Losses and fraud are as old as human society. Scams and acts of fraud were not started nor invented by the digital generation. The most widely known scam, the “Nigerian Prince” or “Advance Fee” scam, luring victims to pay large sums in exchange for a big and never-arriving payout, is not a digital invention. It is a modern variant of the “Spanish Prisoner” scam, which originated in the 19th century. In any situation involving the opportunity for gain, be it a game for chips or an actual money transfer, some people are going to try to bend the rules. They do so even when there is no way to cash out, in order to get ahead and maintain status if nothing else. Almost everyone cheats; some of us are professionals.

As more and more financial activity goes online, the potential payout becomes larger. It was once only possible to steal a credit card. Now you can lend money, refinance your loan, or start a new business online. Increasingly, consumers go shopping online. 2012’s Cyber Monday saw sales of almost $1.5 billion, the biggest in history. Consumers have their lives online on Facebook and Twitter. Identities are easy to steal, replicate, and invent; Facebook reports that about 9% of its profiles are fake. On top of all that, consumer activity creates enormous amounts of data that require novel techniques for simple searches, let alone understanding who’s real and who isn’t, who’s a fraudster and who’s telling the truth. When operating a financial services business you are faced not only with fraud, but with other causes for losses driven by multiple factors: credit default, misunderstandings, bad operational procedures, and more. I realized that there needs to be a single source for a methodical and comprehensive way to find, describe, understand, and deal with these problems so that businesses could succeed online.

This book aims to be that source—to give an introduction, overview, and overarching framework for dealing with risk in online payments. The material in it has been accumulated, shaped, tested, and proven to work over several very busy years of working in various payments companies, specifically in risk management and fraud prevention for payments, as well as consulting and discussing with many others. It aims to spark a discussion around the practice of risk management in payments in particular and eCommerce in general, as well as give the layout of what one should think about when approaching this vast field. It brings together data, organization, technology, UX, product, and other insights to present a blueprint for the best-possible loss and risk management organization in a rapidly changing digital environment, from a one-person task force to dozens of agents and analysts. It covers the essentials of the first couple of years and points toward following steps.

This book isn’t a complete step-by-step manual, as that would require thousands of pages; it is an introduction with some needed elaborations. It also skips a lot of basic knowledge that can be obtained through other sources and, therefore, isn’t always a 101-level book, although I made sure to explain every term that may be less than obvious. There is no deep discussion of machine learning, model building, frequentist vs. Bayesian statistics, or preferred packages for visualization; these topics are covered at a reasonable to extensive level in many other books, and their detailed and specific application is only required after the tools in this book have been exhausted. Neither does this book include typical application review procedures or price ranges for common data sources; the first is too specific to your system and data availability, and the second is available online using simple searches. But it will get you started and take you far along your way. More than anyone, this book is aimed at those who are tasked with starting a RMP function, whether in a small or large corporation. Veterans will find best practices that they have worked with through the years and new ideas that they may want to adopt. CFOs, COOs, and CEOs that have a RMP team reporting to them will learn more about its internals and what to expect of it, as well as some insight into how to measure its performance.

I have many people to thank for the incredible experiences I’ve had through my career—first and foremost my teams. Over the years, I’ve had the opportunity to work with, lead, and be inspired by some of the most intelligent, capable, and challenging people I’ve ever known. Together, we were able to build teams that not only delivered extraordinary value but also became a brand. As a result, many of those people are now leaders of risk, analytics, product, and operations teams in various new startups and companies.

I’d like to thank the people who have mentored and helped me through my career. There are so many who’ve inspired and helped—too many to count—but I will still try to recognize at least some of them. Saar Wilf and Shvat Shaked for starting FraudSciences and Noam Naveh for being a great trainer and manager. Denise Aptekar, Dan Levy, Rohan Mahadevan, Elena Krasnoperova, and Alyssa Cutright for their mentorship through FraudSciences’ acquisition and integration while they served as PayPal’s risk leadership team. Tel Kedar and Chandra Narayanan for being inspiring and challenging peers. My brother Yuval Samet for being a strong business partner as we started and ran Analyzd together. Sebastian Siemiatkowski, Niklas Adalberth, and Victor Jacobsson, Klarna’s founders, for being such great partners post-acquisition. And last but not least, my mentor, the late David Davidi, for his ongoing support and street smarts as I was paving my way. May he rest in peace.