What is a trust and safety team? What's their mission? How are trust and safety online investigators different from payment fraud and ATO? Learn it all here
In recent months (some sources suggest years, but it’s definitely picking up now), many companies have moved from referring to their efforts to minimize payment fraud and stopping account takeover (ATO) as “fraud prevention” to positioning it as a “trust and safety” function. So, is the new term just about putting a positive spin on the same old task, or is there something new about focusing on building a culture of trust, as opposed to chasing fraud? Is it just about fraud prevention? Let’s try to unpack it.
It’s not just finance and digital commerce organizations that established Trust and Safety teams. Do an Indeed search for Trust and Safety jobs, and you will find a wide variety of companies looking for strategy and operations personnel to take on tasks that have to deal with the safety and integrity of their products and services.
The common theme among the many diverse trust and safety teams is that they are all focused on identifying and resolving potentially harmful situations, mitigating risks, and establishing a foundation of trust between all parties interacting on their platform or using their services. Trust and safety is about building a culture of care, protection, respect for privacy, stability and a positive experience for all — customers, user communities and partners.
Much of a fraud team's activity occurs after the fact — an account has been breached, credit card numbers stolen and resold on the dark web, customer names hacked from a database, etc. The job of a fraud investigator is to follow the leads to try and figure out the identities and locations of perpetrators, find out how they got in, and what their intentions are. Again – all of this typically occurs in response to an incident that has already happened in an attempt to contain it as much as possible and minimize the damage that’s already been done.
Trust and safety, on the other hand, is designed to focus on preventing negative experiences through policies and process improvements and goes beyond a fraud-only view. It’s more about deterrence than risk mitigation; it’s putting in place systems to deter bad actors, rather than dealing with the fallout from incidents. But when incidents happen, trust and safety teams need the resources and tools to investigate and take action quickly.
American President Ronald Reagan learned the Russian proverb “trust but verify” and used it many times in meetings with his Russian counterpart Mikhail Gorbachev. The old adage is still very relevant today, in many aspects that require trust.
Gartner analyst Dr. Akif Khan addresses the convergence of Trust and Safety and Customer Experience functions:
“... [F]focus needs to shift to wherever the customer meets the brand (think of it as “the B2C perimeter”) – whether that’s on your infrastructure (your website, your app, your contact centre) or not (copycat domains, social media, marketplace sites selling counterfeits etc).”
Khan describes how trust can lessen the friction between a vendor and a customer and introduce special, personalized elements to the customer experience, like one-click checkout and bypassing two-factor authentication at login for clients who have reached a certain threshold of trust.
In some cases, determining whom you can trust (or not trust) is relatively easy. A new customer with a nonsensical email address who has made a large number of small purchases in a short time frame is automatically flagged. The customer can still try to process the latest purchase but would need to speak to a customer service representative to explain the situation first. Maybe it’s a legitimate situation, maybe it’s a case of fraud.
And while it may be easy to spot deception in some cases, many circumstances require the trust and safety teams to conduct deeper investigations in response to system flags. Researchers need to monitor online activity, keep an eye on marketplaces that are known to sell counterfeit goods or stolen information, and even observe what’s happening on dark web forums where criminals are known to congregate. Sometimes, it means engaging with bad actors directly, going undercover, to get to the bottom of what they are planning.
Trust and safety really boils down to the team’s ability to identify potentially harmful situations, respond to them in a timely manner, monitor user activity for actions that don’t meet security or acceptable use requirements, and setting up policies and safeguards for an environment of trust between all parties involved.