Blog post
Fintech Friday with Naftali Harris
SentiLink
Published
May 11, 2022
Why are there credit reports for people who don't really exist? What's the role of fraud detection in DeFi and Web3? What First Party Fraud solution does SentiLink offer? These and many other topics were covered by SentiLink Co-Founder and CEO, Naftali Harris, as a guest on the Fintech Friday podcast.
Check out the transcript below or listen to the podcast.
Panel
Vaibhav Puranik, Chief of Staff, Aven
Lindsay Davis, Head of Markets, Atomic
Ale Vigilante, VP Fintech & Emerging Business, Fidelity Investments
Naftali Harris, Co-Founder and CEO of SentiLink
Vaibhav - Let's get started. So quick intro, I am a builder and small investor in Fintech and tech startups. I am building an SME credit card called Aven. And actually, Naftali, you helped us a lot in the early days when we were trying to figure out which vendor we should work with.
Naftali - Just as an aside, Aven is an incredibly cool product.
Vaibhav - Thank you. I’m definitely biased, and I'm personally very interested in hearing how you’ve been figuring out fraudsters. We thought that giving a Home Equity credit card, it's fairly hard for a fraudster to come through. But we were unpleasantly surprised. So some more on that later.
Ale - Hi, Naftali. Ale Vigilante. I run Fintech strategy in asset management and am a small angel investor.
Lindsay - Hey, good morning, everyone. I'm Lindsay Davis. I'm Head of Markets at Atomic. We do payroll connectivity to enable consumers to switch their direct deposit and access their income and employment verification data. So this might be a really relevant topic for combating fraud. I will tell you when we get into this conversation, I was hanging out with somebody in the payroll space, and he literally travels on synthetic identities. So I'm really excited to talk to you more about that.
Vaibhav - We’d love to hear your journey, what brought you to SentiLink, what were you doing before and what was the “a-ha factor” or inspiration to build this?
Naftali - Yeah, absolutely. Thanks a lot for having me on. The story of how we started SentiLink actually starts when I was an early employee at Affirm. Max Levchin hired me as the first data scientist there. I was 22 years old, and I had just dropped out of grad school at Stanford for statistics. Max had reached out and said, “Hey, I'd like you to be our first data scientist and be in charge of our decisioning systems.” I was like, “ that sounds pretty cool to me.” And so I joined Affirm. As I said, I was the first data scientist and when I got there, literally everyone that would apply for an Affirm loan would get approved so it was a completely blank slate. And it was an incredible experience. It was certainly more responsibility than I deserved at that time in my life and career. But I had a lot of fun building out the first fraud model there, and then we built out the first credit model. Very quickly it became more than one person's job. So I recruited a team of engineers and data scientists, and together we built all the code and models around approvals and declines of Affirm which was, as I said, an unbelievable experience. I learned a lot. It was very neat to do that from the beginning because you could actually see everything from first principles.
So we go build this stuff out feeling pretty good about ourselves. And then one day we come across something very, very interesting in the Affirm applications. We came across 12 different applications for credit at Affirm, all of which have the same name and date of birth, but 12 different Social Security numbers. And so we're looking at this and we're saying, okay, what are the odds you have twelve people onboard on the same day, with the same name, who all decided to apply to Affirm today? By the way, they weren't trying to get Peletons or mattresses or couches. No, of course, they were going for Louis Vuitton bags, shoes and so forth. So we looked at this and realized there's no way these are 12 real people. This has to be fraud and so we go to shut them down. But before we went to shut the accounts down, I had the idea of hey, let's just double check that the credit Bureaus agree with us that these are not real people and that this is fraud. So we pulled the credit reports on those 12 different identities, and I was expecting to see “no hit” or “error code.” Instead, all 12 of those identities have real credit reports. Not just credit reports, but really good credit scores like 700, 750, 800 - better than I had at the time.
So, we're looking at this and wondering how it’s possible that this fake person has a 780 credit score? Well, if you looked at the credit report, it was because every major bank and lender in the United States was just shoving money at them. Here was a $20,000 credit card they had and here was a $30,000 unsecured consumer loan, and here's a $50,000 loan for a Mercedes. It was just insane that every bank and lender in the United States was throwing money at these people who we realized were not actually real.
Vaibhav - So can you talk a little bit more about this? I don't think people realize that when you do a credit bureau check they actually create a new entry for you if they don't find one, or attach all the data you've sent in that inquiry to some identity, which they think is the most likely match.
Naftali - That's right. This was very surprising for me too - how do you have a credit report for someone who doesn't really exist? The first question I had was, “surely the Bureaus must return no response sometimes, right?” Lo and behold, we took a look. Sometimes when you pull a credit report on someone and it's a ‘no hit’ result, that’s good. It's what you want. If you just mashed the keyboard and tried to apply for credit with the name like ASDF, you should get a ‘no hit’ response from the Bureau.
Sometimes those users where you get ‘no hit’ at one point in time will actually come back and apply for credit a week or two later. So I looked at one where they had applied, we pulled credit on them, we didn't get any hit. They came back a week later. We pulled credit on them a second time, and that time we got a credit report. We looked at the date on that credit report, and it was the previous week. So, literally, the act of applying for credit created a credit report for them. This is one of the things that is very surprising to many people.
The Bureaus don't have any master list of who people are in the United States. Everyone assumes that they must know who people are. When you talk to the Bureaus, they brag about how many consumer records they have. But the truth is, the way that they get those records is from getting inquiries and furnishing updates from financial institutions. There’s this very circular reasoning here, where historically the Bureaus (and even today) assumed that banks and lenders knew who was a real person and who wasn't and had accurate records. They took lenders and financial institutions at face value. Conversely, historically, banks and lenders assumed that the Bureaus had accurate records. The truth is, neither of them necessarily do and you've got this very circular approach where both parties think the other party is doing their due diligence. Does that make sense?
Vaibhav - It completely does. Before we go deeper there, I was wondering, what does SentiLink do, and how are you different from other identity providers?
Naftali - Yeah, absolutely. Once we have this insight that there's people that don't actually exist, we realize there's an opportunity to start a company around it. My friend and now Co-Founder, Max Blumenfeld, who was with me at Affirm, and I went to Max Levchin and explained that we wanted to start this new company. Max (Levchin) to his credit offered to invest instead of firing us on the spot. So we got the company started that way. And what we have done since, and what SentiLink does is, we provide an API for banks, lenders, fintechs, non-banks, different organizations that need help with identity verification. It's an API; it works at the point of account opening and before a credit card issuer will give out a new credit card or before a telco will let someone finance a phone or before someone opens a checking account. We receive information associated with the account opening like name, date of birth, SSN, address, phone, etc. We score that in real-time and return back whether or not it's a likely synthetic identity (e.g. someone doesn't exist), whether that's likely to be identity theft, and we’re now also detecting types of first party fraud.
We look for a lot of different sorts of risks and assess applications for them. Today we work with over 100 organizations in the United States. Every day we verify nearly a million identities. We’re very behind the scenes, but we process and help consumers to prove who they are to different financial institutions and stop the bad guys from doing it. So that's a little bit about what we do.
In terms of distinguishing us from other organizations, this may be the cockiest thing I say on this chat today, but frankly, the biggest differentiator for us is that we really understand fraud and identity. That manifests itself in a lot of different ways. It comes from a lot of manual review that we do. We have a team here at SentiLink, which is unusual. It's a large team of analysts that manually review cases looking for fraud. Since we see several hundred thousand a day, we can't look at all of them. But we do look at something like 1500 or 2000 applications per day. And we have a team that manually reviews them trying to see what the fraudsters are doing. Are they changing their tactics? The insights we get from that go into model features and go into improving our products. The labels from those analysts are targets for models. That manual review is actually so important to us as a business that every Friday at 11am Pacific, we spend an hour as an entire company reviewing cases together. That deep understanding, which is literally a corporate value of ours, goes into our products and it allows us to not only have superior products but also to have ones before anyone else for new (fraud) issues.
When we started this company five years ago and were talking about synthetic fraud, I would get two very common questions. The first question was, what is synthetic fraud? And so I’d explain how a person that didn’t exist would try to open up accounts at financial institutions. Having to explain what it was reflected how early we were. It was something we discovered from our deep understanding. The second question wasn't even a question. It was, that's impossible; there's no way that could actually be true. That incredulity was really a reflection of where the market was at that time. We did that for synthetic fraud five years ago. And we're doing that again today especially around our newer products related to first party fraud. That deep understanding has allowed us to differentiate ourselves from our competition.
Lindsay - I’d love to hear a little bit more about the go to market and the scenario so when somebody tells you that synthetic fraud isn’t a thing. What do you do then?
Naftali - This pushback was something we got initially. Now we’re kind of passed that. There is some pretty interesting data that we have so the thing that’s been most compelling for our go to market strategy has actually been data that allows us to point to specific cases of fraud that impact different organizations. When someone says, “I don't have a fraud issue,” we can say, “Well actually take a look at our data. Frankly, it looks like you do.” We can even point to specifics. We can say our records indicate that you have a specific case of fraud here and literally point out that case to them and actually show them on a call. They can go look it up themselves and see what happened. That’s been a really effective strategy that we've used in our go to market.
Vaibhav - I was going to go back to what you were saying about synthetic fraud. How do you define it with a little more nuance because, for example, we see a lot of identity takeover situations where all the rest of the identity is fine, but somebody's just trying to change the phone and email so they can redirect things to themselves. Do you call that a synthetic identity or something else?
Naftali - No, I would call that identity theft. Within identity fraud, there's two big subcategories. One of them is ID theft, which is when someone uses a real identity that's not theirs, in an attempt to commit different sorts of fraud. For example, I'll be the jerk in this situation. I would use Linday’s name, your date of birth, your SSN to apply for credit or to try to open up an account but I would use my own (maybe not my personal phone number or email address), but ones that I control, so that I can use that account that was opened in your name. There’s a variant of this where I could sign up with Lindsay's name, date of birth and SSN and I might even use her phone number and email but then try to change it at some point to take it over. So that’s ID Theft.
Synthetic fraud is different. We define a synthetic identity quite simply as a name, date of birth and Social Security number which don’t all belong to the same single cohesive person. In other words, it's a person that doesn't exist. There are two big subcategories of this. The first is what we call a third party synthetic identity, which is a name, date of birth and SSN, which doesn't tie back to anybody at all - it’s completely fabricated. It's a ghost or Frankenstein or what have you. That's typically done by organized crime rings that are trying to commit fraud at scale. There's another variant though, which we call a first party synthetic identity. And this is where someone is using their true name and date of birth, but they use a SSN that doesn't belong to them. The reason we call it first party synthetic fraud is it's a variant of or is a type of first party fraud. And the reason that someone would do that is if they have really poor credit. Using a new Social Security number will actually allow them to get a new credit report at the Bureaus that doesn't have any of their derogatory information. I see my friend Aaron on the chat here. Aaron can be the jerk in this situation. If Aaron has really bad credit, say, a 450 credit score, Aaron can use his name and his date of birth, but, Ale, your SSN, and get a new credit report that doesn't have any of the derogatory information on it that gave him a 450 credit score, and then start using that instead. Does that make sense?
Lindsay - Yes. I was at a conference where people pushed back on this concept of how pervasive is synthetic fraud and especially during this period of time where people are not in person, they’re not physically walking into bank branches to open accounts. Literally a gentleman from a payroll company had flown there on Clear on a synthetic identity. That was pretty cool, but also pretty scary.
What other forms of data do you incorporate into your fraud analysis? We build payroll connectivity, and that is something we can enable and we have caught some third party fraud in that scenario.
Naftali - There's a lot of different data. I separate out three forms that we're looking at. One is what I would call core identity elements or biographical information. Things like name, date of birth, SSN. I'd include some address history in there. You can think about this as the four CIP elements. So, does the SSN and date of birth, line up with each other? Does that make sense? Does the SSN issuance make sense? Is it where the person is from? Is there a better SSN that belongs to the individual? That's what I would put in biographical or core identity elements. The second form is related to contact information. That’s really your phone number, email address and debatably parts of your address. You’re looking at how legitimate is this phone number or email address. Is it a VoIP phone? Is it an email address that was created at the same time that the identity appears which would be suspicious?
Lastly, there’s digital identifiers so things like device information or IP addresses, and you're looking for different aspects that are more or less risky, like, a VPN or proxy IP, things of that sort. There’s a lot that goes into our products, but there are other things that you can do, different treatment strategies, when you suspect a synthetic identity.
Some of our partners request W-2’s from an identity they suspect is synthetic or they ask for their SSN card. There's actually a new service that we offer through the Social Security Administration called eCBSV where you can take a name, date of birth and SSN to the SSA directly and ask them to validate whether they actually issued that SSN to that individual. That’s a treatment strategy that's worked really well.
Vaibhav - That’s super cool that you got into eCBSV which was a lot of hoops to jump through.
Naftali - Actually, I have to tell you that story. Let me tell you what the hoops were. This program was mandated by an act of Congress. We hired the person that got Congress to pass the bill, or it was an amendment to the banking bill. In his office he has the framed bill that he got Congress to pass. When the SSA announced this program, they opened it up to a small group of companies to apply to be part of this program. There was a huge amount of interest from industry as you'd expect. Something like 200 companies or so wanted to apply, and they're only letting in 10. This is the part that is unbelievable. The way they decided which companies will be a part of this new program was actually first come first served.
They specified when the applications could be submitted. It was at 6am on a specific date. Whomever applied first would get in. By the way, it was, 6am Eastern Time, and I'm sitting here in San Francisco. So we got up at 2:45am Pacific Time, and synced our clocks on our computer to network time to make sure it was exactly the right time. We wrote a script that would submit the application at that exact moment, and we also hovered over the enter button and waited for the clock and pushed the Enter button that way. And so we made sure that literally at 3:00 in the morning on the dot, we were the first to submit an application. And so we did and we were part of that group. So, we got in, we were part of the pilot program. And then frankly we had a better engineering team so we got to be the first to actually do the integration and go live. And one of the things that we don't talk about too much is I'm actually the first person in the United States - me, Naftali Harris, to go through eCBSV. I was the first person ever to have my name, date of birth and social, confirmed by the SSA through eCBSV.
Vaibhav - Nice. Something I think Lindsay asked, I wanted to probe a little bit deeper. I'm always amazed by the different services which are coming in but I'm also distressed by the fact that we are sort of creating these private black lists which might or might not be available for a consumer to challenge and sort of get out of. How do you think about exclusion? The famous examples are all the people who got caught in the original TSA no fly lists. There was no way to get out of it because if you're on the TSA no fly list, no one can talk to you about it. How do you think about that? How do you allow people to sort of say, Hey, you guys caught me but I'm a real person. Here's my information. Can you unblacklist me?
Naftali - There are a lot of different types of fraud. Synthetic fraud is one of them. The thing to do in each of those different cases are different and important but for synthetic fraud specifically, eCBSV is actually the best get out of jail card,. For example, if SentiLink or anyone else for that matter thinks, hey, this person doesn't exist. It's not a real person. You can go to the person and say look, we don't think that you're a real person respectfully, we couldn’t verify your identity. However, if you'd like to get through here, why don't you consent to having the SSA take a look. You can give the person the opportunity to take their name, date of birth and social to the SSA. That’s a really great way to get someone out of jail. If you think that you mistakenly thought that they weren't a real person.
A version that is super helpful for part of the population which has a real challenge proving who they are like recent immigrants, young people, people new to credit in general. That's a population that's historically and even today has a really hard time proving who they are, just because there's no records on them. eCBSV for them is not just a treatment strategy. It's also actually just a way to show who they are where almost no one else has any records on them. And so actually, today we work with a number of Fintech companies that specifically target immigrants or young people or people that are new to credit for one reason or another and use eCBSV with them to verify their users before anyone else can even get records on them.
Vaibhav - Sonny who was going to join but couldn't at the last minute, he's been into DeFi and Web3 and he was wondering how does this or have you ever played in that world in DeFi with the decentralized identity world? And how do you think SentiLink can help?
Naftali - Yeah, absolutely. We work with a number of different crypto companies and it's typically around people buying, selling or transferring crypto. Crypto, as most know, is perhaps the devil's gift to money launderers. Obviously there's a lot of great use cases for it. But one of the downside is if you have ill gotten gains of some sort whether you got that from committing different kinds of fraud or you got that from drug trafficking or you got that from hacking or something like that, a great way to actually launder those funds is through cryptos. And so what sometimes you can see are fraudsters that will sign up for crypto accounts, and they don't actually care about crypto or Web3. They just want to buy a bunch of crypto and then be able to transfer it and at the point of account opening that manifests itself sometimes as synthetic identities but more often than not actually as stolen ones where fraudsters steal someone's identity, use that to open up an account to buy crypto and they're not actually trying to steal from the victim necessarily. They're actually trying to create an account that they can then use to buy a bunch of crypto and move their money into crypto. So we work with those organizations in crypto and Web3, in order to help them prevent people from doing that.
Ale - I wanted to go back to the go-to-market. Who do you sell the solution to? This is a huge problem beyond fintech.
Naftali - Fintech has been a great segment to us and we're happy and proud to work with fintechs from new startups to very established ones. But we also do quite a lot of work with traditional banks. We do a lot with credit unions, and we do a lot outside of both to alternative lenders of different sorts like some of the subprime space or even just ones that are private equity backed.
We're starting to do a lot of work in tenant screening, screening of people who are applying for apartments to make sure those people are who they say they are. We do a lot of work in purchase finance of different sorts. Some of it is Buy Now Pay Later, other is lease to own or private label cards or things of that nature. We also work in utilities. So with phones or other sorts of use cases. More generally, there's a lot of applications in your life when you need to prove who you are, and a lot of organizations for which figuring out if someone is who they say they are is an important business problem. Those are the kinds of organizations that we serve.
Ale - And how do customers usually use it Naftali? Do you usually work together with a KYC provider? Is it a standalone solution?
Naftali - We are a KYC provider, actually. We provide KYC directly. KYC means different things to different people. But if you go and read those CIP rules, Customer Identification Program rules, what you'll actually find is that fraud and KYC are actually really two sides of the same coin. The CIP rules say that you need to form a reasonable belief that you know the true identity of the customer. A reasonable belief that you know, the true identity of the customer - that’s what it says. In order to form that reasonable belief you need to make sure the person is who they say they are. It’s common sense and we also support the other KYC requirements. For example, we have different things associated with watchlist checks, we can help look at the four CIP elements so that’s name, DOB, social and address but a lot of people sort of assume that KYC is a “compliance thing” and fraud is a different thing and actually, they're very linked. So we do both.
Vaibhav - How do you sell, Naftali, because I think one of the challenges when most Fintechs or even banks, speak to a salesperson, they don't know, especially in the fraud and identity world. It's a fairly numerical heavy numbers heavy data oriented conversation, right? So typically, the salesperson will then call a product specialist and ask them to give all the answers. So how do you navigate that? And that's a little frustrating because I'm like, Hey, just give me precision and recall. Can you give me your area under the curve? Can you give me real statistics of false positives and false negatives. How have you built your sales machine?
Naftali - Actually, one of things that we're proud of is that whenever we talk with a partner, either an existing one or a prospect, they come away learning something new. So the first thing I'll say is that the standards for our partnerships team are super high. So when our partners are talking to them, it's not a frustrating experience. In fact, it's an illuminating one. I would say that part of the sales process for us is analytical and numerical. And so actually one of the things that we do literally to your exact request is we do return precision and recall tables. It goes back to the risk operations team that I mentioned earlier, where, when we do work with people, we typically start by doing a retro study. So we'll score for example, a quarter of historical applications for them and we're actually able to do that as of the time of the application and it’s very careful and we're proud of being able to do that.
But then, after scoring that we'll have a risk operations team manually review a subset of applications for that partner. And by doing that manual review, we can literally figure out the precision at different score bands. Both marginal precisions and cumulative positions. We can look at different recall things and we literally present a table in that retrostudy analysis to our prospective partner to help them come up with the best possible cutoff. We also found it's important to also be qualitative and so to bring that to light we’ll also show them you have 50 basis points of fraud (or whatever it is). We can catch that by stopping 60 basis points, and so we'll have 10 basis points of false positives. If you catch 50 basis points of fraud, and that's worth $5 million a year to you or whatever it is. But we'll also show them a couple of explicit examples and say here are a few representative examples of what that fraud actually looks like. We’ll walk them through it and explain why it's fraud and what the models are doing and how they're catching it and so forth. That tends to be a really illuminating experience for a lot of our partners.
LIndsay - That's amazing. It’s showing people where they can actually plug their gaps. It’s above and beyond white glove customer service in these types of scenarios. It’s a good technique that you can replicate across different customer sets. I'd be curious in hearing about scenarios where you have been sort of transparent and found that competitors were claiming they could reduce fraud by a much higher level and were quoting something that's sort of preposterous and not true. I'd be curious to know if you think that's happened in your space and how you guys have handled that.
Naftali - Yeah, so maybe this will be the 2nd and last cocky thing I’ll say on this podcast. There’s so much BS and snake oil that is out there. Especially related to marketing claims. And sometimes, on the face of it, it's clearly false. For example, someone will say, “there's $500 billion of credit card fraud in the United States.” But, all credit card spending in the United States is $2 trillion. So the math just doesn't work out at all. To your question, the way that we deal with absurd claims of that sort is not to try to one up them, but actually be very plain spoken and state the facts. As a concrete example, the most commonly cited number for the amount of synthetic fraud in the United States is $6 billion. Frankly, we don't believe that. We think it's an overestimate. For a company that got started preventing synthetic fraud (and we're still probably best known for that), for us to say we believe it's less than 6 billion, it’s actually probably closer to one and a half it displays the fact that we actually don't have to rely on scare tactics or exaggeration. We rely on what the facts are. The press often say things like, “(fraud) is a $100 billion problem, right?” And I'll say actually, it's not. Our partners, the folks that we work with, they're generally quite sophisticated. They know the difference between exaggeration and none. It’s really a trust building exercise. So just be honest and not exaggerate and show people what things actually are, because if you don't do that, people will look at their own data. I'm making an argument here for why we're honest, which is kind of hard for me to even make an argument like that. Hopefully, that answers your question, but it's something that's really incredibly important to us and it goes once again, so that deep understanding of it we have it just like making exaggerated claims is incredibly countercultural for us.
Vaibhav - Yeah, that is so true. Lindsay and I were just talking in our back chat. We see this all the time, especially because I'm in a consumer financial services company and we rely on 10 or 15 different data providers and this claiming thing is rampant and people get upset if you ask a lot of questions. So thanks for trying to keep people honest. I think the other challenge is it’s just very hard to measure this because all of us have very different points of view of how we measure fraud even in what we call fraud is probably very different. And you said something else which I've seen more of recently which is first party fraud and in credit cards we used to call it bust outs. Can you talk a little bit more about that?
Naftali - Absolutely. To your first point, one of the big challenges is that different organizations think about fraud differently, have different definitions of it, and so forth. The way we deal with that actually is having that internal team of risk analysts that I mentioned that have a really concrete, firm and consistent taxonomy. For example, some of the stuff that Aven considers fraud some of our other partners probably wouldn't and vice versa.
Vaibhav - Exactly, for example, we give loans for primary residences. And if you don't have a primary residence, our interest rate is higher because it's riskier to lend to a second home or someone an investment property. So, for us, if you are falsifying your primary residence, that is an attempt at fraud, but it's not, as if somebody is completely being a fake identity and is taking money away. So there's a degree of potential risk of losses to us. Even if we give a loan we will lose something a percentage or two on it on interest rate for this person. Fine, right, it's a real person.
Naftali - That’s exactly right. And I think that's one of the big advantages that we have in our consistent taxonomy. For example, if you were to call that fraud, because that's fraud for you guys. And then, when the person tries to get a checking account you don't care if they tried to exaggerate their primary residence if you're just trying to give someone a checking account. That consistent taxonomy is important.
To your second question about First Party Fraud. First Party Fraud is a very, very broad term and bust outs are an aspect of that. The variants of first party fraud that we're tackling now, does result in bust outs, in a very interesting way. Our first party fraud flags (and we've actually launched them) are focused on credit washing. It's something that most listeners here probably aren't familiar with. The Fair Credit Reporting Act has a number of consumer protections, as it should, some of which allow you as a consumer to go to the Bureaus and fix information that is incorrect about you. If the Bureaus have records that are incorrect or incomplete, you can go to the Bureaus and say, “Look, this isn't correct. Can you please fix it for me?” And so one of the great use cases for this is if your identity is stolen. If a fraudster steals your identity and opens a credit card in your name and you see that on your credit report, you can and you should go to the Bureau and say this wasn’t you. That’s the point of those consumer protections. However, there is a growing group of fraudsters that are abusing this, where they'll go get a bunch of loans, they won't pay them off, and then they'll go to the Bureaus and say, “that wasn't me… my identity was stolen” and completely lie about it, and actually get the Bureaus to remove the derogatory information on their credit reports, even though it actually was truly done. So you have this group of people that have nominally 750 or even 800 credit scores. But if you saw what should be their true credit score if they hadn't lied and gotten that information scrubbed, it would be quite a bit worse. And so it's a group of fraudsters that are just doing this continually trying to credit wash and incur credit that they shouldn’t be able to. So that's the variance of first party fraud that we've tackled first. We call it serial disputers.
Vaibhav - It's very familiar to me because I literally booted up a team which is just handling this. They come in as a block request and the Bureaus think we are bad people, but we have to fight. It takes months for each case to resolve and there's a lot of work.
I wanted to go to an area which we'll be talking about for the last two years which is building culture. In the last two years, people weren't in the office, so it was very different. I'm hoping you guys are all or at least going to the office somewhat. You’ve grown tremendously in the past year so I’m wondering how do you keep the same culture and consistency especially because you are in such a highly specialized world. And, what’s your philosophy around hiring and onboarding people.
Naftali - It’s a first class concern for us and something that we take super seriously. So I think one of the things that changed for us during the pandemic is we went from hiring people only in the San Francisco Bay area, to hiring people throughout the country. We’ve hired some really outstanding people in a lot of different areas. We’ve got people in San Francisco, but also New York, Chicago, Philadelphia, Washington. There's a small group in Minneapolis and in Wichita. It has been great to be able to get talent from a lot of different places. There's maybe a third in San Francisco and maybe a sixth in New York. The downside of this is obviously is that you're not all in the same place, communication can be more challenging and culture building can be more challenging. What we've done to mitigate that is pretty unusual. Every eight to 12 weeks, we run an on-site that we call SentiWeek where we fly the entire company out and spend a week working together. Some companies do this maybe once a year or twice a year. We do it literally once or twice a quarter. To be quite honest, SentiWeek is not the most productive week for us. Our engineers aren’t super productive that week, and it's a lot of internal alignment meetings. We do a team building exercise, we have a team dinner, different sub teams, the data science team will go off and have some fun and the engineering team will do that. And the sales team will do that. It’s really about team building. And it's about alignment. It’s not super productive from a work perspective but incredibly productive from a team building and culture perspective. We think that trade off is worth it. It allows us to hire amazing people all throughout the country to get access to talent that we wouldn't be able to otherwise. I’m incredibly proud of the people that we've hired and onboarded, and it's really an outstanding team. But we’re also able to build culture, build alignment, despite having most of the company remote.
Vaibhav - One follow up to that. I think as long as people were remote and on Zoom, that's fine. As more people turn up in the office, how are you making sure people are not left behind in terms of decision making? When you are in the Bay Area and there's some of the team members in New York - which is literally my situation so I'm just projecting probably - how do you make sure if there's something crazy going on at nine in the night, which is six in the Bay Area, people won’t hesitate to call? At the same time, I need to be part of the decision making cycle. So how do you make me feel not excluded?
Naftali - I've no hesitation about calling you at 9pm your time or later. But the way that we do it is partly through technology, partly through culture. Every person on our team is important and a critical member of the team and that's regardless of where they are. If it's 9pm your time, but this is an important thing, we will 100% give you a call and we'll set up a zoom. The most important part of this is based on the culture - remote people are not second class citizens. But then the other aspect of it is - and this may sound funny - but it’s actually important. We set up zoom rooms in, our office and they work really well and so for our management meeting, I've got some of the people in the management meeting that are sitting at a table and I've got some of them that are on a screen at the end of that table, and we can all see each other we can all talk easily and it works really well whether you are calling in from LA or New York or somewhere else or you are sitting in the office in San Francisco, you're still a critical member of the team and in what you say matters. So I think it's mostly a cultural thing. As I said, remote people are not second class citizens. But there's even some small technology things you can do to make it very easy.
Vaibhav - Nice. Yeah, we do the same. My Zoom Room is called Jersey Shore. And people just drop by all the time.
Lindsay - We got Oculuses and we do virtual meetings and we all have avatars. Some Beat Sabre happens as well.
But we have about five minutes left and we like to end on time. So if anybody has any kind of closing questions, we're happy to ask those. I want to know what was one of the craziest stories that has happened at the company in terms of catching fraud, preventing fraud, mitigating fraud, or just something wild?
Naftali - There was one that we came across recently. This was not the hardest fraud that we ever caught, but was super interesting. We came across this identity that had applied for credit and then used the SSN of someone that had died in the 70’s. This was obviously fraud. But a lot of identities in our system had tried using that same Social Security number. One of the identities had the name Elvis, as in Elvis Presley, and so, just on a whim I Googled Elvis Presley, Social Security. It turns out his SSN was breached or published after his death, and so it's just out there on the internet. And there's a whole group of people that will try to get credit with Elvis’ Social Security number. If you don't have your own SSN, you'll just use it. So someone had tried to open an account with Elvis’ SSN.
Vaibhav - So those open credit cards with that SSN are the reason why people think he’s still alive.
Naftali - I guess. I should go look through our database for Tupac and Biggie.
Lindsay - They might BNPL for some Blue Suede Shoes.
Vaibhav - Interesting. Have you had a situation where you've actually worked with a law enforcement agency?
Naftali - We have. It’s probably some of our proudest moments. Obviously, I can't talk about specifics, but based on what we've done, we've actually helped get arrests even, which is incredible. In one of the cases where someone had gotten arrested, as you'd expect, there was a whole bunch of other nasty stuff like credit card applications, but also drugs as well. It’s something that we're really proud of to be able to help bring people to justice.
Lindsay - That's amazing, modern day superheroes. Thank you again, Naftali, for your time and teaching us more about the fraud space. It would be really good to hear any closing thoughts or advice that you impart upon founders that are in the room or an ask that you have in the audience.
Naftali - First of all, thank you for having me on. This is awesome and really great to chat. In terms of advice for any founders, Go for it. It'd be my best advice. No matter what the thing you're thinking about doing, go for it. And so that's my advice for you. And then in terms of an ask for the audience, yeah, help me get the word out. If you see people that need help with account opening we’d love to chat with him or with you so thanks for having me on.