We had a nice interview with Hasan Can Saral who is a CEO of Nerodata company. He would like to offer fraud prevention and customer satisfaction products to market. Enjoy his interview below.
Would you kindly tell us about yourself?
I am a graduate of Sabanci University Computer Engineering Faculty. I have an MD from the London Business School. While I was a student at Sabanci University, I had established a company. Those were the first years of mobile software. Only a few companies were working in that area, and there was a demand for third party software companies for many solutions. Upon realizing this, I took some courses and formed a company with a few friends. By that company, we had developed some digital and mobile publication applications. Then, I graduated from the University and went abroad. That was when I started to learn about the “Big Data” and “Machine Learning.” I made a lot of studies in these fields, and now I am working in a job very close to these areas.
What are these areas?
Financial corporations such as banks and insurance companies. I work on fraud control and customer loyalty issues. They call it “Churn Management.” I deal with the calculations of the probability of a client to quit a certain service.
Are you developing software in this respect?
It has already been developed but, now I am dealing with its maintenance, launching, and its marketing.
You are talking about the Nerodata company you are managing. How long did it take to develop this software?
We started two or three years ago. There is already some basic source code software in this area. Because of my personal interest, I made some additions and contributions to these codes to make it useful worldwide.
For example, Scikit-Learn is a sample library written in Python for Machine Learning. I made some contributions to this library. So, I decided to take advantage of my efforts in this respect.
Why did you choose the ‘Fraud’ topic?
I should not say that I am especially interested in this “Fraud” topic, but I observed this gap in Turkey. There are some big players in this field. The products of these big companies are to protect US corporations against frauds worth millions of dollars. When you bring these products to Turkey, their market share is reduced considerably. Their primary target becomes the big banks. When they go to smaller scale banks, they receive such a reply; “we do not have such a big fraud problem so why should we pay such a significant amount of money for this license?” Consequently, the present solutions against fraud work on rules implemented by an older technology. So, I bring solutions with machine learning and neural networks. I realized a genius in this field and thought of creating a unique value for Turkey.
In this case, your product is smaller scale software working in the same parallel with the big ones?
In fact, the products of the big companies are our competitors. Our product is not like the products of the multi-nationals which identifies and inspects everything from zero to hundred. Furthermore, it would not be realistic to improve such a product with our limited sources and facilities. But, we have developed a product which will be preferred in Turkey and Middle Eastern countries.
Can we call it a sort of Fintech solution?
No, they do not call this fintech abroad. It is a kind of financial ‘Core Banking’ software. Fintech is rather a solution to change the working system of the banks.
Which type of corporates are you working with?
We are very recent in Turkey. I arrived here only three months ago. Our present clients are still abroad. I have a few in London and can say that we shall soon start with two customers in Turkey.
OK, you go to a bank to make a presentation. What do you suggest? Are you saying that; “we shall bring you from this level, up to that level against fraud”? Which services do you offer?
Our primary purpose is to reduce the number and volume of the transactions that create problems.
Seems like, you are putting something measurable on the table.
Let’s say for example a fraud problem worth 100.000,- TL per month. I write a composition stating that; “we shall reduce this to 5,000,- TL.” Other companies cannot guarantee this. In fact, the value created can only be calculated by the actual figures realized at the end of the month.
Do you suggest a minimum or a maximum? For example, we can avoid 10% to 50% of such frauds?
No, it will not be correct to suggest such figures. It is not correct because the records kept by the banks and the efficient use of the software can change the results drastically.
Can we go into some details? What is your procedure to start working with a financial corporation?
If that financial firm requires viewing how the system works, we prepare a special demonstration for them. The data is not carried from one place to another. It is a particular product that can integrate itself with the existing databases, with no additional costs or extra licenses. We start watching the corporate real time and all risky transaction like bank transfers, EFT or credit card actions go in front of the fraud specialists in our call center. We warn the operator in the call center that the correspondence data of particular persons is above the risk limits and the operator directly contacts that person and confirms if the transaction is correct or not. Or the system sends an automatic message to the person that such a transaction has been effected from his credit card.
We receive SMS messages indicating that a certain amount is spent on our credit card, if it is not correct, they ask us to refer to our bank.
Yes, they ask us to communicate immediately.
But, this is a system working for many years. There are certain rules. For example, for any transaction above 4.000,- TL we receive an SMS message. What is the difference of your product from the present systems?
“If it is above 4.000,- TL we receive an SMS message” is a very simple example. If you are a person making regular transfers above 4.000,- TL, you may not understand it because for every EFT above 4.000,- TL you receive the message. But our product has a machine learning system, and we inspect the habits of the users. If your EFT practices are within certain limits for certain persons and other limits for another person, then anything outside these or any other risky transaction is subject to our warning. The advantage here is the reduction in the number of false alarms that we call “False Positive.” We reduce the number of a transaction, which the system marks as wrong but which in fact is correct. It increases our customer satisfaction criteria. Recently, any system working since twenty years cannot follow your expenses you have made in Germany after a week you have bought a plane ticket for Germany.
What do you mean by “can not follow”?
The system itself sets a rule; “if this person makes any expense abroad, clarify”. If you have bought a ticket for Germany, the system can predict that you may make some expenses abroad.
How does the bank know that a person has purchased a ticket? If he has used his credit card, maybe. If he uses his credit card, in an integrated system but if he uses some other credit card which belongs to another bank, if they do not use a shared database, nobody will ever know…
I am trying to give an example to machine learning. I mean, if certain transactions are followed by certain operations, we can make certain predictions. If you have bought a ticket for abroad, then it will not be a risky situation if you make some expenses abroad.
The database itself makes this prediction? No human beings.
Yes, the database itself makes the prediction. No person interferes. That is entirely possible by a regular inspection of the expense habits of a particular person and by creating a risk score for that person.
In this case, can we say that; “if I use a particular bank and use one credit card and make all my expenses with that card then I will have a safer financial life. If I use a few banks and buy a ticket with one credit card, and make expenses with another credit card, it will be tough to follow this. Because you go out of the system, where there will be no communication.
You mentioned about customer satisfaction. What can you say in this respect?
You get a higher customer satisfaction if you can predict a fraud transaction efficiently. If a transaction is a fraud and you predict it with a high probability, and if a transaction is real and you predict it with a low-level probability then your customer will be pleased with this result. In this case, your credit card will not be blocked by a false alarm, or you will not receive any messages if there is no fraud transaction. These criteria will increase the customer satisfaction.
The algorithms must show variations between corporates. When you start working with a bank, and they decide to use your product do you start everything as a new project? Like, which rules will work under which conditions?
After a certain integration process, we can evaluate which algorithms will sustain higher performance rather than rules.
Why do not these financial organizations use a common library? If something is fake or fraud, can it be legal for another bank? If you share all this information, maybe you will have to share the personal data as well. But, if every organization has its fraud library and if something is fraud for a bank, it is fraud for another bank also. They may work separately but if you supply them a certain common database what will change for these financial organizations?
These corporations do not prefer to share such data.
Do you provide them a preset list of rules?
We do not have any preset rules. We just follow the behaviors of a certain person and determine the expense habits of his credit card and create scores for this card. No need to identify any rules or configurations. Of course, there is such a possibility, but this is not the area where we are powerful.
For example, sending an SMS message for transactions above 4.000,- TL is a rule for a bank.
Of course, it is a rule. But we do not identify such a rule. Of course, we use this rule, but it is not something that we encourage. I give you credit card, and the first expense you make has a 50% probability that it can be fraud. It is just like tossing the coin. You have a 50% chance. You make expenses at some locations. You buy stationary, or you buy household products. Then, all of a sudden you buy a cosmetic product. We predict that you would not make such an expense. This is machine learning, which improves itself in due time.
The more the transactions, the more the system learns!
There are some certain preset rules which can be identified by our system as well. But the value that we create is not these rules. Otherwise, X Bank would use the same product with the Y Bank.
Could you tell us two interesting user behavior examples if you do not mind?
Something I learned or rather read very recently. An example about online purchasing. Something applicable to e-trade websites. There is a direct connection with the transaction and the moving speed of the mouse of your computer. Frauds move their mouse devices faster. But you cannot use such an application at banking levels.
Should the user be informed about this, is a warning concerned?
It can be used in an e-trade website.
Do you have such a plan to use this application for e-trade sites rather than the financial organizations?
It can be done, but that is a small scale market. That e-trade website has no such big problem to buy an expensive license.
Is your product a cloud solution?
Because our target is the financial organizations, cloud solutions are not possible. Because the data has to be kept in Turkey. It has to be an own –on premise- system. This software is working inside the personal cloud of that organization.
You had mentioned about no other product addictions.
That is a significant advantage. If you go to the other large enterprises, you will have to purchase their fraud prevention systems; then they will sell you their particular database, which will increase the figures of your invoice. Then you will have to pay extra for some other solution licenses etc. Of course, our product has a copyright value, but we run a lot of open source products at the back. We run them with our corporate licenses. Therefore you do not have to spend high amounts for this single supply service license.
Do you charge a monthly fee? What is your income model?
We sell the license and maintenance of the product.
Thank you very much for this amazing interview.
You can watch an interview with Hasan Can Saral below in Turkish.