The Architects: Reimagining The Financial Future

The New Arms Race: AI, Fraud, and the Future of Trust

TWIF

Share episode

Money moves faster than ever, but trust is lagging behind. We sit down with Nicky Goulimis, co‑founder and CEO of Tunic Pay, and Oban McTavish, co‑founder and CEO of Spade, to unpack the new fraud landscape where AI accelerates both prevention and exploitation. From real-time payment rails to card authorization gaps, they outline why banks aren’t just “slow”—they’re optimizing for survival in systems where one mistake can erase trust overnight.

We dive into what actually stops scams: context-rich data that goes beyond merchant codes and amounts to include messaging trails, referral paths, and content signals. Nicky explains why the toughest cases—job scams, romance-investment hybrids, and well‑dressed Ponzi schemes—hide in plain sight and how cross‑institution intelligence can surface patterns early. Oban pulls back the curtain on e‑commerce and acquirer dynamics, where rapid merchant onboarding and opaque descriptors let fake sites siphon microcharges before draining accounts. The hard truth: many banks still can’t intervene in flight or add rules without timing out, leaving detection stranded without action.

There’s progress. Banks are adopting AI faster than prior tech waves, building model governance, and modernizing data pipelines to reduce false positives while approving more genuine payments. We explore liability models gaining traction globally and why aligning incentives—across banks, acquirers, and the platforms where scams originate—unlocks real collaboration. Then we look ahead to agentic commerce, where bots shop on our behalf across an open web. The promise is huge; so are the risks. Protecting consumers and agents will require real-time merchant intelligence, low‑latency interventions, and consumer protections that keep speed from outrunning trust.

If you care about fraud prevention, AI in financial services, and building systems that move fast without breaking people, this conversation is for you. Follow the show, share with a colleague in risk or payments, and leave a review with your take: should liability shift to drive better defenses?

Flourish Ventures is an $850M global early-stage venture firm that backs entrepreneurs transforming financial systems for the better. Its portfolio spans more than 100 companies across the U.S. and emerging markets. The firm also supports innovators shaping policy, media, and research to accelerate lasting change in financial services.

This Week in Fintech (TWIF) is the largest fintech community in the world, presenting news, podcasts and newsletters from around the world. Subscribe to our newsletter to stay up to date on the latest in news opinions, and all things financial technology.


Oban MacTavish:

I think technology, we always forget that banks are very incentivized to move slowly. Like I think we like to blame banks, and I think a lot of people, you know, a lot of us fintech people get on podcasts and talk about like the death of the financial institution. But so much of this innovation is driven by, you know, banks doing what they do best, which is like trading on trust and moving slowly and ensuring that like you know, you never want to wake up one day and find out your bank tried to migrate their core and suddenly you just don't have your money anymore.

Julie Verhage-Greenberg:

Well, hey guys, I'm Julie Verhage Greenberg with This Week in FinTech. Welcome back to our podcast in this special series co-created with Flourish Ventures. We're spotlighting the people and ideas reshaping the U.S. financial ecosystem.

Emmalyn Shaw:

And I'm Emmalyn Shaw, co-founder and managing partner of Flourish Ventures. Today we're diving into one of the fast evolving battlegrounds in fintech, fraud AI, where innovation and exploitation are racing side by side.

Julie Verhage-Greenberg:

All right, and with that, I will let both of our speakers give a quick intro. Nicky, we will start with you.

Nicky Goulimis:

Hi, everyone. I'm Nicky. I'm the co-founder and CEO of Tunic Pay. We do scam prevention for banks. Um, I'll say that in the world of scams, a lot that gets talked about is how do you stop a customer making a bad payment? We do that, but the other side is also accelerating the release of genuine payments. So we focus on kind of removing friction from the financial system. Um, my background before Tunic Pay, I had the great privilege of co-founding a business called Nova Credit, which is a credit bureau for the thin file population, serving immigrants and those who are thin file. Uh, so got to work with some amazing banks, telcos, and property managers, and have spent far too much time around data infrastructure for banks.

Oban MacTavish:

I'm Oban McTavish from the co-founder and CEO of Spade. We build data infrastructure and intelligence for financial institutions and fintech companies so we can help any bank understand where their customers spend their money, and we help people stop fraud, reward more accurately, and deeply understand their customer base.

Julie Verhage-Greenberg:

Amazing. Well, Emm, I will let you kick it off with questions.

Emmalyn Shaw:

Great. Nicky, let's kick it off with you. Um, you've built Tunic Pay around a deceptively simple idea, helping businesses stay one step ahead of scams. Now, while it's a simple idea, we all know it's very technically difficult to build, especially for financial institutions. So, what inspired you to take this on?

Nicky Goulimis:

Yeah, I guess the the problem of the scams is one that has existed for centuries. Um I think for me and my co-founder Nico, what led us to starting a company in this space is that we had previously worked together at Nova Credit, where there is data infrastructure that enables us to underwrite the thin file population. When it comes to scams, there are really no data assets and no intelligence out there on whether something is a scam or not. Everything that we have is effectively like maybe at the transaction level, but what we're missing is the contextual insight on the transaction. We're missing effectively like fairly unstructured heterogeneous data, which is like Oban, sorry, Oban, picking on you, is buying some extremely dodgy couch on Facebook marketplace. How do we know it's dodgy? Is it looking for your website? Is it images involved? Is it how they found him? Is it the messaging? And so, you know, overlaying that data is such a clear way to solve the problem of scams, and yet no one had done it. And so we kept looking into this problem more and more, and we just thought, uh, we can do this, we can bring our background to it. And so if not us, then who?

Julie Verhage-Greenberg:

And one thing I want to unpack there a little bit, I did a series last year with Matthew Goldman on payments. Um, and there was one episode where you talked about how the UK is ahead of the US in terms of real-time payments. Um, obviously, we're we're starting to get closer to that, and the US is still probably a very long road ahead. But what what how does the landscape look different for fraud and scams in the UK versus the US, given that real-time nature of money movement?

Nicky Goulimis:

Yeah, that's totally right. So the UK rolled out real-time payments in 2008. It was the first country in the world to do so. And then if you look globally, obviously, like India with UPI, Brazil with PICs, and so many others have the concept of instantaneous money. And it's not just that the money moves instantly, it's that there's no recourse. So if you get scammed, you can't necessarily like pull the money back in the way that you can in the cards world.

Julie Verhage-Greenberg:

And so I guess right, which is like with the Fed now, like a lot of the banks are signing up to be part of it, but they're not signing up to be the other side of it because they're like, well, we don't want to be on the hook if the money can't come back or anything either.

Nicky Goulimis:

So yeah, totally. Although I'd probably say that I I've shifted perspectives on that. So I think, you know, when we started the business, we were real-time payment rail focused. But uh, you know, as Oben can tell you, you get plenty of scams on cardrails. And so where we started purely on like real-time payments, we're actually doing um, you know, I'd say anywhere that you move money, you have risk and you have risk of scamming. And so we've kind of engaged that. And maybe a different direction where the UK is different, is kind of there is more consumer protection. And so there's there's a bit more imperative around banks to solve it. But I suspect we'll talk about this um a little bit more later. But you know, I would argue that this is not just a problem for for regulated banks. You know, we work in geographies increasingly too, where they're not regulated and they're still looking for solutions. I think the problem of scams is just so existential.

Emmalyn Shaw:

I I can't agree with you more. I mean, maybe we'll expand this question to Ogon. You know, collaboration's been a long chain challenge in fraud, um, particularly with fraud prevention. And most data sharing efforts have really started on the merchant side, but but banks are still catching up. What do you think it will take to build really a truly shared network between both sides?

Oban MacTavish:

I think technology, we always forget that banks are very incentivized to move slowly. Like I think we like to blame banks, and I think a lot of people, you know, a lot of us fintech people will get on podcasts and talk about like the death of the financial institution. But so much of this innovation is driven by, you know, banks doing what they do best, which is like trading on trust and moving slowly and ensuring that like, you know, you never want to wake up one day and find out your bank tried to migrate their core and suddenly you just don't have your money anymore. Um, and you know, the cost of a mistake is so high in these industries that I think it's just it's gonna take time and it's gonna take acceptance and willingness from the from the merchant and the acquiring side. I think for a long time, you know, we think of the the net the card networks, especially and you know, even the central banks now with sort of real-time money movement rails as like these arbiters that sit in the middle. But the reality is it's very combative. Like if you talk to almost any bank or any merchant or large PSP acquirer, so many of the strategies today people leverage to increase authorization rates and sort of get around what they think are unfair rules or practices from either side is manipulative. You know, we have uh businesses shifting their MCC codes, essentially reclassifying themselves in the eyes of the bank. Uh, you know, that we have them trying different mids or merchant IDs, we have all these different sort of attack vectors, and it's only becoming more and more sophisticated. I mean, there's entire startups who are going to remain unnamed, whose entire business is about sort of functionally tricking banks into authorizing more transactions. And to move to a place where there's more data sharing, we need, I think we need, you know, trusted third parties. And we also need, I think, both sides to come together and try to accept that they need to work together instead of work antagonistically, because the uh, I guess the you know the optimized authorization rate isn't as high as the merchant would want, but it's a little higher than the bank would want. So I think both sides need to accept that they're both gonna be equally unhappy at some nice little median uh that is not 100%, but it's certainly not where it is today.

Julie Verhage-Greenberg:

When do you see that kind of coming to fruition? Is that something that we'll see in the next year or two? Is that something that might be, you know, my kid's gonna be a little bit older by the time that that that happens?

Oban MacTavish:

I think it's not as far away as you'd think. Um, people like ourselves and others, I mean, you can already see banks trying to find ways to share more data and merchants trying to find ways to share more data. There's a huge theme in payments right now about data sharing and trying to move it to the right place. I think any sort of innovation has to be driven by need. And I do think that, you know, talking about regulation, some of the regulation or lack thereof in the United States that doesn't protect consumers from things like scams or manipulation leaves these gray zones where there is, well, there's of course an economic incentive in that unhappy customers and customer success complaints and things like that are costly. There isn't as much regulatory burden on the banks in the United States where it says, hey, if someone's manipulated, which oftentimes, you know, especially even in the card world, which is where we spend a lot of our time, that's what happens. Like, you know, your grandmother gets a call from someone claiming that their subscription to some piece of software is expired. They need the credit card number online. Is that fraud? Is that a scam? Does the bank really responsible? And a lot of banks would argue that that's on you because you gave someone your credit card number. Now we know the reality is a little bit, you know, blurrier than that. So I think we're probably closer than it feels like. Like, I don't think we're like five years away, but I don't think it'll be next year. I think it'll take some time. And broad adoption is always the challenge because we've, you know, we've seen innovators and sort of like the bleeding edge of banking, like the capital ones of the world spin up their own APIs. But like the reality is the vast, vast majority of the thousands of banks in the US are never gonna do that. So they have to find other tools.

Julie Verhage-Greenberg:

So that's uh I'll tell Quinn when she's in kindergarten that this is gonna be starting to come to fruition a little bit more. Something interesting that you mentioned, we talked about you know AI in banks. Uh, there's an I I help Rex from Cambrian Ventures do his YouTube channel. And we interviewed Jenny Johnston from OpenAI last week, and the episode comes out this week. And something really interesting that she said, and I'd love both of you to touch on, is that she thinks banks are moving faster than FinTech when it comes to AI. And it's kind of relative in the sense that she means like Amazon Cloud came out like almost 20 years ago at this point, right? But the first um cloud native bank system didn't come out until like, you know, five, six, seven years ago. Whereas banks are actually starting to apply AI now. So I would love sort of like your thoughts on that statement and where are you saying banks are applying AI.

Oban MacTavish:

Do you want to go first, Nicky, or should I? I don't know if please. Um I think I mean I love we spend a lot of time with banks. I guess is maybe a place to start. And I think I've always been a proponent of saying that banks get a lot of flack. I would say though, our conversations with banks are ones of excitement in that they see the value of this. I think a lot of banks are really excited that they now have a vector to leverage what they see as a massive data asset that they haven't been able to use. I mean, I think it looks a lot like the wave of personalization we saw when every bank was trying to tap into things like plaid and get access to more data. That giant wave went functionally not very far. I guess nowhere might be a little rude. Um, but a lot of these banks got access to data and then stopped because investing and taking your data and transforming it and turning it into something you can actually leverage is incredibly, incredibly challenging. I mean, it's no surprise that I think B of A committed to spending like a billion dollars on technology and data science and engineering in 2026. That's a lot of money. And most banks don't have that much money to swing around. Um, I think banks are excited about AI, but I also think that when we talk to banks, which is, you know, we we spend all the time in the world talking to banks about their data and how they want to use it, they are on five-year digital transformation journeys. Like I mean, you can put that in their quotes, like digital transformation. But genuinely, like this is this is a long-term strategy for them. I think we are very far away from someone leveraging it in the way that we think a bank could be using it because the cost of mistakes are so, so, so high. Um, and I I'm really excited to see how they think about it. But I think step one in so many of these journeys is saying, hey, let's look at our data and figure out is it in a place you could even feed it into a model? I mean, I can't tell you how many AI first companies we're talking to today that are taking financial data, plugging it into models and seeing that it's not as successful as they were expecting because payments data is some of the worst quality data on the planet. Um, and I think banks are aware of that and they're investing in that, but I think we're still a ways away. And um, I'm not surprised someone from OpenAI is super excited about bank AI adoption, which is great.

Julie Verhage-Greenberg:

Yeah. Well, and um I was just gonna say it's all like relative, right? Like they're dipping their toes in it more versus you know, cloud, it took them forever. And let's not forget banking, like JP Morgan makes a heck of a lot of money without putting AI in their system. They're not as incentivized as other people might be. Nicky, I'd love, I'd love your take on this too.

Nicky Goulimis:

Yeah, I think I would mirror Open in a number of ways in that like I don't think I don't think any bank is having the conversation of like whether they should be doing things with AI, which is very different to every other fintech innovation, stablecoins, et cetera, they are debating. It's just a matter of like how quickly. Um, and I think, you know, I think it's public information. We work with Nat West, for instance, and you know, they have a big partnership with OpenAI, and like everyone has a license, they're doing loads of things. So a lot of the banks that we work with have incredibly impressive, dynamic chief AI officers who are pushing a huge transformation mandate. So, you know, at the at the big level picture, maybe I would agree with Jenny, you know, recognizing you know she has her own, you know, book to sell, like we all do. But like, you know, I do think, you know, there's not going to be this massive delta between fintechs and banks because banks are so clearly adopting. I think, you know, for us, there's a lot that's still really new. So, you know, I think we've spent the last few months going through a lot of different banks, you know, AI model governance where they all say to us, this is brand new and it's great, you get to be the first to go through it, um, which is which is not necessarily the most thrilling thing to hear as a fintech company because um, you know, there's still a lot of review. And I would maybe distinguish um, you know, between particularly anything that's customer faces, but versus what's back office facing. So um, we get a lot more pushback on the components of our product that use generative AI in particular for customer interactions versus the components that might use it more in the back end um or for the back office. And so I think there's and you know, I I I think that's a very la valid and legitimate concern. Like, I can't build your chatbot that's gonna go swear at your customer. Um that said, I also think it has to be a question of degree, like where are we better than what's already happening today and like what are the right um level of guardrails? Um, but maybe to end on a note of optimism though, like the other thing I'll say is that what's really nice about the big banks is like they are much more collaborative than a lot of the fintechs are. Like I think a lot of the fintechs, um, including ones that we work with, you know, they want to test AI everywhere, but they're also building the exact same product in-house and they're just A-B testing you and they're sort of taking you for a ride and like trying to trying to build things internally. Whereas I think big banks are very have a, you know, they've had to develop over the years a clear ethos of like what is our specialization and what isn't. And I think that actually means there's a more fruitful collaboration to be had and more, not just, you know, commercially we have more to do, but actually there's just like more room to grow together and truly partner.

Oban MacTavish:

I feel like something we've seen is that, and like where we get excited about banks is that AI as an accelerator for product development is, I think, a really underappreciated idea when it comes to banks. Like most businesses, they're on some scale of like, okay, they just want infrastructure and data. They want infrastructure and data and a product, and they just want to buy products. And for a long time, banks were always seen as like this. Oh, this bank, banks only they only want to buy like a big platform. They aren't very technically nuanced. So like, don't try to sell them infra. And then they all went and tried to figure out cloud, and many, many did. Like some people are still getting there, but you'd be shocked. We're talking to like a top 200 bank, like a bank you've never heard of, and they're going through a cloud migration right now, and they're excited about what that means for them as a business. And I think I always find that investors, there's these like, you know, they always tell you, I'll sign to banks. It's gonna take forever. They're never gonna buy anything. And I actually don't think that's true anymore. Like, I think there's been a fundamental shift, and like what's underappreciated is like, yes, AI could mean maybe one day they could, you know, uh reduce the size of their call center. They could do these things and look at all like the economic benefit they would have. But the piece that I think is underappreciated is that they think they can do more with their technology because one, they feel as though AI will augment their existing IT teams to accelerate their ability to implement, but also that they could now do things they could never do before with AI. When I think so, I actually think while a lot of people might assume that this is gonna create some weird overhang, I actually think it's gonna create a big opportunity for people selling to and trying to work with banks because they're saying, like, either I will be implement your software faster, or I actually need access to tools I would never have needed before because we couldn't build anything and we, you know, we just bought it from FIS or FIServe or Jack Henry. Um, and I think that's changing and very exciting.

Julie Verhage-Greenberg:

The other interesting thing is like you you can't really have a long sales cycle with AI, right? Because like AI is just changing so quickly. You have to be able to move a lot faster than what banks are used to.

Oban MacTavish:

It's very exciting.

Emmalyn Shaw:

I agree. We're definitely seeing that on our side on the investment side. I mean, JP Morgan put what over a billion dollars into AI, of which they've already repaid all that back, and that's just the beginning. So I think we're just at that inflection point for sure, and they can't afford not to be part of the game. And I'm glad that you guys are well positioned to really take advantage of it. Taking a step back, because you refer to generative AI particularly as like maybe back office versus front office, and there might be more inclination on the back office side versus the front office just by virtue of customer exposure, et cetera. But did you think about like generative AI is making fraud faster, cheaper, and more adaptive? And so the question is like, you talked about data and cleansing data, you talked about signaling, contextual information. How do you design detection systems that can evolve at the same speed? Like, what do you think are the core tenets that are required to really address these needs?

Nicky Goulimis:

And I think that's the gauntlet that's being thrown down right now because you know who's adopting generative AI faster than any fintech bank, et cetera, in the world, like it's fraudsters. Um so like we have to meet that moment. Um I think there's a few different components. I think one tenet is just like we have to go, you know, structured data is great, but we've got to go beyond structured data because we have to understand more of the payment chain, more of the payment context, more of the user behavior. Um, and so I think there's kind of like one piece is not just how do you bring more data, but how do you bring data that hasn't been used before that could only be interpreted now with the tools that we have? Three years ago, we wouldn't have been able to do anything with this data. Um, I think a second tenor is like, and this gets slippery, is kind of like, you know, in fraud we talk about detection versus prevention. Detection is like, did my machine learning model catch something? Prevention is like, was I able, you know, especially with something like fraud and scams, or at some point I need to get you to not make a payment, or I need to make your payment, or I need to decide that I'm gonna interfere. But like there is a decision that's made there and a decision that's behavioral. Um, and so that means both your detection has to be more accurate. You can't just flag up a million false positives and always be like, you know, actually, you know, secure authenticate every transaction or whatever it might be. But also when you detect it, you have to figure out a way to engage the consumer in it. It's not just uh my systems in isolation because this is social engineering, there's a human being involved. Um, and then I think uh, you know, ultimately, when we look at um just like where we're at with generative AI and how we need to move faster, um, I think we need to be constantly like adapting tools that are by nature just like changing alongside the systems. And so, you know, for us, that means um we're changing and adding data sets, user journeys, et cetera, to our platform every single day in response to what we're seeing. And as Oban talked about, we're building infrastructure where we exchange that information between banks because you could never work, you know, the only way that you can win is through a network. And so a bank can work in isolation to try and determine is something a scam or not. But actually, if like Barclays has just been through the exact same wave of attacks, you should react to it super fast.

Oban MacTavish:

Absolutely. It's funny. I feel like the I was talking to someone on the acquiring side once, and they said the only way to have zero fraud is to block every transaction. Uh, and I think there's some truth to that where we're not trying to move to a world where there's no fraud. We're trying to ensure that the minimum amount of bad experiences and bad actors get through and the maximum amount of good transactions get through. And I think I I saw uh a stat last year that was talking about the authorization rates in the card universe are down. So banks are cracking down and fraud rates are up, which is probably the worst possible chart you can see, because you'd like to see these things correlated and say, okay, yeah, we're cracking down on authorization, but fraud is down and fraud, fraud's up. And I I think Nicky's absolutely right. Like so much of this is a is a data problem, but there's also an intervention problem that I think broadly, the United States in particular, it we're still catching up globally. And I think if you look at where so many of these problems exist in the card universe, other types of payments, is that intervention is really changing. Challenging. Like, I think we don't realize that like for the longest time, you could not stop a transaction in flight unless you, if you were a bank. Many banks could not even make a rule the same day. They sent a ticket, they opened a ticket with a their core provider, sending literally an email to somebody who would create a rule for them, for them. Like the ability for banks to actually intervene in many of these flows is limited. And I I think there's so many, so much opportunity in helping that happen. I mean, the number of the these modern processors who will again remain unnamed in the credit card stack who are who are essentially just taking what core card and I2C and all these really old school platforms that did and sort of are just now adding them. It's crazy to me. I don't know how the the idea that intervention in the card flow wasn't important came about because I don't think there's been as much interest there. Because the number one, we did a talk last year specifically asking about third-party data and authorization. And one of the number one issues that all the banks flagged there when we were asking, like, what are the problems with leveraging more data? Is like we literally can't. Their processors cannot leverage more data. And some people were even saying if they add more rules to their authorization decisioning, they will not be within the auth window. They get timeouts because they're trying to do too complicated logic, like if and statements. And I think so much of this is can be seen as a data problem. And I actually absolutely think that exists, but I think there's just a true like a software problem of saying, how do we intervene gracefully? How do we stop the transactions that need to be stopped and protect our customers? And if you can't do that, it's gonna be a huge problem because fraud is only gonna get faster. And what used to be like, okay, yeah, you know, don't put your credit card in at this like gas station in the middle. Oh no, you're, you know, someone stole your wallet. Like these things are that's not hard for a bank to stop now. The challenge is like, oh, you've been social engineered or you know, your card number got sold on the dark web and someone's dripping money out of your account. These are solvable problems, but you need to be able to intervene and notify your customer and have an actual sort of dialogue and make sure this is okay. And, you know, the networks tried to do it with 3DS. I have lots of opinions there. I don't think that's ever gonna happen in the US. But um, you know, if the if the network's not gonna do it, someone needs to step in and help make that possible for banks because they can have all the data in the world, but if they can't stop a transaction in flight, it's never gonna fix the problem.

Nicky Goulimis:

Yeah, I I find your like stats about like both author rates and fraud rates going up, you know, like horrifying. And like in our world, like what we see, the best bank that we've worked with so far catches 50% of scams. So it's missing half of them. And that costs them 90% false positives. That means like nine out of ten alerts are actually, you know, a genuine payment that should go through that's then going to some like expensive manual review that's painful for the customer. And so it's, you know, and I don't think you know, this the level of alerting is not going to go away, but we need higher quality alerts, and then we need higher quality interventions off the back of them.

Ad:

Let's face it, checkout was never built with the customer in mind. Too many clicks, too many abandoned carts, and too many failed payments. That's why Skipify is reinventing the checkout from the inside out. Skipify connects identity and payment information directly from banks and networks so that when a shopper shows up at checkout, their info is already there, safe, secure, and ready to go. It's not magic. It's Skippify's real-time network of direct connections with the biggest financial institutions. The result? Less friction, higher conversion, and a better experience for everyone. Skippify merchants see 99% card linking authorization rates and 80% return user conversion. And it doesn't stop at cards. Skippify supports pay by bank, installments, rewards, loyalty, and even agentic commerce, enabling LLMs, chatbots, and AI-powered shopping experiences to transact with almost no tech lift from the merchant. The future of checkout is intelligent, embedded, and effortless. And Skippy is making it real. Learn more at skippify.com. That's skippify.com.

Julie Verhage-Greenberg:

The question I have is sort of like a two-part question. What are the most complicated forms of fraud to solve at banks given these these issues that you've talked about? And then two, where are fraudsters spending most of their time now? Is it text, email, voice, video? Like what's the most concerning form of fraud today for each of you?

Nicky Goulimis:

So for us over the last like couple of months, we've seen a massive spike specifically in job scams. Um, so a lot of like the employment-based stuff, I find you, I recruit you to a platform and so forth. That tends to be a good thing.

Julie Verhage-Greenberg:

Also, I I shouldn't have I shouldn't have applied to those text messages from someone saying that, you know, I my resume looked perfect, even though I never sent a resume. Okay. Yeah.

Nicky Goulimis:

And like many of them are ludicrous, but many of them are increasingly believable. And like there is a big big economy, and we are all looking for jobs. And so um, yeah, I think uh that that tends to occur more of like messaging text and then graduates to phone calls. So it's typically a progression. And then a lot of our bread and butter is like investment scams still, which um typically are really hard to catch because you know the challenge is that typically there may be a romance scam associated, but there has been some grooming process and trust building along the way. So you've maybe like you've set up an account, you've seen some paper returns, and actually maybe you've actually realized some of those returns. You've got the hundred pounds, hundred dollars back, you've got the two hundred dollars back, but then when it comes time to withdraw the 30,000 that you've invested, like that platform's gone and that's you know been liquidated onto Tether or something like that. And so um, it's really insidious. It's it's and I think that's the that's the broader piece I would make is like, you know, I think there's a lot of point solutions. That's like, let's go crack the authenticity of video as a standalone, or let's understand if an investment is on a particular crypto um chain is is um legitimate or whatever, but actually you need kind of a multivariate multi-channel view.

Oban MacTavish:

Yeah. We've been seeing more and more merchant-related fraud for a long time when we were working in the fraud space with people, honestly, people were just like, yeah, it's not actually the biggest vector. And you can even look at like the re reality is most old school fraud models and approaches on the banking side really focused on like uh divergent behavior, like tracking, like, okay, we know how Nicky spends her money and then she does something different, and that's indicative of ATO or something like that. The problem is that e-commerce kind of blew that out of the water because now we all buy from mostly faceless online merchants who are stuck under like a platform that consolidates all the merchant IDs for cost-sharing reasons or just obfuscates who you're buying money from because it's, you know, there are platforms. They actually benefit a lot from the fact that everything is medium risk versus some things being high risk, sometimes some things being low risk. Um, and we've just been seeing the rise of like merchant-related fraud, like the number of strange businesses that will pop up and be a like a fake website that looks relatively legitimate. And my assumption, and like it's very hard to figure out what vector these businesses are being attacked from, but we have even customers on the business side who experienced like uh sort of like account draining attacks coming from either compromised POS systems or um just fake businesses. So someone will buy uh you know packets of cards on the dark web and do, you know, uh, or they'll enumerate bins, so they're just generating bins and trying to guess because they've managed to harvest like a small fraction of your identity information. So they're essentially just trying to guess what credit card your number is. And then once they get through, they'll sort of drip in transactions, you know, tiny dollar amounts. We're talking like 10 cents, eight cents, fifteen cents over the course of days, and then as they they sort of increase the thing, and then they'll just do a huge pull on your card, or they'll just sort of increase that number and just sort of slowly drip money out of your account. And so much of this is merchant-based because um these this next future generation of acquirer and PSP is incentivized to maximize how quickly they can onboard people. They want to onboard you as quickly as possible. You'll tell them what you should be processing under. So, of course, it's something vague or it's something completely innocuous, like you're a restaurant, and they can let you get set up in a day. But that just means you have a POS system, a digital POS system sometimes that can just be used to ping things. And like that is just a vector for attack. And historically, there was all sorts of checks, and the compliance tools that have appeared to monitor this have not kept up with the pace of the fraudster. Like now we're seeing companies who are like, oh, we'll scan the website, we'll do these things. But the reality is like it's just an arms race. You know, it's a look-alike business. It, you know, you can make your descriptor whatever you want, you can change your MCC code, you can rotate your mid. There's all these different sort of like antagonistic strategies these people take. And I think it's it's kind of shocking actually when you see some of these websites and you're like, I don't like how did this not get stopped by acquirer who will rename uh remain unnamed? Um, like they're incentivized to onboard these people as quickly as possible. So it's becoming a huge, huge, huge problem, especially for financial institutions.

Emmalyn Shaw:

There's a lot of nameless folks in your answers. I'm I'm very intrigued. I get the off looking.

Oban MacTavish:

I think we're uniquely positioned. We talk to a lot of banks who have complaints, and we talk to a lot of the acquirers and the PSPs who have specific banks they don't like. So it's lots of fun, but yeah, you hear.

Nicky Goulimis:

Gosh.

Oban MacTavish:

Yeah.

Emmalyn Shaw:

All right. Let's take another step back or to the side. Let's think about some of the other stakeholders. If you could rewrite one rule or a regulatory approach uh to make fraud prevention smarter and more collaborative, what would you change?

Oban MacTavish:

I'll steal from the UK. I think that financial institutions should be more on the hook for the cost of fraud, uh of like social manipulation in the United States on both the card and uh like real Zell and RTP. Like I think we just need to they need to have a financial pain because right now, so much of the time they'll push back and fight it with the consumer. But if they were legally required to do this, to do things like move money in real time or um, you know, certain types of manipulation, I think they have to bear some of that cost. Otherwise, it's gonna be harder and harder to change this because it doesn't hit the bottom line in the same way.

Nicky Goulimis:

Yeah, and there is kind of a global mandate around that increasingly, like Philippines, Singapore, Australia, you EU under PSD3, et cetera, Korea and so forth. There is there is much more in other geographies, kind of a focus on consumer protection. But, you know, I think the the point that banks make, which I think is a very, very valid one, is like we need to bring the tech platforms to the conversation. And so, you know, 70% of scams may originate on like Telegram, Facebook, WhatsApp. You know, there's a there's a limited list. Um, and those folks aren't liable. They'll say things like attribution is hard to do, which um is their entire business model. Um, you know, there is there is a gap in responsibility and visibility and things like that. But um, perhaps a liability model would be really effective and kind of like managing more across the chain. But, you know, I'm actually I'm not a massive proponent of regulation. I think there is a lot that banks can do and want to do because of the OpEx challenges we mentioned before, because of the customer impact, because of the customer experience and the impacts of false positives. And so, you know, the business case actually writes itself for most banks when you start looking at the cost of investigation, the cost of customer churn, and just the fact that it's it's no longer just a niche challenge. It's existential. Um, there's no one who can't be scammed. It's not, you know, like you say, it's not just, oh, is this a really unusual transaction? It's like actually all of us can be have been or probably unwittingly tricked into giving our card details to the wrong place. Um, so I think um I think there's a lot of uh excitement and appetite around solutions, uh, but I think it remains the the earlier piece around just like how do we move at the right speed here? Oh my gosh, hello.

Julie Verhage-Greenberg:

Hello. Oh, Helen has a question too. Quinn has a question too. She says, Do you have any examples of like a surprising moment where your platform's caught fraud and you're like, oh hey, like it's working. We caught it, we did it.

Oban MacTavish:

Um, we had an example with a customer where we actually we keep track of a lot of metrics about our performance. And we saw this customer whose like match rate was like slowly trickling down over the course of a couple days. And we looked into it and we found out we're like, it's so bizarre that we're not getting so many of this very specific transaction. It turns out this was someone just who had enumerated this person, this customer or this collection of customers' cards and was draining money from their accounts. Um, and we looked at it and then we took this like missed this merchant we didn't end up matching to and ran it through our models. We're like, oh, this is for sure just fraud. So we were able to reach out and tell them to shut down this attack. But it was all it was driven by the fact that like somebody was looking at a dashboard somewhere. Like I can't even pretend that we were we had proactively caught it. We we hadn't. Um and but we had realized there was just like, oh, there's actually a huge correlation in our inability to detect who the merchant is and it being high risk, which is a weird, which is fun and opens up a whole new vector of like helping people stop fraud. But it was literally just luck. It's like I I don't know if we ever would have caught it if someone had been looking at a dashboard during a day when there was just like a spike in all these mistransactions. So it was kind of crazy.

Nicky Goulimis:

That's so cool. I think some of the some of the pieces that make me super, I mean, it's super vindicating to catch a scam and to to be able to protect it. But some of the moments I enjoy the most is also seeing just like genuine payments go through because you know, it's so painful when you suddenly have a payment that's held and you need to go through phone calls and review and you provide context on those sorts of things. And so um, I love those moments of just like this payment was gonna get blocked, and actually now it's unblocked because we understood it's legitimate and let's go. Um, but I think you know, one of the one of the you know trends that we're seeing right now, which is you know really insidious and hard to catch, is around Ponzi schemes in particular. So that will be like a legitimate entity set up with a legitimate website, a bunch of legitimate directors, legitimate bank account. And so it's just like really, really hard to catch. And of late, we've had quite a lot of these where we've been able to see like across institution the same type of underlying recipient. Um, and and it could be a completely different bank account and so forth, but the same type of like investment activity going to that entity and being able to track it. And so that's that's been super gratifying.

Julie Verhage-Greenberg:

Well, I heard I heard half of that answer and then Quinn heard the other half. But I'm excited to listen to the edited episode and find out what the other part was.

Emmalyn Shaw:

Julie, I'm actually, I think Quinn, between her vibe coding skills and the next year, who knows what she's gonna come up with.

Julie Verhage-Greenberg:

I think I know she's gonna give us all a run for a month before I know it. Yeah. If you guys are hiring, you know, we we got your next AI person here.

Oban MacTavish:

Employment law. That's the regulation we're gonna change, right?

Julie Verhage-Greenberg:

Exactly.

Emmalyn Shaw:

Well, look, you guys have been incredibly helpful in just kind of helping us dissect the what, the if, the how. Let's take a moment to look forward. Um, it's often said that fraud prevention is an arms race, and I think we've all described right here how consequential it is and how fast moving it is. Where do we think the next battlefield is? Where do we think innovation and exploitation are gonna collide next? And if you think about, let's use a 10-year cycle, 10 years from now, when transactions are invisible and instantaneous, how do we imagine will people decide who and what to trust? What is the what's the paradigm? How does it shift and put look at your crystal ball and tell us what you see?

Nicky Goulimis:

I suspect Oban and I might agree on this one, but um, I mean, first of all, we're super excited about agentic commerce. You know, I think that's great for consumers, that's great for the economy. More merchants can come in, lots of opportunity, and just smoothing of friction. But I think, you know, while there's been a lot of attention focused on like, is the card holder giving consent, all those sorts of things, there's been a lot less focus on just like, you know, like Oban saying, is this a legitimate merchant? Is this a dodgy transaction? And like a robot whose job is to find the cheapest, fastest, most local thing to me is actually a very easy robot to send um to a website that's completely fraudulent or that never has a good, and so on and so forth. And so um, you know, we say that for humans, uh, you know, anyone can be scammed increasingly and there's no amount of like IQ test or uh, you know, my favorite bugbearer, financial education, that solves the problem. Uh, but I think I think that arms race with agents is is even more terrifying.

Oban MacTavish:

Yeah, I 100% agree. I think, you know, if we want this to work, it needs to be an open network that these things can transact for us anywhere because otherwise, what's the point? Like if we can only shop at uh Stripe Merchants or Shopify or S. Like it just doesn't, I'm like, why would I ever do that? Like, not I just can't imagine, at least for the product to say.

Nicky Goulimis:

I don't need the agent.

Oban MacTavish:

Exactly, that exists already. Um, so if we really want this to scale, you need to be spent be able to spend anywhere and hunt deals and do all these things. But if you the more freedom you give it, the more likely it is these things are going to be the victims of injection attacks and things like that. Like, we've all seen you know crazy examples of people like bartering car loans and stuff like this. Like these are not foolproof systems and they'll never be foolproof. And I think that's where if we want this to be a real future where we have these things running around transacting for us, it'll be the that'll be where you need to figure out how to protect the payment and the consumer and the agent. Like, I think so many of the solutions people are suggesting will just slow down the pace of innovation to the point where it'll just die as a fad. You know, it's like if you look at so many of like stable coins or some of these other new payment methods, like the number one problem is almost always is adoption. Like even in the US, I think the great one of the good examples is pay by bank. It's challenging. It's actually an incredible product. But if you don't have wide adoption, it becomes a challenge to convince people to use the vector. So if your agent can't actually shop all the places you want to shop, how do you get adoption? And and then it becomes a problem of how do you protect. And I I I'm very curious to see how the world plays out in that sense because it's I don't know if we've seen the types of issues and sort of fraud attacks we're gonna see in these types of worlds.

Nicky Goulimis:

Although I guess like, you know, some of the challenges of pay by bank in terms of the user experience get abstracted away in an agentic world. But over, you seem to think agentic commerce is only gonna be cars.

Oban MacTavish:

I think uh we all, many people, we get uh many, not everyone benefits from the ecosystem of the cards. I think mass adoption, the ability to transact anywhere safely when being protected by uh an adjudicating body who generally tries to protect consumers, I think is like an incredibly, incredibly powerful thing. And I am way more likely to say, okay, great, well, oh, you know, accidentally spent my Amex at this scam, and I'll just call Amex and they'll, you know, they'll write it off and I'll get my money back. God forbid my agent is able to literally move money from my account into someone's else's someone else's account and I can't touch it. That just feels so high risk to me. Like, why would I ever do that? You know, some people might, but if you can be extended credit, it just feels like a I I can't imagine a world.

Nicky Goulimis:

That's a very American perspective.

Oban MacTavish:

It is. And I'm Canadian, so look at that.

Emmalyn Shaw:

Either, by the way. This is we're talking, we're still talking across, you know, two more traditional set of brands. Yes, I imagine as such.

Julie Verhage-Greenberg:

Amazing. So we have a set of quick fire round questions that are not related to uh what we've talked about so far that that we can dive into too. Um, if you could have one dinner guest, dead or alive, past present, um, who would it be and why? Uh we'll start with Owen.

Oban MacTavish:

Um I feel like I feel like Warren Buffett. Maybe that's a funny answer, but you know, the farewell letter, like this feels very timely. I think uh that would be really, really interesting. So definitely Warren Buffett.

Nicky Goulimis:

Um, I'm gonna go Jamie Diamond.

Oban MacTavish:

That's a good one.

Nicky Goulimis:

That's a very good one.

Julie Verhage-Greenberg:

Quinn said that she wasn't one, but I mean, if she's not available, then we'll save up.

Emmalyn Shaw:

All right, let's go to another one. What is a personal highlight for 2025? Well, start with Nicky.

Nicky Goulimis:

Um just too many to mention. Um over and over to you.

Oban MacTavish:

Um I uh have really gotten into running this year and I got up to about forty five miles a week. In terms of running, which was the most I've ever run in a week, which was a lot to run. And yeah, it was a highlight.

Julie Verhage-Greenberg:

At first, we were gonna say you're like an ultra marathon or you like ran a 50 mile race or something. I was like cooler. No.

Emmalyn Shaw:

No, it's actually a much harder to do that at this stage. So I think that's actually pretty awesome.

Julie Verhage-Greenberg:

Yeah, I've done I haven't done a marathon before, but I've done like five Ks, ten K's, and half marathons. I think the 10K is actually the hardest because it's like short enough where you can push the speed, like half to a full, and beyond, you kind of have to have the endurance aspect. Like you need to start slow. Whereas a 10K, I'm like, I can still gun it a little bit.

Nicky Goulimis:

So it gets tricky. I was on um Grease's shock tank, uh, which was a ridiculous experience.

Emmalyn Shaw:

So what was it that it was Grease's Shark Tank or that it was just I mean, it tells you how broad my reach is. Hey, it's much broader, trust me.

Julie Verhage-Greenberg:

I've never been on Shark Tank, so you know it you you've won up to me. You've none of the other ones of us have been on Shark Tank before. So there you go. I think it's cool. Yeah. Yeah, I see your running and I raise your hand. Uh so the I mean you might have touched on it a little bit, Oban, but how do you de-stress? I'm assuming running might be part of that, but uh you might have other things in there as well.

Oban MacTavish:

Running, I think cooking is a big one for me too. Like it's nice to just like put it put away the phone, put away the laptop, you know, put it on silent and just make some food at home, which is uh surprisingly like not a very New York thing. So many people in New York do not cook at all. It's crazy.

Emmalyn Shaw:

We're coming over for the next time we're in New York, we're coming over for a dinner party. This is sounding we can bring wine. I can bring wine.

Julie Verhage-Greenberg:

What's your favorite thing to cook?

Oban MacTavish:

My favorite thing to cook? I don't I feel like fresh pasta is good or like a really nice steak. I don't know. I th I I I feel like I'm trying to get back into more complicated stuff. There was a period there I would be like, I had like a dehydrator, I had all sorts of dusts and stuff, but I'm kind of boring these days. So I'm trying to make it, you know, get back to like uh less utilitarian cooking, I think.

Emmalyn Shaw:

We're coming over. We've invited ourselves.

Nicky Goulimis:

Nicky. I'm going through a strong Scrabble streak at the moment. Okay.

Oban MacTavish:

That's very fun.

Nicky Goulimis:

Online, in person? No, no, in person with a real board.

Emmalyn Shaw:

Okay. Oh, I'm liking this. All right. Note to self. Let's not have a competition there. I'm gonna remember that for the next gathering.

Nicky Goulimis:

Yeah, I'm not gonna enjoy while I'm playing it, but off of the fact I feel relaxed.

Julie Verhage-Greenberg:

Quinn de stresses with magnetiles.

Emmalyn Shaw:

I was gonna ask what Quinn says. We love magnetiles.

Julie Verhage-Greenberg:

Yeah. They're kind of like a toy that appeals to every single. It's like it's like a sometimes. I just sit there and I'm doing it. I'm like, wait, Quinn left like five minutes ago and I'm still here building.

Nicky Goulimis:

I must make a tower.

Emmalyn Shaw:

It's brilliant.

Julie Verhage-Greenberg:

All right, well, thank you guys. This was so much fun.

Emmalyn Shaw:

Thank you. And thank you, Quinn.

Julie Verhage-Greenberg:

Yeah. Can you say thank you? See you soon.

Oban MacTavish:

See you soon.

Julie Verhage-Greenberg:

Bye. Thanks, guys.