Identity, Fraud & AML with Hrishi Dixit
Stay up to date
Read the full transcript
Speaker 1:
Welcome to Season 2 of Under the Hood, a podcast series brought to you by Synapse, and this series hosted by Synapse founder and CEO, Sankaet Pathak. Under the Hood takes a deep dive into various challenges and opportunities in FinTech. Topics range from technical design and architecture to regulatory and policy challenges.
Sankaet:
Hey everyone, thanks for joining us today for Season 2 Under the Hood. In this episode, we will evaluate how current identity fraud and AML solutions and stacks are built, what is working and what's not, and what changes need to be made for hyperscale. To join in and chat more about this, I'm joined by Hrishi, who's the CTO of Yieldstreet. If you don't know Yieldstreet, Yieldstreet is an alternative investment platform that allows people to be able to invest in various kinds of investment projects, including real estate. Let's dive in. Hrishi, thanks for being here. How are you doing?
Hrishi:
I'm doing well. Thanks for having me. It's always fun to chat with you.
Sankaet:
Today, we're going to talk about identity fraud and AML. To give everyone some context, we started this conversation, I think, a few years ago, not even recently, then we did a version of this at the Yield, your podcast. Now, when I was kicking off Season 2, I was like, let's start with this again. I'd love to hear your high level thoughts on the subject matter, and I think we can pretty much take all three of them sequentially. Maybe we can start with identity and fraud and kind of really want to hear you as someone who's building a consumer facing FinTech. What are the pain points around identity and fraud that you wish were easily solvable that you're either having to work around technically or you're having to use service providers to work around? How big is this problem? Why does it matter?
Hrishi:
It's a great question and it's one of the ongoing challenges for any regulated and especially consumer facing FinTech or any kind of enterprise that involves that has the potential for malfunctions, the potential for gaming the system, let's put it that way. Yieldstreet as you know, we are an investment platform. We are an alternative investments platform, which at the simplest level is we provide investment opportunities for retail investors, everyday, people like you and I to invest in products outside of the public markets. As you know, what's happening in the public markets in the last few weeks, it's a really interesting and enticing option. Of course, as to provide the service, we need to move money, we need people to open accounts, we need people to move money onto the platform and then deploy that into our investments.
Hrishi:
This is where, of course, you've been our partner on this journey, right from the get go and we've worked through all of these challenges together. What is the biggest kind of challenge we have or any consumer platform has whose business model depends on having as many retail consumers come onto the platform and provide as low friction or nothing's really friction less, but as low friction a path to the action that we want them to take in our case to invest in our products, right? So, some of the prerequisites, some of the hoops that they have to jump through the walls that they have to cross over to get to the point where they can invest in our products involve this very critical piece of identity verification, because that is the first step. One of the first steps that they have to go through to be able to open a bank account with us, if I can live with Synapse and fund it, right?
Hrishi:
Our challenge and this actually happens to be... and I'm fairly sure that we are not the only ones in this boat where this is our biggest drop off point. Any time a user that is truly pampered rightly so by some of the most beautiful, smooth experiences or digital experiences that you see on the apps today, when they encounter a wall, therefore the first instinct just to like, oh, forget this. This is too much and I don't want to give my social. I don't want to give my... At the same time, this is an absolutely critical point in the journey because while we want as many consumers on the platform, as many investors on the platform as possible, we also want to make sure that we are protecting us and them from bad actors, right?
Hrishi:
Knowing the financial pipes that you have built the platform over, it is I literally like to call it the Swiss cheese of protocols. There are so many loopholes that you can exploit to kind of game the system. How do you as a consumer platform, this is something that we deal with on a regular basis, that we dealt with since the get go, how do we build an experience that is delight, that is smooth, that is dare I say enjoyable while at the same time, keeping us and our investors safe? And identity and all the three things that we are going to chat about are kind of these three delicate balancing acts that we need to perform on this consumer journey.
Sankaet:
I think there are a couple of points that I think are very valid, right? The first piece to which you said, you kind of zeroed in on identity, which implicitly, because we've had this conversation so I know your perspective on this as well. These are three different swim lanes. Most people conflate them together, which is identity verification, fraud mitigation, and then unusual activity, which is mostly turns into AML monitoring. If we zero in on this identity piece, the piece you're mentioning, which is quite interesting and a good perspective is there's a side to identity verification, which is just regulatory compliance, and there's a side to identity verification that is all about protecting the customer.
Sankaet:
What is the right approach? Given that this is one thing I've said this to people before as well, I feel like financial services in its truest and best embedded form is far more engaging than social media, but the barrier to entry, to your point, it being the biggest drop off point is much higher than what it is for Twitter. You as literally the CTO and someone who's building this product and this experience, how do you think through this problem? Where do you think are the right trade offs and what do you think we're still lacking technically that we need to be able to overcome?
Hrishi:
I think that's almost like a multi-pronged question so let me try. One of the things is, let's focus and you're absolutely right because identity verification or KYC is a lateral concern to fraud and AML and all of the other kinds of ongoing pattern-based things that we need to screen for. But how do you approach the question of identity, which is a point in time event that happens in the journey of a consumer, right? When someone comes in, there is literally at this timestamp, your identity was verified. We have redeemed you to be a safe consumer or not. At that point, the identity part is over technically. The first question that we kind of like, and just to keep the focus on identity a little bit, and even keeping the question of the concern of friction and user experience aside a little bit, I often find myself questioning, is that even enough, first of all? Is that point in time check enough or is that something like everything t something like everything else that we need to reevaluate because people may change, right?
Hrishi:
That's a legitimate concern. Can we faithfully answer the question that a person deemed as safe or trustworthy at a point in time continues to retain that trust level downstream, right? We've chatted about this in terms of how can infrastructure providers like yourself and there's others as well, help us keep this faith and trust in the user and retain it over the lifetime of that user on our platform, because one of the things that goes hand in hand with identity is the unfortunate reality of identity theft. Someone who was safe and continues to be safe as the physical human, that was verified may have her identity stolen at some later point and someone may be using that same identity to do fraudulent acts so being able to continue that trust path for a given user.
Hrishi:
Certainly, over the lifetime of that user on our own platform, and this is true for other platforms as well. I may actually be curious to hear your thoughts on that, but that's one of the things that we would worry about. And we find ourselves occasionally so we have as part of our team fraud specialists, whose expertise is also in not just identity, but also transaction fraud, ACH fraud, some of the things that we're going to talk about shortly. So, is there a platform or infrastructure way to enable this? Not necessarily to disengage from the person we have, of course, he's very valuable and he is providing a great service to us, we need someone with that expertise, but that's something that if I can as part of the technology build of Yieldstreet, automate and build controls within our own platform that are then surfaced to our operational staff that, hey, we just did our latest scan of our active investor base and here's some of the red flags that came up.
Hrishi:
Previously trusted users, we've noticed some, we've noticed a degraded trust, a depleted trust. That would be a very valuable thing. But given that identity and fraud are two separate things but related things, the question in my mind is really to what extent are they really disconnected given that both are fungible of fluid notions because of the variety of fraud and theft that can happen in that cyberspace, let's put it that way. All it needs is access to some dark web list and here's a dump of everything, here's all the social itself. We've talked about this and you've had some interesting ideas federated, centralized identity store, we’ve talked about blockchain as a solution, but these are all solutions. What is the fundamental problem is in my mind, a very complex one, which as a technology infrastructure provider, I'd love to hear how would you solve that? Because I would love a platform solution that I can use for that.
Sankaet:
Yeah, I think you said two things that are, I think, very profound. The first thing, because of which I would probably want to change the definitions, right? The first thing you said, what I heard is like, identity is not just at the time of onboarding, identity is like over a period of time or prolonged trust in a customer. Maybe the two problems are initial trust and ongoing trust and ongoing trust encompasses fraud but other vectors as well.
Sankaet:
To your question, I can approach this problem first as pretty much a disclosure, like I am a minimal interventionalist. In my mind, you should do the least you need to put barriers in front of people. With that operating principle, for me, when someone's onboarding themselves into a platform like Yieldstreet, I would want to ask them the least amount of information I need to ask them to ensure that my high level goals are met and I have two high level goals operating in a regulated business. And to your point, trying to be responsible about people's identity, the first one is, what do the regulators ask for bare minimum?
Sankaet:
The second one is, what do I need to feel confident enough that the person who's signing up for the platform is not stealing someone else's identity? I would want to ask for the least amount of information, and then kind of architecturally built this in a way where you have low, medium, high thresholds. If you have very low confidence on the user, get more information. If you have medium confidence on the user, collect a little bit more. If you have high confidence on the user, collect as little as regulatory possible to be able to just get them through the process.
Sankaet:
But then have a different system, which is more predictive in its nature, not on the identity corpus that we collected, but more so on their engagement with the platform that then fine tunes, the ongoing trust, which is like, okay, now you're funding your account with $10,000 using ACH. In the next 20 minutes of it clearing, you're not investing it in a vehicle at Yieldstreet, but you're trying to just withdraw this money into another account and what does that really mean as a function of the expected behavior versus not, and erode trust or increase trust....
Hrishi:
Exactly.
Hrishi:
Yeah, that's a super valid point because, and this is actually something that is not necessarily a global thing even for a given user because of the different nature, different services offered by different platforms, right? There's almost like the idea of a normality of patterns. Like what is considered for a typical investor, for someone who comes to a platform like Yieldstreet with a legitimate interest in investing in our products, rapid moving of money back and forth between multiple linked accounts is simply like it is not the use case that the platform is intended for. Right there, that's a red flag, but some of these can get pretty nuanced. But to your earlier point, actually, the minimalist intervention of minimal interventionalist, that's actually pretty. It sounds like the title of a book that you're about to write the minimal interventionalist, which is a good title, actually.
Sankaet:
I mean, you can also just call it a libertarian, I guess. I don't know. I don't know.
Hrishi:
Well, it sounds a little fancier the other way, but actually that's something that is an interesting area to explore. I'll tell you what my thoughts are on it. Some of those are things that we are trying to introduce in the platform. It's kind of like a reverse burden of proof like how in the judicial system in the United States, it's like the burden of proof is on the prosecution, right? You're innocent until you're proven guilty. You almost have to take a slightly different approach, a reverse approach. If you want to have a minimalist intervention policy and AKA as reduced friction as possible, you just narrow the swim lane a bit, in the sense, effectively, what I'm saying is if you're a completely new user that I don't know anything about, and I don't have this kind of centralized identity corpus that I can tap into to actually know a little bit more about you as a user, based on your behavior elsewhere on the internet, or especially on financial sites.
Hrishi:
I'm of course going to let you in. I'm not going to maybe slam you with 15 questions or stuff like that, but I'm going to reduce the amount of things that you can do. It can be the number of accounts you can link, right? Or the number of the frequency with which you can move money back and forth into and out of the platform, like these little known patterns of fraud, right? That maybe completely, they may not always be fraud, in fact, many times they're not, but they're just legitimate things that they need to do, oh, shit, I wanted to pull money from here instead of there. Let me link the other accounts the same. These are normally human thought processes that people go through, but to a machine, they just look like, hey, that's weird. We just kind of limit the number of things that you can do and then we look for trust signals, right? Okay, this person has looked at four or five different offerings, has read a bunch of articles on the side, it seems to be a genuine.
Hrishi:
If someone's just on the platform to do some kiting and walk away with a few thousand dollars, they're not reading content on our side, right? They have no intention. They have no incentive to it. But if we see that, okay, this person has been doing searches on art finance, or being actually spend a good chunk, I mean, there's enough number of tools that give us those heat maps on those leads, right? Okay. We'll spend a good chunk of time looking at this, our equity fund offering or that diversified art offering, maybe this is a legitimate user.
Hrishi:
There are these little signals that we can draw from user behavior on the site over her life, from her birth on the site to... And an ongoing basis, daily, weekly basis. It's like we are building trust in this user. Then there's this big trust element where, okay, let's say an initial gate, you can only link one account, a funding source. Just all you need to do is move some money onto the platform. It can be your Chase account. You can be moving Bitcoin onto the platform. Now, as of yesterday, you can invest with Bitcoin. Thanks by the way.
Sankaet:
Yeah, super excited with that thing.
Hrishi:
Yeah. Right. It's great, right?
Sankaet:
Yeah.
Hrishi:
We have some things to chat about there as well, but we'll get to that. Now, investment is a very positive signal, right? An actual investment flow that goes all the way to confirmation and a full, active investor on the platform. Now, that's a big leap in confidence and trust that we have, and now we can start relaxing some of those requirements or constraints that we have put. It's almost, I hate the word probation, but it's really what it is and it's like, we are the new users and this is an approach that we have to take until we have a solid, reliable platform that is tapping into a data vault that is much bigger than what we have access to through our KYC providers like you or others. Until then, we'll just wait for our own confidence to build in the investor. You do a first investment, big step up, you do a second investment, that's it, you're trusted. You're good.
Hrishi:
It doesn't still solve the problem of the ongoing identity thing, which is something that is, I think as yet, unsolved, I haven't come across anyone who does, or maybe I just don't know, but maybe you do, that someone who kind of continues to vet the safety and the trust of a given user.
Sankaet:
Well, there are a couple of technical constraints, which you wouldn't have had the data to solve for it until BaaS, right?
Hrishi:
Yeah, absolutely. Yeah.
Sankaet:
Because worse in the end to end life cycle, before that, you were using point solutions, somebody did your ACH, somebody did your deposit accounts, money's moving in a fragmented way across the ecosystem. But before we get to that, do you think the identity problem can actually be generalized? Or does it have to be specialized based on some of the approaches you suggested the engagement of the user with the knowledge base and just the media content that Yieldstreet puts out?
Hrishi:
Yeah.
Sankaet:
Or should it even be generalized?
Hrishi:
I believe there is a substrate that can be generalized because there is some... I may be wrong about this, but from my possibly limited perspective, there is a substrate that is portable across different types of businesses, whether it's... What that is, it's worth discussing, I don't know. But besides some obvious, okay, if you show up in an old fact list, okay, well, I don't care what platform you're using. I don't trust you, but that substrate may be pretty thin. But beyond that, it kind of, I believe, becomes a function of the specific service you're providing or the product you're selling on the platform and just think about it, right?
Hrishi:
In a somewhat far fetched example, maybe true for some, but let's say, just to be provocative a little bit, let's say you are an illegal arms dealer, right? Somehow escape the sanction list and stuff like that. But because of this blatantly wrong and illegal business, you're flush with Bitcoin. You have a lot of money. You have a lot of wealth to invest. Now, then this is where that substrate question comes in. But let's say if this person, this identity, this individual escapes that substrate check, because hasn't shown up on any sanctions list yet, any real fact list, it comes to a platform like Yieldstreet, right? Or any investment FinTech platform. What are we looking for? We are looking for us, obviously, we don't want someone like that on our platform. No one does, but your KYC passed, right?
Hrishi:
Or some KYC passed because the substrate checks didn't throw up any red flags and this person obviously has cash. Now, in our space, the concern becomes now, how does this person have the money that she says she has or he says he has to invest in our offerings? Well, they obviously do. We are not checking the provenance of every dollar that's being put on the platform. That's not a solvable problem as far as I know, especially with crypto. Now, this becomes an interesting pattern where someone who shouldn't have passed that substrate did, but now when they get into our product space and our application space, they're checking all the boxes, they have the money, and they are investing hundreds of thousands, of tens or hundreds of thousands of dollars in our products, which of course is a good thing for us, right?
Sankaet:
Right.
Hrishi:
You asked about, is there a generalizable thing? But I think the generalizable substrate as thin or not thin as it may be, can only check for these super mega red flags, like okay, well this is an obvious terrorist or an obvious some ... But beyond that, I'm struggling to think of what it can be that is not bespoke to some patterns that are specific to a certain kind of enterprise, a certain kind of product. I mean, if this person signs up on a digital health platform, there's no reason for them to have a red flag, right?
Hrishi:
They're just checking, just doing blood tests, what do you care? But if there is something that can be built as a general purpose. Okay, well, there may be clusters of businesses or types of products that can share the... And if you think of it as just kind of a bit made bitmap or risk matrix of like these are the different vectors, these are the different parameters that flip to zero or one based on what we are discovering. Not all those bits may be relevant to you, but the ones, but there is a set of bits, probably the most significant ones that are.
Sankaet:
Yeah, that's funny. I think identity could actually be set to generalized. I think, well, the snapshot of an identity can be generalized. I think the continuous trust needs to be general, but local at the same time, because I think there are some patterns just like blatantly strange enough that you need to take a look.
Sankaet:
While there are other patterns that are locally strange enough for you to take a look. A good example of this is by and large for any platform, the user with little to no trust in the platform coming in and then saying, I'm going to do a million dollars of money movement, even in their own account is strange enough to look, right?
Hrishi:
For sure. Yeah.
Sankaet:
But obviously, even now we see use cases where the credit card and the debit card activity and the corpus of it varies a whole lot based on the customer segment you're servicing, but there are approaches where it kind of doesn't matter, right? Another way to think about building out a global, ongoing trust system, which we call fraud is not look at the context of the transaction, but just look at the frequency of the transaction. I think it could get to a reasonably good generalizable fraud solution or ongoing trust solution with just looking at artifacts like location frequency, direction and extrapolate what would the user potentially do in next 1, 2, 3, 4, and fifth node with obviously a depleting probability score, which is no different than an LSTM model for your text messaging where you have auto complete. You could get to a reasonably good generalizable solution, but you would still need some localized, strange quirks.
Hrishi:
Exactly, because even the frequency is probably a much better indicator than... Well, actually, no, we even... There's a few things you can tap into the amounts of frequencies, the number of disparate notes that the money is moving between. But you can imagine, let's say like Synapse as a platform can power a consumer facing investment platform like Yieldstreet, but it can also power a business bank, or an e-commerce site where maybe the frequency of transactions is pretty massive, but the amounts maybe... I think there is a discovery process with each tendency, with each use case that platforms can learn, but a pattern that may be perfectly valid for Rho, which is a business bank may be suspicious for Yieldstreet.
Hrishi:
I think outside of like these ginormous amounts like, okay, well, no one moves a million dollars to ACH. Even we can't do that right now, if any amount over a certain, I forget what the threshold is. I believe it's quarter a million dollars. You cannot do ACH, you have to go through a wire and you have to go through a series of controls and checks. Outside of those, I think, this is where, I believe with any new use case or any new tendency from your perspective, I would imagine there would be a discovery phase, which is actually not just machine driven, but also involves a frequent collaboration, like actual dialogue between the infrastructure provider, like Synapse and the business, like Yieldstreet.
Hrishi:
Like, okay, well, let's see if we were beginning our... If you dial back to 2016, when we started our integration and our partnership, but it's like, okay, we're going to observe, we are going to launch this on this date and we are going to start moving all of our investment processing through Synapse, and we are going to have weekly, biweekly, monthly, whatever, touch points and identify, okay, well, these are good. These are good. That looks like weird. Okay. Now, you're essentially building a training set, right?
Sankaet:
Yeah.
Hrishi:
For a fraud model that has some basic templates, maybe, some axiomatic elements that are portable, that are generalizable, but then beyond that, you're learning about our business. I think this is how, because if you... Speaking again, specifically about FinTech and money movement, which is really at the core of what we're talking about, there is not that much of a range if you think about it. It's like, okay, there is investment platforms and banking platforms and there's trading platforms and at a highest level, right? And they all have some... You can actually maybe build models of baseline models that are specific to the type of platform.
Hrishi:
Is it an investment/trading platform versus is it a bank? Is it a commercial or retail bank, consumer bank versus a business bank, which probably has larger amounts and maybe even larger frequencies of money movement versus that sort of stuff? Or maybe you have a lot more products so there are some patterns that we built on the credit side of things as well, but then there is always going to be to really build a reliable fraud model, I don't see a way to get around to just stay at a generic model level. It's a starting point, which then triggers a discovery phase over I believe two to three months probably would be enough. And now, you build a bespoke model that serves, and now you've actually made the space granular a little bit. Now, there's other platforms like Yieldstreet, some of which are clients of yours that have similar patterns to us, because we live in the same space, right?
Sankaet:
Yeah.
Hrishi:
I think it's a super interesting problem to solve.
Sankaet:
One thing I'm curious about as a follow on to this, which model would you prefer? Would you prefer a permissive model or would you prefer a model that restricts more as a user of it? Because to your point, if there's a burn down phase of a couple of months, would you rather have more fraud for a couple of months or would you rather have less fraud and then over time, use that to build something more permissive?
Hrishi:
Well, I would love to have no fraud at all, but that's a pipe dream. I think a more restrictive model that learns over intelligently and becomes less restrictive, almost programmatically would be the preferred option, and this in a way it's kind of what I said earlier, that's what we are doing. We are actually limiting the things that initially someone can do and then progressively relaxing them as well. We are doing it based on human observation. If we can automate that through technology, from my perspective, that would be a better option.
Sankaet:
From your perspective in FinTech, it's almost better to build out at the beginning more restrictions and over time with an increased ongoing trust, open up more capabilities for the customer. Yeah. You have questions as well.
Hrishi:
Yeah, I was going to touch upon the identity and we talked about this a few weeks ago on the other podcast. That's about the two prong nature of KYC, which is really, it's not even two pronged in that sense. It's one after the other. It's like, one is like, are you the person you say you are? Yes or no? There's a determination. It's not a binary distinction. I know there's a confidence level there. Then once you get past that, okay, now I believe you are who you say you are. Now, let me see if you are a good person, right? Then, it's this the interesting, we were talking about the ongoing trust of that and this was just a thought that was going through my head just now. You almost want, because of the reality of identity theft, you actually need to do both over time, or at least once you have that initial identity verified that you are who you say you are kind of thing.
Hrishi:
Maybe I am sure you are building this or you already do this, but here's the hash, here's my social or whatever, hash of my social. Now, I'm going to scan all the dark web activity and all of that to make sure that hash is not compromised somewhere, that hash. That part is relatively, I don't know, easy or not, but there are data sources that you can tap into to keep them on. That's what LifeLock does essentially, or platforms like LifeLock that just... The second part is I think a little bit trickier. I trusted you then, are you still a good person? Are you continuing to be a good person? Which is actually probably not something that someone just doesn't like I think those two are related. If someone who's previously verified and deemed as good, suddenly turns out to be bad, nine cases out of 10, it's going to be because of the actual identity being stolen. I'm guessing, and not because the person really went breaking bad kind of thing.
Sankaet:
Or maybe, maybe.
Hrishi:
Or maybe, yeah. This is what I said, like the smaller probability.
Sankaet:
Maybe they would like to synthesize crack in a trailer park.
Hrishi:
Nice blue colors.
Sankaet:
I don't know. No, but actually, I agree, but wouldn't for the latter case where someone goes breaking bad, extend itself in their transaction activity, because it's how they're engaging with the platform that would just evolve. Are there any solutions out there? You don't even have to name companies, but maybe high level abstract that you think are quite compelling from an architectural perspective around identity?
Hrishi:
I certainly get pings from a lot of companies that claim to be, but I have to be honest, I haven't actually vetted any. There's certainly, the space is getting crowded as to how effective they are.
Sankaet:
Well, maybe let me ask the question a different way. You as an engineer, are there certain architectural choices that you think are far better and superior than others?
Hrishi:
Yes. Yes and no. I mean, I think it's a progression, so there is naive, heuristic approaches. Then they can get progressively refined, progressively sophisticated, progressively insightful, and just accurate in general, but the thing is it's in my mind, it's a part architectural and part data availability or corporates availability problem. Because I mean, ultimately the architectural solution, there's no exact solution to this, right?
Sankaet:
Yeah.
Hrishi:
It's all a probability game, right? The thing is what model or models or concatenations of models give you the highest confidence level in a determination one way or another. If someone says someone is fraudulent, what is the highest likelihood of that? I think let's leave aside the architectural concerns behind doing this in an efficient way or scalable way.
Hrishi:
That's an important point, but let's leave it aside for a second. The confidence level itself is something that you can only solve partly architecturally, but if you don't have access and if you're not building and learning from an ever growing corpus and this feedback loop of like, okay, here's something bad happening, here's something good. That's like, trust it. This is good. There is only so far that architecture can take you, the real thing is, how do you provide, or how do you access? Or where is this? Where is the richest source of anonymized hash, whatever, but richest source of data that can actually drive these models?
Hrishi:
Because there's any number of modelists that can do this well, but they're useless unless you have like a massive, massive corpus to dip into. Now, doing this in an efficient and fast way is a whole different thing, right? Any consumer of a digital product, mobile web, whatever, there is actually some jokes and memes about this. We are willing to wait two hours in line at the DMV to get your license renewed. But if a website takes more than 10 seconds to load, you're like, I hate this site, I'm going to go, you don't have that patience.
Hrishi:
Digital users, and there's nothing wrong about it, because technology goes well with that, but digital users are consumers of digital products are massively pampered. They're used to flawless, highly performant, delightful, nice colors, nice transitions. This is how it should be, but this is the world we are in. This extends not just to nice screen transitions but also speed of operations. Like I want to get to the next thing as soon as possible and any kind of data processing, any kind of machine learning, it's simply not fast, no matter what. It's like you're not going to make, if I'm issuing a transaction, this is like, we talked about RTP and how does that play with fraud?
Hrishi:
Can you even architect a KYC or identity verification or fraud, or any of these solutions in a way that does not completely degrade the speed expectations that retail consumers have from any of these products that we're building? And yes, there are architectural solutions to that, of course, but there are, as well as I do, it's like, yeah, you are simulating instantaneous behavior in many cases. You're actually doing it right away.
Sankaet:
Yeah. I mean, you could do, assuming that the architectural choice made for identity verification is probabilistic, which I think is a safe bet at this point. You could do shallow models and then deep models later, but to your point, right? That is an illusion because shallow models and then a deep model will work really well for a good user, but for a bad user, it'll or...
Hrishi:
Exactly.
Sankaet:
When I say a bad user, I mean, the bad user by the model, for that user, the experience would not be instantaneous because they'll get approved and then they'll get rejected.
Hrishi:
Yeah. Exactly. This is the thing, a milder version of this that we have to go through today where we are restricting the lanes that they can move in until they get widened. But yeah, I mean, and let's think about how people who Venmo each other money, right? It's like, it's instant. I send it to you, you see it right over there, and people would love for every financial transaction that happens to be exactly the same fashion. I think there are architectural solutions that are very valuable to continue to provide a smooth experience to the end user. But I think there is no upside to building an elegant architectural solution that necessarily speeds something up, because I think this is one of those things that needs to take its time to do its job, right?
Hrishi:
Because there it's an inverse relationship between the probabilistic element of it. Like you said, the shallow model and you want the deep model, if that means that... There are ways to manage that experience as well, thankfully, now people are used to that where... I've been building consumer facing websites for a while so you know the level of frustrate, and I mean, all of us have been using them as well, so fine, if I'm executing something and you're telling me like, okay, you're giving me an instant feedback. Okay. We got your request. It's great. We will let you know as soon as it gets to the next step and then keeping that line of conversation, that line of communication open so that they're kind of... And Netflix pioneered just back in the 2000s with just like this constant emails go, oh, we shipped your DVDs.
Hrishi:
We got your DVDs. It's on its way. How did you like it? Keeping that dialogue going, keeps them engaged. When they're faced to the choice of getting the money there quickly, or as quickly as possible, but while at the same time, making sure that there is no issue with the money and we are doing things for your own safety, they're receptive to that. I think it's an interesting challenge from almost a product design standpoint when we build these digital experiences, whose underpinnings are not built to be real time part historically like the flat files that we talked about many times and part just the complexity of the problem that you're trying to solve, at the end of the day, protect the same user that you're trying to provide that good experience too, and of course, yourself, but there is a good balance that can be achieved with proper engagement and communication with the end user, I think.
Sankaet:
Yeah. You're bringing up a very valid point, and the interesting thing is the recent uptake in FinTech has come from people that have never done FinTech before.
Hrishi:
Yeah, I know.
Sankaet:
It's such a stark difference in how you're describing in your approach to the problem, which I resonate with a whole lot. And the approach to the problem with people who are new to the industry and I think the expectation over there is that because it feels instant, I'm sure under the hood, it is instant, and the answer is no, this is...
Hrishi:
It's not.
Sankaet:
Yeah, it's not instant and it's sometimes manual.
Hrishi:
The thing is there is a way to sell that because instant does not always mean good, instant often means like, okay, well, you got to be careful. That's why, there are different... And this is an interesting, not so much a segue because we have been talking about fraud and especially in the context of money movement, but I don't know who I was talking to, but there's this notion of like, here's the transaction, right? Here's the money, here's a requested movement of money from point A to point B, right? You have the metadata around it, what is point A, what is point B, who is point A, who is point B, right? You have hopefully, potentially some historical corpus to tap into for this particular set of endpoints.
Hrishi:
There is this notion of, I don't know, if you encounter this, there's this notion of a safe amount. Let's say it's a transaction for $10,000, but I can't instantly validate $10,000, but based on the history that I've seen with this, like $2,000, I can instantly, essentially becomes a fronting. I believe that's what I honestly don't know how Venmo works under the hood. I can make guesses, but there's some kind of advanced recuperation or not recuperation, like recovery that's happening. Probably, there's a pool of money that's being used to front that money to the end point and then recovered from the source and there is a safe amount concept there. Like okay, we'll instantly authorize up to kind of how credit limits get authorized and in card issuance like this much I can safely authorize to move instantly, instantly, which really is, like I said, not really instant.
Hrishi:
It's a complex process behind the scene, but as long as it appears instant from the end user standpoint, that's fine, whatever. There are these cloaks almost, there are these approaches that are... This is just one, I'm sure there are more that are trying to increasingly introduce this hyper velocity, real timeness to what historically and traditionally, and has not been an instant thing, in many ways shouldn't be an instant thing, because of the potential for exploitation, let's put it that way.
Sankaet:
Yeah, I think once blockchain settlements become mainstream, you will also have a chargeback process that would be built on top of it. Then we will be back to ground zero, which you're going to have instant payment, but then you're going to have a chargeback process.
Hrishi:
Yeah. I think it's just a blockchain for this, it's going to be a version of flat files that just happens to be distributed across multiple computers.
Sankaet:
Are we talking about flat files again?
Hrishi:
Well, eventually it comes around to flat files, right?
Sankaet:
Always comes. You didn't ask me my architectural approach because it's always flat files, it's identity verification.
Hrishi:
That's why I didn't ask you. I knew your answer, but no, but I'm curious though, now that you mention it, I assumed the architectural approach, I mean, you've built a whole platform using a certain architectural approach and obviously without going too much under the covers, I believe you have, or you're rolling out soon or have already rolled out RTP I'd say, as a product offering. How do you balance that with fraud?
Sankaet:
Well, so we've been doing real time payments even without RTP for a while, because we also do acquiring so just people can connect their cards and push money to it, or pull money from it. The short answer is we're less worried about what happens to a specific transaction. We're architecturally at least in our approach, we're much more worried about what is the whole story of the transaction. Where did the money come from? Where is the money going? Does that make sense in the grand scheme of things? I think to your point, this is no secret, right? We're currently building ID score and then fraud score. We're building...
Hrishi:
Fraud score, yeah.
Sankaet:
... two products. ID score helped to verify the likelihood of identity... helped to reduce the likelihood of identity theft. Fraud score is the ongoing engine for transaction activity, which is ongoing trust is how you would describe it. The approach in fraud score is, well, basic thesis, never ever before in the life of FinTech and even finance, you've had the opportunity to have one cohesive data structures for all payment types and all of the context sitting in one database. Well, it's not one database, but you get the point, right, like under the same roof?
Hrishi:
Yeah. Yeah. Yeah.
Sankaet:
Then could you really leverage that to build out something that is a little bit more elegant around ongoing trust, and so far, we feel like that is the case. The way we're trying to approach this problem in FYI, for people listening to this, today's Synapse does not provide broad verification, right? We're not good at it. This is not something we think is our core competency so we recommend our customers find some vendor, which to Hrishi's point, there aren't a lot doing this, or some kind of localized financial fraud mechanism around these problems as well. But I do think there are some things that can be globalized. I do think the frequency, which is the velocity, the context of a transaction in the end-to-end workflow could by and large, be globalized to a less permissive model, which can become more permissive based on customer feedback, right?
Sankaet:
The way we're thinking of extending fraud score out is we're going to come and tell you that we think the customer is in the red path. Red path means most payment capabilities are suspended now and we'll tell you the reason why we think that is the case. You can very well so override it and say, now if just build a logic that says, if a customer ever goes into red path for this reason white list this user for 30 minutes or something like that, whatever. Then our customers can hijack the global rules with local rules that are much more nuanced and specialized to their personal vertical.
Sankaet:
We're less concerned about like, okay, someone's about to send money out with RTP to their bank account. We're more concerned about, they're about to send money out through RTP into another bank account when they only two days ago funded their account to invest or something like that, right? If you've just invested, if you've just... Because that's not the core of our best platform, right? We're not like a transaction hop system, we're more so kind of a banking system. If somebody comes in, which simplifies its complexity a little bit, when people come in and they don't park money here, they take it out, that ends up being in mostly all cases, not a good sign.
Hrishi:
Yeah, especially just doing a drive by, right? You come in and you go out the other way.
Sankaet:
Yeah. Yeah. By the way, that's only...
Hrishi:
You actually touch upon something great.
Sankaet:
... one of the reasons, right? That's one of the reasons. There are bunch of different permutations of this.
Hrishi:
You actually raised an important point, the localization, and this is something that we've talked about in the context of just like our integration with Synapse, especially around not fraud score, which as you said, it's not a production level product yet, but ID score, which is the upfront. Yes, there is an increasing for new users, right, for people we don't know at all? The higher probability, the higher the probability of the verdict issued by the ID score system, the higher the confidence level of the verdict, the better it is for us. It actually obviously drives the... But there are local realities, the local facts that are derived from contextual data that we, as a client have access to, that you as a platform, as a BaaS platform don't have access to.
Hrishi:
There's not even a way too, because the entities that we are drawing that inference from are so bespoke to our business, which are not relevant to banking as a construct. Being able to do that override, whether it is on an individual transaction basis, or just in to simply put, okay, well, here's the engines verdict, right? This can happen. This has actually happened. We worked on it together last December. That was one. But here's the verdict of the engine based on the data available to you as a platform on me personally, let's say, I'm one of the investors on the industry platform. Yeah. Your engine has a very low confidence in me, low trust in me, this is just a reality.
Hrishi:
I know my trust score is like 43%, right? That may be fully valid from whatever algorithms are being deployed to evaluate my trust score or my ID score, however, Yieldstreet as a platform has a lot more contextual data about me that would legitimately put me in the high 90s as a trustee even at a 100, because otherwise I shouldn't be working here. Being able to convey that fact to you without necessarily giving but just flag me as a safe user because Yieldstreet as a client, as a tenant is telling you that this hash, this user hash is safe, despite what the ID score engine has. Now, you actually have the ability as a platform that powers, and this is that federated identity thing that we talked about and how can we generalize the solution.
Hrishi:
I'm an investor on other platforms that I know are also clients of yours, right? Now, obviously there are different identities in your platform, but there's a core, I'm the same human. So there is some hash that translates to me that is theoretically portable across tendencies, especially from a platform, SaaS type of platform standpoint. This is one of the biggest values that you, as a platform that has the benefit of building to a picture of a user from multiple tenancies and I'm tying them together. I mean, I'm sure you have some notion of this because that would be super helpful and to power your own ID score engine.
Hrishi:
But that is like, if I tell you, if I meaning Yieldstreet tells you that Hrishi is a trusted user, you can override the ID score auto generated by your engine and say, and now you can port that fact about if you can tie my identity and the user tenancy to my identity in some other tenancy that is also a client of yours, you can port over that, because it sound likely that I'm a possible, but it's a low probability that I'm a trusted user on Yieldstreet, but a completely fraudulent user on a different platform, right? As long as you've established that, I am who I say I am.
Sankaet:
Yeah.
Hrishi:
This is an architectural benefit that only SaaS platforms like Synapse. Now, imagine if I sign onto a third platform that I just signed up, it's the same social, I'm the same human. And they also happen to be a Synapse so I'll just sail through with the 99 ID score and I'll be able to like... And that would be a major, major upside to me as a consumer and the platform that's serving me. I think this is the biggest benefit. This is the biggest…it's the kind of data treasure that platforms like Synapse and the infrastructure providers sit on and being able to...
Hrishi:
Because the only way scalably this problem can be solved is even going beyond a single platform like Synapse, but almost having a... What's the word? Like a...
Sankaet:
A consortium?
Hrishi:
... collective. Or consortium. Yeah, consortium of platforms that decide to come up with a global identity, a global federation of identities that is pulling and in a very safe, obviously highly encrypted, no PII, but that's completely safe, cryptographically safe manner, establishing a global identity that can be shared across multiple SaaS platforms. Through them across multiple end platforms like Yieldstreet or others will be a blessing. This is like the data dream.
Sankaet:
Yeah. I mean, and that is essentially the vision to be able to bring onboarding into a financial ecosystem as close to a social network that you can, because if you build federated identity, on top of that, you can then build authentication, then port information from one...
Hrishi:
Exactly.
Sankaet:
... platform to another. Yeah. I think the federated identity piece is a much more easier problem to solve. I think the problem that gets even more interesting is proximity to users, which is, could you technically get really good at knowing, okay, well, Hrishi's related to person X and because they're related, is there a correlative property that we can apply and extend into to the next person?
Hrishi:
Yeah. Yeah. It could be transitive too, for sure. If you trust me, you probably would trust my wife as well, hopefully. If I trust my wife and you trust me, you should trust my wife. Yeah. I mean, these things are transitive and it's likely that she has independent accounts on different platforms, but through that transitive, and she may be new to this, but through this transitive closure, you can actually, extend that trust level or at least give her a high confidence level and reduce and expand, relax the guardrails a little bit, because it's really hard, man. It's really hard to build a delightful, frictionless experience, and at the same time, be maniacal about protecting our users and ourselves. It's such a delicate balancing act.
Hrishi:
I actually talk to some of our engineers that just kind of like, we play around with all these experiments, like, hey, we'll ungate this and we'll gate this and they all work in various ways. But at the end of that, there comes a defining moment, where I'm sorry, man, you got to get through the step one way or another. We let them go further and further into the flow, but we can't actually start transacting until some key things are taken care of and so whatever, and this is the thing, this is my dream. Let's see if we can make.
Hrishi:
Federated identity, right? It's like we build up in enough and blockchain is thrown around probably a good solution for this just from a lack of central control standpoint. I don't know if it actually adds much more than that but that's still valuable. It's just one of those like, yes, technically, any problem you can solve with the database, you can solve with blockchain, but what is it really adding? I don't know what it adds here, but if I can like, let's ...
Sankaet:
I think blockchain adds a lot of value on authentication, which is once you're federated in identity, then not requiring.
Hrishi:
Yeah, downstream. For sure, exactly. It would be good to have this on chain. Then once you've gotten that past that point, but what I want to do is I want to carry a QR code around with me, which is my identity that I own because it's me. It's the same identity across any number of platforms that has an established global confidence level that is assigned to me, not by myself, obviously, but by aggregation of all of my history and this can be... The more you interact with digital properties, especially financial digital properties, every little thing you do, every little deposit you do, every little withdrawal you do, every check you write, every card you swipe, card swipe it, they all add up to not just a financial picture, but my reliability, a trust picture, right?
Sankaet:
Yeah. Yeah.
Hrishi:
If you can figure out this federation that then you give the user to carry around with, I wouldn't be able to just hold my phone in front of a new digital FinTech app that I'm signing up for and say, hey, this is me.
Sankaet:
Yeah. Do you think the...
Hrishi:
Now, you tap into that.
Sankaet:
Do you think these principles extend beyond FinTech? Would you be comfortable using, let's say, Clear comes to you tomorrow and says, hey, I've been onboarding all these people at the airport. I know their identity really well and I know that they've been flying just fine and haven't been bombing the plane so pretty good as people, outstanding citizens.
Hrishi:
A 100%.
Sankaet:
Interesting. Yeah.
Hrishi:
A 100%, but not a 100% in terms of like, yes, you can implicitly trust because you can still be a really, really good, safe person who has no money. That still is a risk element for... What I can trust you to do is not attempt to do financial fraud on the side. But yeah. I mean, I think fundamentally, if you think about, let's take the technology and blockchain and algorithms and all of that data science and machine learning out of the picture. Fundamentally, you have an imprint as a human, right? You have a profile as a human being. All of these other qualifications are just representations. Are you a good person or a bad person? It's like, are you trustworthy or are you not?
Hrishi:
To use that example, like yes, Clear has cleared me, TSA or Global Entry, TSA, all of that, I'm cleared. I'm a very safe traveler. Then I sign up on Yieldstreet, and I use that let's say it's a QR code though, my federated identity that is being checked by various... That has been assigned various scores and there is an aggregated score, which is a very high one, like 90 plus, which is establishing my trustworthiness and goodness as a human, right? And everything I do, if we can make that fundamental human assumption that everything I do on various platforms and various digital apps is influenced by who I am or how I am as human, then yes, I can, or then I think I will be a lot more, as a technology builder or provider of Yieldstreet, if I get this high confidence, high trust level through this federated identity, I will be definitely more inclined.
Hrishi:
I will be ready to believe that you're not going to attempt to do some kind of ACH fraud because that's just not who you are as a person. It may still put some guardrails around what products I offer you, right? The same way a credit card will, you can issue a credit card to a very nice human being who just doesn't have a high credit score so your credit limit won't be more than $5,000. No comment on you as a human, but we cannot give you more than this credit limit, right? Those guardrails will still exist so there will be still a bespoke, localized, contextualized application specific layer of guardrails that we'll still need to do, but it clears a high bar from a pure identity standpoint. I think that will be a major value and that basic, are you a good human being? Because it's who you are as a person that's highly portable across, travel, finance, health, all of it. I think that's the way I look at it.
Sankaet:
There's one point that you're making that's very interesting and we used to do this a whole lot at the initial days of Synapse, which is if you can get high confidence on the human, then the other risks are low. Obviously, we used to do that...
Hrishi:
Lower. Yeah.
Sankaet:
We used to do that with social media, but very hard to extend it out because social media by and large is very cagey with their information. Unless you could do it, we could do it fine manually, and then when it came to a point where it just didn't scale, because Facebook wouldn't give us enough access to the data to be able to make proper prediction. Going back to this point, which extends to your point of it being more federated and maybe a consortium so that it's not one ownership stake model. Would you, as a consumer feel more comfortable if this was regulated or probably not?
Hrishi:
I would care more, less about regulation, more about ownership, if that makes sense. As long as you mean by regulation, you mean some central federal authority, like an SEC or alike. I mean, I would care less about that, honestly. Speaking as a consumer, my identity being federated, I think there needs to be regulation around what you collect and how you handle the data that you are leveraging to assign me this good person index or whatever that we call it and how you're handling that data. Where are you getting it from? What are you doing with it? How are you disposing it? Of like the usual data privacy, from a data privacy standpoint, I believe the regulation would be super important.
Hrishi:
But I think it's almost one of those things that it should be a thing that it's actually an interesting. Now, I'm thinking about it because there is an ongoing data collection that can improve just like your credit score goes up and down, your human score can also go up and down. Maybe not down, hopefully, but the more data you gather about me and my background, maybe your...
Sankaet:
It's like one of the episodes in Black Mirror, the more likes you get, the more human you are.
Hrishi:
Yeah. Yeah. Yeah. This is like the dystopian version of the, remember that “klout app”, klout with a “k”.
Sankaet:
Yeah.
Hrishi:
Which basically, oh my God, I don't know if it's still around, but that was just like one of the most... Just the concept was sort of disturbing, but yeah, coming back to your regulation, I think the data that you're tapping into to make that verdict, the predicting about me is so personal and so sensitive, that I believe the handling of that data needs to be regulated to the point where actually once it is done, ideally the data is returned almost to me. I mean, this is like pipe dreaming thing, but a friend of mine is building... We have talked about it, but the idea of the building a startup, this product, this app where the whole idea is there is no centralized broker for your personal data thing, the kinds that are used to make credit determinations and stuff like that.
Hrishi:
But it's all like, it literally, you own it. You own it on your device and no one else has access to it. Shy of you consenting to share it on a time bound basis, specific bits of data, specific time windows that they have access to it and then you take it away, but you own it. In that sense, once that predicting is done, ideally the data is shredded, returned to me and it lives on my device, in my digital wallet, whatever. This is the other potential upside of using blockchain because it’s all encrypted. But then I realized that, well, maybe there are other packets of data that may feed in, either through more discovery or more ongoing events and activity that happens that can keep kind of revising that human score. Wow, this is like crazy directions we're going into. Now, you mentioned Black Mirror. It's almost like Black Mirror E stuff. Like what's my human score?
Sankaet:
Yeah. I think what's your human score, and then there would be an outcry for digital human euthanasia, which is like, I want to eradicate my profile and start fresh.
Hrishi:
I think, yeah. I think, yeah. How do you write off that murder from 10 years ago?
Sankaet:
Then you'll have social activists on both sides. Very passionate about why this is okay, why this isn't? And we'll be back to where we are today.
Hrishi:
Or worse.
Sankaet:
Or worse probably.
Hrishi:
Yeah. Yeah.
Sankaet:
To your point, I think we literally arrived at, it seems like on identity side, probably a federated mechanism is far superior than...
Hrishi:
Yeah.
Sankaet:
But then to your point, the ongoing fraud...
Hrishi:
Federated and portable. Yeah.
Sankaet:
Yeah. But the ongoing trust still gets built up over time and then you choose to, or not choose to report that back into the system in some form. Yeah. I think that's probably a good idea.
Hrishi:
Yeah. I mean, I think the ongoing thing needs a feedback loop and a secure storage and sharing mechanism honestly, because too many things can happen.
Sankaet:
Yeah. How does all of this fit in now to what is a government obligation at the end of the day around anti-money laundering, terrorist financing, suspicious activity reporting, how much of that do you as a builder in this space, even think through and how much of this stuff is a secondary thought, not like primary as much? Would love to hear your opinions on the whole construct to begin with, and then maybe a little bit more detail.
Hrishi:
I mean, look, in the space that, excuse me, the space that we live in, we can't really get away from that. Especially with Yieldstreet, which for all practical purposes, it's a marketplace, right? It's a two-sided marketplace that connects investors looking for good investment opportunities with capital-raisers who are looking to raise, looking for a good distribution platform to raise capital from. Now, from an enterprise perspective, because we are a regulated entity, we have obviously annual audits of every kind, just like you guys, because we are both in the same, highly regulated space, we have this added layer of faith and trust that we need to demonstrate, not just to the auditors, but also to our counterparties and the partners that we work with on the other side of the marketplace who are looking to put their product on our platform, right?
Hrishi:
Because now, if you look at some of our recent offerings, these are some of the big guys, it's like Fortress and KKR. Obviously, they are not going to distribute their product through our platform unless they're a 100%, 110% convinced and we can demonstrate to them that the investors that we are distributing this product to are all good humans. The only way you can do that is through reliable AML practices, both on our side and our partners like ourselves. We've talked about that. We rely on our partners and other vendors as well, and there's enough vendors in this space, as you know, to do that vetting, which is why like this, the investor vetting on our side for someone, because a platform at the end of the day is although the company as an enterprise is a two-sided marketplace, the technology platform really serves one side of it.
Hrishi:
It's the investor side, today at least. It may change in the future, but this is why it's triply important for us to go through not just the KYC and the fraud from a money movement standpoint, but also a real AML, OFAC background screening of every investor that comes on the platform and opens an account and opens even multiple accounts, right? It is super important for us, and I think from a government oversight standpoint, I mean, the guidelines, the data sets that these screens are done against, as far as I know, you know better than these, because I'm not an AML expert, but as far as I know, these sanction lists and these OFAC, AMLs, that they are centrally managed by the government.
Hrishi:
These are the things that you are doing these checks for us, and not just you, or we do on our side as well for our investors as well as all of the other parties that we deal with, because it's a multi-party... A single deal, it looks very simple. You're just go in there and you put some money in it, but there's a lot of counterparties and money movements involved, both off platform and through the platform. All of these need to be continually vetted against these publish lists and the regulated and the managed lists from the government. It's an ongoing thing because we have to do this every year, with every new investor, with every new partner, with every new counterparty that we work with.
Sankaet:
Yeah. Yeah. I think ...
Hrishi:
No getting away from it.
Sankaet:
... there are two aspects to this. One, I personally find tumultuously difficult to reconcile with intellectually, and then the other one, I makes total sense. I think the transaction ongoing transaction monitoring makes total sense, which is trying to monitor the activity to ensure you're not aiding and abetting something that could lead to real harm in the world.
Sankaet:
That piece, I think it's like very rewarding to work on as well, because you know you're making a difference and you can help here. The one that I go back and forth on is the one you talked about the very prescriptive approach around sanction screenings, because I think when it started as an idea, it was quite valuable. It made a whole lot of sense to be able to put a list together of FBI most wanted terrorists, known criminals and now that list is extended into a device for political maneuvering, which is we will put anyone and everyone on the list that we think don't serve the interests of the government, and really good example of this is Russia and Ukraine.
Sankaet:
A lot of normal, regular Russians are now barred from using the global financial system, but a lot of the oligarchs who are actually financing this have enough ways to be able to get around it and operate as usual. Yeah, I don't know what to think of that. At that point, I've kind of lost some trust in the sanction system though.
Hrishi:
Yeah. But I mean, this is the age-old problem, the biggest, the most impacted victims of any kind of geopolitical strife are the everyday people. They cannot go through no fault of their own. But at the end of the day, we have to stay within the legally prescribed swim lanes. We don't have the choice. We don't really have a choice, right? Now, it would be great if we can actually have a much more granular auto generated through data by machines not by government fiat, an auto generated list of these, let's say, the federated identity that we're talking about at some point truly becomes global for anyone who has any kind of digital presence, which is I believe an unsolvable problem, but let's say it's solved.
Hrishi:
Now, that becomes like that ever growing, a continually scored centralized or decentralized as the case may be inventory of these identities. No, that would be a great thing to test against. It's like, okay, well, I'm not like, this is not influenced by any government, this is just driven by for arguments sake, let's say, it is decentralized. There's some blockchain, right?
Sankaet:
Yeah.
Hrishi:
We just adding these and every new data point, every new event that we discover about a certain hash or a certain identity creates a new transaction on the chain and the most recent transaction is the definitive picture that the world has of a certain identity. We just established rules around that and it could be multiple scores. It could be a score around... Then you just, every business based on what they do or what they need sets the framework for what is the cutoff like anything above this, we will not permit anyone below the score on this vector or that score on that vector. This is by virtue of being decentralized, not under single government control, it's on the chain. You're just tapping into that. That would be like, come on, as amazing as that would be, the people who really want to escape that will figure out a way to do it, right?
Sankaet:
Yeah, totally.
Hrishi:
Because the real...
Sankaet:
Well, that's where ongoing monitoring comes in as well though, like people who can game the system can be caught afterwards. Same thing, right, like based on the pattern of behavior they're exhibiting?
Hrishi:
Yeah. The thing is this relies like they will... I guarantee you, the people who have the wherewithal, the power, the money will figure out a way to create a federated identity version of a shell company. It's untraceable to the real identity, right? That's the problem.
Sankaet:
Yeah. Well, technically you have those tumblers on the blockchain. If we're talking about blockchain where you can just go and do swaps of transactions and come out and you wouldn't really know the origination of money from anywhere.
Hrishi:
Yeah. That's true.
Sankaet:
Anything cool that you think is happening in this space that has been interesting for you? Obviously, you talked about federated identity.
Hrishi:
No, I heard you're coming up... I also heard about this fraud score thing that someone's working on that I'm super, super interested in.
Sankaet:
Hopefully.
Hrishi:
No. I mean, so we talked about like fraud score in the specific context of, okay, well, these are the patterns that are considered the norm. This is the normalcy of patterns for our business. And so fraud score or any kind of these betting engines will look for deviations, right? Which if you abstract it out is a general purpose thing, here's a pattern and here's an event, here's a series of events. Does it fit the pattern or not? There's a partner that we work with on account takeover protection, that is actually the engine that they're building is a fairly portable general purpose engine.
Hrishi:
They can detect its pattern deviation, right? You can re-feed them a training set of patterns and then they can... It's super curious to see what else we can throw at it that they can detect the deviation and give us a verdict on. That's one. There's a lot of interesting stuff going on, but within the context of what we are chatting about, I think I'm still in search of the perfect blend, the perfect compromise between UX and safety, when it comes to these three key things, because it's tough. There's only so far UX can take you if you need something that is actually generally going to reduce friction without compromising the security of the operation or the person.
Sankaet:
Well, with that, we can probably wrap it. Any final thoughts?
Hrishi:
Yeah. This was awesome. I'm sure we've still left a bunch of material on the plate for subsequent chats, either on the Yield or on the Synapse podcast. But yeah, I look forward to the next one, man. This is great. Thanks for having me.
Sankaet:
Well, thanks for coming. I really appreciate it. I hope you have a wonderful evening.
Hrishi:
And you too.
Sankaet:
Thanks again for joining us for this episode of Under the Hood and a special thanks to our guests as well. If you like the podcast, please go to Synapsefi.com/underthehood to subscribe. Thanks again. See you next time.
