Alan Greenblatt, CO-Founder and CTO of PaymentWorks, told Aviva Zacks of Safety Detectives an amazing story about their “multi-million-dollar-day.”
Safety Detectives: Tell me what motivated you to start PaymentWorks.
Alan Greenblatt: I wanted to do something where I could have a positive impact and see the result in the work that people do. Thayer Stewart and I co-founded this company because we saw a big problem. Businesses with thousands of suppliers also had thousands of requests coming in to maintain compliance and different policies. Usually, companies use small teams of people to verify all this information and make sure everything is correct and that they are following the policies. It’s a very hard task, and the last thing on their mind is to make sure that the person providing all this information is actually who they purport to be. It’s done in most companies through mail, fax, and other manual processes, so we sought to build this system that would centralize the whole system, automate it, and make it much more secure, hopefully allowing our customers enough peace of mind that they can sleep a little better at night.
SD: What do you love about cybersecurity?
AG: What I love is that you are directly affecting people’s lives. We live in this world where everyone is bombarded with this notion to be more vigilant, be careful, don’t click that link, don’t open that attachment, make sure the business you’re paying is who you think it is. We have customers who have told us that they always feel like they are sitting with a grenade ready to go off. They don’t know which banking change request is the fake one or if they’re about to approve some payment that they shouldn’t and it’s terrifying for people.
And so, cybersecurity provides a mechanism where we can make it less, “Be more careful,” and more, “Hey, we’ve got your back.”
SD: Do you have any interesting anecdotes about a company that you helped?
AG: We hear all the time that people lose sleep over all the above reasons. We do regularly catch fraudsters trying to do vendor impersonation. On one particular day, within the same hour, for the same customer of ours, two different fraud attempts came in—two different vendor impersonations at the same time. Within an hour, we had identified both of them, and both were a result of somebody at our customers’ organization being socially engineered, being tricked by somebody posing as the vendor, and saying they wanted to change banking information for their upcoming invoice. If they didn’t have PaymentWorks, they might have done it, but by sending the invitation to PaymentWorks, when the fraudster filled out the information, PaymentWorks caught them. That’s what we like to call our “multi-million-dollar day.” We caught two multi-million-dollar payment fraud attempts! This was a good day.
We’ve even had cases where when we then contact the vendor, they have told us they thought something fishy was going on and it turns out that other customers of theirs had already been defrauded. So, we’ve been able to detect fraud for organizations that are not even our customers.
SD: What is something unique that helps you stay ahead of your competition?
AG: I think one of the most unique and critical things we do is guarantee the bank account ownership to the point where we will insure our customers against fraud. Chubb also believes so much in what we are doing, that that they underwrite our process so we can make that guarantee. They’ve analyzed what we do and believe that this is the only way you can do it, and we are the only ones doing it.
We’ve also just co-authored a whitepaper with Chubb—Guarding Against Social Engineering Fraud—to explore common types of email social engineering schemes and educate companies on how to leverage technology and update business practices to verify information received electronically and authenticate the identity of business partners.
SD: What are the worst cyberthreats out there today?
AG: I would say hands down business email compromise leading to business payments fraud. The FBI reported that $28 billion was lost from 2016 to 2020 from email fraud. You hear all about credit card fraud and other types of fraud, but business email compromise leading to payments fraud is number one. The problem is that people think about controlling email fraud at your company but the problem can really be at your vendor’s company and that is where it will impact you.
SD: Where do you think cybersecurity is headed now that we’re living through this pandemic?
AG: I think people are realizing that at the end of the day, the human element means that if there’s a human involved in the manual processes, there is an opening for a fraudster to get in and socially engineer. And so, the more you can centralize and automate processes, build security into that and tighten down those processes and intelligence around that, the better off you will be. That’s where I see cybersecurity going, and of course, that is the business we have built!