Today we bring you our first podcast!

We take you behind the scenes of e-commerce, with an interview with the founder of Ravelin: Martin Sweeney.

With him, we talked about fraud detection and prevention: challenges and trends. Discover his vision of the market in this new podcast format that we´ve inaugurated in ECN.

Transcript of podcast:

Freddie: So hello everyone. Here we are one new podcast this week today with we’re with Martin Sweeney. He is the CEO of Ravelin. Hi Martin. How are you doing?.

Martin: Hello. Hello. Yes very well thank you.

Freddie: So, today we’ve last week it was merchants payments ecosystem where I think we. We were both present. That’s right isn’t.

Martin: It´s right. It was great. Did enjoy it.

Freddie: It Was a great event where we had a lovely time. Many  new information many new really interesting keynotes from all of the speakers. And yet a bit the idea for today is to talk a bit more where you can introduce to our community a bit more an on Ravelin and talk about PSPs, fraud detection, prevention, future of payments, just take some good time. Having a nice chat. So just to give a quick some quick facts Ravelin went through your funding round series B September 2018 and Martin’s gonna be able to quickly introduce us to the company as to say, so you Martin in your hands.

Martin: Thanks very much. So Ravelin is a fraud detection and prevention company that works primarily with merchants and payment gateways in e-commerce. So we are we are actors who defend merchants from bad actors and who optimize to accept as many real customers and many payments as possible. So really we started this company which is about four and a half years ago now because we used to be merchants we used to understand the frustrations of fast-growing companies spending lots of money on marketing striving for optimizing conversion and then to be frustrated at the last mile because either there was a fraudster who cost us lots of money or we were not making good decisions about which customers should be allowed through. And we were making mistakes and turning away real customers. So the whole ethos of this company is based around we should be allowing as many real people and a few fake people or fraudsters as possible to use the system or service and generally we think that should be something that merchants don’t have to worry about too much and that should be outsourced to a company like ours who can help make really educated decisions about the risk of each customer so that we can help you grow your business as fast as possible whilst minimizing the downsides of fraud which is, unfortunately, an ever-present danger with shopping online. So most merchants have they use a payment gateway and that payment gateway or PSP will probably offer some level of fraud detection sort of out of the box.

Martin: Now the problem with what you get out of the box is that it’s not very good and it’s quite generic. So really what we offer is to go another level or another few levels down into the data to understand as much as we possibly can about the real people who are using your websites or apps and making really educated decisions about who should be allowed who shouldn’t be allowed. And we operate internationally which means that we have a range of merchants who work in different industries verticals and geographies and that means that in some industries and some geographies there isn’t a huge amount of fruit but there is a frustration with the tools available so if you’re operating in Germany or the Nordics then you probably don’t have a huge amount of credit card fraud but you may have other issues in your customer base then if you operate in let’s say Spain or the UK then maybe credit card fraud is much more prevalent as in France. And then if you are truly international that merchant let’s say you operate in Brazil or Peru then your fraud is clearly a lot higher and you’re more exposed in this country. So we offer one central place to optimize this real business and to really take the headache away from you by giving you control over the outcome. So we really optimize for acceptance and minimizing fraud.

Freddie:  So a bit like linked to that. With that said what has changed for PSPs from fraud detection and prevention perspective?.

Martin: Well I think the PSP have two main challenges. The first is that some regulations have come out recently I’m not sure whether your listeners have been following along with us. It’s quite a sort of dry piece of European legislation it’s called PSC 2 Payment Services Directive and the PSC 2 has two big aims. The first is an open up banking and payments to make it more accessible for consumers and that’s incredibly laudable. The second is to increase security online and decrease fraud by requiring that people authenticate whenever they pay online. So if we’re familiar with the process of using card payments online it’s relatively easy to do.

Martin: I mean I accept that typing in a 16 digit number isn’t always that easy but on the whole consumers understand it. So you type in the number you put in your billing address you hit pay and off you go. And sometimes depending on the merchant you might use 3D secure and 3G secure as an extra step whether the issuing bank which is the bank that’s provided the card for the consumer to use is asking you to prove that you are who you say you are and actually merchants have a choice about whether they turn this on or not if they turn it on they don’t have any liability fraud that happens it’s the issuer who pays but if they turn it on across the board then the consequences for their conversion through their checkout process is dramatic. So the figures really vary by country but you can expect somewhere around 20 per cent of users will just not be able to complete their checkout experience under 3D secure. And that’s just totally unacceptable right. So as a merchant you’re you’re stuck between this kind of awful position of having fraud and liability and it’s a very emotional expensive experience or conversion impact which any right-minded person would veer away from very quick. So we offer a third way which is that you can use our results to dynamically select which transactions to use three to secure or not but under this new regulatory regime the European Commission and then the European Banking Association of pushing forward the proposal that many more transactions originate is all transactions need to use 3D secured. So if we are looking at this with our merchant hats on I mean that’s that’s pretty terrible for online commerce. Nobody wants to make it harder to buy and pay to buy. Yeah. And I think that’s just a bit crazy. So when the regulators put forward the first couple of drafts of this piece of legislation the industry submitted lots of responses. And that was people in merchants and gateways all of whom who I think had a collective heart attack because they realized that this was going to be incredibly damaging for the GDP at the Internet and the commission came back with some proposals and what they said was we stick to our guns about wanting that to be greater security and less fraud online. But what we’re gonna do is we’re going to grab this thing called an exemption and then an exemption means essentially you don’t have to use 3D secure on every transaction. If you’re really good at fraud detection and you know that this person is probably a genuine customer to a really high degree of confidence. So if you’re a PSP in the loosest sense whether that’s a gateway or an acquirer or a collection of those different entities what that means is you can offer this exemption that get out to your merchants but it means that you as a PSP have to be really good at fraud detection in a way that you haven’t had to until now. Because as we know today it’s up to the merchant if they turn on 3D secure or not and if they don’t it’s their problem when this fraud. So that’s the big change for passports and merchants.

Freddie: And I think that it will basically depend on how regulation and legislation keep going over the next couple of years. Bill for the moment that’s what we have. We have as we’re willing to this and talking about the future. How do you see the future of payments from a fraud perspective? Let’s see if you could. What would be your ideal world or what are you see what you see it’s going to happen?

Martin: Well I mean it’s always dangerous. Crystal ball gazing but I’ll give it a crack anyway so I think there’s a few interesting things on the horizon. So I mentioned that with PSG two there are two major components. There’s the open banking side. I didn’t call open banking but that’s what it is called. And then as a securities US Open banking basically says it should be possible to move money from one bank account to another without needing to go over the card rails. That is to use Visa Mastercard Amex and the others.

Martin: So actually they’ve introduced a new class of payments which don’t have a great name yet but you can think of as push payments or direct bank to bank transfers that merchants can use and would have lower fees and much and almost no fraud attached. So I think that’s a big interesting future direction for online payments. I think the big open questions for that are around the user experience and usability of that system as it stands it relies on essentially a similar system to ideal payments and in the Netherlands but an even worse user experience. So the merchant provides a website the consumer prices pay with my bank or however we branded and then have to essentially log into the Internet banking and approve that payment. And at the moment it works. We have seen some really compelling demos but you know having spoken about the conversion impact of 3D secure which is not that complicated but people still manage to forget their passwords or to lose interest. Open banking is like another level an order of magnitude of greater impact on the user journey but there are lots of advantages. And actually, we’ll see if this is just the first incarnation it will improve much more over time if we can get the incentive structure for the issuing banks to improve that user interface experience. And actually, I think that it is really interesting. But as a generalization beyond the introduction of new payment methods, I’d say there are two other observations. The first is the dominance of the card networks. These guys are pros. They keep making sure that they are at the forefront of any payments innovation. They are the centre of it. So it’s really interesting to see. And secondly, fraudsters are never going to go away. What whichever payment mechanism you use whichever banking or cards or PayPal or so for two ideal you know there’s always fraud there. And yes it’s different audits by matured in each case but the fraudsters will find a way. So as merchants it’s also important to remember that along the way you’ll probably end up carrying the can for that fraud and you need to be prepared for it.

Freddie: With this, for example, what methodology are you guys going into practice to help prevent fraud. Because I know from what I’ve seen you’re working with some of the top companies or top merchants. What methodologies do you put on a practice or us to help them prevent fraud?

Martin: Well I think let’s let’s hold off on the technologies and the methodologies first but let’s just ask the question about how would we spot fraudsters generally if we were to start with a clean slate. How would we do that. And I think let’s imagine where a payment gateway when you as a merchant take payment through a payment gateway you send a little bit of data you say here’s a card. This is the order. This is the billing address shipping address please charge the card for me. And then you get a decline or except through at the end and say for the payment gateway it’s really difficult to understand. Who is behind the order and are there fraudster. So that’s why they have a big limitation at the gate. So let’s think about how we might solve that in this sort of ideal platonic way we might want to know more about who the customer is we want we might want to know what they did as they went through the buying process how they arrived on your website what they did once they got there what they chose to buy how they paid for it how they related to other customers and what they did afterwards. So if we take that principle of how you might catch fraudsters in the ACT and discriminate between a real customer and a fraudster. The basic principle is we need more data. We need to go deeper into the buying process to understand better about what’s happening. So let’s say that we do that where you want to take a feed of activity in a very light way know what that person does and to be able to make a decision before the payment happens about whether they’re likely to be a fraudster or a good customer. And the way that we do that is we take a feed of data through a Javascript SDK that we provide for the web or for Android or IOS. So we take a feed of data then we have an API behind the scenes and we sort of hoover up a little bit of data about each customer and build a picture behind the scenes and then what we’re doing is two main things or three let’s say three. So the first is is this person operating within my terms of business. You know these are terms of service that’s the boundary conditions of what is acceptable. So your business is decided that you can’t try and spend more than ten thousand euros a day. You can’t use more than 30 cards. You can’t buy from North Korea because it’s in sanctions. So these are the sort of terms of service. So the second layer is does this customer fit any patterns that we’ve seen before.

Martin: Do they look or feel or sound like a fraudster in the way that they’ve used the system. And then thirdly even if they don’t like a fraudster because they’re exhibiting new behaviour is that new behaviour just really different from everything I’ve seen and therefore just a bit suspicious. And then if we think about how we actually do that. I mean you could do it by hand. You actually could you could sit down and you could write code or rules or something that describes what old behaviour looked like and what new interesting different behaviour might look like. But the thing is you would just be very quickly out of date so you you’d have to constantly be changing it and you would have to do it relentlessly around the clock. You would have to never sleep and never get it wrong and you would have to react to every single update that happens on the system. And you know what. I just don’t think anyone’s even set up to do that particulate scale when you’re dealing with thousands of tens of thousands of millions of orders in every week or month. So the answer behind the scenes is that this is very much a statistical problem. It’s a computer-based problem. And the answer in the modern age is that it’s a machine learning problem. But actually, I don’t think we should be too hung up on the machine learning side of things. I think that’s a really essential important component of what we do. But the methodology of the data that we use and the approach we take is all about understanding better who is trying to use a website. What are they doing? How do they look and what might they be doing differently from other people. And that’s how we get the results we deliver.

Freddie: Yeah I was reading this morning something pretty much related to that that it was if merchants were able to share the information on fraud in the network one another then it would lower the number of forces operating. So the thing is to write like nowadays there’s so many laws and regulations around like data sharing and everything which means it has loads of legal implications which do not help merchants reduce fraud fraudsters or help prevent fraud. And I think this is one way as you said which is which is working quite well. That is the companies specialized in fraud prevention. Getting to know more about the user and the buying process has to say so I think this does go into the right way. Oh okay. And then within this same question, we asked the initial question was as well into the technology on how you guys what methodology do you use to put in practice these things. So from what I’ve from what I’ve been reading on your website and everything a through machine learning and then full featured engine rules craft networks maybe you can give us a bit more of detail or more information on that.

Martin: Absolutely. So we have some of the most first machine learning models in the world running on our system to constantly evaluate every single order and update our understanding of the world as we receive new information. There’s nothing as good as machine learning for doing that in real time and to do it with a really high degree of accuracy in either direction. So as well as that we also recognize that in historically fraud has been done by setting rules. Something you might do in your own system or in a third party or in the gateways to say if the customer is coming from Nigeria and is using a Nigerian card and is trying to spend over 300 pounds then we should probably decline this order. So that’s the sort of rules you might use and we support them as well. But we do caution that they are a source of many false positives because that means that real Nigerians can’t use Web site to buy things over 300 pounds which is perfectly legitimate. So we do rules. Machine learning we do cross merchant data sharing so in the way that you described and actually we mentioned the recent regulations about how that has changed data sharing of course that’s something that we’re constantly talking about. The nice thing about the GDPR, in particular, is that there are provisions for sensible and measured data sharing or use of data in certain scenarios to protect merchants in their legitimate interest of pursuing the service that they’re providing or the goods that providing. So you can do this sort of thing but we have obviously that’s an evolving situation with different regulations around the world and something that all merchants should be aware of.

Freddie: Okay. And my last question Is there anything new that you guys are. Our working on at the moment. I know sometimes it depends on new regulations. Do you have anything you can share with our community up front?

Martin: Yeah. So there are two big things that we’re doing. I think the first is about how payment gateways can react to these changes and regulations. So we’ve we’ve recently launched on a new offering for payment gateways so that they can plug in and take advantage of all of our fantastic technology and offer the benefits to their portfolio of merchants. And that’s just fantastic. The second is that one of the new technologies that’s available and there’s just sort of coming to market in the next few months is it’s called Three skill 2s.

Martin: I’ve spoken about that trade-off that merchants have to make between conversion and fraud and how 3D is secure. And when I say that I mean through skill one has made that a very unpalatable choice not three to your two is much improved in that it offers a better user experience and offers a greater chance of the authentication happening automatically rather than the customer having to actually log in themselves. And so we’re working on providing three to secure to two merchants. The interesting thing about it is that it is an improvement on three to year one but it doesn’t fix all the problems, in fact, it introduces other problems that didn’t exist in three to secure one. So really what we’re doing is keeping the merchant absolutely central in this equation and making sure that merchants can stay in control of their user experience that they can differentiate against other merchants in the market or in their industry by offering the best user experience possible by making sure that the real customers can checkout smoothly and efficiently with as little friction as possible. But the fraudster is frustrated in his efforts and is ultimately unable to make that purchase. So a variety of tools but all pointed in the same direction which is allowing merchants to accept as many real customers as they possibly can fantastic just I’ve finished with this.

Freddie: Any exhibitions coming where people might be able to find you that you know from the top of your head.

Martin: Oh put me on the spot. I actually don’t. I think we can find out and we’ll provide your list.

Freddie: Great. So anyway in the meantime if anyone’s got any questions they can go and visit Ravelin dot com their website and get in touch with them and they will be able to help you. So I’d just like to thank you for your time. Martin It’s been a pleasure having you this week on our podcast and to everyone else just see you next week and have a lovely end the week. Thank you. Bye

Freddie: I hope you’ve enjoyed this podcast. I’ll see you next week for the discovery of new adventures. Feel free to subscribe to the e-commerce explorer’s full cost on your favourite music platform venture and social media. If you enjoyed this episode See you soon for new adventures. And don’t forget exploration continues on e-commerce nation.