In an exclusive interview with David Hobbs, a fraud expert at Check Point, Conor Burke, the co-founder and CTO of Inscribe, sheds light on his AI-powered startup’s efforts to combat document fraud. As financial institutions prioritize the improvement of risk data availability, quality and timeliness, AI-powered fraud and credit insights can simplify decision-making, minimize uncertainty and reduce costs. Keep reading to find out about how Inscribe’s innovative technology is helping businesses stay ahead of the fraudsters.
In brief, can you tell us a bit about the Inscribe story? How did you go from an idea to a viable product?
The idea for Inscribe started with my experience at a large bank in Ireland, where I served in the Risk Operations department. I assisted with a digital transformation project in which the bank wanted to digitize thirty years’ worth of records from applicants for loans, credit cards and bank accounts. My team was also responsible for digitizing the brand new applications that came through.
During this project, one big blocker that the bank had and that they really struggled to get over was, ‘How do you automate the document review and digitization process without introducing the possibility of additional fraud?’ Because these application documents contained critical information needed to determine the eligibility and trustworthiness of a potential customer, the bank had to ensure that the documents provided were legitimate (and not altered in any way).
This was a recurrent question that the team really struggled with. By the end of my time there, we still hadn’t really come to a great, conclusive answer. So this experience was kind of a seed for what Inscribe would become.
But we really had to ask, ‘Okay, how are we going to prove that this is a big enough problem to solve – that this is a viable vector that we could use to help detect more fraud?’ And what we did here consisted of asking companies ‘Is this a big problem for you and would you be willing to work with us?’
We didn’t really have a product at that point – our company was only a few people. But we did have really strong interest from the market. A lot of what we heard was, ‘Yes, solving this problem of automating the review process while detecting fraud would be incredibly valuable.’
Prior to starting Inscribe, what were the issues that you saw in the fraud detection world, and how does Inscribe resolve such problems?
I think that a pervasive challenge within the fraud detection industry is the need for more data. So, fraud detection companies and financial services companies are always looking for new data points to analyze in order to find new trends in fraud or to stay ahead of fraudsters, who are always innovating.
Documents are an old vector for fraud but a new one for fraud detection. Before Inscribe, documents were purely a means of transferring information, and the documents, themselves, weren’t necessarily analyzed for fraud.
What we found was that this really complemented other means of checking for fraud; verifying people’s email addresses, checking phone information, device information…etc.,
As the CTO of an award-winning fraud detection firm, what makes the technology so great and so in-demand?
As a company, we took a very technology-first approach. This forced us to spend our resources on finding and building the best technology to detect document fraud.
In this particular case, what we’ve really done consists of making sure that our data is the best data in terms of aggregating the largest data set of fraudulent documents in the world to work with, and secondly, ensuring that data and documents are labeled accurately; that the document collection is up-to-date, that it’s varied across different sectors and industries within our user base.
We also make sure that we have a very good handle on the machine learning models that we use to train on this data. For example, we’re always looking for the latest machine learning models to detect anomalous patterns in machine learning data. Across the past four years at Inscribe, we’ve often said that we have to stay ahead of research and implement new language models as fast as possible.
Using the latest data and machine learning models has really put us in a good position when it comes to best-in-class document fraud detection.
How have you and your team ensured that the Inscribe product is secure?
For us, security has always been really important. We’ve felt that since Day 1. We know that we have to earn the trust of our customers in order to be trusted with their sensitive data.
First, we’ve made sure that security culture is embedded within our decision-making process. Security is always top-of-mind in terms of how we’re handling data, how we’re protecting it, and how we’re accessing it, among other things. Security isn’t just something that our security engineers handle, it’s something that we encourage all members at Inscribe to be involved with. We have a high tolerance for a high-security environment in order to protect our users’ data.
As a company, we’ve implemented SOC 2, type two and ISO-27001 security measures. We have security policies and procedures in place that allow us to know what to do in various scenarios, and we’ve set up our infrastructure in such a way that it does keep our customers’ data safe.
We also have a few entrepreneurial initiatives around zero-trust authentication in front of applications, hardware 2FA for all of our team members, and we make sure that all of our endpoint devices have the latest antivirus and malware protection as well. Overall, we’re quite proud of our security posture at Inscribe. We think that it’s been a big selling point for us, especially when compared to some of our market competitors, and it’s something that we’re going to invest in as we move forward.
Today, we see a lot of breakdown in terms of people and processes at financial institutions. Example: We’re working on a case where one person has had over a million dollars in fraud against his credit cards across 4-5 major financial institutions. The scammers keep re-opening his credit cards and abusing them before he can discover the new cards being re-issued and have them shut off. How does Inscribe help financial institutions close the gaps in people and processes?
This is a really interesting example. And first of all, I would empathize deeply with the victim in the case here. I can only imagine how extremely stressful this would be, and it’s one of those things that’s tough to overcome quickly.
In terms of how Inscribe helps in this kind of scenario: Inscribe sits at the point of application, so anytime an applicant is applying for financial services, we’re allies who can help the financial institution assess any documents provided and prove (or disprove) certain parts of applicants’ identities, income…etc.
In this particular example, what I imagine that’s happening is that either all of or part of this person’s identity was stolen by the fraudster. The fraudster essentially either creates or reuses a set of documents to prove their ownership over a new identity. They may have a utility bill to prove that they live in a certain state or address, they may even have some fake bank statements to prove to a new bank that they already have accounts elsewhere, they may have a fake SSN card to prove that they have a specific SSN number, and they may have some fake IDs to go along with that.
If this particular fraudster were to apply for a bank account or credit card from a financial services institution with fake documentation, we Inscribe would flag evidence of document fabrication using our proprietary tools. That would be the most immediate way in which we could help.
One more point here: The larger financial services industry is currently trying to grapple with the concept of a fraud consortium, which would potentially allow financial institutions to improve communication, threat intelligence…etc.
Does Inscribe have ways to determine unique identifiers that can help automate fraud detection that goes beyond normal correlation engines?
Yes. In terms of unique identifiers here, this really comes down to two data points. One is the document itself, and two is the data within the documents and the content. So in terms of unique identifiers here, what’s really interesting is trying to understand where the document came from, how it’s constructed, and any other fields that we can extract from the document.
In addition, with the content in the document — you can imagine a bank statement, a utility bill, tax document or an ID — there’s lots of really high-signal identifiers within those documents that you can use to create fraud models. For example, if you have someone’s identity, you can analyze a particular income and/or revenues…and all of this can be used to paint a picture of an applicant and to get a sense of the potential for fraud.
These are unique identifiers that we use at Inscribe to help us catch fraud. As you can imagine, we were the first company to let us look at these things, and we’ve gone beyond what was previously used to detect document fraud, enabling us to provide a bit of an edge for our customers’ and their fraud detection systems.
During the pandemic there were a LOT of fraudulent loans and unemployment claims in the U.S. How would Inscribe have helped companies and governments to detect and stop this?
Great question. During the pandemic, we were helping a number of companies in the business loan space disperse PPP loans, which were part of a program that the government set up to support small businesses so that they could keep their employees on payroll during coronavirus-related closures.
You’re right to say that there was a lot of fraud occurring in the space, and that there have been congressional hearings on this issue in the past couple of months.
In this case, Inscribe was able to help a number of these companies during that process. So these business lending companies really had a huge task on their hands in handling this massive surge in applications and in the dispersal of loans in record-time. Essentially, their whole loan distribution process had to be revamped and their fraud-detection stack also had to be reconfigured to operate on such a tight timescale. Inscribe was used during many of these processes in order to prove specific facts about enterprises (number of employees…etc.,) or that a business itself was real.
In hindsight, a lot of these businesses that were applying for loans didn’t really exist. They were made up. Despite that, they did actually receive loans. Identifying fraudulent companies was one of the ways in which Inscribe helped lending organizations during the pandemic.
During the pandemic, we observed the highest rates of fraud that our systems have ever detected. Essentially, we helped save organizations tens of millions of dollars that otherwise would have gone to fraudsters, every month.
Are you using machine learning or deep learning in your systems and how do you think the prevalence of AI will change your strategy, especially with things like ChatGPT, that now can be weaponized? Talk to us a little bit about how you use AI, and your strategy:
In terms of how we currently use AI at Inscribe: We primarily use AI to understand a document’s context. When we receive a document, we don’t know anything about it. We don’t know what type of document it is, what information exists within it, if the content is good or bad…So we’ve used AI to build a series of models that help us classify documents quickly.
We also have AI-based models that help us look for specific evidence of fraud. For example, is there any evidence of tampering? Have we seen a pattern pertaining to this type of content in the past? With a dozen or so models, altogether, we’re able to obtain clear insights into a document’s authenticity (or lack thereof).
In terms of AI and how it will change our strategy, I think that there are two interesting things to look at.
1) We’re constantly on the lookout for new models to improve our systems. But as you kind of hinted at, ChatGPT, or large language-learning models in general, definitely bring in different ways of making use of our growing database. It’s not something that we’ve developed just yet, but it’s something that we’re thinking a lot about internally.
2) In terms of how fraudsters may start using AI or ChatGPT, we have seen some level of automation from fraudsters in the past. I think that we may see more automated, large-scale fraud attacks related to ChatGPT. Definitely an interesting time to be in the space. Lots of dynamics are changing. At Inscribe, we’re definitely eager to help customers understand the changing landscape, and for us to stay ahead of that in terms of our product offerings.
Is there anything else that you would like to share with the CyberTalk.org audience?
I appreciate the conversation. If anyone is in the financial services industry and thinking that Inscribe might be of interest, I would love to chat. You can reach us through https://www.inscribe.ai
David Hobbs currently serves in the Office of the CTO at Check Point while also managing Security Engineering in the Pacific Northwest. With over 25-years of experience, David has served as a consultant to numerous Federal and State Agencies, including the FBI, U.S. Army Counterintelligence, Secret Service, and many private investigation companies.
Conor Burke is the co-founder and CTO of Inscribe, an award-winning solution that helps companies fight document fraud with AI. He and his twin brother, Ronan Burke, co-founded Inscribe in 2017 with the goal of creating a more fair and efficient financial services ecosystem. A 2020 Forbes “30 Under 30 Europe” honoree, Conor speaks at industry events and has been featured in VentureBeat, Forbes, and The Irish Times. He graduated from the University College Dublin with a Bachelor’s degree in Electronic Engineering and completed the Y Combinator startup accelerator program. Conor is an Ireland native currently splitting his time between Inscribe’s San Francisco and Europe offices.