There have been tremendous developments in Southeast Asia’s tech ecosystem over the past decade. The region now has a slew of multifunctional apps that allow users to access a variety of services through a centralized platform. Consumers in major cities are moving more of their purchasing habits onto these apps, where they book rides or order food, and then make payments through e-wallets, which can also be used for transactions in many brick-and-mortar stores.
Nonetheless, these self-styled super apps also have several drawbacks. The more services an app offers, the more data it generates, and this data can be exploited by nefarious parties. Scammers may utilize fake accounts to make fake orders or phish for personal information. Hackers may breach servers to plunder troves of user data.
Grab has been repeatedly targeted by fraudsters and hackers over the past few years. In 2019, the company reported cases of fake apps and GPS spoofers used by drivers to cheat passengers.
Then, in 2020, three men in Singapore exploited Grab’s payment system, scamming the company out of SGD 26,000 (USD 19,000). Their scheme involved using a debit card linked with an empty bank account as a payment method in the Grab app. Whenever a payment was made after a ride, Grab was unable to debit the account, but the company still paid the driver. The three scammers partnered with several drivers and split the profit. They made more than 2,000 fraudulent bookings before they were caught.
“A report by Forrester published in January 2022 suggested that seven out of ten decision-makers in Southeast Asia’s tech companies have seen cases of online fraud within their organizations in the last 12 months,” Farrah Harriet Ratnaike, head of risk strategy and operations at Grab Financial Group (GFG), told KrASIA. For GFG, the most common threats have been phishing and attempted account takeovers.
Hailing from Kuala Lumpur, Ratnaike currently resides in Singapore. She worked in the banking industry for more than 15 years before joining Grab in 2017. Ratnaike previously held leadership positions in risk and operations divisions in Hong Leong Bank Berhad, Alliance Bank Malaysia Berhad, and HSBC. She said these experiences have given her a deep understanding of retail financial services. However, after joining Grab, she had to adjust her working habits and implement different risk strategies because banks and fintech developers have different cultures and work rhythms.
“Banks focus significantly on risk management. Meanwhile, in fintech, we are focused on balancing risk against the customer experience. There is a deep desire to experiment and innovate, with smart and calculated risk-taking to expedite execution,” Ratnaike said.
Ratnaike now leads the risk strategy and operations for the tech team that is in charge of all financial offerings at GFG, including payments, lending, insurance, wealth management, and its prepaid card released in collaboration with Mastercard.
“One of the biggest challenges with fraud prevention is the constant emergence of new threats, which test existing anti-fraud measures,” said Ratnaike. She went on to explain that the company has built anti-fraud capabilities focusing on detection, action, and prevention.
Grab identifies possible fraud in real-time. The firm’s fraud detection engine, GrabDefence, uses a wide range of features, algorithms, and risk analytics that leverage a large volume of data to make predictions about user intent and trigger the platform’s fraud prevention systems.
“Our engine is integrated with the rest of the Grab platform for a structured workflow of actions. If it identifies a fraudulent driver and wants to suspend an account, it sends this command to the driver suspension service,” Ratnaike explained.
Risk analysis techniques and auto-adaptive machine learning algorithms, which adjust their behavior and actions in real time, constantly evolve while scammers formulate new ways to take advantage of customers. These efforts have helped Grab keep incidents of fraud on its platform at under 1%, according to Ratnaike, which is calculated based on the number of fraud cases compared to total transactions each year. This figure is below the industry average of 1.6%, but still has a way to go before it matches that of major apps like PayPal (0.30%) and Stripe (0.65%).
Grab’s app processes millions of transactions every year, and Ratnaike said that no two days are alike at the company. “There are always unique challenges that arise. Every challenge has offered its own lessons, and we will continue to solve and learn from complex problems,” she said.