Kris Nagel, CEO of Sift – Interview Series

Kris is the Chief Executive Officer at Sift. He brings more than 30 years of experience in senior leadership positions at venture-backed and public SaaS companies, including Ping Identity. Sift offers a way for enterprises to end payment fraud, built with a single, intuitive console, Sift’s end-to-end solution eliminates the need for disconnected tools, single-purpose software, and incomplete insights that drain operational resources.

In your previous role you were Chief Operating Officer at identity security platform Ping Identity, where you played a critical role in taking the company public in 2019, what were some of your key takeaways from this experience?

Taking a company public is a big undertaking, and I learned a lot through the process.  Developing products and scaling the company both before and after that milestone taught me about what it takes to solve complex organizational challenges, to continue to innovate and reimagine the user experience, and to grow teams, and empower them to do their best work. I’ve learned throughout my career that any success in any role must start with a deep understanding of customers, partners, and the people on your team.

You joined Sift as CEO in January 2023. What attracted you to this new challenge?

Fraud is an ever-growing and evolving problem, and the stakes are clear. Global e-commerce fraud loss is estimated to reach $48 billion by the end of 2023 (a 16% YoY increase over 2022), and businesses globally spent an average of 10% of their revenue managing fraud. But if a company fails to manage fraud effectively, it can lose revenue by excluding or “insulting” legitimate customers.

Sift has the first-mover advantage in solving this problem with machine learning, and its core technology and global data network have set it apart in the fraud prevention space. More than 34,000 sites and apps, including Twitter, DoorDash, Poshmark, and Uphold rely on Sift. That differentiation, along with the strong focus on long-term customer partnerships, made my decision to join an easy one.

Why is generative AI such a huge security threat for businesses and consumers?

Generative AI is showing early signs as a game changer for fraudsters. Scams used to be riddled with grammar and spelling errors, so they were easier to distinguish. With generative AI, bad actors can more effectively mimic legitimate companies and trick consumers into providing sensitive login or financial details through phishing attempts.

Generative AI platforms can even suggest text variations that allow a fraudster to create multiple distinct accounts on a single platform. For example, they can create 100 new fake dating profiles to commit cryptocurrency romance scams, with each having a unique AI-generated face and bio. In that way, generative AI is enabling the democratization of fraud because it’s easier for anyone, regardless of tech-savviness, to defraud someone using stolen credentials or payment information.

Sift recently released a report titled: “Amid AI Renaissance, Consumers and Businesses Inundated with Fraud”, what were some of the biggest surprises for you in this report?

We knew that AI and automation would change the fraud landscape, but the speed and volume of this shift are truly remarkable. More than two-thirds (68%) of U.S. consumers have reported an increase in spam and scams since November, right around the time generative AI tools started gaining adoption, and we believe those two trends are strongly correlated. Likewise,  we’ve observed a surge of account takeover (ATO) attacks, with the rate of ATO ballooning 427% during the first quarter of 2023 compared to all of 2022. Clearly, these events are related, as generative AI allows fraudsters to create more convincing and scalable scams, thus leading to a wave of ATO attacks.

The report also shows some of the ways that “fraud-as-a-service” is advancing. Openly available forums like those on Telegram are lowering the barrier to entry for anyone who wants to commit various types of abuse – it’s what we call the democratization of fraud. Our team has seen a proliferation of fraud groups that now offer bot attacks as a service, and we highlighted how one tool is being used to trick consumers into providing one-time passcodes for their financial accounts. And fraudsters are making these tools easily accessible and available to others for a relatively small fee.

Could you discuss what is “The Sift Digital Trust & Safety Platform”?

With Sift, companies can build and deploy with confidence knowing that they have the tools to protect their businesses from fraud. It’s keeping out the bad actors while still giving customers a seamless experience – reducing friction and increasing revenue.

Our mission is to help everyone trust the internet, and our platform uses machine learning and a massive data network to protect businesses from all different types of fraud and abuse. We were one of, if not the first company to apply machine learning to online fraud, so we have amassed an incredible amount of insight that is reflected in our global machine learning models, which process over 1 trillion events per year. The beauty of the platform is that the more customers we have, the smarter our models become so that we can always optimize for stopping fraud while reducing friction for real users and customers.

Within the platform, we have Payment Protection, which protects against payment fraud; Account Defense, which prevents account takeover attacks; Content integrity, which blocks spam and scams from being posted in user-generated content; and Dispute Management which protects against chargebacks and friendly fraud.

How does this platform differentiate itself from competing fraud tools?

There is no shortage of fraud prevention vendors on the market, but most fall within two categories: point solutions or decision-as-a-service. Point solutions tend to have a narrow scope and are designed to address one use case, such as bot detection. Decision-as-a-service solutions are more comprehensive but lack many fraud management capabilities, and act as a “black box” about their decision logic.

One of Sift’s most distinguishing characteristics is that we offer a solution to fight multiple types of fraud across all industries. Fraud is an industry-agnostic challenge, and we have unique insight into how one industry’s fraud problems become another’s. Across all of our capabilities – decision engines, case management, orchestration, reporting, and simulation – we also prioritize putting control into the hands of our customers. Each company is unique, and this ability to customize means that logic can be modified with custom rules and that simulations can be adjusted within the platform. We also believe that the best way to prevent fraud is to be transparent about it. Our decision engine provides explanations for analysts so they understand why a transaction was approved, challenged, or denied. We also offer reports so you can measure the performance of a model to understand if it needs to be adjusted.

Can you discuss what is the “Sift Score”, and how it enables continuous self-improvement to the machine learning that is used?

Sift customers use our machine learning algorithms to detect fraudulent patterns and prevent attacks on a website or app. The Sift Score is a number, from 0-100, given by the algorithm to each event (or activity) to indicate the likelihood that the behavior is fraudulent.

While each of our products is supported by its own set of machine learning models, we also offer custom algorithms that are tailored for Sift’s customers. The fraud signals for each industry may differ if you sell insurance, perishable food, or clothing, for example. Sift runs thousands of signals, drawing on our vast global network, through each bespoke model, analyzing details like time of day, characteristics of email addresses, and the number of attempted logins. These signals combined make up a score for a particular event like a login or transaction. Sift Scores are never shared across customers because each customer’s machine learning model is different.

An interesting product that is developed at Sift to fight scams and spam is called Text Clustering, what is this specifically?

Spam text plagues online platforms, and spammers often post the same or very similar content repeatedly. We built our Text Clustering feature as part of Content Integrity to make it easier to identify this type of text and cluster it together so an analyst can decide whether or not to take bulk action. The challenge is that not all repetitive text is spam. For example, an e-commerce seller may list the same product and description on multiple websites.

To effectively solve this challenge, we needed a way to label the new types of content fraud that we wanted to detect, while also giving analysts the final control to take action. Through a combination of neural networks and machine learning, Text Clustering can now group similar text, even if there are slight variations. This flagged content is labeled together, and if it is, in fact, spam, an analyst can take bulk action to remove it.

How can enterprises best defend themselves against adversarial attacks or other types of malicious attacks that are perpetuated by generative AI?

More than half of consumers (54%) believe they shouldn’t be held responsible in the event they unintentionally provided their payment information to a scammer that was later used to make a fraudulent purchase. Almost a quarter (24%) believe that the business where the purchase was made should be held responsible. That means the onus for stopping fraud lies with the platforms and services consumers rely on everyday.

We’re still in the very early days of generative AI and the threats today are not going to be the same threats we see six months from now. With that said, businesses need to fight fire with fire by using AI technologies like machine learning to combat and stop fraud before it happens. Real-time machine learning is crucial to keep up with the scale, speed, and sophistication of fraud. Merchants who don’t move away from outdated or manual processes will fall behind fraudsters who are already automating. Companies that adopt this end-to-end, real-time approach improve fraud detection accuracy by 40%. This means better identifying fraudsters and stopping them in the act before they can harm your business or customers.

Is there anything else that you would like to share about Sift?

One initiative we recently implemented to further this mission is our customer community, Sifters. It’s open to all Sift users, and it acts as a bridge between our customers, internal experts, and digital network of merchants and data. It's been a valuable hub for gathering industry insights and addressing cross-market challenges in fraud prevention. And it’s seeing enormous adoption. Creating a community for fraud fighters is absolutely essential because fraudsters have communities of their own where they collaborate to harm businesses and consumers. As we like to say, it takes a network to fight a network.