skip to main content

Executive Interview Series: General Manager Fraud Protection at Microsoft, Donald Kossmann

The Executive Interview Series provides readers with exclusive insights from movers and shakers in the payments industry. The Payments Industry is under continuous transformation, as such this series provides diverse perspectives on everything from strategy to payments technology and to the future of the industry.

In this interview, TSG’s Market Intelligence team-member Alex Ferguson sat down with Donald Kossmann, Distinguished Engineer and General Manager Fraud Protection at Microsoft to learn more about the continued importance of security and fraud prevention in the payments ecosystem and how Microsoft is approaching the issue.

Background: Donald has spent most of his career in academia. He was a professor in the Systems Group of the Department of Computer Science at ETH Zurich for 13 years, conducting research and teaching all flavors of data management systems. Donald is an ACM Fellow and was chair of ACM SIGMOD from 2013 to 2017 and served on the Board of Trustees of the VLDB Endowment from 2005 to 2011. He is the co-founder of four companies: i-TV-T AG (1998), XQRL Inc. (2002), 28msec Inc. (2006), and Teralytics AG (2010). At Microsoft, Donald is part of the Cipherbase project which explores confidentiality and integrity of database systems against insider attacks. This project has led to Microsoft’s SQL Always Encrypted product. Donald is interested in new database system architectures that improve the availability (fault-tolerance), performance, and cost of a database system in the cloud. Donald is involved in the Socrates project (SQL Hyperscale) and is a strong believer in decomposing the traditional monolithic database architecture to achieve these goals.

Q. TSG’s Alex Ferguson:
Currently you work as Distinguished Engineer and as General Manager Fraud Protection at Microsoft? What are you primarily focused on in your role?

Donald Kossmann:
Our mission is to empower merchants and financial institutions to focus on creating value, rather than worrying about fraud or attacks. Our clients are the most innovative players in their industries. Our job is to have their back – wherever they are, wherever they go.

Q. TSG’s Alex Ferguson:
Looking into your background, you’ve held numerous roles within academia and have had experience in the startup realm co-founding several companies ranging in focus from website hosting to transportation network management. How have these roles and experiences helped you in your role at Microsoft?

Donald Kossmann:
Our service, Dynamics 365 Fraud Protection (DFP), combines the trust and scale of Microsoft with the agility and innovation of a startup or research institution. So, I feel blessed that I was able to see all sides of the IT industry and am now able to bring all these aspects together in running the DFP product group and organization.

Q. TSG’s Alex Ferguson:
What do you feel has been your greatest accomplishment in your career thus far?

Donald Kossmann:
The part of my career that I am most proud of is the mentorship that I was allowed to provide to many students and professionals who have gone on to create amazing things and have truly made the world a better place. I am not sure whether mentorship is an accomplishment, but it is a deeply gratifying task. I have learned so much from all these people.

Q. TSG’s Alex Ferguson:
How is Microsoft approaching payments and the payments industry?

Donald Kossmann:
We still see a great deal of pain in this industry. Our clients are having a hard time protecting themselves from fraud and chargebacks and not throwing the baby out with the bathwater. The big issue is that they only have partial knowledge of a transaction and do not see the full context in which a transaction happens. A merchant, for instance, knows the location of a device from which a purchase is initiated, but does not know about other transactions that have been made on this device or with this purchase instrument. An issuer, on the other hand, knows about all the transactions of a purchase instrument, but does not have any information about the devices from which these transactions originated. As a result of this fragmentation of data, both sides potentially make poor decisions.

Our goal is to puzzle all the data across stakeholders and the entire ecosystem together and enable all participants to make much better decisions. To illustrate, I use the tale of the “four blind men and the elephant.” Each of these blind men touch a different part of the elephant. The first man inspects the tail of the elephant and concludes that he is dealing with a rope. The second man touches a leg and concludes that it is a tree. And so on. Our role is to combine these signals and tell all participants that it is an elephant.

The impact is huge. To give just one example, we have pioneered a new technology called Transaction Acceptance Booster (TAB). With this technology, we pass information such as our risk score from the merchant to participating issuers. As a result, we see an increase of acceptance rates of legitimate transactions up to 400 bps. All participants benefit from this improvement: merchants, banks, and most importantly consumers.

Q. TSG’s Alex Ferguson:
What are some current events/emerging issues occurring in the realm of fraud and security that most in the payments community may not be aware of?

Donald Kossmann:
One threat that we see is that attackers are getting more and more sophisticated. With the rise of ecommerce and the cloud, it is getting more and more attractive and cheaper for fraudsters to launch attacks. Fraudsters collude in international networks and have deep technical expertise to launch these attacks. It takes a village to protect a village, and that is why we orchestrate a fraud protection network for all our clients.

Another issue is that new kinds of friendly fraud (or first-party misuse as we prefer to call it) are sprouting. For example, if a social media influencer endorses a new product, then many followers will buy the product. Now if the influencer changes her mind, these followers will be disappointed and some of them will be tempted to file a chargeback. These chargebacks create a whirlwind of activity a Merchant needs to navigate thru with high costs, penalties, and (unfair) reputational damage.

Q. TSG’s Alex Ferguson:
Earlier in March, an announcement of a partnership between Microsoft and Chargebacks911 was released highlighting a joint effort to utilize Microsoft Dynamic 365 fraud protection with Chargebacks911’s chargeback technology to assist in identifying fraud for financial institutions. Tell us more about the Microsoft Dynamics 365 Fraud Protection Solution and how its approaching security and fraud prevention differently.

Donald Kossmann:
Merchants now have the benefit of accessing Chargebacks911’s industry knowledge in tandem with Microsoft’s adaptive artificial intelligence technology, which learns fraud patterns and helps merchants to optimize fraud controls. With this integrated solution, merchants will be provided with a one-stop, deeply integrated solution which will grow and adapt to their needs and all the developments and innovations in this industry.

Q. TSG’s Alex Ferguson:
Card fraud has increased sharply over the past two years during the pandemic, increasing to a reported ~$28 billion globally in 2020 alone. Why has the pandemic exacerbated fraud? Was this uptick in fraud anticipated prior to the onset of the pandemic?

Donald Kossmann:
The pandemic, like any other crisis, has accelerated existing trends. Specifically, it has accelerated adoption of ecommerce, thereby providing a much larger attack surface for fraudsters. To give just one example, postal services made it easy at the beginning of the pandemic to reroute packages. These rerouting services were a great feature for consumers. Unfortunately, these rerouting services were also a great opportunity for fraudsters to take over accounts of consumers, make orders on these accounts, and then reroute the shipments.

Q. TSG’s Alex Ferguson:
Given your experience, what can merchants do to be proactive in their security practices to reduce their risk to fraud?

Donald Kossmann:
When we think about a successful fraud strategy, it all comes down to the idea of Profit Efficiency. Profit efficiency requires a holistic approach to stop fraud & chargebacks and at the same time reduce false positives and increase acceptance rates. It is not sufficient to optimize one KPI (e.g., cost of manual review) only – everything is connected and data is the new oil that makes it work. That is why merchants should join a network such as the one provided by DFP in which all merchants benefit from the data of all other merchants and the adaptive machine-learning technology provided by Microsoft. Microsoft is one of the biggest merchants in the world, and it has followed this approach. Every new merchant who joins DFP will benefit immediately from all the Microsoft data – likewise, Microsoft’s commerce benefits from the fraud protection that all the data of all the other DFP merchants provides.