Aviva Zacks of Safety Detectives sat down with Ping Li, Signifyd’s Vice President of Risk and Chargeback Operations, and asked her about her company’s Commerce Protection Platform.
Safety Detectives: Tell me how you got started in the cybersecurity industry and what you love about it.
Ping Li: I started off my cybersecurity career at eBay’s trust and safety team, helping to protect sellers’ and buyers’ accounts and their online transactions in a large global marketplace. I went on to work building and running risk management teams at payment firms like PayPal and WePay. In those roles, I worked to prevent fraud online while working to avoid adding friction to the buying process that would frustrate consumers and hurt merchants’ bottom lines.
Now I’m at Signifyd where we’ve taken fraud protection a step farther. We use machine learning and big data to determine the identity and intent behind each online order and in most cases instantaneously provide merchants with a ship or don’t-ship decision. And if we’re wrong, and an approved order turns out to be fraudulent, Signifyd pays all the costs involved in the fraud, including the cost of goods, shipping costs, chargeback fees, etc. It’s a way to level the playing field between physical stores and online stores.
Our Commerce Network of thousands of merchants also levels the competition between Amazon and retailers-not-named-Amazon. Because of its massive size, Amazon has the data to rapidly determine which orders are fraudulent and which are legitimate. Signifyd makes that possible for other retailers and brands by drawing on millions of transactions across thousands of merchants to create a massive data set of its own.
What I love about what I do is that it is constantly changing. No day is the same as the last. Fraud is constantly changing and Signifyd is constantly innovating. While Signifyd started out focused on fraud protection, we’ve now expanded into tackling false claims by consumers who, for instance, say a package never arrived when in fact it did.
We’re protecting merchants from return abuse, unauthorized reselling, and promotion abuse, such as when a consumer uses a one-time offer more than once.
We need to be constantly thinking ahead, anticipating fraudsters changing tactics and targets. We get to work closely with merchants, who are some of the most innovative-minded people I know, to meet new challenges and to balance the need to protect their enterprises while still making sure those protective barriers aren’t keeping good customers out.
In short, my job is a chance to constantly learn.
SD: What is the main service your company offers?
PL: So, I went into some of what we do in my previous answer, but to put it succinctly, Signifyd provides eCommerce merchants and brands selling online with commerce protection throughout the buying journey. Our Commerce Protection Platform is broken down into four main solutions — Account Protection, Fraud Protection, Abuse Prevention, and Payment Optimization. Together these solutions protect merchants from payment fraud and from friendly fraud, such as a consumer denying they made a purchase that they did make, or falsely claiming an ordered product never arrived. The platform offers protection from return fraud, unauthorized resellers, and promotion abuse. And we provide a highly automated system for managing and recovering chargebacks filed against retailers.
We also offer a financial guarantee, which means when we provide a decision that is not the right one, the financial liability shifts to Signifyd and away from the retailer.
SD: How do you stay ahead in a world filled with cybersecurity companies?
PL: The easy answer is constant innovation. Easy to say. Not as easy to do. But Signifyd’s solutions have been evolving and growing to keep up with or ahead of the evolution of fraud and abuse. Everyone has a favorite analogy for fraud, but it really is like a game of whack-a-mole. Fraudsters constantly change targets and tactics to move on from points in the buying journey that are adequately defended to find new weaknesses. Innovation allows us to stay ahead in that game.
We’ve also succeeded in a crowded field because of our superior data set. We’ve been processing millions of transactions around the world for more than 10 years. When a consumer makes a transaction on our Commerce Network, there is a 98% chance that Signifyd has seen that customer before elsewhere on the network. That gives us tremendous insight into the identity and intent behind that order and allows us to provide accurate decisions that protect the merchant and see to it that the consumer is not disappointed by a false decline.
We’ve also been very smart about combining the best of what machine learning can give us with the best that human intelligence can provide. Our learning machines are excellent at processing huge amounts of data to provide an informed decision in milliseconds. But they are backed by some of the brightest risk experts and data scientists in the business, who are able to quickly adjust to novel fraud attacks and anticipate the future frontier of fraud. It’s a tough combination to beat — and now that I think of it, another reason why I love working in this industry.
SD: What is the worst cyberthreat today?
PL: The biggest threat is the increasing sophistication and the acceleration in the increasing sophistication of cybercriminals and criminal rings. At one point in 2020, we saw automated attacks on our Commerce Network increase by 146%. We’ve seen fraud rings unleash bots for everything from credential-stuffing to break into accounts, to rapid-fire fraud attacks to quickly buying up the inventory of hot products for resale.
And the innovation is not only evident in technology. Fraud tactics, too, have become more ingenious. A few months ago we were able to disrupt a major romance mule fraud ring. Fraudsters would spend months, sometimes years, winning the trust of someone on the internet, forging a long-distance romantic relationship. In the end, the fraudster only wanted their supposed love interest to serve as a go-between in a fraud scheme that involved shipping fraudulently obtained products around the world.
Fraudsters eventually moved beyond romance fraud to launch sophisticated work-from-home scams, where the promise wasn’t love, but employment. In the work-from-home scams, fraud rings set up fake companies, complete with training videos and “HR departments” that would recruit mules, again to act as go-betweens to reship fraudulently obtained goods.
One of the key things missing from these work arrangements was a paycheck. The mules never got paid.
Fraudsters will no doubt continue to iterate and evolve and it will be our job as cybersecurity professionals to stay one step ahead of them.
SD: How do you see cybersecurity developing now that we are living through this pandemic?
PL: We have seen eCommerce and online activity grow faster than ever since more and more people have turned to online shopping during the pandemic. The growth in digital activity naturally attracts the attention of criminal enterprises to online fraud opportunities. I’m sure we’ve all read stories about how cybercriminals seized on the disruption of the pandemic to find new in-roads. Account takeovers were on the rise. The work-from-home scams I talked about flourished. Every day seemingly brings news of a ransomware attack. All of which means cybersecurity professionals need to move quickly, too, in order to match or surpass the efforts of cybercriminals.
Understanding that the identity and intent of online users, already an important pillar of cybersecurity, will grow in importance. In the commerce space, retailers will turn to large networks that give them rich insights into online activity and allow them to differentiate between legitimate customers and fraudulent operators.
Passwords, one of the weak links of online security, will become obsolete. Fraud and risk solutions will instead rely on biometrics, including behavioral biometrics, to establish identity and determine the intent of the shopper.
And don’t underestimate the role of education. As security and risk professionals, we need to provide the resources that both merchants and consumers need to protect their businesses and their identities, respectively.
The time seems right to provide education on cybersecurity and what individuals and organizations can do to enhance security. With news of data breaches, ransom attacks, and the near inevitability of being personally touched by a security lapse, consumers and businesses are ready to listen and learn. And more than ever before, they are ready to take action to protect themselves and their livelihoods.