Like most loss prevention professionals, Andy Wainwright acquired nearly all of his fraud prevention expertise on the job, or in his own time.
And while the learning curve has got steeper, Andy, who chairs the eRisk – London 2017 conference, believes even digital non-natives who trained in LP thirty years ago can still successfully transition to fraud management in the online arena.
“digital non-natives who trained in LP thirty years ago can still successfully transition to fraud management in the online arena”
He admits that most retailers’ risk and fraud strategies have probably not kept pace with the dramatic changes the industry has gone through in recent years.
“I think we’re still getting to grips with the fact that most retailers now not only have an online presence, but if you go onto their website from a desktop, the website will configure itself to your desktop so you can shop or do whatever you like”, he says.
“And similarly if you log on to an organisation from an iPad or an iPhone, either the website will recognize that you’re shopping from that device and it will configure it, or you’ll be offered the option of downloading an app, and you’ll get this specialised software that’s purely for your device.
“It’s fantastic that we as organisations have done this, but it can seem scary because now we’re responsible for guarding against all the risks this has created. And in a way it needs to be scary because it’s a big responsibility.”
But it’s not that scary,” Andy insists, “because it’s not so technically advanced that you can’t understand it”.
Andy’s first ‘proper’ job after school was working in a call centre for an outsourced customer service provider. He showed early promise at tackling fraud, risking his first job in the process. He was suspended for refusing a local manager’s request to be “flexible with the truth towards a certain customer base”, but reinstated after a hearing.
A stint with a commercial finance provider followed. While there, Andy realised the company “didn’t understand commercial fraud”, so he made it his “mission to learn about fraud and become a sort of unofficial fraud investigator for the business”. He then took a job as internal fraud investigator back at his first company, where managers remembered him well.
From there he moved to Royal Bank of Scotland, where he studied for and obtained the advanced professional certificate in investigative practice. After RBS, Andy learned analytics while working for O2, operational fraud management with CPP and strategy management with online retailer Freemans Grattan Holdings (FGH), a career trajectory that propelled him in 2015 to his current position with another online retailer, Express Gifts, where has been in charge of implementing the company’s anti-fraud strategy.
As a customer of the telecom giant Talk Talk, Andy has himself been a victim of fraud.
“I had a certain level of professional understanding and sympathy for Talk Talk, after their data breach,” he says. “As an LP professional I understood the challenges, but at the same time there were things I expected the company to do for me. And think the general public will expect a lot more.”
He has also been confronted with a ransom demand, at one of the organisations he worked for.
“They said if you don’t pay us a certain amount we’ll take your website down in time for Black Friday and Cyber Monday.”
Andy was drafted onto the company’s ‘war council’ as a subject matter expert, advising on what the response should be, what to say to customers and how to deal with the fallout.
“When these things happen – all of a sudden fraud comes right at the top of everyone’s agenda. I’m sure it was the same at Talk Talk. I’m sure it wasn’t on the agenda there until it happened.
“We need to make sure that online fraud gets onto everyone’s agenda now. You don’t wait until you’ve been on holiday for two weeks before locking your house…”
The company decided it “could not possibly pay any ransom” and the story ended happily. “Thankfully the controls were sufficient although they were enhanced because the level of trust wasn’t there. They never made good on their threat. We know they made good on their threats elsewhere. We were told by the police this happens much more often than you hear on the media and some companies do pay.”
“Engaging with IT teams and trying to get a bit of knowledge out of them” has been one of Andy’s key get ahead strategies. “Even in the loss prevention arena”, he says, “there are a lot of people who will just leave online fraud prevention to IT and assume that someone in IT is taking care of it. But that is not always the case.
“The Geeks shall inherit the earth, but just leaving it with them and saying it’s their responsibility doesn’t work.”