Using cat and mouse techniques, dozens of Israeli firms prowl for online fraud
search

Using cat and mouse techniques, dozens of Israeli firms prowl for online fraud

Israel has become a mecca of fraud prevention technology, with 35 companies that have raised half a billion dollars in venture capital, and generated $1.5 billion in exits

Illustrative: A hacker at work. (supershabashnyi, iStock by Getty Images)
Illustrative: A hacker at work. (supershabashnyi, iStock by Getty Images)

The increased digitization of global commerce and banking globally — with the expansion of cross-border ecommerce and the adoption mobile banking in the past decade — presents a juicy target for organized criminal groups who only need an Internet connection to make easy money.

Financial fraud prevention is a big business, with the market expected grow 20 percent per year to reach $42.6 billion in size by 2023, according to global consultancy KBV Research.

Meanwhile, police and other public authorities have failed to fashion a response. The reason is simple: the average fraudulent online purchase lies somewhere around $1,000, while the cost of catching what are usually transnational crime networks would be much higher.

This has left retailers and financial institutions to foot an annual bill in the billions every year for money and goods lost to fraud. To add to the pain, these companies lose even more money due to transactions blocked by outdated fraud prevention systems that incorrectly identify suspicious transactions.

Israelis have founded 35 anti-fraud tech startups with seven successful exits to date. (Credit: about-fraud.com)

Within this environment, Israel-based or Israeli-founded companies have quietly built a large and growing presence in the anti-fraud market, with at least 35 companies active in the field, ranging from early-stage startups to post-exit companies that have become divisions in larger multinational corporations. To date, the 35 Israeli-founded anti-fraud companies have raised over half a billion dollars in venture capital investment and generated $1.5 billion in successful exits, according to data compiled from Crunchbase.

“There are a few markets starting to emerge in Israel right now, and fraud prevention is definitely one of them,” says Mickey Boodaei, an Israeli serial entrepreneur and angel investor and current CEO of Transmit Security, which helps financial institutions to authenticate the identity of employees and customers.

So what are the advantages that Israeli entrepreneurs bring to this field? To answer the question, The Times of Israel interviewed eight Israeli co-founders and senior executives from companies in the sector, to find out what experiences they share.

The respondents by and large agreed that Israeli culture, the early success of several Israeli companies in the field and the direction of technological developments have all contributed to the proliferation of Israeli entrepreneurs focused on anti-fraud technologies.

Illustrative: Data security, to counter online fraud (anyaberkut; iStock by Getty Images)

In contrast to the thesis advanced in the book Start-up Nation, which documents the rise of the Israeli tech ecosystem, most of the executives interviewed said that their army experience actually played a minor role in how they got into fraud prevention. More importantly, everyone interviewed said that their company’s technology had nothing to do with the technology they used in the Israel Defense Forces. Last but not least, only six of the 35 companies had founders from the fabled Unit 8200, the Israeli equivalent of the NSA. Of those six companies founded by Unit 8200 alumni, only two were established within the past decade.

It’s thinking like a fraudster, not the army service

All the co-founders interviewed agreed that the key to building technology to locate and deter fraudsters is the ability to think like them and predict the ways they are likely to try to exploit payment systems. Playing this cat-and-mouse game requires a certain adversarial and improvisational style of thinking that appeals to many Israelis.

Ron Atzmon is the managing director of Au10tix (Courtesy)

“As a kid in Israel, there are no boundaries – you can do what you want,” said Au10tix CEO Ron Atzmon. “Israel is organized chaos, so the culture raises people to think outside the box.”

Au10tix is a company that provides technology that is used to detect forged documents and help clients comply with know-your-customer (KYC) regulations

“Even among computer programmers, you’ll find that most of the good hackers get their start pre-army,” he added.

Sometimes Israelis refine this mindset during their army service in roles in areas like intelligence, but it is a skill that is by no means exclusive to or dependent on those with military training, claims Chen Zamir, co-founder and CTO of the Berlin-based startup Fraugster.

“The Israelis who founded anti-fraud companies aren’t the kind of people who just served coffee in the army, but were involved in areas that involved cat-and-mouse type thinking,” says Zamir. “However, there is an Israeli perception that the IDF provides a unique entrepreneurial experience. That isn’t necessarily true, and it’s also possible for people to gain exposure to cat-and-mouse type tactics, working in large law enforcement organizations or other areas besides military service.”

Zamir himself served in a non-technical role in intelligence during his mandatory IDF service, and went on to complete an undergraduate degree in East Asian Studies at Tel Aviv University before starting his career in fraud prevention.

“When I was in Unit 8200, I thought all the geniuses worked in Unit 8200 and nobody outside the unit was worth my time,” says Amir Orad, a former CEO of NICE Actimize, an anti-fraud technology developer, an a former co-founder of Cyota, an anti-fraud startup. “When I left Unit 8200, I realized that’s total nonsense, and there are many smart people in many different places.”

Mickey Boodaei, the co-founder and CEO of the anti-fraud startup Transmit Security (Courtesy)

“Fraud prevention fits very well with the way Israelis think in terms of culture and personality,” says Transmit Security’s Boodaei, also the the co-founder of two cybersecurity startups, the Nasdaq-listed Imperva and Trusteer, which was acquired by IBM for $1 billion in 2013.

Boodaei added: “You know that if you present a fraud problem to any Israeli, even if they’re not from high tech, they will have an opinion on it and give you advice on what you can do to address it. It’s a culture where you focus on today’s biggest problems and the rest, ‘we’ll deal with this tomorrow.’ A culture that is used to long-term planning and building things that last 100 years would not be well-suited to dealing with fraud.”

Israel’s PayPal alumni

Israel’s tech scene does not have a handful of companies that consistently buy up successful startups like Silicon Valley’s FANG (Facebook, Amazon, Netflix, and Google) companies. It’s fraud prevention sector has not followed the US model created by the payments firm PayPal, where a small group of entrepreneurs who worked together at one company — PayPal — then proceeded to work together and fund each-others’ subsequent startups.

However, Israeli alumni of PayPal have gone on to independently form five anti-fraud startups: Forter, Fraugster, Riskified, Simplex, and VerumView. It would seem that experience working at the multinational payments giant is at least as important a predictor of success in the space as Unit 8200 service.

“PayPal is by any measure a large organization that invests the most in anti-fraud measures out of any company out there,” says Zamir, Fraugster’s CTO and an ex-PayPal employee. “It means that not only can they attract top talent, but also equip them with the most advanced knowledge, methodology and technology. It definitely serves as a great school for anti-fraud professionals.”

Chen Zamir is the Israeli co-founder and CTO of the Berlin-based anti-fraud startup Fraugster (Courtesy)

Zamir says that the Israelis entrepreneurs that worked at PayPal were either originally part of the early Israeli anti-fraud company, Fraud Sciences, which became the core of PayPal’s Israel operations after it’s acquisition in 2008, or were hired by people who had worked in that startup.

“My gut tells me it has to do with Fraud Sciences and the type of personalities this company attracted to join it before and after the PayPal acquisition,” he says.

The PayPal experience probably also helped alumni co-founders get funding. Four of the five companies founded by PayPal alumni have raised a combined total of $192 million in venture capital, according to figures from Crunchbase. No publicly available funding information could be found for the fifth Israeli PayPal alumni startup, VerumView.

Other Israel-based companies that produced multiple anti-fraud entrepreneurs include Cyota and NICE Systems, with two each.

Cybersecurity’s expansion into fraud

One of the driving forces for the proliferation of Israeli-founded fraud prevention companies is related to the changing nature of technology and only indirectly relates to Israel itself. Instead it relates to how new anti-fraud solutions take advantage of the advanced technological know-how of the cybersecurity industry, in which Israel and Israelis happen to excel.

“The reason online fraud began as a problem was because of the inability of cybersecurity solutions to protect or verify users’ identities,” said Boodaei. “This creates an issue of how do you prevent fraud from occurring when you already know that people who shouldn’t have access to certain services or products can get to them without permission. For decades, the business world addressed this problem separately from network security with different people and tools used to handle fraudsters.”

An illustrative image of a payments system hacker (welcomia; iStock by Getty Images)

Within cybersecurity itself there were traditionally three major areas of specialization: gateway security, endpoint security and identity management, according to Boodaei. Gateway security means securing the communications hub owned and operated by the company from outside attack. Endpoint security means securing the remote devices used by the company’s end-users from outside attacks. Identity management refers to the protecting the credentials different users utilize to access a company’s network.

During the early years of cybersecurity, the primary focus was on securing the gateway side, which meant creating firewalls and virtual private networks (VPNs) to protect the company’s online assets from people outside the company. Later, a lot of resources were put into improving endpoint security, which started out primarily with creating anti-virus software for users to install on their computers.

Today, identity management is receiving much more attention. An example of identity management would be the recently growing adoption by financial institutions of using unique biometric data, like a selfie picture of a person’s face or the sound of their voice to protect access to their online accounts.

The network you are protecting is everywhere and nowhere because it now resides in the cloud, while the endpoints could also be any device, like a smartphone, a laptop or a desktop at the office, explained Boodaei.

“So what’s really important is identity and making sure that this is really you and you are allowed to do whatever it is you are doing,” says Boodaei. “Identity is becoming the really big challenge of this new era [in cybersecurity].”

Amir Orad, the co-founder and CEO of the business analytics startup Sisense (Courtesy)

Amir Orad, who currently serves as CEO of the Big Data analytics startup Sisense, views things with a slightly different twist. He thinks that cybersecurity, data analytics and fraud prevention are a sort of triangle and that many of the good startup companies today combine at least two sides of the triangle if not all three.

Orad also previously served as CEO of the company Actimize and was a co-founder of Cyota, one of the first Israeli-founded anti-fraud startups.

“When I joined Actimize, it was a company that did between $10 million and $20 million a year in sales and was a company that focused on providing analytics related to trading risk but not fraud,” said Orad. “But we had a platform that had two amazing traits: it was really good at running analytics on large data sets and it was really agile as part of this cat and mouse game [in detecting criminal behavior].”

Eventually, NICE Actimize was able to leverage the capabilities of its analytics platform to become an industry leader in handling every crime related to financial institutions, including money laundering, terrorist financing, market abuse and insider trading. When Orad left NICE Actimize in 2014, the company was generating $200 million per year in sales.

Illustrative image of a hacker and online fraud (scyther5; iStock by Getty Images)

The line between good analytics for fraud prevention and cybersecurity is getting even thinner today. For example, the technology developed by Israel-based biometrics startup SecuredTouch is in practice being used for both.

“If you look at the actual usage [of our technology] we see for example that a big bank in Latin America that we work with today we do things there that you can either categorize as cybersecurity or fraud prevention,” said Ran Shulkind, the co-founder and Chief Product Officer of SecuredTouch, a behavioral biometrics startup SecuredTouch that helps financial insitutions authenticate the identity of customers and employees and locate bad actors.

Banks use SecuredTouch’s software to determine whether customers on the banks’ networks are real users or bots and whether they are logging in from a real mobile phone or are using emulators to pretend that they are on a unique mobile device and not using a computer pretending to be a variety of different mobile phone users. However, the bank is not only using the technology to block suspicious financial transactions but also to keep tabs on accounts that appear to be at high risk for future fraud attacks.

Ran Shulkind is a co-founder and the chief product office (CPO) of the behavioral biometrics startup SecuredTouch (Courtesy)

“We can see that the person using an account is not a good guy even though they haven’t tried to transfer money yet,” says Shulkind. “This is what is referred to as cybersecurity since there is no actionable item to do right now, but we do see a crime ring that is starting to form and that will probably try to cash out accounts later on.”

Seven Israeli anti-fraud companies have already had exits, all via acquisitions by larger corporations with a combined payout of over $1.5 billion, based on figures from Crunchbase. However, 22 of the 35 Israeli companies in the field were founded in just the last six years, affirming Israel’s reputation and a center for continual innovation in the anti-fraud industry.

“Financial services already use multiple lines of defense that are made in Israel, and they are well aware of the need to continually adapt,” says Uri Rivner, co-founder and chief cyber officer of BioCatch, a company that specializes in using behavioral biometrics for fraud prevention. “The market recognizes Israel as a real hub of expertise around fighting online fraud. The vast majority of retail banks in US and UK use transaction monitoring, risk-based authentication, anti-malware or behavioral biometric technologies developed by Israeli companies.”

read more:
comments