For Uri Rivner, the CEO and co-founder of Refine Intelligence, mission to overcome scammers leads to industry-defining payment defenses: intelligent authentication, behavioral biometrics, automated customer fraud queries

By Brian Monroe
bmonroe@acfcs.org
June 14, 2023

Uri Rivner, the Co-Founder and CEO of Refine Intelligence, has been an innovator, startup founder, technology and systems sage, cybersecurity defense strategist and online payments fraud-fighting pioneer for more than two decades.

His career is a testament to tenacity against an ever-evolving criminal nemesis always finding new ways to scheme, scam and defraud.

In that time, he has forged a legacy in the digital payments space by creating risk-based authentication (RBA) and at the prior company he founded, Biocatch, pioneering behavioral biometrics – a powerful strategy to catalogue and capture a digital you that a scammer can’t copy.

At Refine Intelligence for the last two years, Rivner has brought all of his knowledge and skills to bear to flip the script on scammers by expanding beyond fraud to the broader endemic challenges of the modern fincrime compliance program: the daily deluge of false positives.

His answer is the mission and mantra of Refine Intelligence: by being able to “catch the good guys” and better sift the good alerts from the bad, financial services firms can better manage resources, engage in more effective investigations and create richer and more relevant intelligence for law enforcement.

How does he do this?

Refine has indeed refined one of the most manual and cumbersome processes a countercrime team must do daily: contact a customer to follow up on a potential fraud alert, in many cases done by a human staffer at the outset or reviewed by an analyst at some point in the investigative chain.

Rivner and his team have re-engineered outreach with a digital version that has replaced friction with function, shrunk a typically bias-prone and inconstant process that could take weeks to a few minutes and tacked on better trackability so fraud and anti-money laundering (AML) teams can focus on rising trends that could rile regulators.

In some cases, with artificial intelligence running in the background and analyzing a growing database of “good” transactions and “normal” behavior, a customer may not even have to be queried in the first place in the case of a suspected scam payment, he said.

The stratagem takes a cue from AML teams, but in reverse.

Instead of risk rating potential bad guys to anticipate future illicit behavior, Refine risk rates “good guys” so they can more confidently reside in a wider pool of normal customers engaging in normal behavior – a more placid data lake needing less attention from a human lifeguard.

APP fraud, liabilities for banks set to soar

Even so, just as companies like Refine work to find a way to uncover and report on APP schemes, criminals will continue to adjust, adapt and find vulnerabilities – in both humans and countercrime systems.

The coming years also likely won’t be any easier for banks trying to spot these scams – and might even open some institutions up to more liability for fraud losses, even if it was the customer, or even another institution, that made the mistake.

One aspect of the challenge of tackling APP fraud is that, overall, it is expected to soar, according to published reports.

Losses to APP fraud are forecast to double across the United Kingdom, India and the U.S. in the next four years, hitting nearly $5.3 billion, with a compound annual growth rate of more than 20 percent, according to a report produced by ACI Worldwide, a supplier of payments software, and GlobalData, an analytics firm.

But that is just one piece of the fincrime compliance risk puzzle to ponder.

The other comes from rising liability as fraud laws change to catch up with the scammers, protect the victims and put more onus on the entities involved in the payments themselves – ostensibly banks.

For instance, in the United Kingdom (UK), banks will be forced to reimburse victims of fraud within five days, under new laws, according to The Telegraph.

“APP fraud has quickly become one of the most significant types of fraud, both in the UK and globally,” said the UK’s Payment Systems Regulator (PSR), which has been consulting on the new measures.

“It continues to have a devastating impact on many people’s lives, with losses totaling nearly £500 million in the last year,” the regulator said this month in a note detailing how the bank reimbursements would work in practice.

The cost of the mandatory reimbursement will be split 50 percent each between the firms sending and receiving the payment, so that “all banks and building societies will be incentivised to take preventative action” on such scams, the PSR said.

In short, the stronger rules would require banks to give victims their money back within one working week, apart from in “cases of gross negligence or where supposed victims are found to have played a role in the fraud,” according to news reports and the PSR.

There are still some potential hurdles for the new rules.

The Financial Services and Markets Bill, which is currently making its way through Parliament, will remove current barriers and allow the PSR to direct firms to reimburse customers.

The Bill is expected to receive Royal Assent in 2023, after which the PSR will be able to enforce its requirements on payment firms.

Fighting APP fraud by going back to the basics: the true power of knowing customers

APP fraud happens when fraudsters “deceive consumers or individuals at a business to send them a payment under false pretenses to a bank account controlled by the fraudster,” according to credit ratings mainstay, FICO.

“As payments made using real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realize they have been conned,” according to a recent report.

These schemes are well-known as well to bank fincrime compliance teams under the broader rubric of cyber-enabled frauds, a term covering the veritable buffet of attack vectors, like phishing, spearphishing, romance scams, pig butchering and others focusing more on the gullibility of humans than the fallibility of systems.

APP fraud, however, could cause fresh waves of wailing and gnashing of teeth for bank countercrime teams.

Part of this has to do with the persisting mentality of many of the fraud analytics executives in the world’s largest banks still thinking about the world in terms of 99 percent detection versus one percent investigation.

What does this mean?

Historically, the majority of fraud alerts could be dispositioned with a simple text or email to a customer: did you do this transaction.

“But the world is changing: in fraud you hardly need to investigate cases – you just ask customers whether they did the transaction,” Rivner said. “But in authorized payment scams, which in many countries already overtake fraud, you can’t do that: everyone you ask, including scam victims, really did the transaction.”

The end result for fraud fighting teams?

“[It] means you must investigate all suspect cases – but VERY FAST,” Rivner said. “It means running Scams Operations at 100x the speed of AML Operations, and at 100x the capacity of Fraud Operations. That’s going to be a neat trick – it basically means we need a new battle plan.”

Ironically, as the adage says, what old is new again.

Even banks with advanced systems, algorithms a plenty and brandishing buzzwords like AI and automation may have to return to a simpler, more human-centric approach to fight crime.

Years ago, banks knew the life stories of customers, “because everything was done at the branch,” Rivner said. “But now with digital transformation, banks have lost that superpower. This poses a huge operational challenge.”

Tips and tricks to counter APP fraud: don’t be stubborn – find the mule, update tools

For Rivner, the speed of change and quickly encroaching specter of more and larger payments back to customers, could result in some institutions playing catchup.

“I spent 23 years fighting online fraud,” he said. “The combination of scams, faster payments and liability shift on the beneficiary bank is a game changer that occurs once every decade.” But there is hope.

Rivner has compiled a list of things financial services and payments firms should do to prepare for the coming fraud liability shift on receiving funds.

This applies to US banks who will need to reimburse incoming Zelle scams, and UK banks who will need to reimburse the stated 50 percent of APP scam losses under the new PSR rules.

Here are some tips for institutions when it comes to uncovering APP scams and lowering liability:

• Run a mule detection program: The best programs use behavioral and device analytics to spot mule patterns. Expect to catch about 30 percent of mule activity this way.
• Boost your account opening fraud detection capabilities: Roughly 90 percent of mule accounts in the US and 50% in the UK are newly opened accounts that passed KYC controls. Behavioral analytics is again the strongest signal.
• Run a mule detection program: The best programs use behavioral and device analytics to spot mule patterns. Expect to catch about 30 percent of mule activity this way.
• Seeing the big picture: Leverage data sharing capabilities with the originating bank.
• Allow suspicious transfers in, and monitor the account for any money transfer out: This will buy time for your investigations team and reduce the cases you need to look at.
• Prepare for a massive increase in fraud operations: Your false positive ratio may be north of 100:1, and you need to investigate and resolve each suspect alert.
• Criminals – but also many good users - will move the money out fast, so investigations must be done quickly: Find ways to automate or shorten investigations by spotting which activities are clearly legit. You don’t need to spend time on those.
• Talk to your executive team about all of this: Explain that if the bank doesn’t invest now in sufficient controls, and [things go south], they’ll have two choices: accept a huge loss, or impose draconic measures.
• Trust zone: For example, limit high payment amounts from a new origin, limit money transfers out after receiving a suspicious transaction.

Key secret to success: hate the bad guys, love your problems – to solve them

One of the longstanding hallmarks of Rivner’s career is his passion not just to uncover new tactics to defeat scammers and empower fincrime fighters, but share that knowledge.

Prior to founding Refine Intelligence, Rivner was Co-Founder and Chief Cyber Officer at BioCatch, the global leader in behavioral biometrics for fraud detection.

Before being snared by BioCatch, he served as Head of New Technologies at security giant RSA, after its acquisition of online fraud fighting startup Cyota. RSA has some of the biggest conferences in the world on cybersecurity.

He has also spoken on several ACFCS webinars on topics including account opening fraud, Zelle scams, social engineering and money mules.

His contributions to counter cyber-toting scammers will be part of his legacy.

“I was lucky enough to help shape the cybercrime fighting industry: pet projects I spearheaded such as Risk-Based Authentication and the world's first eFraud Network of attack indicators grew up to become major bricks in the global defense strategy against online fraud, now saving the financial sector billions of dollars in fraud each year,” Rivner said.

But success has been humbling, with failure a harsh taskmaster.

“If something doesn’t work, it just means you need to think about a different way to tackle the problem and try again,” River said. “Fall in love with the problem, not your tech, and you’ll do extremely well.”

Rivner was kind enough to share some of his insight in our latest ACFCS Member Spotlight:

Who Inspires You?

Inspiration comes from strange places!

So many people I know and so many new people I meet every week – friends, family, colleagues – provide a quantum of inspiration that I can’t possibly name them all.

In most cases I don’t even know I was inspired until I process things much later – typically during my morning 5-mile jog with Milo, an energetic Labrador-Retriever-Border Collie.

What is one thing – either industry-related or not – that you learned in the past month?

I learned that Fraud Analytics executives in the world’s largest banks still think about the world in terms of 99% detection and 1% investigation.

But the world is changing: in fraud you hardly need to investigate cases – you just ask customers whether they did the transaction.

But in authorized payment scams, which in many countries already overtake fraud, you can’t do that: everyone you ask, including scam victims, really did the transaction.

Which means you must investigate all suspect cases – but VERY FAST. It means running Scams Operations at 100x the speed of AML Operations, and at 100x the capacity of Fraud Operations.

That’s going to be a neat trick – it basically means we need a new battle plan.

What is something about you that not many people know?

When working as Head of New Technologies at RSA in April 2011, I wrote the ‘Anatomy of Attack’ blog describing what happened at one of the most famous Cyberattacks in history, when a ‘foreign state’ – now known to be China - invaded our network.

It was an instant international bestseller: 100,000 views in the first 48 hours. It was also the most interesting time to be in a cybersecurity company.

What is the worst advice you have ever received?

Leaving financial crime for an attractive position elsewhere seemed like a good change, but I quickly realized I followed bad advice.

I learned that it's important to follow my passions and values, even if it means turning down an attractive offer. And I'm grateful my previous employer accepted my return without any hesitations.

What do you do in your current role?

As a CEO and Co-Founder at Refine Intelligence, my role is to provide our amazing team of subject matter experts, data analysts, product folks and engineers with everything they need to develop a game-changer for fighting financial crime.

What does your career trajectory in financial crime look like?

It was a fluke, really. In 2003 I was working in Cyota, the largest provider of 3D Secure – a protocol for eCommerce identity verification – when our chief technology officer (CTO) showed me some weird behavior.

In certain eCommerce sites, everyone already registered to 3D Secure kept closing the verification window, and everyone offered instant registration declined it.

This wasn’t normal behavior, and we eventually understood we were seeing online fraud: stolen credit cards that are tested at specific retailers to see whether they’re valid.

We went to our CEO and asked for resources to develop an engine that would look at those online transactions in real-time, checking things like the amount, device ID and geo-location parameters, and elevate the security if the risk was high.

He threw us out of the room, saying the company is focused on three other products and can’t we find something better to do?

The CTO, god bless him, pulled some favors in research and development (R&D) and we started a very quiet pet project, which we tested on a Top 10 United Kingdom (UK)-based card issuer.

The rest is history: Risk Based Authentication, a concept now used globally, was born.

Since then, I’ve been taking a crack at financial crime problems and finding ways to solve them – first in RSA which acquired Cyota, and later in a behavioral biometrics company BioCatch where I was asked to join as a co-founder in 2012.

What is the best advice you have ever received?

My first CEO once told me that the Listen/Talk ratio should be 70%/30%. It’s the best way to make sure you understand the problem, rather than explain how you solve it.

What is the worst advice you have ever received?

My former CEO bought me a book called “What Got You Here Won't Get You There: How Successful People Become Even More Successful.”

It’s a book that shows how to climb the last few rungs of the ladder and ‘reach the pinnacle’ in Corporate America by changing your behavior, so you can get to better places.

He had good intentions – I wasn’t enjoying myself at the time. But here’s the thing: if you’re an innovator, you don’t want to do any of that.

You want to be yourself, challenge the acceptable wisdom rather than modify yourself to fit in. You need to have what I call ‘a license to kill.’

What would you say are the most important attributes for someone in your role to be able to succeed?

I’m a startup co-founder, and the most important attribute is learning from failure.

If something doesn’t work, it just means you need to think about a different way to tackle the problem and try again. Fall in love with the problem, not your tech, and you’ll do extremely well.

How has (compliance, investigations, etc.) changed and evolved during your career?

The financial crime world has changed dramatically in the last 20 years.

Fraud has shifted from Phishing, Trojans and Account Takeover attempts to Scams that trick customers into sending their money to the bad guys, disrupting all traditional lines of defense.

Expectations have also changed dramatically: until seven years ago, banks reimbursed fraud victims, but would dismiss the idea of making scam victims whole as ludicrous – after all, if someone conned you into sending them money, but it was you rather than a criminal who did it, why on earth would the bank be responsible?

Today it’s becoming the norm for banks to be liable for any type of scam.

Money Laundering detection has also changed dramatically over the past decade – anti-money laundering (AML) teams are now massive, grow every year and big banks have hundreds or even thousands of AML investigators.

I actually discovered this after giving an ACFCS lecture; 9 out of 10 people who later connected over LinkedIn had ‘AML’ or ‘BSA’ in their title, and the lecture was not even AML related, it was about fraud.

What do you see as the key challenges related to financial crime in your role or in the sector overall?

If you’re a Financial Crime Investigations Officer, you can have a pretty frustrating daily routine, as almost all the alerts you’re investigating end up being totally legit activities done by the customer.

This is true for AML, but also for scam investigations.

Take an account that did a large wire transfer to Mexico for the first time. The AML Transaction Monitoring starts screaming like a banshee – maybe there’s money laundering here?

But after spending an hour of investigation, you find out the customer just has a daughter studying in Mexico, and she needed to pay her tuition.

Years ago, banks knew these life stories, because everything was done at the branch.

But now with digital transformation, banks have lost that superpower. This poses a huge operational challenge.

What motivated you to become a financial crime professional?

It’s the dogfight experience, the fact you need to come up with new defenses all the time, coping with the ever-changing creativity and adaptability of the criminal side.

I’ve been doing it so long that I can’t remember doing anything else other than fighting Financial Crime, and I’m totally addicted to it by now.

Is there anything that surprised you about your current role?

My first 20 years of fighting financial crime focused on online banking fraud, and when I first looked at AML I got culture shock.

I remember a conversation with the AML team at the first project we launched at Refine Intelligence, a regional bank based on the East Coast. We said we needed alert data and transactional data to operate and asked them how we can get that from the bank.

‘Well, we can use an API but that’s a lot of work; best is to use a batch file,’ they said.

I asked what frequency the batch file would be, and they said: monthly. What do you mean “monthly,” I asked. ‘Monthly. Like, January, February, March.’

There was a bit of a radio silence on our end… In online fraud, everything is in real-time, happening in milliseconds.

There were other surprises: for example, the fact the banks don’t know their customers anymore.

Our system tracks manual RFIs – Requests for Information – as well as generating an instant, automated digital customer outreach. When looking at the manual RFIs, we saw that in only 12 percent of them the branch knew the answer without having to contact the customer.

Meaning that in 88 percent of the cases, they had no clue why the customer was operating this way in their account.

Years ago, the branch knew everything, but today they hardly know the customers and if they don’t know, who in the bank does?

As well, the fact that you can’t run supervised machine learning using confirmed money laundering cases, because no such data set like this exists. Unlike fraud, no one reports money laundering in their own account, and when banks file a SAR they don’t get any feedback.

This means detection can’t be about catching the bad guys. It’s about finding anomalies in the customer account and then investigating anything that might be risky from a money laundering perspective.

How did you get your first job in the field and what advice would you give other job seekers to help land their first position?

Absolutely pure chance. I studied industrial engineering and when I was interviewing for my first job, 25 companies offered me a role as a project manager for implementing ERP – that was the latest buzzword in IT. ERP stands for Enterprise Resource Planning.

My sister worked in a Fintech start-up and kept mentioning how great it was in our family dinners, and I went for an interview. It was an instant click. So, a piece of advice: look for a place where you’ll find interesting, talented people to work with.

What is the most rewarding part of your job?

Attending a pilot status meeting with a bank and seeing the smiling faces of the AML team.

For professionals with 5-10 years of experience, what advice would you give to help them rise in their careers to the next level?

Hey – we’re in the post-Covid era! I don’t think it’s about advancing to the next level anymore, but rather finding the work you’re passionate about, where you feel like you’re really doing something useful, contributing to the good cause.

And if you have great insight [or a new idea to share] about how to advance the fight against financial crime, take the plunge and join a startup!

Connect to interesting people on LinkedIn, and launch something new!

Why did you join ACFCS and/or become CFCS-certified?

It’s all Brian Kindle’s fault. Brian runs product development for ACFCS and asked me to do a webinar about online fraud, and it ended up as a series of many webinars ranging from scams to Zelle fraud to social engineering to account opening fraud to mule detection, plus some other work.

It was an amazing experience, and I met so many new people, including the Head of AML Analytics at a Top 10 Bank whom I asked about my idea for a new company.

He loved it and we’re now working on implementing a project. I also met the VP of Training for Financial Crime in another bank, who after a single meeting agreed to join the new company as our Head of Intelligence – yes Rio, I’m talking about you :).