Monday, March 8, 2010

Looking for candidates: Paypal New Ventures Risk

Over the past months I’ve been telling you about my take on risk management, automated decisions, digital goods and various other areas. I am now starting to look for candidates for my team to deal with these exact areas within Paypal – so if you’re one or think you know one, please let me know. Find the formal JD in the eBay site with req number 38550BR. But read on before that - the description in this post is much more important).

The team is Paypal's New Ventures Risk team, in charge of risk management for Paypal's newest, most innovative ventures, leading Paypal's growth in new markets and with new technologies. The role is for a leader of the seller risk aspect of new ventures, dealing with sellers and developers using our most innovative products. Note: though the position is titled "manager", this is not a people management position.

What I’m looking for is results driven, quick thinking do-it-alls who want to be involved with new products, markets and risk challenges within Paypal. You should have the passion for consuming a lot of data and information, be able to learn quickly and identify and define trends in concise terms. You should be analytical and with a quantitative approach but not a data cruncher without any understanding of the big picture – we are playing at all fronts. Know or be able to learn how to drive processes through other people and organizations; working in ambiguous situations and coping with change is a must, as well as an ever changing operating rhythm. This is not your classic 9 to 5 and I’m not your classic 9 to 5 manager.

Experience is not a must (=graduates are also encouraged to apply), definitely not previous experience in risk management. However, please be an avid internet user, preferably a gamer in your past or present. Some security experience or tech savvy is a big plus – don’t get intimidated by developers, architects and tech talk. Impress me by having interesting hobbies out of work that you maintain although you are an aggressive achiever, and by having vast general knowledge (as in: you shout answers at “who wants to be a millionaire” while watching it on TV).

Read the blog. Process. Understand. Talk to me.

Monday, March 1, 2010

Dealing with International Fraud - a Few Basics

When we started looking for customers in the first payments startup I worked for, low hanging fruit were obvious. All you had to do to find them was look for a merchant's international shipping policy - or lack thereof - and continue from there. The value proposition we offered, where we would make final accept/decline decisions and insure them, was just good enough to be true and be worth a lot of money for those who wanted to expand internationally. Still, it wasn't easy to convince these guys to expand, I'll tell you that - for every one who was willing to check us out, at least ten were pretty happy selling internally in the US. Who thought of the international market at that time? Looking back at it, this was around the dawn of managed fraud and risk services, and though we spearheaded the offering for the more dangerous segments we most definitely weren't the only ones.

Now, however, of all the questions I am asked, the ones I hear the most - and with the most urgency in them - are the ones regarding international purchases. Unlike a few years ago, when merchants let themselves brutally limit international buyers and focused on domestic markets, it's clear today that global expansion is a key for sustained success. Every beginning publisher wants to talk localization. And they should: this is way more general than digital goods and content. While US eCommerce is forecasted to grow to 8% of all retail purchases in 2012, according to Gartner, European b2c sales are forecasted to outgrow US sales, and grow 20% in 2010, according to eMarketer. This is an amazing opportunity – and it means that a lot of real goods need to be shipped around the world. However, when you get to actually approving these transactions, often you find that you just don't get the tools you're used to outside of the biggest eCommerce markets and some don't even exist outside of the US.

So how do you deal with those tricky international purchases?

• Remember what international fraudsters aren’t – they’re not the people they are stealing from. Sounds very basic, but it will serve you well – most fraudsters are young, computer savvy males from 3rd world countries trying to use Western world cards and bank accounts. Note obvious mismatches in details: if details given for the customer (phone number, card bin country, address) just don’t match, come from distant parts of a country or look invented, beware.

• Purchasing history from other merchants, through a 3rd party vendor, serves you mostly when you delay shipment (either because it’s standard practice or you’re suspicious). For all other cases, you need to have velocity checks and an ability to identify returning fraudsters alternating details. There are some good machine-ID companies out there, but you also have to complement with rules that identify purchasing behavior that is different than what you are used to in your industry and shop.

Contacting users makes sense – but only when you understand what contacting them tells you. Calling a VoIP phone does no good, same as emailing someone whose email domain ranges from the ridiculous @legit.com to the less obvious @army.com; some seemingly fine domains host sites that are nothing but a blank page, so checking occasionally makes sense.

IP intelligence can teach you a lot – you wouldn’t be surprised to hear that there are more fraudsters and more exploited, Trojan infested computers in big cities with high speed internet. It’s always good to know more about your user’s connection, especially if they are risky – if someone is initiating a payment to your site from within Microsoft’s Azure cloud, you may be up for some trouble.

• Find alternative data sources. No other country has such extensive public data sources of its citizens as the US, but free and paid data bases exist outside of the US too. A good address and name resource like 192.com helps you know more about your customer, and social networks span world wide. Too bad fraudsters can use this too…

• And, last but not least – know that there are legitimate people out there acting very ordinarily, but in a way that might strike you initially as dangerous. Where people relocate between states in the US, in the EU they do so between countries. Belgium and France share a language, and exactly as an Austrian might have a German bank account, so can someone from the Turkish minority. Time to polish your skills in geography, and read some Wikipedia pages!

Applying the above should take you a few additional steps in your way to open up your site to international commerce. And one additional thing to remember: deploying a great set of filters in place is close to useless without having a team reiterate on it and improve it as user behavior changes - the alternative is reactive risk management, slowly closing down itself using black lists and limitations until you resort back to the good ol’ US domestic shipping. Don’t let that happen to you, the international opportunity is too big to miss on.