Fraudology Podcast with Karisse Hendrick

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this solo episode of Fraudology, host Karisse Hendrick answers the question so many fraud-fighters have asked her lately. -It's not just you or your company. Fraud IS getting worse. -In size and scope.From identity theft to reshipping schemes, supply chain exploits ATOs, and Refund Claims Fraud, Karisse provides a comprehensive overview of the contributing factors that have created a "perfect storm" that is not only changing the methodology & technology being used to perpetrate cybercrime & financial fraud, but also increasing the volume of perpetrators, and overall losses.But, all hope isn't lost. By better understanding the root causes of these changes, by studying the ever-evolving tactics, and by continually evaluating current and prospective 3rd party solution providers within your company's risk stack; some companies & financial institutions are keeping up with these changes more than others. Karisse ends the episode sharing the #1 best thing you can do right now to prepare for this "storm". Whether your company has already seen some of the impacts or not yet. Without doing this, it will be 100% more difficult to obtain the resources & support needed to be equipped to handle this new normal.Article mentioned in the episode: AI Bots Are Way Better At Captchas Than People: https://frankonfraud.com/fraud-trends/ai-bots-are-way-better-at-captchas-than-people/Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this episode of Fraudology, host Karisse Hendrick is joined by Patrick Chen, a product expert who has specialized in solving complex risk-related problems creatively with technology for some of the largest online companies & platforms in the world. All of those experiences led him to become the co-founder of Spec, a risk & compliance platform that allows its users to approach fraud, and ultimately their (legitimate) customers' experience in new ways. This conversation begins with a discussion about the "problem space" in online commerce & financial services. While we've collectively come a long way from where we were as an industry, it's clear to a majority of fraud-fighters (including the host & her guest) that all of the tools & technology that got us here, will not be able to take us through the next 10-15 years. -At least not without more defeat to cybercrime year over year.Patrick talks about his shared vision of Spec with his co-founder and team of employees, in providing an infrastructure that provides raw data & flexibility necessary for combating fraud. It's a solution they wish they had when they were working to build a risk infrastructure from the ground up at one of the largest online marketplaces in the world; all with less engineering resources & priority than they needed. And then....Patrick shares the extended vision of the Spec platform, as a marketplace (or an "app store", as a comparison). He shares their belief in the need for intellectual property development & ownership in the industry (for fraud-fighters, by fraud-fighters), the opportunities for experienced fraud-fighters to design & benefit from new solutions on the Spec marketplace, and the importance of understanding different industries to effectively combat fraud. Karisse then shares a "secret" she's been keeping for over a year, about the first independently designed module on the Spec marketplace; one that will provide transparency & autonomy to retailers targeted by refund claims fraud (aka- refund fraud). And, she can't wait to see the brilliant product ideas of innovative fraud leaders come to life to provide dashboards & actionable workflows to benefit the industry (and their own pocketbooks, directly!)To connect with Patrick directly: https://www.linkedin.com/in/patrickchen30/Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicEvery executive in the corporate world is asking themselves how they can avoid their company from becoming the subject of headlines like MGM has been recently. And, as more information becomes available about the cause of the chaos, it becomes clear that this type of attack can happen to any type of company, despite how much is invested in secure infrastructure & systems. To help Fraudology listeners learn from this now infamous attack, host Karisse Hendrick invited renowned corporate spy Robert Kerbeck to delve into the world of social engineering, how easy it is to steal information and/or access from the world's largest organizations, and its devastating impact on organizations. From the tactics used by "rusers" (social engineers) to manipulate employees over the phone to who the best "targets" are & what they will research ahead of time, to the exponential threat of ransomware attacks when combined with social engineering. Kerbeck shares his invaluable experience & insights to provide Fraudology listeners with practical tips to safeguard sensitive information and to be aware of unusual requests, as he reiterates the urgent need for improved training and verification processes.Consider sharing this episode internally with leaders in customer service, InfoSec, and Senior Leadership & ask for a follow-up meeting to discuss what you can do to prepare employees for social engineering attempts. Don't miss this eye-opening conversation that uncovers the dangerous reality of cybercrime and its potential consequences for businesses of all sizes.The best way to prepare your employees for social engineering attempts is to hire an engaging public speaker/corporate trainer to share memorable tips disguised as entertaining stories. Robert is one of the best! To connect with him on LinkedIn: https://www.linkedin.com/in/robert-kerbeck-12aa7a11/To purchase his book, learn more about his previous career, watch the trailer for his upcoming TV series, or to inquire about his corporate training program, go to www.RobertKerbeck.com Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this episode of Fraudology, host Karisse Hendrick delves into the world of cybersecurity, the evolving tactics of hackers, and why it's important for online fraud professionals to pay attention to data breach news & trends. Because online fraud is often the preferred method of monetizing from cyber attacks, it's important to understand the supply chain of information that could be available to cybercriminals soon. In light of the recent security breach at MGM (at least all US locations) & Caesar's Entertainment in Las Vegas, Karisse shares some of the research she's done to better understand what happened, and how a similar attack can be prevented. From the vulnerabilities & threats of social engineering to entering through the 3rd party system used for account & identity verification & sign-on flow, to ultimately encrypting all data in their Active Directory. -These steps are relatively simple for some groups, so it's imperative that fraud & cyber teams work together to "patch" vulnerabilities within their org. Also discussed: Ways to use these headlines as a catalyst to communicate threats to leadership and suggest social engineering training & enhanced verification processes. Should the data being held captive be released, the types of fraud vectors different companies should expect, and how to look at the types of data exposed via data breaches to determine which fraud methods your company or financial institutions may rely on. Several articles were referenced for this episode. Including:https://www-dailymail-co-uk.cdn.ampproject.org/c/s/www.dailymail.co.uk/news/article-12505921/amp/MGM-Resorts-Las-Vegas-cyber-attack.htmlhttps://techcrunch.com/2023/09/14/mgm-cyberattack-outage-scattered-spider/https://www.reuters.com/business/casino-giant-caesars-confirms-data-breach-2023-09-14/https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claimhttps://arstechnica.com/security/2023/09/a-phone-call-to-helpdesk-was-likely-all-it-took-to-hack-mgm/https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomwarehttps://www.trellix.com/en-us/about/newsroom/stories/research/scattered-spider-the-modus-operandi.htmlFraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this solo episode of Fraudology, host Karisse Hendrick responds to a recent article written on LinkedIn about the interview episode with Nate Kharrl, CEO of Spec titled "Breaking News: Fraudsters Exploiting 3rd Party Fraud Tools". Karisse always welcomes healthy discussion and new opportunities to learn. -Especially if they're presented in good faith, and accurate. While responding to the article, Karisse starts the episode with a bit of a refresher course on several aspects of the original topic. Including: some of the methods used by fraudsters to exploit some 3rd party fraud tools, the symptoms of these kinds of attacks, the gaps these are caused by on the client & vendor side, and ways to decrease your exposure to exploits.It's true that fraudsters testing thresholds to see what they can get away with is nothing new. But, what IS new (and scary for those impacted!) are the high tech ways this is now occurring AT scale; often without visibility to track their activity. Karisse also delves into some of the vulnerabilities of network consortiums, the importance of reliable data sources, and the risks & limitations of relying solely on device information and/or behavioral data (via Java Script + API) for risk evaluation. She also explains two of the methods most commonly used by bad actors to quickly identify which 3rd party fraud/risk providers that each website relies on. Karisse wraps up the episode with a few suggested questions to ask your 3rd party fraud and/or bot detection provider if you've recently seen declines in their accuracy; along with a few strategies, process changes, and alternative or supplemental technology options for those companies that don't have the luxury to simply replace their current core fraud solution. Bottom line: Fraud & bot detection technology MUST continually innovate since cybercriminals are continually searching for work arounds. Solution providers need to make innovation a part of their on-going business plan as inevitably, some of the methods & technology frequently used to detect bot attempts, risky transactions and/or accounts, won't work as well as they once did. Note: For those solution providers that have been receiving calls or emails from your clients, asking some of the questions that are suggested, it's important to not respond in a defensive way or to place blame elsewhere. And to instead, focus on ways that Special thanks to Frank McKenna for taking the time to thoroughly research this topic, and for writing a thoughtful & informative article on the topic. This article should be read by everyone. -Either as a stand alone article, or as a companion piece to the original episode which aired on August 26, 2023, you are sure to learn more on this topic.https://frankonfraud.com/fraud-trends/uh-oh-fraudsters-found-ways-to-exploit-your-fraud-scores/Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this episode of Fraudology, host Karisse Hendrick sits down with Andrew Austin, Senior Manager of Fraud Technology for CarMax, to discuss his journey as a fraud fighter and the importance of having a clear mission and purpose in the industry. From his experience in anti-terrorism in the US Military, transitioning "from boots to suits" working within anti-money laundering and banking, and finally what lead him to pursuing Sr. leadership role focused on fraud strategy in e-commerce/lending. Andrew shares insights on his "why" throughout the different phases of his career within the last 20 years, and how (and why) his reason & purpose for having a career in anti-crime & threat detection changed over the years with maturity & perspective. As you listen to what Andrew has discovered about himself and his overall purpose in our industry throughout his career journey, both Karisse & Andrew hope you will be inspired to identify your own personal mission statement for now. -and for the future you. Because, as Andrew will share, this can become your guiding force in your current role, the positions you hold in the future, and the people you choose to work and align yourself with. As important as it is to learn about new fraud trends & technology, Fraudology was also created to help "fraudologists" gain new perspectives & clarity in all areas. -Including their personal development. But first, Karisse asked Andrew to share a story he recently shared with me that is sure to bring smiles to anyone's face. -Especially if you are (or will soon be!) a fraud-fighting parent.To connect directly with Andrew on LinkedIn (NO solicitations, please!):https://www.linkedin.com/in/awaustin/ Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this episode of Fraudology, Karisse has the pleasure of hosting Eric Boles; a former special agent of the US Secret Service and former leader of e-crime investigations at StubHub, Yahoo, and AOL. Eric shares his insights on the rise of cybercrimes and the urgent need for consequences and accountability to curb online financial fraud. From navigating the unfair chargeback rule system to building successful relationships with law enforcement, Eric provides valuable strategies for companies to proactively investigate and prosecute fraud. -Ensuring the protection of their data, reputation, and shareholders' money. Eric and Karisse touch on several related topics, including why more online companies should be investing in an investigations department, and all of the benefits that will provide. Additional benefits of having a dedicated person/team to investigate fraud across dozens to hundreds of related accounts, should be the Norm, (according to Karisse) as they can become great at picking up patterns that an ML model may not catch, building relationships with various law enforcement agencies, and working with federal agents & the US District Attorney.Throughout this conversation, Eric will share a few stories of post-transaction investigations he has investigated and/or overseen; including the international fraud ring that resulted in his employer recovering financial restitution (above 7-figures USD!) from the seizure & sale of items that the fraudsters' once owned. Join us as we delve into Eric's impressive career and uncover his methods for catching perpetrators and advocating for post-transaction investigations.Eric Boles is now available for consulting or FTE remote opportunities in all areas of e-crimes investigations such as: phishing campaigns, "pig butchering" scams, malware/ransomware, online payment fraud, non-payments fraud (ATOs, Promotional abuse, etc.)To connect with Eric (Especially if you're looking to hire someone with his "unique set of skills"), connect with him on LinkedIn:https://www.linkedin.com/in/eric-b-21605942/?miniProfileUrn=urn%3Ali%3Afs_miniProfile%3AACoAAAjn8vIB3SCNCfDmnh4n5PZCy2lx5dN-7JYFraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this solo episode of Fraudology, host Karisse Hendrick explores the pitfalls of relying solely on RFIs (Request for Information) and/or RFPs (Request for Proposals), and how they often lead to unintentional consequences that too many fraud technology buyers (merchants, fintech, Financial Institutions, etc.). While this has been a longtime, standard practice used to compare & select 3rd party technology partners, Karisse has seen too many that end up incentivizing bad behavior from potential vendors. What kind of bad behavior could be initiated with the submission of an RFI or RFP to a potential solution provider? -Tailored responses to fit buyers' preferences, and not necessarily the features of their own products, high pricing, being sold additional services that aren't necessary, contract loopholes, and ultimately selecting the solution provider that tells you what they know that you want to hear, and not what is necessarily accurate.In this episode, Karisse provides an in-depth overview of common mistakes that are made in RFIs/RFPs sent to fraud providers, how those can be manipulated to tell you what you want to hear, and often lead to frustration a few months after implementation when you realize the product/service wasn't as good as they made it sound. And starting off a relationship with a new client on the wrong foot isn't good for the vendor and their long-term business goals, either.Karisse also shares why she doesn't rely on traditional RFI/RFP processes when working with clients to select new solution providers for their fraud & payments needs. Instead, she emphasizes the importance of listening to user feedback, highlighting themes of customer satisfaction and dissatisfaction, and hopefully relying on the ultimate gold standard for vendor selection: A live POC (Proof Of Concept). Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicOver the last several months, dozens of merchants have reported anomalist fraudster behavior that they haven't been able to detect or understand the root cause. Fraud detection systems not being as accurate as in years past (higher declines, false positives, and chargebacks)Chargebacks for orders that were only 1 or 2 points below their fraud tool's decline threshold (How do they know my fraud vendors' scoring system?!)Bot attacks that bot mitigation/detection companies are unable to detectAnd then, Karisse spoke with her friend, and the CEO of Spec, Nate Kharrl. Because of the enhanced visibility that Spec has into every customer journey for each of their e-commerce & B2C Fintech clients, he & his team at Spec have had the ability to watch, in real time, as fraud rings exploit different gaps within the API connections between online merchants & their 3rd party vendors. And the results? -Exactly what merchants have shared with Karisse in the last year.So, Karisse asked Nate to join her on Fraudology ASAP to share the different types of exploits targeting the system connections between online companies & several fraud solution providers that they've observed.While knowing the "what" is 1/2 the battle when trying to understand new fraud tactics, Nate helped fill in the blanks for everything else you & your company need to know, to identify 1. If these attack methods are targeting your company/vendor communication and 2. What can be done to close the gaps (and because Nate isn't a "typical vendor", he provided suggestions that can be done without using Spec as a platform; although, in most cases, using Spec would be easier. -And faster!). Some of the other points covered:The different ways fraudsters are exploiting 3rd party fraud tools, which types of 3rd party tools are most vulnerable, and how they are able to exploit specific gaps within the communication flow between a merchant & their provider (often without you seeing them until the losses already occurred)The symptoms your company may be experiencing due to each of these tacticsThe standard "party line" you're probably told when asking your provider the reason for a sudden change in performance (But also, why they may not know any better)Why fraud vendors aren't necessarily at fault for these gaps and what can be done to close the gaps to prevent these particular exploits (w/ or w/o Spec's TrustCloud)In online fraud prevention, especially, knowledge is power. Because, when we know more, we can do more. And this episode should be a MUST LISTEN to everyone in online fraud prevention because our tools are under attack, and need to be better protected!Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

Fraudology is presented by Sardine. Get your tickets to Sardine[Con] and end the scamedmicIn this solo episode of Fraudology, host Karisse Hendrick explores the topic of vendor relationships in the context of online fraud fighting. Through conversations with fraud fighters, Karisse has observed recurring frustrations among merchants, fintechs, and banks when it comes to their vendor partnerships. She shares insights on vendor selection, the challenges of finding reliable solutions, and the importance of customer feedback in evaluating providers. Karisse also discusses a LinkedIn post by Andrew Austin of CarMax, offering tips and action items for both vendors and merchants. Tune in for valuable advice on maintaining successful vendor relationships in the ever-changing landscape of online fraud.Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.