The Business of Trust: Making security your competitive edge | “What The Fraud?” Podcast

THOMAS TARANIUK: Hello, dear listeners, and welcome back to “What The Fraud?”, a podcast by Sumsub, where digital fraudsters meet their match. My name is Thomas Taraniuk and I’m currently responsible for some of our very exciting partnerships here at Sumsub, the global verification platform helping to verify users, businesses, and, of course, transactions as well. On this podcast, we often talk about the risks fraud poses to your trust, your customers, and your bottom line.

But today, we want to take a more positive look at the upside of strong security—how trust can become a company’s competitive edge. The rapid growth of AI is offering businesses all sorts of opportunities, but it is also bringing new challenges. So the time is now to build trust at every level of your company, giving customers the confidence to take on new technologies.

And we could think of no one better to talk to than Carolyn Fox, Director of Trust and Security at the global tech leader TELUS Digital. With years of experience working at some of the biggest names in technology, including Yelp and Snapchat, Carolyn knows how crucial trust can be to a company’s success, and why it can be one of the most important functions your business can build.

How did you build a career in trust and safety?

Carolyn, thank you so much for joining us today. Great to have you on “What The Fraud?” podcast as well. And of course, you’ve got a remarkable CV and are working at TELUS Digital. Would love to hear from you about the world of trust and safety and how you’ve actually made a career out of it as well.

CAROLYN FOX: Unintentionally, I think—like a lot of people in this industry. I went to school for international business, because it sounded cool, and I thought I could get paid to travel, and it did work out. I got my first tech job in trust and safety at a company called Yelp. I was based in San Francisco.

Tech was what all the cool kids were doing. I wanted to get in on that. At the time, we didn’t call it trust and safety—it was reviewing angry reviews. I started as a content moderator and worked my way up to being responsible for the data integrity on all of our business listings. So I got really good at picking out fake locksmith listings.

I applied to Snapchat on a whim for their trust and safety team, to scale their operational outsourcing. I got the job, moved to LA, and they were in a rapid scale-up phase. We needed to wear a lot of hats quickly. I did everything from policy and process design to global strategy.

That’s where I got involved in fraud-related work around identity operations and account takeovers. There were a lot of phishing scams happening even back then. I worked with TELUS as a client at the time—they were one of my vendors. I really liked the culture, the people, and especially the work they were doing in financial crimes and compliance. I saw an opportunity to grow and joined the company a little over two years ago. That’s how I wound up where I am now.

Do large user bases automatically mean more fraud?

THOMAS TARANIUK: Amazing to hear. And Yelp, of course, is a US-based company—Snap Incorporated as well. I imagine both of these players have a huge footprint in the digital space with loads of users. Does that also mean loads and loads of fraud as well? You mentioned phishing.

CAROLYN FOX: Yes. Account takeovers were a huge issue at Snap—less so at Yelp, although it was still a problem. The bigger issue at Yelp was fake reviews and farmed reviews. There was a pretty robust algorithm to try and tackle that.

Were you already using AI at the time, or was it more manual?

THOMAS TARANIUK: Right, so you were using algorithms back then. I imagine AI is having a big impact now, but was it very much manual—big teams and a lot of working hours?

CAROLYN FOX: Absolutely. These were global teams—hundreds of people, thousands at Snap—all over the world, responsible for monitoring integrity. At Yelp, it was business listings. At Snap, it was content—24/7 operations.

How do you tailor fraud strategies across diverse verticals?

THOMAS TARANIUK: That’s crazy. And of course, keeping the business 24/7 protected is important. I mean, TELUS Digital operates in many different areas. How do you tailor your fraud strategy across such a diverse ecosystem of verticals and regions—from telecomm to digital identity and payments?

CAROLYN FOX: A lot of the basics remain the same—basic account protections like two-factor authentication, encouraging separate passwords, biometric verification. On the backend, the cybersecurity signals—anomalous behaviors, different IPs or devices—are similar whether it’s social media, e-commerce, or banking.

But then you have to tailor for specific markets. That’s where the privacy vs. risk vs. security argument comes in. Someone setting up a Fortnite account won’t need the same level of protection as someone opening a Western Union account and moving tens of thousands of dollars internationally.

What challenges arise when integrating trust and safety?

THOMAS TARANIUK: It makes a lot of sense—regulated vs. unregulated. From your perspective, what sort of challenges are you and your team seeing when trying to incorporate trust and safety throughout a business? And how can businesses overcome these by working with you?

CAROLYN FOX: We offer platform solutions and partnerships—like with Sumsub—to integrate digital solutions all in one package rather than having to go to six different vendors. We also provide best practices, share knowledge about challenges others have faced—even major platforms have had serious issues. That experience and insight are really valuable.

Is trust and safety sometimes seen as a roadblock?

THOMAS TARANIUK: Can trust and safety also be a bit of a roadblock when companies are trying to grow and scale? How do you shift that perception and position the team as a growth enabler rather than a hindrance?

CAROLYN FOX: Yeah, it’s a huge challenge. Trust and safety teams are often seen as internal police or roadblocks. But awareness is increasing—especially at the executive level—due to high-profile breaches and incidents. Still, friction exists when you’re trying to launch a product and someone says, “We need to check all these boxes first.”

Convincing with data is key. Fraud in the US increased by about 25% from 2023 to 2024 for consumer-based systems—tens of billions of dollars lost. And that’s just reported fraud. Intangible costs like churn and loss of trust are real too.

There are so many disruptive brands out there. If you’re not keeping your customers safe, they’ll go elsewhere. These stories help shift the internal narrative.

How do you balance privacy with real-time protection?

THOMAS TARANIUK: You mentioned technology. You work with so many new innovations at TELUS Digital. Is there a unique risk profile for these new technologies? How do you adapt? And how do you balance user privacy with the need for real-time protection?

CAROLYN FOX: It’s huge. But I don’t think it has to be a tradeoff. Many platforms using real-time detection aren’t storing sensitive data. Take biometric data—it’s often not stored long-term.

The bigger issue is implementing friction. If I have to go through three verification steps just to buy something on Amazon, I might just give up and go to a store.

As long as you’re transparent about what data you collect and avoid storing more than you need, privacy and protection can coexist.

What happens when businesses avoid friction?

THOMAS TARANIUK: Absolutely. And especially for non-regulated businesses, if they don’t need to put friction in, they won’t. Every business is for profit. If you want to be sticky and attractive—make it easy.

CAROLYN FOX: And that’s coming back to bite them. If you’re not adding the right kind of friction, you’re seeing a huge rise in fraud and account takeovers—even for things like food delivery apps. If there’s stored credit card data and no secondary verification, it’s easy for fraud to happen. And it does—all the time.

Suggested read: Card Cloning: Everything You Need to Know (2025)

What are the benefits of a well-integrated trust and safety team?

THOMAS TARANIUK: Most definitely. We often talk about the negatives. I’d love to spin that on its head. From your perspective, what are some of the advantages of having a well-integrated trust and safety protocol or team?

CAROLYN FOX: These teams are absolutely critical. Without them, you’re missing feedback loops, customer sentiment, and visibility into user behavior. In financial services, for instance, one of our support teams noticed AI was auto-rejecting identities incorrectly. That feedback went to the KYC team, and the AI model was adjusted—saving potential churn and onboarding good customers.

Being well-integrated gives you those insights and lets you get ahead of risks by spotting trends early.

Suggested read: KYC Verification: Full Guide to Know Your Customer Compliance (2025)

What does a scalable trust and safety framework look like?

THOMAS TARANIUK: I can imagine fine-tuning and continuous improvement are tough—especially in large, segmented teams. From your experience across Yelp, Snap, and now TELUS, what does an effective, unified, scalable trust and safety framework look like?

CAROLYN FOX: In full transparency, nobody has perfected it. There’s no silver bullet. It’s complex—global operations running 24/7 with top-down decision-making structures. That can be a bottleneck.
You need empowered deputies in different geos. Transparent communication—sometimes forced communication—is vital. Some meetings that feel unnecessary are actually really helpful.
In-person visits are also important, even if companies are cutting travel costs. Meeting face-to-face improves collaboration. And having clear swimlanes and matrix org charts helps avoid the “who owns what” confusion. A robust knowledge base and org directory are essential for enabling quick action.

Does the impact of fraud vary depending on the size of the company?

THOMAS TARANIUK: And speaking up. So a really big point here—we had a podcast with Mark previously, and we were speaking about employee fraud within organizations. When we’re looking at what COVID has done to us, specifically within the tech space, digital nomad living, and working from home has had a massive impact as well.

Would you say, in terms of the scale of the company, the scale of the problem can be different as well?

CAROLYN FOX: I think the risk of fraud, whether you’re in a large organization or a small organization, is significant regardless. Small organizations can be flexible and lean and adapt to challenges a little bit faster than some large ones. But you’re also dealing with a resource-constrained environment. A lot of your back-end processes tend to be more manual and therefore subject to human error and missing important components. They’re not always able to have the budget to implement some of the more complex technical solutions.

And then for a larger company—certainly a household name—they’re often more frequently targeted. And then there’s the material impact of what can happen. And again, you have these distributed teams that don’t necessarily always talk to each other. Functions can happen in silos, and that also opens up risk.

Cybersecurity threats: How can companies protect themselves from global attacks?

THOMAS TARANIUK: Safety plays an important role in the bottom line of small and large businesses alike. I guess we can agree on that, right? And there was an interesting point in 2024 where IBM basically said—on the research division—that they found the average cost of data breaches rose to 4.9 million USD, a 10% increase from the year before. And even in the last few weeks as well, we’ve heard stories from major retailers such as Marks & Spencer in the UK, The North Face, and Cartier as well, which are now grappling with massive cyberattacks. They’re not just targeting tech companies—they’re targeting merchants and consumer goods companies as well.

From your perspective, at TELUS, how can companies deal with what’s becoming a global threat to small businesses, large businesses—anywhere?

CAROLYN FOX: Lock down your databases. I mean, I think a lot of—especially some of these larger legacy companies—have really outdated systems for tracking things. And especially companies that grew through acquisitions—a lot of these systems might be siloed, and you don’t have systems that talk to each other. So I do think there’s a massive need for companies to update how they’re protecting consumer data and how they’re storing their data.

And the other component is sort of what we were talking about earlier. Companies that aren’t regulated and haven’t historically dealt with widescale fraud are reluctant to add friction into systems to be able to protect their customers. And there does need to be a balance there.

Any platform or any business where you can access your account without two-factor authentication is already a huge risk.

And that’s just the absolute bare minimum that anyone should be doing. And a lot of these—I mean, I know half of the clothing apps or accounts I have, which is more than I’d like to admit—I can log in, and you can use a password that’s reshared on a bunch of different platforms or for a bunch of different accounts.

And there’s not much safety. The requirements for passwords are even, you know—eight characters, one letter, one number, and an uppercase.

THOMAS TARANIUK: And I don’t know if you get this as well, but I do get—on my phone—alerts for password risk, where it basically says, “Okay, you’ve been exposed to this amount of data leaks or password leaks,” and we don’t have to go through all of them. And sometimes it’s a big hit with like 100 different accounts. It’s awful.

CAROLYN FOX: Well, I know you’re smart enough to be using a keychain for all of your passwords. I definitely don’t have things that are easy to remember—words or letters and numbers.

THOMAS TARANIUK: Well, yeah, it’s the author-suggested ones, right? So it’s nigh impossible to break. But it’s always a bit scary when—

CAROLYN FOX: When you find out you’re in a breach. Yeah. I think most of the major US ones that have happened in the last decade have impacted me.

THOMAS TARANIUK: So, really? Oh, there was a massive Social Security number breach?

CAROLYN FOX: There was, but I mean, further back, you’re talking Marriott, Starwood—anyone who travels a lot probably has some of their data with them. You know, Target—these ones all had massive consumer impacts.

THOMAS TARANIUK: Do you have experience in that realm of how data is aggregated by criminals and then used to create big profiles of people—gaining access to digital financial services that can truly impact lives?

CAROLYN FOX: I can’t say I have the full depth, like someone in the FBI, but I do have some knowledge of the databases and marketplaces where this data is resold on the dark web.

The long-term business impacts of data breaches

THOMAS TARANIUK: From a business perspective, unless there’s an immediate financial impact, many companies don’t take action. What are the long-term consequences if they delay until after a data breach?

CAROLYN FOX: Even in countries without strict GDPR-like rules, there are legal repercussions. But the biggest long-term issue is consumer trust. If I can’t trust you with my data, why would I choose you as a provider when there are other options?

THOMAS TARANIUK: Definitely. It’s easy to switch nowadays. Businesses must protect trust or risk losing their user base.

Is there a metric for trust in business?

Do you think trust and safety can be measured in relation to business outcomes—like customer satisfaction, retention, or lifetime value?

CAROLYN FOX: Finding a single metric for trust has been my goal for years—I haven’t found it. But you can look at customer satisfaction, social listening, and benchmarking. You could also compare churn or sentiment between customers affected by fraud and those who aren’t. It gives you an indirect measure.

The impact of fake reviews on trust platforms like Yelp

THOMAS TARANIUK: What about platforms like Yelp? Fake reviews can greatly damage trust. What’s the broader impact?

CAROLYN FOX: It’s twofold. If businesses think the reviews are fake, they won’t advertise—Yelp’s major revenue stream. If users think half the reviews are fake, they won’t contribute either. So it’s essential for the platform’s credibility and utility.

AI in fraud detection: A double-edged sword

THOMAS TARANIUK: AI is now central to spotting fraud that humans might miss. Research shows 79% of Brits are using AI tools at work. Is AI making fraud prevention easier or harder?

CAROLYN FOX: It’s doing both. It helps people work better and protects communities—reducing exposure to disturbing content and spotting fraud faster. But AI also enables bad actors. You need AI to fight AI, especially for detecting doctored documents. It’s overall good, but like any powerful tool, it comes with challenges.

THOMAS TARANIUK: Exactly—it’s a double-edged sword. Deepfakes and other fraud tactics are on the rise. It’s a massive problem even if the absolute numbers are still catching up to the exponential growth.

CAROLYN FOX: Yes, and much of the growth in successful fraud can absolutely be attributed to AI.

Future fraud trends and how to prepare

THOMAS TARANIUK: If you had a crystal ball, what new fraud trends should leaders prepare for?

CAROLYN FOX: Fraud will get more targeted and sophisticated. Spoofing business emails or calls will feel more human. Even phishing attempts will become harder to detect. It’ll be harder for everyday people—even fraud-savvy ones—to know what’s real.

THOMAS TARANIUK: Apps like Revolut only communicate with customers within the app itself. That seems like a great strategy.

CAROLYN FOX: Exactly. That’s a smart approach to reducing fraud risk and increasing customer trust.

What makes you optimistic about the future?

THOMAS TARANIUK: We said we wanted to stay optimistic. What gives you hope about the future?

CAROLYN FOX: AI will simplify things and democratize platforms and payments. It’ll make global access easier and faster—something important to people like me with accounts in multiple countries. I’m optimistic it will solve real problems for many people.

Suggested read: Machine Learning and Artificial Intelligence in Fraud Detection and Anti-Money Laundering Compliance

Ethical considerations in scaling AI for safety

THOMAS TARANIUK: Let’s walk back a bit—what are the ethical considerations when scaling AI safety tech? Where do we draw the line in the fight against fraud?

CAROLYN FOX: When the machines become the humans.

The biggest issue is not losing sight of your business. It’s tempting to automate everything, but you must understand what’s happening behind the scenes. Regulators already require transparency and explainability in AI decisions.

THOMAS TARANIUK: So, you believe a hybrid model is essential—AI as a tool, not as the decision-maker?

CAROLYN FOX: Yes. There must always be a human in the loop. Maybe not doing every transaction, but overseeing the systems to ensure accountability.

Measuring AI’s impact in the fight against fraud

THOMAS TARANIUK: Can you measure AI’s business impact at TELUS Digital in fighting fraud?

CAROLYN FOX: We’ve historically provided human teams, but now AI is reducing that need. The cost savings, increased efficiency, accuracy, and early fraud detection are all measurable benefits.

Real-time signals and the future of frictionless banking

THOMAS TARANIUK: Looking at real-time signals—how do they contribute to both reduced consumer friction and better fraud detection?

CAROLYN FOX: Massively. It keeps things instant, reducing churn and blocking fraud in real time. Especially with Gen Z’s demand for instant gratification—if they can’t sign up right away, they’ll go elsewhere. That’s a risk for banks and fintechs.

THOMAS TARANIUK: So it actually incentivizes banks to make onboarding as quick and seamless as possible.

CAROLYN FOX: It does.

Balancing seamless onboarding with security: Advice for businesses facing fraud risk

THOMAS TARANIUK: Yeah, absolutely. Okay. Friction—and also making sure it’s timeless in terms of the onboarding and easy—is super difficult. What would be your main suggestions for anyone listening here?

CAROLYN FOX: Separation of church and state.

Any individuals who are measured by their performance based on customer satisfaction or any individuals who are incentivized by commission should not be validating individuals from a security perspective.

It happens in bank branches all the time. Somebody comes in, they’re trying to check out a product, take out a loan, open an account—and the branch attendant is the person verifying their ID and other documents. But that person is also getting commission from selling that product.

So, there’s a bit of a conflict of interest there. And the same thing happens online. If you’re calling in and trying to reach a customer support team and you need them to verify your identity, they’re measured based on CSAT. You’re not going to get a good CSAT score if you don’t open an account for me, right? So, there’s big decisions being made when you have that conflict of interest. I think that is one of the most important things that businesses can do.

And I’m actually a little bit surprised that it isn’t standard practice across the board.

THOMAS TARANIUK: It’s really interesting to me. And of course, we’re talking about banking on the consumer side—you’re creating cardholder accounts, they’re issuing cards, etc. But if we’re looking at business fraud—where it’s business-to-business and you’re servicing B2B—we’re looking at the same sort of conditions here as well?

CAROLYN FOX: Yes, I would say so. I think with B2B, at least, the onboarding times are generally a little bit longer, for your context. But it absolutely shouldn’t be done by the same people that are going to be benefiting—one way or another—whether it’s from their performance score or commission.

THOMAS TARANIUK: That makes a lot of sense. Well, before we end all of these podcasts we often have something called quick-fire questions, you might say.

Quick-fire round

So we have five quick-fire questions where I’m going to sort of rattle them off to you, and you can give your best answer as well. What do you think?

CAROLYN FOX: I’ll give it a go.

THOMAS TARANIUK: Amazing. When choosing a digital wallet, do you go for more features or better security?

CAROLYN FOX: Better security.

THOMAS TARANIUK: Excellent. What’s one thing about fraud that still surprises you, even after all of your experience across the board?

CAROLYN FOX: How successful some of the older, poorly thought-out, and badly typed email fraud scams are.

THOMAS TARANIUK: They should use ChatGPT! It would be best to read it. Yeah, that’s for sure. Have you ever been a victim of fraud yourself?

CAROLYN FOX: I have. I mentioned I’ve been impacted by data breaches, but I have not—at least to my knowledge—been a victim of fraud. But that doesn’t mean it hasn’t happened anyway.

THOMAS TARANIUK: And preface this with “yet,” yeah. What’s one habit that you rely on to stay safe online? Two-factor authentication, of course?

CAROLYN FOX: And a keychain—giving out all of my passwords on a keychain. I think it’s really important.

THOMAS TARANIUK: That’s excellent. If you could have one other career—any other career—rather than the one you’re currently in, what would it be?

CAROLYN FOX: A podcaster.

THOMAS TARANIUK: Still? Still absolutely?

CAROLYN FOX: Probably a zoologist, as well.

THOMAS TARANIUK: Amazing. What animals do you have for our audience?

CAROLYN FOX: I’ve got two cats and a dog. And I don’t own a horse yet, but I’m a big horse person.

THOMAS TARANIUK: Amazing to hear.

CAROLYN FOX: So, insane is—I think—the other…

THOMAS TARANIUK: That’s amazing as well. I only have a dog. But yeah, cats can be a little bit more independent, can’t lie. Now we have KYC—know your cats—here today. What’s one thing that you would say to the audience listening to “What The Fraud?” now if they are looking to stay safe online and make sure they aren’t going to be targeted by any criminals?

CAROLYN FOX: Trust your gut. If there’s something that seems off to you—don’t input your data. You’re probably right. And report fraud when you suspect it. Pretty much every major company has a “[email protected].” Send those on. I think it’s really important to make sure they’re tracking and understanding how widespread some of those issues are.

THOMAS TARANIUK: Most definitely. And at least the underreporting of it—of course, everyone here today listens to your wise words.

Thank you so much for joining us on “What The Fraud?”. It’s been great to speak with you. We’ve really gotten quite a few insights from your side and are looking forward to our partnership together.

CAROLYN FOX: Yeah, thank you for having me. I enjoyed it.