The Wise Approach to Fraud Prevention | “What The Fraud?” Podcast

THOMAS TARANIUK: Hello, and welcome to What The Fraud?, a podcast from Sumsub where digital crooks meet their match. I’m Thomas Taraniuk, currently responsible for some of our very exciting partnerships here at Sumsub, a global verification platform helping to verify businesses, users, and transactions as well. 

Fraud is moving fast, especially in fintech, and today we’re breaking it down with two anti-fraud rock stars right here with me in the studio: Jessie Apple, Group Head of Financial Crime, Compliance and Risk at Wise, as well as Co-Chair of the UK ACAMS Board (the Association of Certified Anti-Money Laundering Specialists), and Aaron Wilson, Head of Fraud Product at Wise.

Wise is the leading global technology company making it easier to move and manage money across currencies.

Jessie, Aaron, welcome to What The Fraud? Great to have you here in our studio in the heart of London, and of course, to have both of you speaking about a very interesting topic. You’re both experts in your fields, but I’d like to hear a little bit more about how some of the specialisms you have complement each other as well.

Jessie, would you mind going first?

Fraud prevention at Wise

JESSIE APPLE: Sure, thank you for having me. So, I am the Global Head of Financial Crime Compliance and Risk and UK Money Laundering Reporting Officer at Wise, which means I sit in the second line of defense. I work very closely with Aaron, and basically the second line talks about: what are the rules and regulations, what are the expectations of the regulator?

Aaron does the magic around how to develop, design, and control measures that will actually tackle those risks effectively. But maybe Aaron can introduce himself.

AARON WILSON: Thanks, Jessie. Thank you also for having me. As Jessie just mentioned, I am the Product Lead for Fraud Prevention. It’s quite a wide remit. We tackle everything from identification and prevention of criminals on Wise, making sure they can’t use the Wise platform to commit crime or take profits from their victims, to things like scams.

We have dedicated teams focusing on victim prevention, which we call Trust and Safety. This is essentially making sure that no Wise customer or business falls victim to fraud, as well as building tools and operational processes for our wonderful fraud agents who help us tackle it.

THOMAS TARANIUK: Amazing to hear. How big is the fraud function—or anti-fraud function, rather—at Wise currently?

AARON WILSON: Oh, within product and tech, including operations, we’re pushing 600–700 people, and that’s across a wide range of disciplines. We have our operational agents doing fraud investigations, wonderful data science people building models to tackle fraud, as well as a wide range of engineers and product managers.

And that’s just within the front line. So, Jessie, you can probably touch a little bit more on the second line as well.

JESSIE APPLE: The way we’ve structured the second line is that we have both global teams and regional teams. So it kind of depends, if you imagine a matrix of both domain experts within the financial crime space, as well as regional experts, around a hundred people in the second line working on financial crime in general.

Authorized vs unauthorized fraud

THOMAS TARANIUK: Amazing to hear. And you’ve also shown how financial crime at Wise ranges from fraud prevention all the way to global compliance. Six hundred people is a hefty amount. I mean, what would you say are the key differences between authorized and unauthorized fraud?

AARON WILSON: Good question. So, when we talk about authorized and unauthorized fraud, typically we’re referring to the victim space. So essentially, when we say authorized fraud in the financial realms, this is typically referred to as authorized push payment—another word that most people will know is scams.

Essentially, this is where you authorize a payment on your behalf for goods or services that, quite frankly, don’t come to fruition. This can range from what we call slow burn, which typically tends to be highly manipulative scams in which the scammer keeps you on the hook for a very long period of time. These could be things like investment scams or romance scams.

Typically, the more slow-burner the scam is, the more effective they are at getting a lot of money.

But equally, on the fast-burn side for authorized push-payment, you get things like ticket scams, merchant scams, and advance-fee scams—essentially the news articles you see where somebody’s bought a car on Facebook Marketplace that was too good to be true.

They felt the feeling in their gut and they were still like, “No, I’m gonna go for it.” That is typically what we would call authorized fraud.

And then we have what we call unauthorized fraud. Typically, this would be where somebody has gained access to your account—this could be your digital wallet for cryptocurrency or your bank account. Fraudsters have different ways of doing these types of things. Sometimes it can be quite a sophisticated unauthorized account takeover through the likes of malware. More commonly, it’s actually just through social engineering and getting you to believe a fabricated story, so you give away your credentials or security codes for your account. That’s commonly how it happens, and that’s typically the definition between authorized and unauthorized fraud.

THOMAS TARANIUK: Scams are evolving super fast, right? The methodologies or people attracting individuals and convincing them to hand over their accounts can have life-changing effects on day-to-day people. It could be your brother, your son, your mother, family members, and I think all of us have been touched in some way or another. I would love to hear a little bit of feedback from your side on how criminals actually work and how they’re going about this methodology. I mean, what does the journey of a scammer trying to persuade an everyday Aaron or Jessie to actually hand over the keys to their life savings look like? Or to the extent of actually paying for something which they shouldn’t actually get?

The journey of a scammer

JESSIE APPLE: I think one thing to note, maybe before Aaron talks about all the different steps, is what law enforcement and now the wider industry are calling “crime as a service.” This is basically where lots of unsophisticated fraudsters are buying how-to manuals from sophisticated fraudsters on how to do it, how to be more successful, and basically defraud various people through various means.

So it’s increasingly common that people who are not particularly sophisticated or experienced are using sophisticated methods because of these manuals they’re purchasing. It’s actually not specific to one particular typology—it’s true in general. But maybe Aaron wants to add on the steps.

AARON WILSON: It’s true. Fraud-as-a-service playbooks in particular are a massive growing threat. Typically, when we start to map out the journey of a typical scammer, there are lots of moving pieces. Somebody who is a scammer will start off maybe in financial difficulty, or they’ve grown up around crime and naturally mixed with people of a different generation who perform different types of crime. This could be stolen identities or general high-street types of crime that were less technologically advanced.

The social engineering and social proof aspects are still the same; it’s just that the way the fraud is organized and performed is different because technology is advancing so much.

Typically, what we find is they start off thinking and plotting their schemes: what kind of scam do I want to do? Believe it or not, an investment scam is very different to a romance scam. They’re completely different in terms of setup and execution. So they spend time, maybe looking at playbooks and fraud-as-a-service offerings, trying to build their connections. Ultimately, what happens is there are certain chops to be done.

The first is understanding what kind of scam you want to do. The next is getting the setup for the scam. If you are running an investment scam, maybe you need to go to your tech fraud-as-a-service guy to build your investment portal. If you are running a romance scam, you need to build a load of Tinder profiles because some will be taken down over time, so you need replacements. There’s also the cash-out guy—the person who’s going to move your money for withdrawals or by moving it into the crypto space. So, typically, you need that setup.

Once you understand the scam you want to perform and you have the capabilities, what we actually find is they kind of run like a marketing business, so they’ll do outreach. For investment scams, they will try to find, believe it or not, fresh celebrities in the space to advertise certain schemes or trading documents online to get people to come to them. A lot of the time, these scammers are relying on human emotions: greed, urgency, FOMO. If they can pitch a proposition that’s compelling enough—for example, an investment opportunity that’s too good to be true—people go to them.

These old scams of doing cold outreach work, but with more sophisticated scams, we notice that it’s the people approaching the scammers, and step one is already done—you are the mark at that point. Then it’s about how they keep you on the hook to keep you putting more money into the process. It’s the same for romance scams: how do they keep you on the hook to give more money? Ultimately, when you decide to cash out, that’s when you unfortunately realize it’s too late.

Fraud types on the rise

THOMAS TARANIUK: Super interesting input. And of course, first of all, with your input there, Jessie, do you have any examples you’ll be able to share on the podcast today of any specific cases that you’ve seen recently?

JESSIE APPLE: I think something that’s really interesting is with the mandatory reimbursement regulations that came out in October. Basically, firms were being told they had to reimburse people in almost all instances. And so, actually, the industry was initially very against it, saying, “You know what? Basically, you’re saying gross negligence is acceptable. There’s no liability to do any kind of careful checks before you move your money. You’re basically putting the onus and the bill entirely on financial institutions.”

Everyone thought there’d be a huge fraud spike. But actually, we haven’t seen a huge fraud spike. We’ve seen some types of fraud decrease and others increase.

What we and others have seen is a huge uptick in investment scams, which I think is really interesting, right? Because to Aaron’s point, those are exactly the kinds of scams that take a lot of investment. I mean, you need to be very credible over a long period of time for someone to choose to move their entire life savings into your investment vehicle.

So, it’s interesting—not necessarily a particular case, but the types of fraud we’re seeing are changing. I also think it’s important to talk about how the initial upstream scam typically happens on various social media platforms, where the initial engineering is happening. Yet, they’re not required to publish any kind of customer harm data. They’re not required to help reimburse victims.

That’s hopefully where the next wave of trying to tackle fraud is going to come from. Because obviously, if they are required to help pay victims back, they’re going to invest a lot more. Right now, we only see the very end of the journey where people have already chosen to move the money. But all the engineering is actually happening upstream on tech platforms.

And I think all the financial institutions are saying, “Wait a second here. How are you completely ignoring the Metas and Googles of the world, who are actually enabling these fraudsters to put up the fake marketplaces and do their marketing for their investment vehicle, etc.?”

They’re not being asked to participate in the bill ultimately. So, investment scams are where we’re really seeing an increase.

THOMAS TARANIUK: And exactly how are these new types of fraud affecting the work you do day to day at Wise, even though we’re putting more preventative barriers in place?

AARON WILSON: When we talk about scams, there are really three tracks of work that we’re doing at Wise.

One is general education and awareness. As I mentioned at the beginning, the way in which criminals are committing scams isn’t changing—they’re still preying on the same emotions and vulnerabilities that have been around for decades.

I think now we’re really pushing on education because the more people know and are aware of how these criminals operate and how they get you on the hook for these scams, the more we can stop scams before they happen.

THOMAS TARANIUK: Preventative measures are always the best, right? Like in Minority Report—if you can spot the crime happening before it actually happens, it’s perfect. And I mean, scams are rising pretty much everywhere, right? In 2024, Wise cut actual scam volumes by 70%. Super impressive. I mean, that’s remarkable. But what drove that reduction from your team’s side?

How did Wise manage to cut scam volumes by 70% in 2024?

AARON WILSON: I would say it’s a mixture of things. We can’t pinpoint the reduction to one particular factor. But I’d say it’s a blend of heavy investment into better detection of crime through advanced models.

Ultimately, we can detect patterns of activity early on, indicate scams, and take action on transfers, etc. So, heavy investments and lots of amazing effort have been put in by the product, engineering, and data science teams to drive this down.

We’ve also been putting more security in front of customers. How do we give more proactive controls? And when we assess a level of risk, how do we make sure we give our fraud agents the tools, capabilities, and insights to make the right decision to ultimately prevent fraud from happening?

And then I’d say heavy investment in public education. As I mentioned earlier, if you can prevent a scam or fraud from happening, that’s the best preventative measure. Technology is evolving, but the core principles of how scammers operate don’t change.

For example, they prey on human emotions like urgency or “too good to be true” scenarios: these are all red flags to look out for. Ultimately, when we stop to think about why these criminals are performing these scams, it’s about getting hold of your money.

So the biggest tip I can give anyone is this: if somebody is pressuring you or giving any red flag, and it’s financially incentivized—if they’re making you feel uncomfortable—hang up, cancel the conversation, walk away. If that means ending the call and calling your bank directly, then do it. That’s the biggest tip I can give.

We’ve genuinely seen the message being really well received by people who’ve seen our education campaigns.

We launched the Royal Academy of the Scamatic Arts, where we actually partnered with We Fight Fraud and Tony Sales, who’s lived and breathed these techniques as an ex-fraudster. He was able to share his insights, and we translated them in a way that’s easily digestible for a mainstream audience. Yes, we’ve seen some really positive feedback off the back of this.

THOMAS TARANIUK: It’s been good. Super interesting. I would also recommend anyone in the audience to watch those videos—they’re very good.

And of course, you’ve done a lot of work to reduce the impact of these scams over the last few years. You mentioned education being a big part of that. But we’re talking about impersonation scams, investment scams, employment scams, rental and marketplace scams as well.

That’s a plethora of different vectors people need to worry about. And of course, without fearmongering—what’s the best way to equip oneself, as a member of the audience here at What The Fraud?, against so many different types of these attempts?

JESSIE APPLE: One big thing to keep in mind is that it’s not just vulnerable people that are falling for scams. It’s people like the three of us and everyone else. Some will be more obvious than others, but ultimately I think trying to remember and take a second to think before you share any of your details. Period. Before you click on a link, it’s very easy to forget and do it, right? Some are very sophisticated, as we talked about, some less so. But it’s not just the elderly or the vulnerable, and you know, by for other reasons. It’s really everyone, and it’s actually really easy to get people’s details.

I mean, I’m not a fan of social media. Most people are, and all of their details are put online by them. So it’s actually really easy to know a lot about someone just by kind of taking a few seconds online. So just be careful about everything that you’re sharing.

THOMAS TARANIUK: You mentioned, at Wise in an article—two in three UK adults have fallen for a scam, but almost all of them stay silent, which is a really interesting fact as well. I mean, do you have any insight into what factors would actually prevent someone from coming forward and actually being quite transparent about being a victim?

What’s preventing people from being transparent if they fall victim to fraud?

JESSIE APPLE: I think a lot of people would be embarrassed, but actually, the best way to help other people not fall victim is by sharing stories. And I think the most powerful way to educate the public is through people sharing their stories. And it’s people like us not being embarrassed to say, “I clicked on that link,” or, you know, “I should have known that it was too good to be true.” And it’s through those stories that people are just generally more self-aware.

THOMAS TARANIUK: Most definitely. Well, we do have some quick-fire questions at the end of this, where we’ll be asking you about your previous history with scams.

AARON WILSON: To add to what Jessie mentioned as well: I work in fraud, and my wife fell into a scam, I think a year ago. We moved to the countryside. There are not many shops in the local area, so we order most of our stuff online. And one day she just got a courier’s message, it was like, “Pay a pound for delivery,” and she didn’t think anything of it, right? It’s a pound. Most people are gonna be like, “It’s a pound, that’s fine, I can spend it.”

So she paid for the delivery, and then instantly, I think ~£2,000 were taken out of her account. And she just didn’t want to admit it. She was like, “Oh my God, I’ve been scammed”? And then it’s like an overwhelming kind of shame, almost, that people feel because you feel like you’re going to be judged.

I think there’s this general perception that like, “Well, how did you fall for that? That’s obvious.” And that feeling of being judged is always something that people don’t necessarily want. And I think when we launched the Scam Safe Space in Manchester, the whole message we were trying to get across is: this isn’t something you should feel ashamed by. These fraudsters are preying on human emotions. So this isn’t something that you should feel ashamed of. They’re doing this for a reason, and it clearly works.

But again, it comes back down to, you know, the more people know about how these scams are operating, the more we can equip people to realize, “Ah, okay, this does seem too good to be true.” And the more people speak out about the latest techniques, tools, and scams these criminals are using, the more they become general knowledge—and therefore, the more people know about it, the less likely they are to fall victim to it.

THOMAS TARANIUK: So if you want this seamless, super-fast, security-heavy flow as well, it can be very difficult to achieve. I mean, can you tell us a little bit about the key ways that Wise has actually achieved this through education—helping customers spot the telltale signs, as you mentioned earlier, of a scammer? What makes education around self-detection such a vital defense for everyday consumers?

JESSIE APPLE: I think there are two aspects, at least. One is kind of stopping fraudsters from getting onto the platform, right? Blocking fraudsters from opening accounts. And then there’s also helping good customers not fall victim to scams. So it’s kind of both sides.

I think on the onboarding side—what’s a fine art that Aaron and his team have been working on, and I can speak to, I’m sure far better than I can, so I’ll let him add in a second—is around how do you decide who to block from the platform? Because actually that’s the most extreme action you can take. Because not only are you basically denying them access to your products and services, ultimately, you can never know for sure if you were right in blocking them because they never had the chance to become a bad actor on your platform, actually.

THOMAS TARANIUK: Minority Report again, right?

JESSIE APPLE: Yes. And so what we do is basically have a controlled population that we would’ve blocked and do very close monitoring of them and see, basically, how correct we were. So, of the number of people in that controlled population, how many were we right, and how many were we wrong? And each firm has to make that call around how often it’s enough to be right to know that you have the right threshold for blocking. That’s a very tricky call to make, which I don’t know if Aaron wants to add to or if you want to tackle the ongoing customer piece.

AARON WILSON: For sure. I mean, the methodology we like to apply is quite a simple one: apply the right level of friction to the right user at the right time. And that could be done for both victims and for criminals. The real trick is when do you apply that pressure, and what pressure should you apply?

So Jessie mentioned for onboarding—like we will have risk assessments that run at the moment in which a user lands on the platform. The purpose of that risk assessment is to understand: who are you, how likely are you to pose a risk to Wise? And then that uses a whole bunch of different ways to analyze that. But essentially, given the risk score you present, we can take action. We can choose to deny your ability to open up a Wise account. We can alter the product experience in some way.

Suggested read: AML & Fraud Risk Assessment in 2025: Risk Matrices, Risk Scoring, and Best Practices

And that is true for any touchpoint in a product—whether that’s a transaction, whether it’s based on some sort of activity in the product. So the key is, one, have that baseline level of risk assessment. And that’s true for both potential people impacted by fraud (so how do we detect at the moment in which you are now potentially falling victim to fraud), but equally when you have a user on a platform who’s actually changed from maybe a benign customer to a malicious customer—how do you detect that?

And then ultimately, there’s making sure you have proportionality. When you have the highest level of confidence, taking the action to block or remove will make sense. But where you kind of go down on the confidence level, you really have to think—there are going to be more and more genuine customers potentially impacted by the identification here. So, how do you minimize fraud exposure in a way that will not cause a detrimental experience to the majority of the customers on your platform?

In the industry right now, we are seeing a lot of payment slowing and a lot more checks, which is obviously the way—especially in the UK. But obviously, being Wise, I mean global, we need to make sure that we’re really balancing the act. And I think the key there is continuous risk assessment.

And then obviously the other part of that is education. If we can educate both angles—educate potential people being impacted by crime on what to look out for, you prevent that crime. But also, if we’re being seen and being public around the stuff we do to prevent crime, then naturally, you know, if you’re a criminal looking to perform your scams, you’re going to be like, “Oh, okay, I’m not going to go to Wise, because actually, the detection systems are pretty good—a bit too high risk for me”. So ultimately, I think it works on all those fronts.

THOMAS TARANIUK: Most definitely. This brings us on to our next—but also final—point: collaboration. We know fraud can’t be fought in silos. So, on the topic of collaboration, we’d love to hear—Jessie, from your point of view at Wise—what collaboration actually looks like, and how your role within ACAMS actually helps drive it as well.

The role of collaboration in fighting fraud

JESSIE APPLE: We joined the Money Laundering Intelligence Task Force, which the National Economic Crime Center runs with the National Crime Agency. It’s a public-private partnership.

The way it works is that you have different cells within the task force that focus on different types of financial crime. Ultimately, you have law enforcement and the private sector coming together to talk about particular fincrime typologies and share intel.

This is really effective because we’re learning not only from other peers in the private sector about what they’re seeing but also from giving law enforcement intel.

AARON WILSON: Financial institutions, like Wise and others, know their data and their customers on their platform. But when you have a sender and a recipient, they’re on two completely different platforms. You only have half the picture.

One of the trends we’re seeing right now is that yes, we can take action on the stuff we know. If you have collaboration, you can start to understand who the sender is from the sending bank and combine that with your data on the recipient.

You then actually have an end-to-end view of the transaction and can start to make much better risk assessments on that particular flow. One part of this is increasing collaboration between different financial institutions to drive general awareness.

As much as I have my thoughts and opinions on blockchain, one of its benefits is that you can track a transaction through the chain. I do think the legacy finance or fiat world has a lot to learn from that. Through sharing data and collaboration, that will happen. Regulators are starting to warm up to this—it’s a matter of when, not if.

THOMAS TARANIUK: But then you’re also looking at social media companies and the impact they’re having as well. Many scams happen long before they reach you—long before they reach the bank—through human interactions on social media.

Jessie, I’d like to ask you: are tech giants—the big players in this space—actually pulling their weight in tackling the massive fraud elephant in the room? And how can we work with them to collaborate and go further?

JESSIE APPLE: I think actually they’re doing a lot. But the bottom line is that if you’re not at least partially footing the bill for reimbursing people, you’re going to do a lot in the context of not being asked to do very much. So I think for me what is absolutely key is that they should be liable for reimbursing victims. I don’t know what the right split is with the other financial institutions, but certainly, I would say at least a nice chunk of that. And on that basis, they would then obviously invest far more. So yes, I think they’re doing a lot. To their credit, they’re not being asked to do very much. So the fact that they’re doing anything is actually quite noteworthy. I think the problem is that they’re not being told that they must do more.

THOMAS TARANIUK: Most definitely. But to wrap up today’s episode of What The Fraud?, I’d like to think a little bit about both customers and the fraudsters together. I mean, when you join forces with other organizations, regulators, what signal are you trying to send, let’s say? And what are your latest campaigns, which you’ll be rolling out to solve some of the issues that we’ve talked about on the podcast today?

JESSIE APPLE: I think not only to the bad actors would we find you and stop you because of our really strong collaboration across the private sector and with the public sector—we wouldn’t stop there. We want to eradicate financial crime, and that’s why, with the examples I talked about before around working with the National Crime Agency on new initiatives they’ve never done before, we are not only doing what we’re obligated to do—yes, we’re doing far more. And that’s who we are as a company.

THOMAS TARANIUK: That’s important as a message. And I think we could quote that like Liam Neeson from Taken—“We know you’re out there and we will find you.”

JESSIE APPLE: He does seem to get himself into trouble often.

THOMAS TARANIUK: Absolutely. Every single year. Multiple times a year, yes. So, you did host an event, as I’m aware, with Meta and the National Crime Agency here in the UK as well. Can you tell us a little bit about that, please?

JESSIE APPLE: Sure. So the event was to talk about what they’re doing on their end, but equally, from the law enforcement perspective, what we talked about was exactly what we’ve been talking about today, which is the ecosystem that exists in order to perpetuate these crimes. Meta talked about what types of information they hold on their customers—which is obviously very different from the type of information that we hold—and how we try to leverage the information that they have in order to make better decisions. When they come to us to try to either take over an account or, in the case of a scam, orchestrate some kind of payout under false pretenses. So it was focused on understanding the upstream information. Some things are similar—like maybe we both have email addresses—but there will be a lot of other data points that are different. And yet, how do we better leverage that information and help each other basically stop these scams, or at least reduce them?

THOMAS TARANIUK: That’s definitely the question, isn’t it? Of course, collaboration does sound nice in practice. It’s a great word to use. And getting together is super important when you have all of the different pieces of the same puzzle that you need to solve together. But thank you very much for your feedback in this back and forth. It’s been really great to listen to both of you. But before we actually finish today, I’d like to get to know you both a little bit more on a personal level as well. We do this with every single one of our guests on every single episode. We like to call them the quickfire questions. We’ve got five of them, so if you’re ready, we can get started. Let’s start. So, if you could ban one risky online behavior forever, what would it be?

Quick-fire round

JESSIE APPLE: Image sharing.

AARON WILSON: Forex trading.

THOMAS TARANIUK: Interesting. Two juxtaposed views here. Okay, this is going to be slow-fire questions. So can you tell us a little bit more about why you don’t want images shared online? Is that because everyone has access to them?

JESSIE APPLE: Actually, not to play the mom card, but I have two preteens at home. And I do a lot of work in the child exploitation space at work. I don’t think anyone should ever have to share images. And I think the benefits are very small.

AARON WILSON: It’s terrifying, isn’t it? I mean, we saw some tech the other day—there’s like a six-second clip of somebody online using Facebook, and they can make a deepfake of your face. They can clone your voice. And it’s pretty impressive. They’re holding lights and scanning over their faces, and you wouldn’t be able to tell. And it’s like, you know, that’s pretty scary tech right now. So imagine what they can do with your images in the future. It’s going to be crazy.

JESSIE APPLE: Yes. I think it’s just going to be easier and cheaper to do.

THOMAS TARANIUK: Definitely. Especially as you mentioned, with the democratization or access to fraud becoming more and more widespread as well. So, Jessie, you mentioned images. Aaron, Forex trading—I’d love to hear a little bit more about that.

AARON WILSON: So ultimately, I would want to get rid of Forex trading because it’s what’s getting a lot of young people now into investment scams. They’re seeing a lot of this online around “get rich quick.” They’re seeing people making lots of money really quickly. They’re obviously selling their courses. But what they don’t know is some of these courses are linked to very nefarious actors who are taking their payment information, selling that information online, and selling fake courses. And the majority of people who get into these courses and put in a lot of money end up losing all that money. So right now, it’s the popular way of getting into investment scams.

THOMAS TARANIUK: I’d agree completely. Both very good points. Thank you as well. But without further ado, we’ll move on to the second of the quickfire questions here today. Aaron, we do know about your wife, but have either of you ever, of course, been victims of fraud yourself, in fact?

JESSIE APPLE: Not yet. But I’m sure I will.

AARON WILSON: I almost fell into a scam. So, it’s actually quite interesting how they did it—the whole setup and everything. I got an email from a crypto company basically saying, “Hey, someone’s trying to access your account.” And obviously, being in security, I was like, “Ah, that’s fine. I know the company has enough security and protections to prevent something like brute forcing.” And then a week later—obviously they planted the seed with the email—I got a phone call from this person claiming to be from this crypto company saying, “Hey, I’m calling from the security team. Did you get my email? Somebody’s trying to gain access to your account.” I thought, that’s a bit weird, I don’t actually have any crypto with this crypto company. And then they started asking more and more questions. Initially, I started to believe them. Then they were asking around, “Oh, who do you use?” And I was like, “Ah, okay, I see what you’re doing here.” And then they said, “Oh yeah, don’t worry, I’ll put you onto my second line.” And they never called back—funny enough, because I think they twigged on that I work in fraud.

THOMAS TARANIUK: They gave up pretty easily, and that’s a bit of a shock to me.

AARON WILSON: I think it’s because I said I worked in fraud, and they were like, “Ah, okay, cool. Our face is coming after us.”

THOMAS TARANIUK: Don’t take on Aaron.

AARON WILSON: Don’t take me—I’ll find you.

THOMAS TARANIUK: We’ve discussed a few of these, but I guess—could you give us an example, as the third question today, of a fraud myth you wish would disappear from existence?

JESSIE APPLE: Only vulnerable people fall victim to a scam.

THOMAS TARANIUK: That was a great one, actually.

AARON WILSON: The myth that you fall victim to a scam through these really elaborate, technologically advanced hacking techniques. That’s totally not true. It’s just through social engineering a lot of the time.

THOMAS TARANIUK: Simple tricking, manipulative or otherwise. Which type of fraud do you think will grow the fastest in the next five years, from your personal experience or any insider information that you do know?

AARON WILSON: I think it’s common knowledge. I think APP is the fastest-growing fraud typology. It’s overtaking your traditional chargeback fraud. And so much so that the UK’s literally taking action to do the reimbursement program. And you’ve got other regulators following suit or thinking of similar things. So it’s no secret that APP fraud or scams are the number one growing typology. And I think that will still be the case because you’re preying on people to make the transactions on your behalf. It’s a hard one to detect, a hard one to prevent. And I think what a lot of people would also say is “AI scams,” but actually, I think AI is going to enable a lot more ways these scams happen.

JESSIE APPLE: Maybe the thing that comes to mind is there was an article a few weeks ago about a conference in Singapore. It was a fraud conference, and they were asked to scan a QR code as they were arriving. Basically, everyone who scanned the QR code got a message saying, “We have access to all of your personal details. Don’t worry, we’re not going to use them for nefarious reasons.” But it is that easy to fall for a scam. Especially in countries where you have digital identity schemes or eKYC. On the one hand, it’s safer because it’s through a QR code. On the other hand, once you have access to that, you have everything. As we try to evolve away from driver’s licenses or passports to these digital identity setups, once you have access to that, impersonation is going to be really easy.

THOMAS TARANIUK: You both seem very happy with your roles as experts in your fields. But our final question today is: if you could actually have any other career or role other than the current one you’re in, what would it be?

JESSIE APPLE: I promise it’s not a cop-out, but once my kids are out of school, I’d like to go to the National Crime Agency and basically do the same thing, but on the public sector side. Genuinely, that’s the plan. First, I have to get my kids out of the house and independent. If not, then a baker.

THOMAS TARANIUK: Okay. What about you? Those are two very different things.

JESSIE APPLE: Well, I guess I’m passionate about both.

AARON WILSON: Nice. I think for me, I really enjoy threat intelligence. I’ve always been attracted to the security-cyber-fraud space. I love what I do. I love preventing crime. But for me, being able to interact with the criminals themselves, find out the intelligence, then get that information back into government, the NSA, financial firms, and actually start taking it down from the inside—I think that would be so cool.

THOMAS TARANIUK: It sounds like The Departed. I’m referencing a couple of movies here, but you want to go undercover, Aaron?

AARON WILSON: Exactly. Undercover. 007. James Bond.

THOMAS TARANIUK: What if you enjoy it too much and you become a fraudster?

AARON WILSON: We’ll never know.

THOMAS TARANIUK: Excellent. Well, Jessie, Aaron, thank you so much for coming onto today’s episode of What the Fraud. It’s been a pleasure having you and getting to know you as well.