Fraud leaders at banks and credit unions aren't asking whether AI belongs in the fraud stack. They're asking whom they can trust to build with. Jeff Scott, Q2's managing director, Fraud Intelligence, joins the podcast to discuss what it takes to move from alert-chasing to running a full fraud intelligence operation, and why—amid all the AI momentum—human trust is more important than ever.
[Blog] From Disconnected Tools to Connected Intelligence: Q2's Platform Vision
[Blog] Account Takeover Is a Journey Problem: Here's How to Solve It
[AI-Focused Podcast] Cut to Context
Jim Young
Welcome to The Purposeful Banker, the podcast brought to you by Q2, where we discuss the big topics on the minds of today's best bankers. I'm your host, Jim Young, senior content strategist at Q2. Welcome to the show.
Every year, Q2's CONNECT conference provides us with a great opportunity to see where things stand in the financial industry and where they're headed. This year, to no one's surprise, fraud and how to fight back against it was front and center. The guest on today's episode was, thus, a very popular man at CONNECT 26. He's Jeff Scott, Q2's managing director of fraud. He's joining us today to share with us some of his takeaways from spending three-plus days with fraud leaders at banks and credit unions across the United States. Jeff, welcome to the show.
Jeff Scott
Thanks, Jim. Good to be here.
Jim Young
So, Jeff, what sort of sparked the idea for this particular episode was a post you wrote on LinkedIn. And I highly recommend that our listeners follow Jeff on LinkedIn to get his thoughts on fraud and the financial industry. But anyway, shortly after that, after CONNECT, you wrote that the event for you felt like an inflection point. What did you mean by that?
Jeff Scott
Yeah. Jim. And it's not a word that I would use lightly, but when I walked out of CONNECT, I was convinced that this is a different moment than we had been in before. And what I saw in those three days was conversations with fraud leaders. The debate has really shifted. A year ago, the question was, do we really need AI in our fraud stack or is this real yet? This year, nobody was asking that question. The question was more who do we trust to build this with us?
So it wasn't really even a technology conversation. It was a partnership and move forward conversation. And I sort of felt like the vendors who spent the last two to three years actually trying to ship AI into production, running example detectors and real customer environments and being honest about what works, what doesn't work are the ones who are going to be at the table. And so that was really the inflection point from my perspective.
Jim Young
Gotcha. I mean, that's obviously a big shift in technology. But I was thinking about this, and in a way, it's just the latest in a line of shifts. You know, there's the move obviously to internet banking and then mobile and then the cloud, and now AI. And Q2 has been immersed in each one of them. I mean, I remember having to write blogs telling banks why you don't have to fear the cloud. I'm just curious, are you surprised at how quickly FIs have come around to this and said, like, OK, we're going to lean in on AI?
Jeff Scott
A little bit, yeah. I mean, similarly, I remember early days of internet banking. It took how long? Like, you know, a decade to get comfortable. Or then mobile was a little bit faster, but still a thing. And cloud, we were still writing “don't fear the cloud” blogs five, six years after the tech was proven. And this is just totally different. FIs are moving faster than I can remember in the 20-plus years I've been doing this.
And I think there are really two reasons. One is that the pain is just undeniable. Authorized payment fraud and business email compromise, these real-time payment losses. These are showing up in the P&L now, not in some future risk model. And when something's bleeding, you don't take five years to try a new alternative. Right?
The second is that the AI shift is already happening in every other part of the financial institution, or at least it's starting to emerge in other parts of financial institutions and they're talking to each other. So maybe the CEO is using AI in their workflow. The board is asking about it. So when the fraud team says we need to move, they're pushing an open door for the first time in maybe forever instead of a closed door.
Jim Young
Yeah. It's interesting. I wonder also to what extent it’s influenced by the fact that they all know the other side. The fraudsters are using AI and they've probably seen firsthand how effective it can be. And I would imagine that breaks down a little bit of maybe initial reticence on this sort of thing when you sort of have this evidence right in your face about how powerful it can be.
Jeff Scott
Totally.
Jim Young
So I'm kind of curious, though, what are those standard vendor conversations, right? A bank says that they're looking for a partner who's done this sort of thing before. But I'm curious what that's like when it comes to fraud protection and AI. Are the questions the standard, same questions they used to ask and you just plug in the words “artificial intelligence,” or are they asking maybe different questions than they used to?
Jeff Scott
For sure, different. I think the questions have gotten a lot harder. And, honestly, I think they needed to. Two or three years ago, the AI question would be does your product use machine learning, yes or no? Now, the question is how does your model perform on our specific customer base? Show me the false positive rate. What's your governance framework? Who owns the alert? When the model triggers, what happens when the model drifts? How do you retrain? Who decides? You know, those are really operator questions, not marketing questions.
And the reason they're asking that is they've either already been burned or they know these are the questions from auditors. And so maybe they've bought fraud tools that promised AI and delivered rules with just a fresh coat of paint. But it wasn't anything that different, you know? So the phrase “done this before” really means show me production, show me proof, show me you understand what happens on day 90 when something breaks. That's really the bar now.
Jim Young
I'm curious with this, do you now … I mean, the questions have gotten smarter. They've gotten more challenging. Was there a point maybe early on where we felt like we were almost having to guide them? And these are the questions you should be asking sort of thing?
Jeff Scott
Yeah, 100%. You know, we were all sort of in a learning moment, I think, in the last 18 to 24 months and as you got new questions, you put them into the arsenal and you went and figured out your model risk management. And so then when you were going to other financial institutions, you had that battle tested and you could help guide them. So it's definitely evolved. And then now there's just more written about it and there's more proof points and traction just in the market on how to deal with this. So it's not unlike any other regulatory or strict governance process that a financial institution has had to have in the past, whether it's around data or processes. It's just the next one. So it's like, we know how to do this. We just need to figure out the inputs and outputs and the governance process to go with it.
Jim Young
Gotcha. We're talking about shifts with the FIs, but they've also occurred obviously within Q2. And one thing you were talking about at CONNECT, you said the innovation this year wasn't really about a product. The innovation really was about the system that we built to produce the product. Can you kind of walk me through what changed inside your fraud team at Q2?
Jeff Scott
Yeah, and I think this also goes along with the first question of really the inflection point. The story isn't that we built a new fraud product over the last couple of months. The product is an output. The real change is upstream in the system, and we rebuilt that system to produce that product at that exact moment. And that meant three things. And I'll try to keep it sort of concrete here.
But first, we changed how we get signal from customers. We moved from ship and then wait for feedback to really running our detectors with an AI model in real customer environments as we built the product. So the data teaches the model in real time. So that's the first thing.
Second, we changed the team. Fraud analysts, data scientists, product managers, engineers now sit inside a single operating rhythm. There's no throwing things over a wall. They are all on the same team.
Third, we changed what we were optimizing for. It wasn't just ship a feature or ship a new fraud product. It was how much loss did we prevent this month? And where's the next signal telling us that we should go build? Did we miss something? Should that become a new detector?
And those three things sound small on paper or seem maybe easy, as I say them here. But in practice, they're the difference between building fraud software and running a full fraud intelligence operation. And we felt like we had to do that on our side so that we could also take it to our customers.
Jim Young
OK. You also wrote in your post on LinkedIn that what excites you about this moment is that shift from chasing individual alerts to, as you just kind of mentioned, running an intelligence operation. Feels like it's a pretty significant change in how banks think about fraud. What does that shift actually require? And I guess maybe that's from both ends. What does it require from banks and credit unions, but also from Q2 and for other vendors out there in this space?
Jeff Scott
Yeah. I mean, it's really a mindset shift in my opinion. You know, the old model that we were all running against fraud over the last several decades, and it's still the dominant model at most FIs still, is this sort of alert-centric, something happens, an alert fires an analyst, picks it up, investigates it, closes it, sort of repeat. The problem is that system treats fraud like a customer service queue. It's reactive. It measures productivity and tickets closed.
And what we need to move to and what I saw a lot of forward-thinking FIs at our customer conference CONNECT moving toward is this intelligence operating model. And that means they're not just working alerts. You're studying the patterns across the whole customer base. You're watching the way attackers evolve. You're looking at the same actors showing up at three different institutions and getting ahead of the next attack because of just responding to the last one and the data that it produced. And that requires data at scale that a single FI really can't produce on their own, a team that thinks in patterns, not just the tickets, and a technology partner who's collecting and studying that signal in a way that you can plug into.
And that last piece is where I think the market will sort itself out. So great, you can trigger an alert for me that then I've got 100 blinking lights that I've got to go figure out how to triage. It's like you have to move to this overall view of how are my customers moving. What is the data pattern telling me and this ongoing consistent monitoring of those behaviors.
Jim Young
OK. Can you can you put this … That sounded awesome in theory. Can you ground this a little bit in reality? I mean, do you have an example you can talk about, like, hey, here's what this sort of situation might have looked like in the past and here's what it could look like now or does look like now when you're running that intelligence operation?
Jeff Scott
Yeah, sure. Let me try to sketch one out. Try to keep it sort of generic, but I guess picture a midsize commercial customer. Their controller, who has the authority to initiate a wire, gets a well-crafted phishing email. The attacker gets credentials, gets in, and then does what sophisticated attackers do now, which is nothing. For four or five days, they watch, they learn the vendor list, the payment cadence, the approval flow. Then on Tuesday morning at, you know, 10, they initiate a wire to a vendor that looks legitimate for an amount that fits the pattern.
In an alert-centric world that wire goes through. Nothing about it looks wrong on the surface. In an intelligence operation model, the system has been watching the session behavior the whole time. The device fingerprint drifted, the typing cadence changed. The login came from an IP the controller has never used. The mouse movement didn't match. By the time the wire's initiated, the risk score is already so elevated, and that's the shift, and that's what it looks like in practice. And it's the difference between a multimillion-dollar loss and a five-minute intervention that the system picked up well before money movement.
Jim Young
Gotcha. All right. I can see that as a non-tech guy, I can still sort of wrap my head around that. I'm curious, and this is not to move this into a sales conversation. But obviously some of what you're talking about is from Q2's new User Activity Monitoring solution. And you mentioned … you posted, again, on LinkedIn about a week or so after CONNECT that we've already activated multiple institutions on that solution. Again, I've been in this industry for a while. That feels like a pretty tight timeline, pretty fast. Is there a risk in moving that fast? And is this another shift we're seeing from FIs? Are they getting more comfortable with moving rapidly when it comes to tech?
Jeff Scott
Yeah. And you know, Jim, on the surface it looks fast. But I want to unpack it a little bit because the story isn't exactly as how maybe it appears. Those detectors didn't show up in May. We've been running them in production behind the scenes for a while. So real customer environments, real transaction volume, real fraud attempts. And what we learned in that time is what a detector actually looks like when it works and how it handles edge cases, how it drifts, how it needs to be tuned. So that's how we walked in to CONNECT. The model wasn't experimental. It was mature.
The second thing is that we already talked about we rebuilt how we ship. We put in place what we call internally an air quotes concept order system. It compresses the timeline between an idea working and that idea being live in a customer environment. It's the fastest release cadence we've ever built as a company. And what it means in practice is that when an FI is ready, activation isn't a six-month integration project. The model is essentially on. We just need to turn on the UI for the institution that's ready to receive it.
So the speed at the end is the visible part. But it was the months and year of stealth work, plus a shipping system that we rebuilt to compress that last mile. And that's the part nobody's going to see right now. And that's why activation feels so crazy fast. And that's the way we'll continue to do it going forward.
Jim Young
OK. All right. Well finally, we've been … this has been obviously a very tech-focused talk, but I wanted to end on something you wrote that that surprised me a little bit, given all this AI talk. You said what stuck with you most from CONNECT was actually the people and human connection getting stronger, not weaker. Why was that your biggest takeaway?
Jeff Scott
Yeah. I mean, this one surprised me a little bit too. And and, you know, I walked into CONNECT expecting those conversations to feel definitely technical, more AI-driven, transactional, and it was really the opposite. The conversations were about humans and they were about trust. So fraud leaders, if they asked or when asked what keeps me up at night or what keeps them up at night, they shared war stories from their institutions that talked about their teams, the burnout. And I think what's happening is that when the technology becomes powerful and complex—and AI is both of those—the value of the human relationship actually goes up, not down. And the judgment of who to trust with your customers’ money, you can't LinkedIn message your way into that. It has to happen face-to-face over time.
So, you know, my biggest takeaway from CONNECT wasn't the product demos or the AI announcements. It was the hundreds of conversations where somebody essentially said, we need to build this with a partner that we trust. And that's just the moment that we're in. And it's why I kept saying human trust built this over years and it matters as much as the tech that we're shipping.
Jim Young
Yeah, I guess not to get too sappy, but at the end of the day, this entire industry is about being able to trust another human with your money. So I suppose that's pretty much always got to be the North Star, no matter how techie we get with all of it.
Jeff Scott
Totally agree.
Jim Young
All right. Well, Jeff, thanks so much for coming on and sharing your prospectus with us here on … prospectus. Thanks for sharing your perspective with us here on The Purposeful Banker.
Jeff Scott
Yeah. Thanks, Jim. It was fun.
Jim Young
Again, I highly encourage you to, if you're not already connected to Jeff or are not already following him, to check out his LinkedIn account where he has some really interesting posts, not just purely about what he is doing, but again, what's going on in the industry and how he sees trends and things shifting.
Also, I wanted to let you know we've got several, just a host of blog posts. If you weren't fortunate enough to make it to CONNECT, we're recapping a lot of what was talked about there on the blog at q2.com/blog. We've got a recap of the big fraud roadmap session that Jeff participated in, and you mentioned User Activity Monitoring. We had a really interesting session walking through Q2's continuous account takeover protection solutions. And of course, we'll have information about some of the latest innovations with our Centrix products, as well.
But that will do it now for this edition of The Purposeful Banker. Reminder, you can subscribe to the show wherever you listen to podcasts, including YouTube, Apple, and Spotify. And you can see our archive of podcasts at q2.com/podcasts. Until next time, this is Jim Young and you've been listening to The Purposeful Banker.