10/31/2017 | Episode 9
Denise Aptekar is Senior Director of Global Payments at Upwork.
Evan: Welcome to Trust & Safety in Numbers, presented by Sift Science. I’m your host, Evan Ramzipoor. If you’ve ever worked as a freelancer, you’re probably familiar with Upwork. Today, we’ll be sitting down with Denise Aptekar.
Denise: I am Senior Director of Global Payments.
Evan: To learn about the types of fraud challenges a platform like Upwork faces, and to talk about the ins and outs of chargebacks. Denise has a unique way of conceptualizing friendly fraud that might change the way you think about chargebacks.
Denise: In American culture, we have this kind of overblown sense of our God given right to do a chargeback.
Evan: But before we do that, let’s warm up with a quick fraud fact. Did you know that the FBI’s Internet Crime Complaint Center receives nearly 300,000 complaints per year? That’s a lot of fraud. For more about the FBI, check out three key takeaways from the FBI internet crime report on the Sift Science blog. Now onto the interview.
Denise: My job is to make sure that our clients pay as they wish to pay, and our freelancers get paid and get their earnings as they wish to get them. Upwork is a remote freelancer platform where we have over 10 million freelancers around the world.
Evan: So one of the challenges that you often face is friendly fraud. Can you tell us first of all what is friendly fraud, and why should businesses be worried about it? It’s not very friendly, is it?
Evan: Chargebacks are something that all e-commerce companies, all marketplaces have to deal with. Friendly fraud is usually a portion of those chargebacks, and it’s what I call an invisible type of fraud because most e-commerce places don’t even know that they have it. So here’s the gist of it. We all get chargebacks. And when we get chargebacks, the first thing we tend to do is separate them into, “Is this a service problem? Is this person upset with the service that they got? Or is it a fraud problem? Is this a stolen credit card, and the card owner is saying, “I didn’t do this transaction”?
Evan: But Denise says this may be a false dichotomy. Something that registers as a fraudulent chargeback may not actually be the result of a stolen credit card.
Denise: It was not lost. And the cardholder either actually did do the transaction or they know who did. Now, it may be a family member. It may be, in our case, is most likely an employee or a colleague at their company. But the credit card company, the bank issuer considers this fraud because the cardholder said, “This is unauthorized. I didn’t do this transaction,” but the reality is that they did or someone they know did. Now, if you don’t take and separate these friendly fraud chargebacks from your real fraud, your stolen credit cards, everything about your risk system is going to essentially blow up on you.
Evan: If you’re taking in bad data, you’re going to be producing bad results. This can have pretty severe ramifications for your business including false positives, angry customers, and loss of revenue.
Denise: When you get fraud chargebacks in, you have to segment them out and treat them separately between friendly and true fraud. And only once you do that can we then even have a conversation about, “Okay, what do we do about it? And what’s the impact and everything else?” But for a lot of merchants, they don’t get to that first step in segmenting them out.
Evan: Right. That makes sense. So with a lot of fraud, we see that some type of social engineering goes into it where someone tries to manipulate a user into, let’s say, giving up personal information. Do we see social engineering go into this at all, or is this an entirely different type of fraud?
Denise: It’s not the same type of social engineering, but I would call it social engineering. So what’s happening is offline. So what’s happening is that the kid is using their parent’s card and not telling them about it, or lying about it when they get caught. One colleague is using the card to buy work, and the work is very valuable but perhaps the colleague didn’t get proper approval from the CEO to buy the work, and the CEO then doesn’t want to pay for the work. I will say, the single biggest used case that we see in friendly fraud is literally what we call “mistake.” It’s, “Oh, I didn’t realize we were buying that work. Great job. Thank you for doing that.” It’s, “Oh, wait, I thought we didn’t need approval for this, or we do where there’s something internally with our processes that was off.” Once they realize, “Oh, wait, we actually did use Upwork. We got good work for it,” well over 50% of our friendly-fraud chargebacks disappear. The cardholder goes back to their issuing bank and go, “Okay, we made a mistake, this is not unauthorized. We did get this work and we did mean to get this work.”
Evan: So generally speaking, is friendly fraud something that businesses and fraud fighters are good at catching, or is this something that tends to slip through the cracks?
Denise: I would say it is almost impossible to be preventative at friendly fraud. And the reason is, if you think about the style of friendly fraud, it’s accidental. So nobody, at least in our systems, very rarely for people to have bad intention. We could have someone using the same card for three years running, hiring multiple freelancers with good reputations and having a good experience in our site, and all of a sudden, one payment gets a fraud chargeback saying, “I have no idea who used my credit card on Upwork.” And we’ve got three years of history of that same credit card by that same person being used on Upwork, and it’s not possible.
Evan: The challenges as the normal indicators of fraud, disguising your IP address, operating late at night using disposable email addresses. None of these apply here.
Denise: Because nobody comes in to friendly fraud thinking to themselves, “I’m going to defraud, so I’m going to hide who I am.” And so, it’s so dramatically different than a true fraud situation, but it doesn’t take very much time to separate the two of them out once you get the chargeback. But it’s impossible for us to predict this.
Evan: I see. So what are businesses and fraud analysts doing wrong in their approach to friendly fraud? Are they treating it too much like other types of fraud? Is that part of the problem?
Denise: Well, I think there are two ways to look at this. One is before the chargeback, and one is after. So, before the chargeback, it is virtually impossible to say that a friendly fraud situation has a set trend like a stolen card fraudster, and you can identify it and prevent it. However, once you get the chargebacks in and you look at them and it is pretty easy to separate true fraud from friendly fraud.
Evan: That gives the business a data set they can draw on going forward, but why is this miscommunication happening in the first place?
Denise: We’ve had some friendly fraud happen where the cardholder is saying, “This is fraud and unauthorized,” when in fact the cardholder bought the work. But from the cardholder’s perspective, because they didn’t get what they thought they were going to get, and they’re not satisfied with the result, they have a legitimate perspective of, “I feel defrauded and so I feel like this is an unauthorized payment.” Now, the reality is that we have a dispute system on our site. We have mediation services that we offer. We have mid-jobs feedback reviews, and we have multiple different ways for clients for us to reach out to them and for them to reach out to us to say, “Hey, there’s an issue with my contract. I’m not totally satisfied with what my freelancer is giving me right now.” But not everybody is either aware, or willing to engage with us or their freelancer.
And so another one with interesting parts of friendly fraud that I have come to a conclusion about after reviewing about 300 of these cases is that there is a certain passive aggressiveness to the situation because with all of these options to engage, to lean into the situation and say, “Hey, can you give me a refund?” which many freelancers, this is their business. They want the client to be satisfied. “Can you redo the deliverable?” There are some cases where clients just want to slowly walk away, and it’s very easy to do a chargeback with your issuing bank. The customer is always right. We’re doing some tests right now because my guess is that these types of cases, the client would actually be a lot happier and better off if they did engage, because we most often seen a happier level of satisfaction and happiness if they engage than if they go away. If they go away and do a chargeback, they get their money back. They don’t get the work. Why do they come to Upwork in the first place? Because they wanted the work. And so, it’s not just getting your money back. You still feel cheated. You still feel like it didn’t work.
Denise: So, to me, these are psychological cases. They’re about product and process, and how do you engage with your customer in such a way that they feel comfortable coming to you? And with each one of our reviews of our service chargebacks, for example, we’ve put in more and more mechanisms into place that allow clients to either, in a passive way, or using customer support as the intermediary, or trying to make it as easy as possible for our clients to engage when things don’t go as they planned.
Evan: What should businesses keep in mind while building up their fraud teams with the anticipation that they will experience friendly fraud?
Denise: A few points first, one is that on the buyer side, online fraud control, I sense is largely, at this point, a commodity. The reason is that there are so many spectacular vendors, Sift Science just being one-point premiere example that it is not a difficult problem to solve. Fraud teams today are not primarily loss avoidance in that way, rather there are seller issues that are much bigger and much more difficult to handle on the marketplace side. Secondarily, I view Trust & Safety teams today through a sense of giving back to the business. So we, as an industry, have matured so much that we should be able to do considerably more than give the business low loss rates. We should be giving back to the business fewer false positives, lower declines, and, and this is relevant for the conversation we’re having now, customer insights. Friendly fraud are about human beings using your site and getting confused, and not understanding fully of your product or your service.
And with service chargebacks and friendly fraud chargebacks, you can do a root-cause assessment and come out, I guarantee you, even in the most fabulously built site with a long list of fascinating insights for your product team, your customer support team, your operations team about how to better serve your customers to reduce their misunderstandings and their frustrations.
Evan: For that reason, Denise suggests fraud teams be much more open to hiring non-technical people. She says you need a variety of skillsets to be successful in the fast pace but very human world of online fraud.
Denise: There is certainly a core skillset of modeling and analytics that is mandatory, but I don’t think that’s the kind of going above and beyond which most high-growth companies expect today, which is a leader in giving back to the business growth through insights. And looking at your chargebacks, especially friendly fraud chargebacks, is one of the best ways to get these insights.
Evan: To close, I just want to ask you, what’s the most surprising thing you’ve learned about friendly fraud, or the most surprising experience you’ve had with friendly fraud during your career?
Denise: I would say something that shouldn’t be surprising but really truly is.
Evan: So you’re surprised that you were surprised?
Denise: I was surprised. I was surprised. Exactly. And that is the level of miscommunication, and simply non-coordination in companies that are not that big. So, we could have one customer contacting us saying, “You used my credit card. I have no idea who you are.” “Why, where, how? Okay. This is fraud. I’m gonna go do a chargeback.” And, you know, we thank that person for even letting us know. And 24 hours later, somebody else at that person’s company goes, “Hey, why did you shut down my account? Everything was going so well. The work was getting done. My freelancers are now upset that they’re not…that they have paused their contracts. What’s going on?” And we say, “Well, we got a call that this is a stolen credit card, and hence, it shouldn’t be used on our platform anymore, and we don’t take chances with serious situations like that.” And then, oh, usually, it’s a few hours to a day, we get kind of a sheepish response back. “So sorry, didn’t mean to say that. Nothing’s wrong. Un-suspend the account.”
And I always go back to, “What more could we do?” What more could we do to help our customers with these types of cases? And this is the big brainstorm we’re having right now. You’ve got an account that’s a company account, how do you make sure that everyone in the company is informed and agreeing on what’s going on? That’s our next big challenge.
Evan: I think we can all stand to communicate better, so that is really great, perhaps timely advice. Thank you so much. Denise Aptekar is Senior Director of Global Payments at Upwork. Thank you so much for joining us today.
Denise: You’re welcome. Thank you for having me.
Evan: And thank you for joining me on Trust & Safety in Numbers. Until next time. Stay vigilant, fraud fighters.
Learn more about what sets Sift Science’s machine learning apart.
With billions of compromised credentials already in criminals’ hands, how do you protect your users’ accounts, your brand, and your bottom line?