Identity verification is make-or-break for your platform's growth
Explore why why identity is the foundation for trust & safety on platforms, and how getting identity right (or wrong) impacts the highest levels of company strategy.
Identity is critical for trust and safety on platforms.
When you know who's on your platforms, you can create a smooth, safe, and enjoyable experience for your users, and you protect your bottom line.
But when you're not able to identify who's interacting and transacting on your platform, you open your company and your users up to a world of problems.
In a live session hosted by Marketplace Risk, André Ferraz, CEO and Co-Founder of Incognia and Garrett Wolt, Head of Insurance and Risk at delivery platform Wolt, had a deep discussion about the importance of identity for trust & safety on platforms, and the impacts that getting identity right (or wrong) has on company strategy and growth.
Collaboration Boosts Efficiency: Cooperation between fraud and marketing teams optimizes customer acquisition campaigns.
Fraud Prevention Enables Growth: Strategic fraud prevention enhances reliability, credibility, and reputation for sustainable growth.
Reputation Drives Retention: Strong reputation is pivotal for customer retention, preventing a "leaky bucket" effect.
Resource Allocation is Critical: Viewing fraud prevention as an efficiency enhancer is key to resource prioritization.
Let’s take a deeper look at some highlights from the 4 main topics that André and Garrett covered:
The Importance of Identity in Trust and Safety
In the first segment of the webinar, André and Garrett delved into the critical role of identity in ensuring trust and safety within online platforms. André opened the discussion by asking Garrett about the significance of addressing trust and safety challenges through identity verification.
Garrett emphasized that fake identities enable adverse behaviors, eroding trust on the platform for all users. This lack of trust acts as a barrier to customer acquisition and hampers the journey of building a loyal customer base, ultimately impacting the bottom line. He stressed the importance of knowing who is on the platform to enhance trust, confidence, and reputation among customers and merchants.
When Garrett turned the question back to André, André further emphasized that identity serves as a cornerstone, providing insights into users based on their device and location. Proper identity verification, including KYC processes and biometric matching, can establish a strong foundation for trust. André also discussed the importance of identifying bad actors to benefit the entire ecosystem, ensuring consumers' safety and encouraging more participation from legitimate users.
Garrett also touched on the multifaceted nature of data on the platform, including transactional, personal, and financial data, emphasizing the importance of understanding the "why" and "how" behind users' activities. Both he and André stressed the significance of balancing data privacy with identity verification, addressing the challenges posed by evolving privacy regulations like GDPR and CCPA.
Fraud Creeps in When Identity Breaks Down
In this section, Garrett and André explored the intricacies of how identity issues can escalate into fraud within various industries.
André shared insights from Incognia's broad experience across industries like marketplaces, financial services, gaming, and social media apps, revealing that almost every use case boils down to identity. He emphasized that the core issues of account security are fake accounts and account takeovers. He also discussed the fact that the motivations for fraud may vary, but the attack methods often remain similar.
André also shared an interesting case from the food delivery industry which involved a smart fraudster posing as a courier scamming customers through the use of a tampered POS system.
André emphasized the importance of understanding the devices involved in fraudulent activities and leveraging that understanding to block suspicious devices effectively.
The conversation then moved on to liability considerations. Garrett emphasized the complexity of liability within Wolt’s platform, given that it involves multiple stakeholders including couriers, consumers, and merchants.
The discussion shed light on how the liability landscape extends beyond the platform to interactions with the broader community, where the platform must consider potential risks associated with user behavior outside the digital realm. Garrett highlighted the importance of localized approaches to address these varied liability challenges across different countries and cultures.
How Identity and Fraud Issues Create Risk and Ripple Effects
In this section, André and Garrett explored the less obvious ways in which identity and fraud negatively impact a company's health and success. André highlighted the lack of collaboration between fraud and risk departments and the marketing department in marketplaces. He emphasized how fake accounts can lead to coupon abuse, ultimately affecting the efficiency of marketing campaigns. By addressing this issue collaboratively, companies can optimize marketing strategies and customer acquisition campaigns.
André also discussed the problem of collusion, where a single individual operates multiple accounts, emphasizing the importance of analyzing device, network, and location data to detect such fraudulent activities effectively. He noted that fraudsters often attempt to disguise their devices, making precise location data a valuable tool for identification and prevention.
Garrett contributed to the discussion by highlighting the role of risk appetite and overarching risk management in a company's growth and success. He emphasized the necessity of understanding the risk boundaries, allowing for calculated risk-taking while maintaining credibility and trust with customers, investors, and advisors.
Garrett emphasized that customer-centricity requires trust. He shared examples related to couriers, illustrating how couriers’ adverse behaviors can tarnish a company's reputation and negatively impact stakeholders.
Adverse behaviors can erode confidence and hinder growth, which underlines the importance of maintaining trust and credibility within the ecosystem.
Overall, this section highlighted the interconnectedness of fraud prevention, risk management, marketing efficiency, and customer trust in driving a company's growth and success. Collaboration between departments and a well-defined risk appetite were stressed as critical elements in managing identity and fraud-related risks effectively.
How Fraud Prevention Influences Platforms’ Strategy and Ability to Grow and Scale
In this final section, Garrett and André discussed the value and influence of fraud prevention efforts within organizations, particularly focusing on how fraud prevention enables growth and impacts a company's reputation and reliability.
André acknowledged that fraud prevention is often undervalued in organizations, but noted that the perception is changing. He highlighted common challenges faced by fraud prevention teams, such as resource limitations and the need for collaboration with engineering teams. André emphasized that reframing fraud prevention as a means to improve business efficiency and drive growth is crucial for organizations to allocate appropriate resources and prioritize fraud prevention efforts effectively.
Garrett emphasized how fraud prevention has empowered Wolt by ensuring reliability in financial figures, enhancing reputation with customers and merchants, enabling speed in addressing concerns, and strengthening credibility with investors, insurers, and regulators. André followed that by emphasizing the critical role of fraud prevention in maintaining customer retention and preventing a "leaky bucket" scenario, which is essential for sustainable business growth.
Both speakers agreed on the importance of reputation in customer retention and growth, emphasizing the need to build trust and credibility within the communities and markets a platform operates in.
Overall, this section highlighted how fraud prevention efforts are evolving and gaining recognition for their essential role in enabling growth, building reputation, and ensuring the sustainability of businesses in various industries.
In today's landscape of rapidly evolving digital platforms, the relationship between fraud prevention and business growth is more important than ever.
As André and Garrett discussed in this live event, collaboration between fraud prevention and marketing teams is fundamental to streamline operations and maximize the effectiveness of customer acquisition campaigns. Beyond its role in securing financial figures and enhancing credibility, effective fraud prevention fosters a strong reputation, ensuring customer retention and long-term growth.
Recognizing fraud prevention as an efficiency enhancer, rather than a cost center, prompts organizations to allocate resources strategically, paving the way for resilient, sustainable growth in an ever-changing digital world.
This is an audio transcript of the virtual event ‘Identity verification is make-or-break for your platform's growth’.
Hi, everybody. I'm David Nesbitt, the content marketing manager from Incognia, and I'm joined by Incognia’s CEO, André Ferraz and Garrett Olson from Wolt. I'm going to let these guys introduce themselves.
Garrett, would you be willing to start us off by introducing yourself? I'd love to hear about your role and how you’d describe Wolt for the audience.
Yeah, sure. So I'm in charge of insurance and risk at Wolt. Wolt is an e-commerce delivery platform. We were acquired by DoorDash last year when the deal was closed. So we've partnered with them and are driving a lot of the international aspects.
25 of the 29 markets are running under the Wolt product and brand. We also have–similar to the Dash Marts, we also have Wolt Marts under our brand as well, the Wolt markets. I'm in charge of the enterprise risk management framework policy and all risks, all things quite scary to the organization and how we actually monitor those and report those.
So I'm involved in the product and the security finance compliance and a handful of other areas. And then the moonlighting job is the risk transfer component of that, which is all the insurance, which is usually transferring away those big, bad, scary things, or sometimes the really nice things that we offer the couriers, like the courier insurance program prior to Wolt.
I had been working in the financial sector for nearly two decades, as well as setting up CVCs here in some of the large Danish companies like Maersk and F.L. Schmidt. That's just a little bit about myself, and I think we'll get into some more of the granular details later on, and I'll turn it over to Andre.
Thanks, Garrett. I'm André Ferraz, one of the co-founders at Incognia and the CEO of the company. I come from a technical background in computer science. I started my career as a security researcher and have been working particularly with security and identity technologies, with a particular emphasis on location-based technologies.
Incognia operates in the digital identity space. We brought to market this concept of location fingerprinting where we have combined device fingerprinting capabilities with very precise location data to create a more stable identifier so that we can use that for both fraud prevention and also to provide a better user experience when customers are authenticating to online services by removing some of the friction that we encounter with MFA.
I'm happy to be here, excited for the discussion, and David, I'll send it back to you.
Thanks, André. So we've got some great topics we're going to cover today and some great expertise to listen to and to learn from. So we'll jump right in. But first, here's where we're going today in our session:
We're going to start by talking about how identity is the cornerstone of trust and safety and then talk a bit about how, when that breaks down, how fraud starts to creep in, and we’ll talk about some real-world examples of what that looks like.
And then we'll talk about, when you have identity and fraud issues, how that creates risk and ripple effects that go way beyond just the bottom line, but to a lot of elements of company strategy. And then last, we're bringing it back to fraud prevention and how this influences a platform strategy and its ability to grow and scale.
So I think we're going to have a great conversation on these things. Really interested to hear both these guys' perspectives on these topics. First, without further ado, we're talking about how identity is the cornerstone of trust and safety. André, why don't you kick us off with that first question for Garrett?
Absolutely. So, Garrett, I've heard your background; it's really impressive. You've worked in different industries. But when it comes to trust and safety, why do you think identity is so important to address these challenges?
Yeah, I mean, if I speak about my current organization, I think that's probably one of the more relevant ones where people probably have had a Dasher or a Wolt courier at their door, especially because of COVID. The simple truth is really that fake identities enable adverse behaviors, and those adverse behaviors essentially create a lack of trust for the platform for all types of users on the platform. And essentially, that trust, once eroded, is a barrier to customer acquisition. That entire journey of building that trust, that return customer and acquiring customers is costly. So that goes a little bit into the bottom line. And I think one of the areas that's really, really important for us is that, at the end of the day, we know who is on the platform. Not necessarily what they're doing, because in a sense, we really understand how that's happening through the data, but really who's on the platform builds the trust and the confidence and enhances the reputation that customers and/or merchants, specifically, would come back to us before our peers. That trust is what's most important.
I kind of throw that back to you, André, because I think you look on the other side of the coin, right? And how do you actually see the importance of identity in that trust and safety space?
For sure I see it as a cornerstone. Identity is an interesting thing, right? For any person to access an online service, this person has to access it through a particular device and be somewhere in the world. So the way we like to think about identity at Incognia is from these two angles. So understanding the device and understanding where this user is informs us a lot on who that individual is. And when you combine this with deeper identity verification capabilities, like running a proper KYC process, analyzing documents, matching that to biometric information, you can have a really powerful understanding of who that individual is. And once you have that, once you're able to establish that, then everything else becomes much easier. Trust varies over time. The more you know that customer, the more they come back to your platform and don't do anything wrong, the more you can enable them to do more things. You can provide more credit, for example, provide access to premium features, and things like that. On the other hand, if you have a strong foundation in identifying these individuals and identifying bad actors, the entire ecosystem benefits. The users using your platform just as consumers, for example, ordering food, they will continue to do that because they won't be scammed by a driver, for example, or they won't buy food from a fake restaurant, and things like that. The same applies to the other side. If you have a strong ability to verify that all of these consumers are legitimate users and they're not going to try to scam the drivers, because it also happens the other way around, you will be able to convince more people to become a driver on your platform, etc. It is essential to the business. It's not just a thing used to prevent fraud and save the bottom line, but really to enable the company to be trusted by the different stakeholders that are part of that broader ecosystem. So, yeah, super important. I'd say that analyzing the data in a very detailed, detail-oriented way is extremely important to having a good understanding of that identity.
I think one of the things you mentioned is really interesting. On these platforms, there's data, but there's transactional data, personal data related to home addresses, and financial data related to the merchants and the quantity of purchases. People need to appreciate the fact that knowing why or how the person is on the platform, what they're specifically doing with that information, those types of things are extremely important for regulatory purposes, for health and safety purposes, for physical safety purposes. There are many different reasons why. The data, and I think one of the things that you mentioned, which I think is absolutely critical, is around the device. I think just the data and looking at those peaks and anomalies throughout specific periods is always interesting. But when you start layering on those specific components like device data, that is extremely important, specifically when you are talking with the police or emergency services or other types of entities that you want to help, right? Not hindering those types of activities. So I think the device data that you mentioned is an amazing point that you make.
Speaking of the data, another question I have for you. When it comes to identity verification at Wolt. what is the top priority for you? What do you look for? And another question on top of that is, which of these different stakeholders you have on their platform are the most challenging to verify?
There's a handful of different types of products and services that are moving through the platform. If we actually look at the goods, you have everything from alcohol to medicine, or even perishables like flowers. Okay, yeah, flowers, but essentially, like you said, you could essentially have fraudulent purchases where people are buying flowers but they’re actually either money laundering or they could essentially be carjacking, right? Because they've ordered flowers, a simple thing, but actually don't want the flowers. They want the courier's car. Sounds weird. It happens, right? Trust me, 20, 20, 29 countries. There's always bound to have these unique stories. So, it's always good to share, not the details, but the broader sense that those things happen.
And this is why identity verification is important. Customers and couriers, specifically in our space, are probably the most critical because there is the liability component, right? On the customer side, we're making sure that the customer is actually getting what they ordered, and/or we're delivering it to the right person, not a child or a minor. Or someone else that shouldn't be getting those specific items. The second thing is, is that we're abiding by all the laws and regulations because of those controlled substances, specifically, right?
And last but not least, I think on the courier side, there's a reputational aspect. One, we want to make sure that they're actually safe, right? If incidents are happening, if the phone hasn't been moving around for the right thing, when we call medical services, that the information that we're giving to the person, right–not that we're giving the blood type of the person to the emergency services. But when we tell them who the person is and where they're located, when they show up, that it's actually that person that's actually laying there in the street, that's had an actual accident, right? So, there is–courier partners and customers are the most important. On the courier side, we want to make sure that the actors that are delivering the specific items are representing the organization in the way that we would prefer, as well as the customers are essentially safe and confident in what they're ordering and that the person at their door is the right person that doesn't decide to go beyond the door threshold for any specific reasons. And those things again are somewhat related to the identity. You're never ever going to stop all of these adverse activities, but you significantly reduce a lot of these activities when you have certain verification processes throughout the onboarding as well as through the activity, right? Yeah, I would say predominantly, and last but not least, again, I always go back: We want the communities that we operate in to be a lot better, right? They're great, but we want them to be better. And to do that, we want to be a sustainable and corporate citizen. That requires us to make sure that we're following the laws and that whenever asked for specific information, we're able to provide that, whether it's about the person or the behavior or the activity. I think being able to have those layers of identification, right? It's not just the face that we're talking about always, going back to that device–that information is always critical when there's specific things that need to be solved, investigated, looked at, or reviewed. Not necessarily always about bad things. It could be about good things, right? Specifically, maybe if you were looking around like emissions or sustainability type of targets, there are also interesting things that go into what kind of vehicles and how that vehicle is related to a person, and etc., etc. So there are positives, not always talking about the negative situations. There are positives around how that identity can be provided to the regulators. But yeah, let's go on to the other side because I think you have as many interesting stories as I do. How do you balance the data privacy and identity verification? I think that's probably something that people want to understand because it's always an interesting topic to me as well.
It is, yeah. And it's challenging, right? Because on the one hand, you need to analyze a lot of data to ensure that that identity is real and the person behind that device is really that individual. But on the other hand, you have new privacy regulations like GDPR and CCPA, and probably there'll be a lot of new regulations in the future. So how to address that?
Well, the way we like to think about it at Incognia is, we actually enforce the name of the company, which comes from ‘incognito’. We have this very deep understanding on our end about the device and its behavior. But Incognia doesn't get into the PII data. We don't have, for example, the names, phone numbers, email addresses, those kinds of things. Who holds that data is our customer. And then we assign a common identifier to refer to that individual. But then we don't gain visibility about that. And our customer doesn't gain visibility about, for example, all of the detailed location behaviors from that device and things like that. So we keep that separate, particularly because, especially coming from a security background, it is a fact that it's only a matter of time for any company or any database or a data breach to happen. There is no and there won't be any perfect system from a security standpoint. So basically, keeping these things separate puts us in a safer position and also our customers in a safer position because then it is less likely that a data breach would compromise, for example, these users in a way that we would see, like, where people were, which places did they go, and things like that. That would be a massive problem, right? So in this case, the data breach would have to happen on both sides, and then there would be a need for someone to merge that data and do the analysis. So basically, we make it a lot more difficult for that to happen. So, I think that's one thing, like keeping those things separate, like device and device behavior data separate from PII data, trying to find a common identifier to relate these things and also trying to find other data attributes where you could bind these two things.
So, for example, one particular thing that we have been doing is, when the user is going through the ID process, right? Usually, they need to share some sort of address information. Usually, their home address. So, for example, here in the West, when they're scanning their driver's license, there is address information there, right? Or in other countries, they would have other ways of providing that type of information. And address data is interesting because it is something that you can bind to the device's behavior, right? So when you capture that address, you can then analyze, like, okay, where does this device go? How many times has this device gone to this particular address, right? And depending on that, you're able to find a very interesting way to bind the device to the identity, without necessarily having to expose other pieces of information like the user's name, phone number, email address, and things like that. That was one of the strategies that we have employed to do this, like stronger binding between devices and identity, but still keeping things separate, like PII on one side, behavioral data on the other. I think that was an important thing.
And then the other piece is mainly about being transparent with consumers and with the end users, right? So, for example, before collecting the location data, we always recommend our customers to be very transparent in the way they communicate that to the users. Like, why are you using this type of data? And we see that the response is completely different. For example, we saw customers that were simply asking for location permissions like “I want to access your location data”, either like a bank or marketplace, things like that. Opt-in rates were really low, like 40-50% max. And we saw a big difference when the same organizations changed the way they approach the users and started explicitly saying that the location data will be used for fraud prevention and security purposes. Opt-in rates went up to 90%. So when users understand why am I sharing this data with this food delivery app, for example, with this banking application– they want to understand why they are sharing this information, and we saw a very big difference when customers started to be more transparent with their users. I'd say that's another thing, being clear to your users that this data will be used for a legitimate reason. This data will be used to protect them. Makes it easier for users to understand and to want to share that information with you, because once they do that, it is going to become harder for a bad actor to, for example, take over their accounts and do those kinds of bad things.
That's great. Love this conversation so far.
Let's move on to the next section for the sake of time. We’ve established identity as this cornerstone, but at times that's going to break down. When it does break down, how does fraud start to creep in? And Garrett, I think you've got the first question here for Andre.
So, Incognia has a very wide angle view on fraud trends globally. What are some of the ways that you're seeing identity issues turn into fraud?
What's particularly interesting is that we have been working in many different industries like marketplaces, financial services, but also gaming, entertainment apps, social media apps, etc. What's interesting is that pretty much every broad use case boils down to identity. Particularly, two core issues when it comes to account security, which is fake accounts and account takeovers. Usually, these are the two ways in which a fraudster would start attacking an organization. But then the downstream effect, they're different. The implications are completely different for every industry.
For example, in the financial services in the building, a fake account would probably result in two things: money laundering or credit fraud, right? An account takeover would usually result in the fraudster wiping out the funds on that account and sending it somewhere else. But when we look at marketplaces, for example, on a food delivery marketplace, a fake account on the consumer app is probably being created because they want to abuse promotions for new customers, right? So they're going to create tons of accounts, dozens of accounts on the platform and they will eat with discounts for some time. So usually the motivations are different, but in the end, the attack is very similar.
Some of the most interesting situations I've seen–I'll bring one from the food delivery industry that was very impressive, a very smart move by the fraudsters, but we were able to catch him. There was a food delivery platform that was facing this issue where the driver would pick up the food, and then, like, in the same minute, they would cancel the order. So then the consumer would receive a notification on their phone, like, "Oh, your order was canceled." Two minutes later, the driver would show up at your front door and say, "I'm sorry, there was a bug in the application here. Your order wasn't canceled. Here's the food. Here's the receipt. It's all good. But the payment didn't go through.” And the end user already saw that the payment came back. So, okay, everything checks out, looks legit. And then the driver had a portable POS and they would say, "but then you can pay here on my POS." But the POS was tampered. And when the driver typed $50, actually it was $5,000, you would swipe your credit card. The driver would go away. When you check your banking app, you just spent $5,000 on the meal.
So that was very tricky because like the attack was happening outside the platform; they didn't have visibility about that POS. They have no idea about if the driver went there because they'd shut down the app. So how would the platform fight back? In this case, it came back to identity, right? Because we can look to see: which of the devices are involved in this type of activity? Okay, we have all of these devices here. In which locations are these devices mostly used? These locations. So this is probably where these bad actors live. So what we're gonna do is, we're gonna block all of those devices, and if we see any new device that demonstrates any behavior that is similar to that, to those devices that we have flagged. For example, if they try to create a new account from the same home, or if they try to access someone else's account from that same location, then we're going to block that.
Six months later, that problem doesn't exist anymore. We were able to bring it down by like 99%. Why? Because we went all the way down to really understanding the identity, understanding the device, understanding the behavior associated with that device, and blocking not only those bad devices, but any new device that would come to the network that would indicate that it was still the same person because that individual, they could keep creating new accounts if the KYC process wasn't very good. They would be able to use someone else's document and create new accounts or use someone else's accounts.
So I'd say that was one of the most complex phases we found in this industry in particular. But yeah, I think we could spend like 10 hours here just discussing different situations I've seen so far. But in the end, I'd say if companies get to that understanding that identity is the cornerstone of trust and focus on that, and also understand that every user independent of the service will have to access the service through a device and from a location, and you map these two things really well, then you can resolve identity in a much more efficient way.
Speaking of the complexity of this space, you have couriers and you have consumers and you have merchants. And I've seen one scamming each other in the space. How do you think about liability in such a complex environment?
Well, first, I just want to say there's a lot of really good people. We are highlighting some of the worst cases, but there's like hundreds of millions of transactions happening every single year that are flawless. So I just want everyone to know that we are cherry-picking use cases to educate you, not that this is like the status quo or some type of systemic issue.
Joking aside from the liability perspective–now I take the risk hat off and put the insurance hat on–it's actually quite interesting, right? One, we have the complexity of multiple markets. You have the complexity of those 3 units, sometimes frauding each other, or sometimes not–sometimes frauding the platform, which is technically the fourth person in that tripartite relationship, right? The fraud is actually, as you had mentioned in the use case, pretty different between each group. You have some of the transactional fraud from customers and merchants. You have identity fraud, which could be for financial gain or other types of gains. And you also have liability issues that creep into that, right? As I had mentioned earlier in the first segment around the types of controlled substances that we're actually dealing with, you also have individual liabilities because of that person-to-person contact that's actually happening between those three parties. You also have liability because the person is out on the street. So you actually have liability out into the community. Let's just say that the wrong person or a person without a driver's license is driving a motorized vehicle and creates an accident or–sitting here in Denmark–we got a lot of bicycles. We got more bicycles than people. There's a lot of accidents. You don't necessarily need an ID to ride a bicycle. But trust me, the cars, the person's car that they drove into has an ID or some type of motor vehicle registration. And I think that's when this identity and the liability components start bleeding together. And of course, we want to know who caused the incident to make sure that it gets resolved.
On the flip side, what's quite interesting is Wolt has a payments institution in Finland that is running predominantly most of or all of the European markets. So we actually have regulatory reporting because of it being a payments institution on some of these AML peaks, right? And as you mentioned, that is obviously something that we’re quite seeing. So from a reporting perspective, there's definitely something that we’re constantly monitoring, that transactional piece. But you start moving into other use cases which gets more unique outside the platform as you had mentioned, right? Where it actually gets quite interesting is then when you start looking at the different countries that we're in right? So we're in 25 countries specifically for Walt. And the behaviors of those three parties are very different. Working and living in Europe and in North America and South America, just culturally things are different, the way that they actually look at liability or the way that they actually use insurances as some force of supplementary income. So what we've actually done is we've essentially localized. We have tools and we have services and we're partnering with organizations like Incognia, to actually address that and push those specific tools into the front line. And that is one of the more different aspects: we don't have a full-blown trust and safety organization. We actually have fully empowered local teams that are using global tools, but very much localized to the specific use cases and cultures, which allows for a better user experience because they know their people. They know what their friends or what they used to do or what they see in the news. And it's a lot better for them to be able to utilize the tools or provide the appropriate use cases to organizations like Incognia?
But really at the end of the day, the variety of products and services, the different types of vehicles, the different types of actors. There's a huge liability landscape and really identity–and it doesn't have to be personal, as you mentioned, it doesn't have to be PII–but there's unique identifiers that are associated with specific behaviors that we can track on an aggregated level to start understanding where those peaks are. And that's when we start addressing that concern, whether it's through operational changes, strategic changes, or risk transfer mechanisms to just say, "Listen, that's going to happen. We can't do anything about it. So let's take some of it on ourselves, but make sure that actually someone else is helping us with that from an insurance perspective."
That's great. Thanks, Garrett. So, our last section is about how fraud prevention influences a platform's strategy, and its ability to grow and scale.
Garrett, you have a question there for Andre about fraud prevention work. Why don’t you start there?
Yeah, and working across multiple industries, I'm excited to hear what this answer is, right?
Do you feel like fraud prevention work is undervalued at many organizations?
I would say, yeah, but it's actually improving. For example, it's common to see fraud prevention teams that don't have their own engineering resources. They have to borrow from other teams. So they have to be like, "I'm sorry, I can't integrate this now because I need to ask permission from another team so they can prioritize that on the roadmap.” Even in situations where the organization is currently under attack, and they still need to ask for permission to integrate something new or change something in the system so they can start blocking that.
I'd say that's one example where many companies could and should be investing more. If they stop thinking about fraud prevention as a cost center but really as an area where you can improve efficiency of your business, improve the bottom line, and also influence the growth strategy, as I was talking a little bit earlier, right? If you do a good job at the IDV moment, you can actually enable the marketing teams to be more effective with their customer acquisition campaigns.
So, I think that mentality is changing. I think the recent downturn we saw in the tech space has empowered the fraud prevention teams a bit more. They have become more influential because the priorities have shifted from growth at all costs to efficient growth. So, I think that also helped the fraud organizations become more influential. But I'd say there's still a long way to go for the fraud departments in most organizations to be respected and have the resources that they should have.
So, yeah, that's my take on that. But, I see significant improvement happening, particularly in the most recent months.
Andre, want to finish us off with that last question?
Sure. So yeah, the last question I have for you, Gary, and really appreciate the time, really interesting conversation.
Going back to this topic of fraud and growth, right? How does fraud prevention enable growth at Wolt?
I agree, Andre. It's been a great conversation.
So Wolt being a Scandinavian–Nordic is probably a better thing to say with Finland not necessarily being in Scandinavia–but I would say from Nordic principles, the organization has always been like this transparent moral high ground–we want to treat everyone right in that tripartite relationship and specifically the communities that we operate in. And so I'm going to keep it pretty short. Where and what has fraud prevention enabled Wolt to specifically do?
It's really reliability in our financial figures, right? When we were growing and those investors were allowing us to move into specific markets and build our product and help us become who we are today, that was obviously the teams, but the money from the investors helped. Number two is that it enhanced our reputation with the customers and the merchants in all of those specific markets.
For a handful of different reasons throughout COVID even till this day, they know that the customers, the couriers and the merchants that we're putting on to our platform have the appropriate onboarding and vetting process. The third thing is that because of what we're doing, we can act with speed to resolve. And that's always extremely critical if there's a concerned customer, a concerned merchant or even a concerned courier.
And last but not least, it's strengthened the credibility with the investors, insurers, regulators and the like. I can't say enough about, when we've had conversations on our DNO and when we've had conversations specifically on our cyber and when the underwriters and the brokers–when they leave the meeting, I think they learn more about their own industry or specific questions that they should be asking others from our team. It's a testament to some of the things that we've been able to do and the team that we've been able to bring in.
And I think that's one of the other things that goes back to that question that I asked you is that I think making sure that not only there's dedicated resources, but actually that we're hiring people that are really passionate and that have some level of experience and want to develop that area for the future, not to solve last year's problems, but to solve future problems that may not exist today.
That's a great point. And wanted to comment on one of the things you've mentioned, which is the reputation with customers and merchants, right? Because that's directly related to customer retention. And if your platform doesn't have good retention metrics, in the end, that's a leaky bucket.
Marketing will continue to pour resources and new campaigns and new customers would come in. But if you're not able to maintain them on the platform and they haven't come back to your service, you're not really growing. So, having a strong reputation is extremely important because we're talking about–in most of these cases here, we're talking about recurring services.
You have to eat every single day. So, food delivery is certainly a service that you don't use only one time. That's very important. The reputation piece is extremely important.