Convenience Matters Introduction (00:05):
[Music] You’re listening to Convenience Matters brought to you by NACS. Whether it’s for food, fuel drinks or snacks, about half of the us population shops at a convenience store every day. We’ll talk about what we see at stores and what the future may hold for our industry.

Jeff Lenard (00:24):
There’s no question that the pandemic has placed a new premium on safety and that’s led to a rapid embrace of new convenience related to payments. Cash is out electronic payments are in, but are these safe payment options safe? We’ll talk about that in today’s episode.

Jeff Lenard (00:43):
Minimizing interaction with people has been a big focus of the COVID pandemic. How do you minimize interactions to maintain your security, your safety, and that’s led to new payment options. And oftentimes there are concerns about how safe those are. That’s what we’re going to talk about today. My name is Jeff Lenard with NACS.

Paige Anderson (01:05):
And I’m Paige Anderson with NACS. And today we have two security experts that you’re going to enjoy listening to. First off we have Danny Omiliak who’s a consultant with W. Capra and has worked with petroleum industry for a long time. We also have Casey Zenner, the Director of Enterprise Sales with Kount who has also worked with the convenience industry. Thank you for being here, gentlemen – we’re so excited to have you today. The first topic that I’d like to sort of bring up and, teed it up perfectly. Now when looking at technologies, particularly touchless and really minimizing how consumers interact with our businesses without touching a lot of devices. One thing that they do feel confident about is their own cell phone, their own mobile device. And so we’ve seen this huge consumer demand and for mobile apps and our businesses want to be able to offer that because consumers want them. But what a lot of folks don’t realize is there’s a lot that goes into developing those apps and making them safe for both the businesses and the consumers. So gentlemen, to tee it off here, you know, what should our retailers be thinking about?

Casey Zenner (02:17):
Yeah, Danny, I’ll let you go first.

Danny Omiliak (02:18):
Absolutely! Thanks Paige. It’s a great question. So, you know, obviously COVID has accelerated the transition of many merchants to rolling out mobile apps. Uh, and what we’ve seen is, not only has there been a trend of increase in digital sales across industries year over year LexisNexis actually has estimated 42% growth during the pandemic of digital sales. Uh, but mobile fraud has increased by even more than that. 48% increase in fraud year over year, in digital sales. So what we’re seeing is, these great experiences are being put out for consumers, which consumers enjoy, to your point. They’re safe. They feel more secure. There’s less interaction with people or terminals in a time when you’re trying to find less interaction with people in terminals, but fraudsters are now flocking to these new mobile applications. And so, what we see is there is a need to put in place, um, succinct fraud controls when you roll out mobile applications, or if you have an existing one in market to ensure that not only are the consumers protected from mobile fraud, but your businesses, right? Because it impacts merchants the most.

Casey Zenner (03:24):
Yeah, I would echo that. I mean, one of the biggest things that I’ve learned from the pandemic and how it’s really, you know, fast-tracked this whole process of, of having, uh, merchants, whether it’s in the petroleum space, whether it’s in food delivery, whether it’s in grocery delivery is really magnified the need to have the right blocking and tackling and risk mitigation in place to, like Danny said, not only protect their business, but also protect their users. Plus at the same time, the beauty of this this digital transformation digital journey is it allows these businesses also better track and better market to their customer base, which I think is so key. Yes, we want to stop the bad. And that’s something that at Kount, you know, we focus a lot on, is making sure that we have the right technology to deploy, to, to assist with what they’re looking to do from a digital perspective, but also to help them better target customers so they can have better retention, um, better use cases, better products available for their, for their particular customers and just create that better brand loyalty.

Casey Zenner (04:27):
And, you know, I know specifically working a lot with the W. Capra team. That’s something you guys are focused on a lot, as well as driving demand into those mobile channels, um, that are safe and secure.

Jeff Lenard (04:37):
And Casey, I want to follow up with that because I think it’s absolutely right talking about loyalty and brand. And some of those issues. An app has your store name on it. So clearly, if there’s fraud, it is much more closely tied to your business. And, even if it isn’t your fault, it feels like you’re a fault to the customer. So are there things that retailers need to look at as they build out these apps? Because I don’t want to say it’s happened overnight. Apps have been going on for a few years, but, um, we had a coin circulation problem last year where it was difficult to find a quarter for change. And we saw a dramatic reduction in the use of cash where at the pump, it went from about 24% to about 14% in a two month period. Um, so as this rapid rollout happens and you’re almost reacting, um, as much as you are being strategic, what are the strategic elements that you can either backfill or look at now as you roll out these apps?

Casey Zenner (05:42):
Yeah. Some of the things that, that we like to consult about, um, and oftentimes when we’ve talked to folks in the petroleum space, you know, the pandemic required them to move quickly, right? And so when they think about protecting their customer and protecting their brand, oftentimes these, these individuals think about what questions or what data requirements do I need to require a customer to input when I’m signing up for an account, when I’m storing a piece of payment type or into your wallet. I think the real important thing to keep in mind is you don’t need to make this feel like you’re getting your taxes done, right? Keep it short and simple. Require things like name, a phone number, an email address, make it simple upfront to get adoption, to get users using the technology. As you continue down that customer experience, that digital customer journey, then you can start to acquire additional information about them. Maybe it’s an address that you want to be able to start sending various promotions to. Um, maybe it is, um, other users within your household that are going to be utilizing the same app or the same loyalty points as they fill up at the same gas stations as I do. Um, so there’s different types of situations where you want to require more data, so you can help protect that user, but also, so you can better target that user to give them more bespoke product offerings for what you’re looking to sell.

Paige Anderson (07:08):
So, Casey, you’ve made it sound really easy, but obviously it’s more complex than that. And there are mistakes that retailers make sometimes when rolling out this new technology and these new services. So can you share some of the mistakes that you’ve seen retailers make and that we should avoid?

Casey Zenner (07:25):
Yeah, that’s actually a good point. And you mentioned something there that’s top of mind and it’s technology, right? A lot of organizations out there that are either deploying fraud and risk mitigation solutions, either through a payment service provider or a gateway might be heavy rules dependent, which is fine If you’re engaged in that and you know how to manage those, or you have the staff for it. Oftentimes whether it be petroleum, whether it be QSRs, anything outside of your traditional retail, they may not have fraud expertise there. So relying on somebody to, um, manufacture rules and policies and change those policies on the fly to keep up with the demand of fraud can be cumbersome. And you mentioned technology. And, uh, the biggest thing that I like to, um, educate the consumers on from my end, some of the buyers is trust technology; trust the machine learning; allow machine learning to do the bulk of the heavy lifting.

Casey Zenner (08:18):
So you don’t have to deploy so many resources, whether it be people, whether it be data scientists, uh, to manage the fraud risk solution, you know, it’s, pretty turnkey anymore. Um, I can speak specifically at Kount. I know that we deploy two types of machine learning and keep a very slim and minimal rule set. Um, and you’re going to be really, really well taken care of from that standpoint. So don’t, over-complicate it, don’t require more data, and I know that sounds counter counter-productive. We’re getting ready to turn on this digital channel, we’re going to be susceptible to fraud. Fraud platforms are really good at what they do trust them, work with them. Understand, um, what are some of the unique about your business. Things like distance calculations. Things like how far away is that device from the usual gas stations where a user logs in. If you see somebody logging in from a device that’s unrecognizable to what was created with that account in a state five states away require them to do some sort of, um, authentication, put up some sort of filter and blocking in there to help authenticate this individual and make sure that you’re safe and secure from the account creation, to when I’m adding payment types, to when I see a new device logging into the username and password with this individual, uh, application.

Casey Zenner (09:32):
So, um, again, trust technology. Make sure you have a great team that’s, uh, that’s going to be able to evaluate data and trends. And I know the guys at Capra and Danny specifically because we have a lot of, um, joint customers together do a tremendous job at that. So leverage those resources and really lean on them to help you, at least in the very early stages, the first three to six weeks.

Jeff Lenard (09:55):
And Danny, that’s also the focus, not just with, um, your company W. Capra, but also being involved in Connexus. Um, so what, what are some of the elements that, that you can add to that conversation?

Danny Omiliak (10:06):
Yeah. You know, Casey hit on the big one, which is machine learning. That is where the fraud industry and by fraud, I mean preventing fraud is moving. That is kind of a, what we see as the catch-all, because it can identify many different types of fraud, right? So it’s not just, Hey, uh, I’m checking your {indiscernible}, to make sure that, uh, that credential is valid. It can look at, like Casey was saying, your device, your location, your purchase behavior. And it can mesh all of those pieces of data into one to make a good decision about a consumer. Uh, and so that’s why we do like implementing, um, machine learning algorithms. And we work closely with Kount with many clients and have found a lot of success, especially in the petroleum industry. Um, some things that we would also consider as, uh, kind of critical to, um, fraud management is, there’s lots of different checks along the way that can be implemented.

Danny Omiliak (10:59):
There are kind of easy, but if you miss one or two fraudsters will then exploit it. So you do have to consider that you’re protecting all aspects of your business. And just to give some examples, right, when you register with a mobile app, whether it’s tied to loyalty or not, uh, you’re putting in, you know, a name, a phone number, an email, um, are you checking to verify that those are valid, right? That that’s a huge issue. Fraudsters put in takes the fake emails, fake phone numbers. Uh, you need to be able to catch them. Is your device looking to see if it’s a computer and putting this information versus a human, all of that technology exists out there and it’s possible, right? Uh, Kount does a great job of, um, folding those data points in their system. So they can be used to make decisions on, Hey, should we allow this enrollment? Should we allow this transaction? Is this a good consumer? Is this a new guy? Um, you know, and so, uh, we kind of look at fraud as a holistic perspective. There’s a lot of pieces you have to put in place to protect yourself across your whole business.

Casey Zenner (11:56):
You know, Danny brought up a really good point. I want to touch on too. Um, you know, we, we talked about fraudsters being pretty smart and they absolutely are. I mean, gone are the days of, of guys hanging out in their parents’ basement, these guys are pretty sophisticated criminals. Um, one particular area that that merchants need to be mindful of is you look at, and Danny hit on and talking about, uh, new accounts, right? These guys may create a handful of five, six, 10, 50 new accounts, let them sit dormant for a certain period of time. Maybe that’s six months, maybe that’s a full year, come back to those accounts after they got past some pretty basic fraud filters, looking at age of accounts and then start to add stolen payment credentials to those. So we recommend obviously making sure that you’re doing the right blocking and tackling and risk mitigation at the new account creation, but anytime an individual’s coming into update payment types, add a new payment type, it makes a lot of sense to come back out and validate the credentials that that individual is putting in, should match across that global database at any fraud companies utilizing.

Casey Zenner (12:59):
Cause they’re, they’re tricky and they know what they’re doing. So it’s good to make sure that you have, uh, different flows to check the risk mitigation.

Paige Anderson (13:07):
So that leads me to, you know, an important point. These fraudsters are criminals, they’re super nimble, they’re agile, they’re sophisticated. Um, they can change at the drop of a hat to any new technologies and they communicate with each other. So how do retailers, and I know we hate using the expression pivot, nimble, agile, because that’s all we’ve been doing for, you know, through the pandemic and these last 12 months, but how do you be agile, nimble and be able to flex your muscles against these fraudsters and adapt so quickly?

Casey Zenner (13:44):
It sure beats being proactive versus reactive because when the reactive occurs, you’ve got some money out the door that you didn’t anticipate. Um, but it really, I think it’s partnering with either your fraud risk solution or it’s partnering with great folks at W Capra. Cause it’s, it’s our job to make sure we’re keeping up with trends. And we’re constantly staying ahead of the fraudsters, whether it’s specific use cases, whether it’s, um, different opportunities or vulnerabilities. Opportunities for fraudsters, vulnerabilities for the business. Um, a lot of people that I talk to in this space, they think they’re going to be good with having the risk mitigation at that point of account creation, maybe with some payment types, but not thinking about protecting logins, right? They’re not thinking about – what do we do if there’s a, like I mentioned before, a brand new device that’s logging in with Casey’s credentials, you know, 2000 miles away, how do you handle those?

Casey Zenner (14:40):
And I think being able to align yourself with an organization that can mitigate risk across the entire customer journey, because fraud just doesn’t happen at the payment type. It doesn’t just happen at that account creation. There’s many vulnerabilities and it actually leads us to good opportunity to, when you think about, uh, if a merchant wants to deploy any sort of loyalty, right? If you want to, uh, allow for promotions those, while they help for customer adoption and retain your customers, it also opens you up to fraud. So the root to your question Paige, I think it’s just important to partner to ask questions, to always be curious and trust us and trust Danny and the team that makes sure that, uh, that we’re going to stay ahead of those trends and, and help you and be consultants.

Danny Omiliak (15:23):
Just to add on to Casey’s comments, right? Uh, the, the trends that we see happen in the same industry, but in other parts of the country, and it just kind of moves around. We see it with EMV, uh, and we’ve been seeing it for a while, right? The, the side that gets EMV in place, the fraud just shifts across the street or to the location on the other corner of that same block. Fraudsters just move to find their weakest link. And right now some trends we’re seeing, account takeover – and Casey was harping on this earlier – account takeover and fraudulent accounts are becoming a huge problem. Um, and fraudsters are very, really smart about how they hide it, whether they’re letting accounts stay dormant or whatever for awhile. Um, the paper said that one in seven account creations are fraudulent. That’s a crazy high number for new accounts that are fraudulent. And so, keeping ahead and making sure that you’re educated in the industry, listening to great podcasts like Convenience Matters to get those trends, and then deploy solutions, whether you’re using a great fraud platform, like Kount or a rules-based system elsewhere, you do need to update those over time and it creates, it takes resources. It takes knowledge, and it takes time. But the risk exposure of fraud is getting so large that it makes it worth it to, establish a good fraud team and fraud program.

Jeff Lenard (16:44):
And, when we’re talking here we’re not trying to scare people, we’re not trying to scare consumers and say, “Hey, you know,, don’t do this,” that what we don’t, what we’re not saying is this is not a sweeps-week TV kind of thing. What we’re doing is, we’re trying to share resources because, um, you guys have talked about these fraudsters. They’re, they’re not going to go away. If one…all you can do is make your place a, um, an appealing target for them. And, and there are tools at your disposal that you can use to not end the problem, but minimize the problem at your store. So this is about sharing resources, industry coming together because let’s attack the problem before the problem attacks us. Would that be a fair, fair way to summarize this conversation?

Casey Zenner (17:34):
You know, really when you think about me being the guy who sells fraud technology that I’m nervous or scared or apprehensive of adopting digital technologies, it’s, that’s far from the case, you know, I prefer to pull up to a station, select what pump on that, apply my loyalty points, get out and go, right? Um, no more having to punch in your information. Do I want a carwash, all the things which are great, but I like being able to adopt these technologies, whether it’s keeping my food delivered, filling up at the pump, you name it. So, um, adopt these technologies as consumers, because it’s, it’s the way the future. Um, but Danny really hit on something about the account takeover side of the house. That’s one of the biggest upward spikes in trends that we’ve seen at Kount mostly because fraudsters know that most organizations have really good fraud, risk mitigation solutions deployed at the payment event.

Casey Zenner (18:26):
So they’re looking for different vulnerabilities and different opportunity to defraud you. So, which is why I mentioned, I think having, uh, a balanced approach across the entire customer journey and the right type of authentications risk mitigation, I think is really critical to any organization. Um, and the last point I wanted to add, and I keep, keep adding points, but Danny mentioned how – and I love working with the Capra guys on this because I’ve seen it firsthand – how fraud can be pretty centralized into certain areas and regions, especially if you’re a big petroleum shop that has stations all over the continental U.S.. It’s important to look at trends in certain hot pockets and certain hot markets where I live in Boise, Idaho, probably not a ton, certain other problematic areas. You’re going to see quite a bit of influxuation and fraud. So, and seeing the way that the Capra team, uh, really manages that on behalf of their customers is pretty impressive. It’s fun to watch.

Danny Omiliak (19:23):
We actually like to think about fraud as enablement of other technologies. So we see fraud as you need to have fraud controls in place so that your mobile app is safe for your business. And for consumers, we don’t see fraud as, ‘hey, we should slow down moving to mobile apps.’ We think that digital adoption is fantastic. We want to get loyalty involved there. We want the digital consumer experience to be great. Uh, and we think fraud is just a piece that helps reach that because if the consumer ends up having, uh, fraudulent, uh, uh, transactions made on their account, they had a bad experience. So we see fraud helping improve the customer experience and helping, um, you know, uh, new merchants deploy solutions, uh, in mobile apps because they have the right fraud controls in place and they feel safe to do so. Uh, if fraud runs rampant and there’s no controls in place in the industry, no one’s going to roll out new technology and test these new things. Uh, so we really see fraud as an enablement of these great consumer experiences that we’re seeing today, whether it be curbside, buy online pickup in store, these new delivery service are out there. Those are all great. And fraud is just one mechanism to help, uh, get that off the ground.

Jeff Lenard (20:32):
Yeah. And we’re not going to put the genie back in the bottle. I think the last year has shown us that, that people are more likely to continue to use digital payments. They joke about me as Mr. Cash. I start getting nervous when I have less than a hundred dollars in my wallet. Um, I don’t know if I’ve spent a hundred dollars in the last three months out of my wallet. Uh, everything is digital now. And, and I think you’re seeing that with the younger generation, you’re seeing that with everyone looking at convenience. So it’s the new, um, Willie Sutton supposedly said, “why do you rob banks?” He says, “that’s where the money is.” Um, supposedly…I don’t know if he actually said that…but what we’re talking about now with fraudsters is that’s where the money is. It’s in these digital transactions and that’s where we really need to pay attention.

Casey Zenner (21:25):
Yeah. I couldn’t agree more. Um, and I think you keep all that money in your wallet, Jeff, mostly because you want your kids to take it. So…

Jeff Lenard (21:31):
Yeah. I’m like Al Bundy, I come by and even the cat comes and takes $20 out of me,

Casey Zenner (21:37):
But no, you’re, you’re exactly right. And, the one thing I really want to hit home is yes, it’s great to have the right blocking and tackling in place, but what a great way for customers to, um, better interact, better target, better segment, create more bespoke offerings for their customers than in a digital experience, um, being able to store wallet, being able to leverage loyalty and rewards that you’ve accumulated. That’s the type of interaction your customers want to have with you. Fraud’s a necessary evil, it’s a piece to it, but if you do the right work to make sure that you have the right steps in place, um, you’re going to be fine, and you’re going to really see a dramatic increase in adoption, um, in revenue. Um, and the other key to make sure that you’re focused on as well at, at the, at the merchant level is, yes, it’s great to block bad guys, but don’t, don’t do it…on behalf of your good customers, making sure you’re monitoring things like false positives is really key.

Casey Zenner (22:37):
The last thing you want is when it’s, um, you know, somebody like maybe it’s my parents in their sixties who are just turning into digital because of the pandemic. You do not want them to be declined because you don’t have good data on them. You don’t understand what their buying behavior is. Um, great technologies provided at W. Capra, provided at Kount, are going to be able to know these individuals because we’ve seen them across our digital footprint. So making sure we can retain and capture those new account creations, let them store their payments and protect them along the way I think is key.

Jeff Lenard (23:09):
So, uh, we’ve talked -in wrapping up – we’ve talked a bit about fraudsters and I know that ‘s the term, um, it almost feels like we need a brand reinvention of that because it feels like they’re fun, like ‘Ken Keasy and the Mary Fraudsters’ or something like that. But for those people listening, who aren’t familiar with the term fraudsters, what’s the best way to define it is basically they’re digital criminals. Right?

Casey Zenner (23:36):
Absolutely. Yep. Digital criminals. Yep. Go ahead, Danny.

Danny Omiliak (23:39):
Digital criminals is a perfect description. These are organized sophisticated fraud rings that leverage the same technology we are using to protect transactions, to attack them. They are very smart. It’s, you know, it’s not people that’s just stealing the physical credit card and going. So I’ve been at their manufacturing cards. They’re they’re, um, going onto the dark web and purchasing credit card numbers, loyalty accounts, gift cards, reselling them, moving them around, everything you could think of. And the problem is I can’t even explain, uh, every tactic that they use, because I’m sure there’s some out there that we haven’t discovered yet. They’re constantly evolving to find a new gap in our solutions. And that’s why monitoring fraud on a constant basis is important. They’re always evolving and they are very, very smart individuals.

Paige Anderson (24:31):
So Jeff, it’s clear, we should be embracing innovation and new technologies, but be smart about it and be proactive in keeping our consumers and businesses safe. That’s the message I’m hearing.

Jeff Lenard (24:42):
What I’m hearing too. Any, any final takeaways from, from you, uh, Casey or Danny? Um, just for our listeners about what, one thing, um, if they’re not doing it now and, and it could be repeating something, uh, if they’re not doing it now, they need to start doing?

Casey Zenner (25:01):
Trust data; trust your partners; leverage the data that your partners can provide back to you and make sure that, since there is multiple touch points with your consumers in this space, in the digital transformation space, make sure you have the, the right deployment model in each one of those areas to help you mitigate risk and protect your customers.

Danny Omiliak (25:22):
I would absolutely echo everything Casey said and then, uh, what I would add is, you know, my main point is, if you’re ever rolling out a new technology, a new platform or a new way to pay, whatever the case may be, you have to consider what potential fraud gaps exist before you deploy it and not after, otherwise you’ll pay the price.

Jeff Lenard (25:47):
So it’s that planning, uh, takes a lot longer than execution, but if you don’t plan, if you’re able to plan, you can save a whole lot of problems down the road. Well, thank you, Danny and Casey, uh, I know Paige is very active on both the NACS side and on the Connexus side, working with, uh, Danny in particular. But, um, thank you both for joining us today. And I know we’ll have more of these conversations because the fraudsters won’t go away. We may change their name, but they aren’t going to go away and we need to stay ahead of them. So thank you for joining us today. And thank you for listening to Convenience Matters.

Convenience Matters Outro (26:22):
[Music] Convenience matters is brought to you by NACS and produced in partnership with Human Factor. For more information, visit convenience.org.