What – or should we say who – is in your inbox?
Remember the days when your personal computer would connect to a modem? You would hear the dulcet tones of your computer connecting to AOL, as anticipation would build for those three special words: “You’ve Got Mail!.” AOL was our gateway to the Internet for many of us, and email quickly became a part of our daily lives. This was circa 1990.
Fast forward to today, and there are over 4 billion email users worldwide. In 2020 alone, over 306 billion emails were sent and received. While email has become one of the most convenient and ubiquitous forms of communication, it has also become a major target for fraud. Just last year, business email compromise became the top financial crime, leading to more than $1.8 billion in wire fraud losses – and that was just the cases that were reported! Many more undoubtedly happen, which victims don’t report for a myriad of reasons.
In private capital markets, the issue is even more pronounced. Recent research shows that the average capital call scam now amounts to $800,000 per incident. In the 2020’s, email has become weaponized for financial crime, and it’s only getting worse.
Years ago, when parties got involved in a private capital transaction — such as a venture capital or private equity firm making a capital call — distribution notices were delivered via FedEx, TNT Express or DHL. All had a security feature to obtain a signature at the delivery address from someone at least 21 years old and possessing the required government-issued photo ID. Over time, however, email and investor portals became the preferred delivery solution to reduce costs, create efficiencies, and improve the investor experience. But this evolution has created a paradox. As technology advanced, we stopped asking the requestor or receiver for a form of identification. We just trusted and assumed that “someone” was taking care of identity verification.
As a result, we now live in a world where convenience has been prioritized at the expense of security. While communication is now faster, it is less secure than it was in the past. But this is just one piece of the puzzle that is causing issues for GP’s and LP’s. Email security has not advanced with the market need, and other technological and cultural developments have impacted privacy as well.
‘Selfie’ named by Oxford Dictionaries as the Word of the Year in 2013
Oxford Dictionaries defined a selfie as “a photograph that one has taken of oneself, typically with a smartphone or webcam and uploaded to a social media website.”
The invention of the smartphone catapulted the adoption of this colloquialism, and it’s now grown up. Some solutions use selfies to move us through airport security, stadiums, and other venues faster; facial recognition to unlock our mobile phones and passports is available on a mobile app in the U.S.
The average person is comfortable with their photos being taken and expects biometrics to be used for more than just logging into social media or sharing their photos. Where email security has failed, biometric identity cannot be stolen and is showing signs of promise.
Trust, but verify
President Reagan used the Russian proverb as a signature phrase frequently when discussing U.S. relations with the Soviet Union. Reagan used the term to emphasize “the extensive verification procedures that would enable both sides to monitor compliance with the signing of the INF Treaty.” With the way communication has evolved over the years, it’s clear that this timeless phrase applies to more than just U.S. and Soviet relations.
When we are interacting with dozens of people on a variety of different transactions, we need to be comfortable knowing that we can freely communicate and trust what works. At the same time however, we also need to make sure that we verify who we are communicating with, and that they are in fact who they say they are.
It’s been 30+ years since “You’ve Got Mail,” and email is still used frequently for financial transactions – often to confirm the counterparty and their wire instructions. Email is also frequently used to access portals where many people frequently forget their user ID and passwords to the multiple portals they access. And when user ID and passwords have been compromised, portals are no longer effective. Even when successful, these “Something You Know” identifiers are easily taken.
Now consider “Something You Are + Something You Have” to eliminate impersonators. A digital ID verification that correlates email, a government issued ID, and facial recognition using your mobile device or computer camera ensures the most accurate identity verification. It’s the natural digital evolution that combines receiving a FedEx package, showing your government-issued ID that matches YOU. Email should still be used to share information, and that includes financial instructions. We don’t need to re-invent the wheel… But using a combination of tactics to ensure a person’s identity, beyond a reasonable doubt, is what we need to use email safely and securely.
We can eliminate wire fraud in private capital markets by ensuring counterparties prove who they are throughout a fund’s lifecycle and not just during the subscription document process. Why leave an email to verify financial transactions to chance? Trust, but verify.
