but verify. So with the model governance in place, you also have to have continuous monitoring and audits, but also backtesting to make sure that the models actually perform the way it's supposed to.
Hal Levey:Some of the data that we're talking about is permission, okay? And some of it is coming under the scrutiny of tougher privacy rules. And all of that felt into a couple of different buckets of data. You've got first-party data, you've got third-party data. How do you start to trace the lineage of third-party data sets to make sure that the sources from whence they come are legitimate, updating, and by their own standards adhering to governance?
Pradheep Sampath:It's a great framing because you got to make sure you have some idea of the provenance of the data, the chain of custody. What are the different data sources that are being used for your models and for your outcomes? So first of all, the contractual agreements from the sources of data have to be robust and it's got to be sound to make sure that the sources of data conform to various regulations and statutes, right? For example, the data protection impact assessments, the DIPA, those have to be in place. And you got to make sure that purveyors of data also believe in data minimization and anonymization. There's bias testing and fairness to make sure that data is also reflective of demographics in general. But there's also tools, right? There's tools like your metadata management and data lineage tools that help allow data consumers to also confirm to themselves that they have adequate visibility into the provenance, into the chain of custody for the sources of data.
Hal Levey:The chain of custody can allow for a sharing of data, right? And the sharing of data can give rise to what we might call data ecosystems. Yep. So obviously, you know, the old saying is, you know, multi-line defense certainly is important here. What is the consortium model going to evolve into? With open banking, you've got shared ledgers, you've got all sorts of ways for stakeholders to alert each other and maybe build a more robust front against the fraud. So what is the current state of consortium data and what would the future hold?
Pradheep Sampath:It takes a village to fight fraud. And it's very heartening to see competitors even coming together to fight the good fight. Now, we're also seeing the proliferation of consortia. And therefore, I think where the industry needs to go forward is to make sure that we're not siloed within specific consortia, either run by a specific vendor or a card network or a regional set of affiliations. But there is a way to share data in a responsible manner across consortia while still preserving the ability for fair competition to take place in the industry. And so some of the cardinal principles that might drive this are data anonymization and minimalist data sharing, having privacy-enhancing methods around encryption and federation, but also an overall protocol around governance and trust standards. Among these various purveyors of data, both providers and consumers, is how we take the industry forward by sharing data, preserving competition, and unifying the good fight so that legitimate users' experience is preserved while we quickly build get ahead of fraud vectors and present the right kind of authentication and challenge methods to fight fraud, whether it's new client onboarding, whether it's transaction, whether it's money movement, or any of those different use cases that we as an industry are hastening to support and protect.
Hal Levey:You mentioned minimalist sharing of data. So there's a minimal to a basic, let's call it set level of what should be shared. What would that be?
Pradheep Sampath:Well, it goes back Back to one of the beautiful examples that are being used here, right? For example, in the attribute validation use case, if you need to assert that you're over 21 to purchase beverages that have a certain threshold, they don't need to see your full name, your date of birth, your address, or whether you're an organ donor. The fact that you are over 21 is the only claim that needs to be asserted. So using that example as a cardinal principle again, it's possible for us to have consortia that says this IP, this device, this kind of transaction pattern, these geolocations are things that we need to share amongst each other without tipping our hands on the actual user or the transaction or the vendor or the card network so that the overall community can benefit from those signals without compromising on privacy or other kinds of PII's.
Hal Levey:Okay, excellent. So a need-to-know basis, I think we could say what it would be. What would you like to leave us with as we wrap up this conversation?
Pradheep Sampath:It's a team sport, like I think you and I have spoken about in times past. And the thread that binds us all together is data that's actionable, that is shared in good faith, but that's also bound by all kinds of regulatory governance to make sure that decisions that are based on this data that's being shared are sound, are fair, and they stand the fight of emerging threat vectors.
Hal Levey:All right. So that's a multi-pronged approach that benefits everybody. Certainly keeps the voters at bay. Thanks again for this time, and we'll look forward to the next time.
Pradheep Sampath:Thank you, Hal. Thanks for having me on.
Hal Levey:Take care.
Narrator:That's it for this episode of the PYMNTS podcast, the thinking behind the doing. Conversations with the leaders, transforming payments, commerce, and the digital economy. Be sure to follow us on Spotify and Apple podcasts. You can also catch every episode at pymnts.com/podcasts. Thanks for listening.