Jason Tan co-founded Sift in 2011 after a career in software engineering at various Seattle startups. As the company’s CEO, he draws on a deep sense of optimism to spur himself and his team to be better. Recently, Jason spoke with About-Fraud about the state of trust, safety, risk and fraud on the internet.
Mike Russell: Is there any industry or region that’s under more fraud pressure currently?
Jason Tan: Cyber criminals look for the path of least resistance with the highest payout. The number of steps to extracting value is a good inverse proxy for your likeliness to get targeted.
Gift cards come to mind. They’re effectively stored cash in a digital form; a big honeypot for fraudsters. Too often, businesses perceive gift cards as an easy way to grow and don’t realize that the cards send a big red flare in the sky, telegraphing to fraudsters: “Check it out, free money.”
There’s an unfortunate analogy for non-profits. Their donation forms are very simple, streamlined experiences for inputting credit card information and sending payments. That’s awesome for fraudsters looking to test stolen credit cards, and it’s terrible for these nonprofits. They don’t have a lot of resources to protect themselves from this fraud and resulting chargebacks.
In terms of geography, I think about countries where there’s a delta between actual mobile usage and operating infrastructure. Some countries in Southeast Asia come to mind. There has been very fast growth in ecommerce and mobile, but they are not quite as sophisticated, so there’s a potentially interesting delta for fraud there.
In Europe, I think that the PSD2’s requirement for SCA is going to anger a lot of honest people. It feels like airport security. It’s security-minded, and well intentioned, but with poor outcome execution. Yes, it will probably prevent a lot of fraud, but at what cost? If you’re growing your business online, your top mandates are growth, optimizing your conversion rate and minimizing cart abandonment.
We have seen customers in Europe and Asia that use 3-D Secure 2.0 suffer from suboptimal conversion rates. We help them grow incremental revenue because they can more intelligently decide which of their customers should go through that high-friction experience. A more progressive way of solving this problem would be probabilistic, situational and deciding in the moment whether an individual does need to go through additional checks. Most of us deserve a faster experience, like TSA-Pre.
MR: What is the next trend that you see in the provider space pushing product development?
JT: We are seeing a lot of hype around machine learning. As one of the vendors that has truly put in the hard work to invest in more than just marketing and FUD, I’m excited for the fakers to start losing out. This is a space where the numbers speak for themselves. It’s very measurable. As an engineer who believes in meritocracy I’m excited for the evolution of the space, where the real value-add providers will emerge because the numbers are speaking for themselves. The transformation from rules- to machine-based decisioning is happening. Ecommerce and digital businesses that aren’t already thinking about how to use machine learning for trust and safety will fall behind their competitors.
Similarly, some of our clients are moving as whole entities away from siloed thinking, and toward a holistic trust and safety mindset. Their teams recognize that they need to work together to think about how the end-user’s experience is impacted while putting in the right verification so that they’re minimizing loss and risk. It’s a paradigm shift to approach this holistically rather than having a bunch of point solutions cobbled together that struggle to communicate, but it makes a lot of sense.
MR: What’s the biggest product challenge for Sift?
JT: Scaling. We count amount our customers some of the biggest social networks and ecommerce sites in the world. At peak, we do more than 15,000 events per second, assessing risk in less than a hundred milliseconds. We have built a lot of heavy lifting infrastructures for every single one of those events, with high reliability and availability. That’s my biggest challenge right now, and ensuring that we have the right foundation for the next 10x in growth. The good news here is that the DNA of the company is deeply rooted in highly scalable technology and architecture. I was a software engineer. My first 10 hires were all software engineers from Google, Amazon, etcetera. We have the right foundation.
MR: Is the market already competitive enough and is it just more difficult for new entrants to enter today than it was when Sift started?
JT: I see an uptick in the pace of new entrants. Yes, there’s definitely some M&A activity, but it’s not nearly at the pace of new entrants coming in. I think people are very excited about this market. The internet is just getting started. Ecommerce is less than 15% of retail sales in the US; that’s gonna flip on its head in the next few decades. It’s a massive opportunity. Fraud is a problem that everyone has to deal with. Also, there’s some powerful network effects over the long-term of having a large, scalable data asset that can be mined for insights on who can be trusted and who cannot. The championship prize here is very big and that’s going to continue to attract more and more players every year. Just look at the proliferation of conferences like CNP Expo. That’s an indication of what’s going on.
Risk management is a two-sided coin. The best-in-class businesses will figure out how to provide the simplest, most streamlined, likely mobile-first experience with minimal exposure to bad actors. I think we’ll see a correlation between the businesses that become market leaders and the ability to achieve that balance. In the next 10 years, this industry will see a tectonic shift away from a strict focus on fraud toward a balance of fraud and conversion rate.