Hubert Rachwalski’s quantitative finance and optimization methods background was good preparation for starting a company that helps businesses know their online users while protecting themselves from fraud.
Rachwalski is the CEO of Nethone, a know your user company that uses machine learning to detect and prevent card-not-present fraud and account takeover. Through advanced technology and some unique steps, Nethone (pronounced Net-hone) helps its clients provide security and the strong UX important in the modern economy.
Early in his career, Rachwalski worked with quantitative mathematics and financial information systems, looking at ways to use those tools to develop approximation and optimization methods for decision-makers. He then gained added experience with different applications when studying in Singapore.
That led to his return to school, this time to study business. Rachwalski worked with Boston Consulting Group supporting clients in Eastern Europe after graduation.
“I was supporting some of these from the perspective of data flows, data processes, and how to migrate IT stacks from one bank to another while not losing the entire understanding of the user,” Rachwalski said.
From there, Rachwalski joined venture developer Daftcode as its blockchain ventures lead. He helped structure VC activity, direct e-commerce activity, map the online customer journey flow and identify ways to acquire and monetize traffic.
Helping companies capitalize on user-generated data
Nethone began in 2016, and the company’s focus back then was on mobile and internet banking. Rachwalski quickly noticed that large financial institutions were not capitalizing on the data generated by millions of active users.
“You have access to all spending-related data and these behavioral aspects of what online payments and banking can mean,” Rachwalski said. “Our hypothesis was based around the fact that if the future is about remote and online interaction between users and institutions, there is probably sizeable room for a specialist technology company that would be making this understanding clearer or more holistic.”
By gaining a more granular view of each user, Nethone can focus on identifying the riskiest users via specialty intelligence provided passively in a background scan conducted during every user session. Nethone’s profiling scripts and SDKs give that information to the front end of the online platform.
The biggest security issue
Fraudsters are becoming more sophisticated as they pursue new methods of account takeovers, and society, in general, is not prepared to protect itself, Rachwalski said.
The top security issue he sees is the lack of awareness among online participants about protecting their data and safely managing their identities as they interact with online services.
“There is much self-learning, but as a society that is becoming more and more remote and more and more online, we are completely not equipped with the sensitivity as to how certain things work and what kind of vulnerabilities and dangers there are,” Rachwalski said.
“We are not prepared for the battle that is happening. And this asymmetry of information is frightening because the expansion rate within some of these vulnerable areas is great, but we are not catching up with education.”
“If you don’t have that strong foundation, there is no way you can protect yourself from the continuous cat and mouse game that typifies today’s online world,” he added. “Someone may react to a specific threat, but if they don’t understand the basics of the Internet and how devices communicate, they’re a little safer today than they were yesterday.”
The importance of identifying recurring users
In 2016, the main issue was payment fraud, as thieves sought to capitalize on card-not-present fraud. There are more issues to contend with, including account takeover fraud, a complex problem, Rachwalski explained.
In today’s highly competitive marketplace, merchants battle to acquire and retain users. When those vendors sell products that are mostly standard in price and quality, they have to spend more to advertise and attract customers. That thins margins while making quality UX paramount.
An essential aspect of a quality UX is identifying recurring users and making return trips as easy as possible. That presents several issues, with many platforms passing more responsibility to the user by making it their duty to manage passwords and credentials. Companies are reluctant to subject returning users to security measures like two-factor authentication.
“There is this terrible trade-off there,” Rachwalski said. “The platform needs to be able to protect your account, but at the same time, your access to your account should be as easy as possible without any additional steps in your user experience.
“It will continue to be a huge issue, and it’s not only about access to payment details. Many platforms are storing much relevant behavioral history. So even if it’s not your social security number that can be used across various platforms, the fact that you have been buying particular items at a specific frequency becomes an economically viable source of insight.
Nethone’s response? Passive biometrics
The trick is to foster a great UX while passively protecting the transaction. For Nethone, the key is passive biometrics, which helps them learn how a user behaves when directing the keyboard, mouse, or mobile device. That allows them to recognize a user without needing two-factor authentication. The security remains in the background and doesn’t interrupt the user flow.
E-commerce companies must realize they are operating in a world so sophisticated that tutorials and even SaaS-based solutions are available that allow scammers to commit online fraud, Rachwalski said.
All the more reason, they must prioritize the ability to identify recurring users. That even includes when returning users seek to mask their identities to capitalize on one-time-only discounts.
The challenge is online, yet Rachwalski still meets banking executives who prioritize securing their physical infrastructure over their online resources, even though people can rob a bank from halfway around the world with their phones.
Can blockchain help?
Rachwalski said blockchain technology offers some security improvements, but one aspect few discuss is what happens when the ordinary and virtual worlds interact. That’s where the risk lies.
“Even if you have a perfectly functioning blockchain-based payment system, and within this ecosystem, things are safe because they are put on the centralized ledger verified, and it’s not easy to commit fraud; the question is how you inject the money into the system?” he asked.
“There are, let’s say, payments entering the blockchain, and the question is, what is happening here? From our experience, protecting several cryptocurrency-related payment services, on-ramping or off-ramping, so effectively exiting the blockchain ecosystem, this is the place where currently we are seeing most threats.”
Another issue retailers must prepare for is the changing spending preferences among younger users, Rachwalski said. That brings hope, as they may shift to safer payment methods.
But there will always be risk, he concluded.
“Any payment method can be considered risk-free, but it would mean that it will have a terrible user experience. This is always the trade-off,” Rachwalski said. “It’s straightforward to have a fraud-free system. It’s just that it will not be straightforward to transact with it.
“The true fraudsters are only the instances that should be stopped. So it’s all about not bothering the 99% of good users and being laser-focused on stopping the ones that should be stopped, having this balance between conversion rates, and being very precise on fraud classification. That’s when we have a good security system in place.”