Adam Elliott, CEO, Kevari

In an interview with Invest:, Adam Elliott, CEO of Kevari, shared how Kevari is utilizing AI-driven machine learning solutions to prevent fraud. Noting the exponential increase in fraud, such as $13 billion loss in account takeover in 2023 alone, Adam highlighted how fraud has become more organized, and shared simple strategies to mitigate losses.

What have been some of the main highlights and key milestones for Kevari in the last 12 months?

By far, the biggest milestone has been the launch of our new product, which we call KDN, standing for Kevari Data Network. This is the most significant development we have had in years. We launched KDN late last year, and while it had a slow start, it is now gaining traction.

When customers evaluate our solution, they typically test us to detect fraud. For instance, they might give us a dataset of one million application records, of which 5,000 are fraudulent, and ask how we would have identified those. It is essentially a test drive.

Historically, we might have conducted five to ten of these simulations annually with larger customers. This year, we have already surpassed 60 such simulations, primarily because of interest in KDN. This is our first solution built entirely on internal data, including known fraud events sourced from banks and lenders.

As of now, about 10% of interested parties are engaging with KDN, and we are optimistic that this number will grow. The product is driving both our company’s growth and our ability to help customers fight fraud.

What have been some recent successes and achievements in the fight against fraud and cybersecurity threats? 

Another significant achievement this year has been putting our AI-driven machine learning solution into customers’ hands. While we had developed this technology earlier, it was only this year that we deployed it to a number of our customers who had been eagerly waiting for it.

Fraud solutions rely on predictive models; much like credit risk scores, but tailored for fraud detection. Traditionally, these models are updated annually based on historical data. Now, with our new machine learning system, we can update these models in near real-time.

This is possible because we receive daily fraud reports from banks. The machine learning models adapt dynamically, training on these reported frauds to detect emerging patterns. For example, a year ago, fraudsters frequently altered the last digit of phone numbers. Recently, they shifted tactics, targeting email addresses instead.

By continuously adapting to these changes, our customers can stay ahead of fraudsters, whereas static models might lag behind. This flexibility has been a game-changer for us and our clients.

What is the weakest link for banks and credit unions, financial services companies, and how can Kevari help to strengthen their defenses?

Fraudsters are always searching for systems with the weakest controls. They test continuously, looking for soft spots, whether it is through a bank’s video camera system or other overlooked vulnerabilities.

Some institutions are hit especially hard. For example, we work with well-known banks where as much as 90% of their online applications are fraudulent. Fraudsters often exploit one vulnerability until it is addressed, then shift to another.

One prominent example of a weak link today is check fraud. Despite predictions since the 1970s that checks would become obsolete, they remain a major issue. Fraudsters either steal checks from the mail and alter them or create counterfeit checks. These fraudulent checks are then sold on the dark web, sometimes for as little as $100.

This issue drives banks and credit unions to frustration. They struggle to justify significant investments in combating what is perceived as an outdated problem. However, fraudsters thrive on exploiting overlooked systems, making it a persistent challenge.

When one vulnerability is closed, fraudsters often revert to older methods, like social engineering. These tactics ebb and flow, depending on which methods are easier to exploit. It is a continuous battle to stay ahead of evolving fraud techniques.

How has the fraud landscape changed over the past years and what are the key types of fraud today?

From our perspective, it is astounding how much more organized fraud has become compared to five or 10 years ago. The marketplace for conducting fraud has become significantly easier to navigate. For example, we focus on new account fraud, where individuals fraudulently apply for new accounts as it is an area of significant growth. According to Javelin Strategy & Research, new account fraud increased by 36% in 2023 alone, totaling over $5 billion in losses. These fraudsters have the right credentials, for example they would have my name, social security number, date of birth, address, and phone number. 

We know this because the fraud cases reported to us show that these criminals are bypassing the traditional verification methods. Historically, if credentials did not match, the system would stop the application. This process is known as “Know Your Customer” (KYC) in banking. It used to be highly effective in identifying fraud. However, now fraudsters have access to accurate information, often obtained through data breaches, allowing them to navigate past these checks with ease.

There are generally three types of fraud in this context. First, there is victim-based fraud, where my real credentials are used without my knowledge. Second, there is first-party fraud, where an individual knowingly defrauds the bank using their own credentials. Lastly, there is synthetic fraud. This is particularly concerning because it involves creating “Frankenstein identities,” that is fabricated profiles constructed from pieces of real and fake information. These profiles even exist within credit bureaus, making them appear legitimate when banks run verifications.

Another disturbing development is the rise of organized fraud operations, including what we have identified as “labor camps” in certain parts of Eastern Europe. These camps are essentially modern-day slavery setups where individuals are forced to meet fraud quotas under the threat of violence or torture. These groups target financial systems globally, including in the U.S. This reality adds a horrifying human element to what is already a serious issue.

What broader fraud trends are being observed, and how are they impacting individuals?

In terms of broader trends, fraud is up across nearly all categories we monitor. One major area is scams, which include a whole range of scams such as investment scams, tax scams, and romance scams, for example. In the U.S., scam-related fraud increased by 14% last year, reaching $10 billion. We have not yet received the figures for 2024, but the trend does not appear to be slowing.

To illustrate, romance scams involve victims wiring money to fraudsters. Previously, the victim’s bank would have minimal liability in these cases, even if the scammer’s bank passively accepted the fraudulent funds. However, there is new legislation being proposed, which is similar to laws already in place in the UK, that would shift some of the liability to the receiving bank. This change would incentivize banks to scrutinize suspicious transactions more closely, potentially preventing some fraud cases.

Lastly, account takeover losses were reported at $13 billion last year, representing an 81% increase since 2019. The average loss per incident is around $12,000. This type of fraud is particularly harmful when it involves demand deposit accounts (DDAs), such as checking and savings accounts. If fraudsters access my checking account and steal $10,000 or $20,000, that is my cash that is gone. In contrast, if they compromise a credit card and charge $10,000, it is less damaging for the consumer because the credit card company will likely absorb the loss.

This is why I always advise people to avoid using debit cards online. Fraud involving debit cards can lead directly to the loss of funds from your checking account, whereas credit cards offer more protection in the event of fraud.

As banks and security firms adopt new technology to counter fraud, are there any emerging technologies that are contributing to fraud trends as well?

One area gaining attention is deepfake fraud. With advances in artificial intelligence, fraudsters are leveraging deepfake technology for identity theft. For instance, they might use videos or images of me to create convincing fake identities to commit fraud. This ties into the growing use of facial recognition and document scanning technologies in financial services. As these technologies become more widespread, so does their exploitation by fraudsters.

How do concerns regarding security and reputation shape the dynamics between different departments within an organization, such as marketing and fraud prevention?

Reputation and security are always top of mind, especially at the senior executive level. These concerns create a push-pull, almost a yin-yang relationship between departments like marketing and fraud prevention as you say. Marketing teams aim to create as little friction as possible to open more accounts and ensure a seamless customer experience. On the other hand, the fraud and risk teams argue for more friction to prevent fraudulent activities.

The frictionless experience sought by marketing can clash with the stricter measures enforced by fraud prevention. For instance, a high-friction security measure like facial recognition might deter potential customers. Imagine if everyone applying for an account online at a bank like Chase had to go through a 20-minute verification process – then people would abandon the process quickly.

Success lies in finding the right balance. Companies that win in this space are the ones that can stop fraud while maintaining an excellent customer experience. They leverage systems that adapt quickly, such as those using machine learning, rather than relying on legacy systems that hinder progress. This adaptability is one reason why we are seeing the rise of neo-banks like Chime, which are rethinking the entire banking process with advanced fraud controls and more agile systems.

What are some of the common mistakes made by your clients, such as banks or credit unions, that lead to fraud or identity theft, and how can these mistakes be mitigated?

One significant example is account takeover fraud, which has evolved dramatically over the years as I mentioned above. In the past, account takeover occurred when someone would call a bank, claim to be the account holder, and request to change the address on file. They would then ask for a new credit card to be sent to the new address.

Today, the process is much more sophisticated. Fraudsters log into online accounts and manipulate various credentials, such as phone numbers and emails, to gain control. Once they have changed all the contact information, they can execute actions like wiring $40,000 from the account. At this point, the bank attempts to notify the real account holder, but by then, the fraudster is the one receiving the alerts.

Regulations like the FACT Act, introduced in 2008, tried to curb this by requiring banks to verify address changes more thoroughly. However, many institutions still rely on outdated methods, such as sending letters to confirm address changes. This process is slow, costly, and often ineffective. For instance, today, sending two first-class letters costs about $1.50, and banks are still being targeted despite these measures.

Modern solutions like real-time analysis of changes in contact information, as offered by companies like ours, are far more effective. By automatically evaluating whether a change is legitimate, banks can significantly reduce their exposure to fraud.