Williams College - Explore Campus In This Photo Tour
GWS Internship Reflection
1. August 2016
1
Greenway Solutions Summer Internship Reflection
When I read Greenway Solution’s internship description and the project planned for their client,
USAA, I was thrilled about the opportunity to develop and perform tests to identify how their
fraud prevention controls compare to peer banks. The focus of the project was to identify the
areas on USAA’s digital banking platforms (i.e. online, mobile, call center) most vulnerable to
fraud based upon the comparative strengths of their competitors. The rationale for this
approach is that fraudster’s look for the weakest links, and if your peers have stronger controls,
then your bank becomes the target. In addition, the Greenway team was asked to provide
recommendations to help USAA improve their fraud controls based on our analysis.
During my internship, I worked with Michael Toth and Greenway’s co-founder, Jerry Tylman.
Michael had previously worked for Bank of America and Wachovia Bank as the Head of
Customer Security for Retail Banking. Jerry has been consulting to Banks in the areas of
Customer Security and Fraud Prevention for over 10 years. Their background in combatting
bank fraud was invaluable for this project. They both had contacts at fraud departments in
many of the banks we tested, and were able to develop sophisticated questions about each
Bank’s visible security controls (e.g. one time pass codes and funds availability) and back-end
security controls (e.g. device identification, transaction monitoring).
Our analysis included tests at large national Banks (e.g. BAC, JPMC) and smaller online only
Banks (e.g. ALLY, Discover) to compare the timing between funds availability and check clearing
via ATM and Mobile RDC deposits. We also deposited NSF checks at several banks to determine
the extra time window between making funds available and withdrawing them once the NSF
notification is received from the other bank. This is the window exploited by fraudsters who use
NSF checks as their funding mechanism. As part of this process we documented the
authentication tokens (e.g. User ID, Password, Secret Questions) used for Login and Password
Reset as well as the data required to open new Online Accounts. We then assessed the data and
controls used during this process to develop a strength vs. customer friendliness matrix where
we compared the Banks involved in the study.
On this engagement, my responsibilities included:
Working with the team to create the approach for the peer study
Documenting the approach and communicating the approach to USAA
Revising the approach based upon client feedback
Collecting data, analyzing the data and making recommendations
Creating a final presentation in PowerPoint including an Executive Summary
Creating and refining the supporting documents to be presentable and easy to
understand
Removing all PII from our raw test data
Presenting all documentation to USAA
Participating in the final readout to USAA
2. August 2016
2
While performing tests and participating in conference calls with the fraud departments at
various banks, I gained insight into the continuous battle between banks and fraudsters. One
example of this cat and mouse game is when fraudsters create malware to steal passwords, the
banks respond with anti-malware, and soon after the fraudsters shift to social engineering (i.e.
tricking people into giving them their credentials). I recognized that there is a need for
continuous evolution of identity verification and authentication controls in today’s increasingly
digital world and I saw how very new companies are filling niches that older established
vendors are not addressing (e.g. using Social data from sites like Yahoo, Facebook and Linkedin
to enhance Identity Verification). Two companies doing this that we talked to were Socure, who
only 4 years old and Trust Stamp, who is less than one year old.
After completing the final draft of the presentation and delivering it to USAA, Jerry asked me to
spend an additional week researching how banks can use social intelligence data to increase the
accuracy of identifying new Customers. The goal of my research is to identify the current set of
vendors (e.g. Socure, Trust Stamp, Nuestar, etc.), document what they offer, and try to
understand what Social Data they are leveraging to improve the traditional identity verification
techniques used by Banks. Examples of this include, “age of email address” and “use of email
address” at major social media websites.
In addition to my Greenway internship, I attended a number of extracurricular events sponsored
by HQ Charlotte/Packard Place. Packard Place is an entrepreneurial incubator in Charlotte and
it is where Greenway Solutions leases office space. One of my favorite events was the Queen City
FinTech Demo Day, where my co-workers and I listened to 10 founders of Startup companies
present their business plans. After the event, Jerry introduced me to the Mayor of Charlotte and
we spoke to two startup founders.
Many free, after work educational and networking events were hosted in our HQ Charlotte
Packard Place building. Among the events I attended were two Charlotte Angel Fund investor
meetings, which provided me with my first experience listening to actual angel investors
scrutinize and question startup business owners (including several companies who pitched at
the Demo Day). The Angels heard pitches then privately discussed marketing issues and
scalability weaknesses that I hadn’t considered when I listened to them at Demo Day. I walked
out of those meetings being able to assess companies from additional viewpoints and with new
questions to ask to help me understand the potential risks as well as market opportunities
associated with new business ventures.
Two other events I attended included a seminar about starting and financing a venture in NC
held by the NC Secretary of State and the use of Block Chain technology in Financial Services.
The seminar provided me with knowledge of all of the fundraising options available and rules
and regulations a new business needs to follow when raising capital. The seminar on Block
Chain provided me with an overview on how the technology is currently be researched and
evaluated for use by Banks beyond its current use by BitCoin. After the Block Chain meeting, I
met the Greenway team at the Charlotte Music Factory to listen to Greg Allman and Peter
Frampton, which was a nice bonus.
3. August 2016
3
Finally, when I wasn’t stringently taking notes during events, I was networking. During Packard
Place’s weekly networking nights, I met many hard-working entrepreneurs, startup founders,
angels, ex-Venture Capitalists, and plenty of other like-minded people in pursuit of innovation.
Meeting with them confirmed to me that my passion is to identify problems that affect
businesses and/or societies, understand why the problem is happening, research possible
solutions, and assess how I can be part of bringing a particular solution to market. Simply put, I
am an entrepreneur.
I am very fortunate to have interned in an environment that fosters and supports
entrepreneurship, and I’m proud to have been a member of the Greenway Solutions Team this
summer.
Zach Zukowski
Charlotte, North Carolina
August, 2016