Dec. 16, 2025

From Basement Hackers To Global Rings w/ Jason from Imprint

From Basement Hackers To Global Rings w/ Jason from Imprint
Spotify podcast player icon Apple Podcasts podcast player icon YouTube podcast player icon
Spotify podcast player icon Apple Podcasts podcast player icon YouTube podcast player icon

In this episode of Risk and Reason, Eli Wachs sits down with Jason Brown, Director of Risk Operations at Imprint and former U.S. Secret Service agent, to explore the evolution of cybercrime and financial fraud. Drawing on nearly 25 years in federal law enforcement, Jason discusses the professionalization of fraud networks, why fraud is fundamentally human, and how AI can act as a force multiplier without replacing human judgment. The conversation also covers synthetic fraud, payment rails, stablecoins, and what the future of risk management looks like in an increasingly digital economy.


Chapters
(00:52) Meet Jason Brown And His Background

(03:44) Building The ECTF And Early Cybercrime

(07:35) Operation Firewall And Carding Markets

(10:06) Teaming Up: Agencies And Corporates

(11:52) AI’s Role And Human Oversight

(14:58) Fraud As A Human-Driven Problem

(17:40) Specialization In Criminal Marketplaces

(19:15) Mule Accounts And Money Movement

(21:06) Secret Service Mandate And Focus

(23:13) New Rails: Stablecoins And Protocols

(24:26) Startups, Speed, And Risk Innovation

(25:19) Why Blockchain Traceability Matters

(27:42) Career Moments And Closing


Follow us on Socials

Jason's LinkedIn: https://www.linkedin.com/in/jason-brown-1a6054ba/

Eli's LinkedIn: https://www.linkedin.com/in/eliwachs/

Check out Footprint: www.onefootprint.com

00:00 - From Hobbyist Hackers To Crime Networks

00:52 - Meet Jason Brown And His Background

03:44 - Building The ECTF And Early Cybercrime

07:35 - Operation Firewall And Carding Markets

10:06 - Teaming Up: Agencies And Corporates

11:52 - AI’s Role And Human Oversight

14:58 - Fraud As A Human-Driven Problem

17:40 - Specialization In Criminal Marketplaces

19:15 - Mule Accounts And Money Movement

21:06 - Secret Service Mandate And Focus

23:13 - New Rails: Stablecoins And Protocols

24:26 - Startups, Speed, And Risk Innovation

25:19 - Why Blockchain Traceability Matters

27:42 - Career Moments And Closing

WEBVTT

00:00:00.080 --> 00:00:03.680
We're no longer dealing with a hacker in their mom's basement.

00:00:03.680 --> 00:00:05.839
We're dealing with multi-state organizations.

00:00:05.839 --> 00:00:11.679
Having AI make decisions quicker, but making sure there's still people in the loop.

00:00:11.679 --> 00:00:13.919
How have you seen that progression and evolution?

00:00:14.320 --> 00:00:21.920
The professionalization of hacking, network intrusion, the marketplaces that we see out there, fraud is so human-based.

00:00:21.920 --> 00:00:26.640
No matter what the fraud looks like, there's always going to be a human element to it.

00:00:26.640 --> 00:00:29.199
It's the motivation behind the criminal act.

00:00:29.199 --> 00:00:33.840
I don't think AI is a substitute for personnel whatsoever.

00:00:33.840 --> 00:00:38.079
I don't believe it's going to eliminate the people working in risk and fraud.

00:00:38.079 --> 00:00:47.039
The human has to be involved in there, and experience really drives that in evaluating what the accuracy of those fraud investigations would look like.

00:00:52.880 --> 00:00:53.759
Hello, everybody.

00:00:53.759 --> 00:00:56.719
Welcome back to the Risk and Reason podcast.

00:00:56.719 --> 00:01:00.079
I'm joined by a very special guest today, Jason Brown.

00:01:00.079 --> 00:01:02.560
He's the director of risk operations at Imprint.

00:01:02.560 --> 00:01:08.640
He has a pretty fascinating background working, I want to say close to 25 years in the U.S.

00:01:08.640 --> 00:01:24.000
Secret Service, working across cybersecurity, cybercrime, digital forensics, and has taken that experience now into the world of consumer credit, a really interesting B2B use case, and how transactions in the age of synthetic fraud and AI fraud have evolved.

00:01:24.000 --> 00:01:26.159
So, Jason, thank you so much for joining us.

00:01:26.159 --> 00:01:27.040
Thanks, Eagle.

00:01:27.040 --> 00:01:28.799
Thank you for your having me here today.

00:01:28.799 --> 00:01:34.640
I I guess to start off, I gave uh introduction, which probably does a disservice to all that you've done.

00:01:34.640 --> 00:01:45.439
Could you walk us through, you know, what drew you to, I guess, this broader realm of, I'd say protecting people uh for from a young age and and uh just please give us that story.

00:01:45.920 --> 00:01:49.200
You know, I went to college at the University of Kentucky in Lexington, Kentucky.

00:01:49.200 --> 00:01:50.879
I studied political science there.

00:01:50.879 --> 00:01:54.000
Uh I thought I was going to run political campaigns for a living.

00:01:54.000 --> 00:02:06.799
And in my senior year, I did an internship in the then Lieutenant Governor's office, Paul Patton, who was eventually uh elected governor and worked for the first four years of his administration as one of the staff members.

00:02:06.799 --> 00:02:14.319
That short period of time, although it was a great learning experience and I had a great time in the office, uh figured out I didn't want to remain in politics.

00:02:14.319 --> 00:02:17.039
I decided I wanted to go into law enforcement.

00:02:17.039 --> 00:02:20.080
And uh I applied for the Kentucky State Police and the U.S.

00:02:20.080 --> 00:02:21.680
Secret Service both at the same time.

00:02:21.680 --> 00:02:24.639
The Secret Service called first, and that's where I ended up.

00:02:24.639 --> 00:02:44.479
Uh, started off my career up in the New York field office, was assigned after only two weeks up there into the New York Electronic Crimes Task Force, where I spent for the entire seven years that I was up there in New York, uh, under the tutelage of Bobby Weaver, the one we called the the uh the grandfather of the ECTF network.

00:02:44.479 --> 00:02:55.759
Uh what was cool about the ECTFs, Bobby really tried to teach us to act and think about the way corporations look at at crimes and violations and security instances.

00:02:55.759 --> 00:03:08.479
So, you know, yeah, we were out there, we were wanting to apprehend the individual, but you know, we were more worried about in shareholder value, learning about the corporations, making sure that we did what we could do to help them protect their networks moving forward.

00:03:08.479 --> 00:03:15.680
Through that, uh, I was able to go into the electronic crime special agent program, like you said, uh doing digital forensics for a couple of years.

00:03:15.680 --> 00:03:20.960
Uh, when my time in New York was up, I still had a commitment for XAP before I could go into my protection time.

00:03:20.960 --> 00:03:27.919
So I transferred down to headquarters, was one of the original agents in the cyberintelligence section down there.

00:03:27.919 --> 00:03:44.000
Uh, that was a unit that we formed back in the early 2000s, really, to address the large-scale trafficking of access device fraud data over the internet, uh, credit card information for lack of a better term, and to address some of the major network intrusions that we were seeing out there.

00:03:44.000 --> 00:03:46.960
So, you know, this was pre-PCI DSS.

00:03:46.960 --> 00:03:56.479
So we were having a lot of uh track data being stored on corporate computers that were being uh exploited and stolen and then trafficked out on the internet.

00:03:56.479 --> 00:03:58.240
Did that for several years.

00:03:58.240 --> 00:04:17.839
Um, after uh a couple of years, I was assigned over to the White House in the last year of the Bush administration with the Homeland Security Council, and did that for the last year of Bush and the first six months of Obama working on the comprehensive national cybersecurity initiative, doing defensive cyber policy.

00:04:17.839 --> 00:04:28.879
Uh after that, transferred back to headquarters, was one of the agents to help help stand up the critical protection, the C C SPI, excuse me, Critical Systems Protection Initiative.

00:04:28.879 --> 00:04:34.959
And that's essentially the cyber advance that we do for all of our all of our protectees up until this day.

00:04:34.959 --> 00:04:38.480
Uh from there, uh transferred back over into protection.

00:04:38.480 --> 00:04:44.160
I was on President Obama's detail for four years while I was there, specialized in counter-surveillance.

00:04:44.160 --> 00:04:53.680
Uh, was promoted off Obama's detail to go back, and I was actually for six months over our exat program, the digital forensic program for the service.

00:04:53.680 --> 00:04:59.279
And after a short period there, went back and became the supervisor of the cyberintelligence section.

00:04:59.279 --> 00:05:06.000
So, full circle as one of the first agents in the section, and then was able to go back and be a supervisor there for about a year.

00:05:06.000 --> 00:05:11.360
Uh, came down to a point where uh in my personal life, I had a couple of boys that were getting older.

00:05:11.360 --> 00:05:15.360
My wife and I both being from Kentucky, we wanted to get back to the South to raise them.

00:05:15.360 --> 00:05:17.920
Uh, the Knoxville resident office came open.

00:05:17.920 --> 00:05:24.000
Was fortunate enough to be transferred down here as the agent in charge in Knoxville, where I spent the last eight years of my career.

00:05:24.000 --> 00:05:38.319
And down here I was responsible for the 23 counties, northeast Tennessee, with everything that we had going on down here from both criminal investigations, protective intelligence to protection, and uh wrapped up my career down here in July 24.

00:05:38.319 --> 00:05:50.079
Took about six months off to get my head straight, to uh recover a little bit, take it, take a little downtime uh recharge, and uh wanted to go into private industry.

00:05:50.079 --> 00:06:10.639
Uh, was looking at fintech, was looking at at cyber threat intelligence uh companies out there, and uh found imprint, and or should I say they found me, and uh was fortunate enough to uh interview with them and they brought me on board, as you said, with the as the director of risk operations uh where I serve now.

00:06:10.639 --> 00:06:16.160
And in that capacity, I'm over everything that we do operationally in the risk sides.

00:06:16.959 --> 00:06:18.800
It's an amazing story.

00:06:18.800 --> 00:06:20.879
Uh I didn't know you studied political science.

00:06:20.879 --> 00:06:21.600
I love that.

00:06:21.600 --> 00:06:28.959
Uh when you when you when you when you got in ECTF, I believe it came from the Patriot Act.

00:06:29.279 --> 00:06:33.199
And actually, the ECTF predated the Patriot Act.

00:06:33.199 --> 00:06:45.920
And then after 9-11, uh the Patriot Act codified the ECTF, and it was a subsection of the Patriot Act where we had to expand the ECTF network all over the Secret Service and all of our major field offices.

00:06:46.399 --> 00:06:47.199
Interesting.

00:06:47.199 --> 00:07:00.879
When you when you talk about, I guess, codifying it, uh I'm guessing that you know we say people saying risk today, to to jump ahead before we jump back, that we're no longer dealing with a hacker in their mom's basement.

00:07:00.879 --> 00:07:03.040
We're dealing with multi-state organizations.

00:07:03.040 --> 00:07:09.839
When you're dealing with cyber terrorism, cybercrime at a government level, you're coming at it, I imagine, with with that mindset.

00:07:09.839 --> 00:07:17.920
Could you talk, though, about how you you've seen in these different approaches the professionalization of these battlefronts?

00:07:17.920 --> 00:07:22.079
You know, we say, you know, it's not Bonnie and Clyde anymore going to a bank.

00:07:22.079 --> 00:07:24.160
Uh bad actors have moved online.

00:07:24.160 --> 00:07:30.399
And, you know, these are still multinational criminal organizations, and there are different ways that they're they're going at it now.

00:07:30.399 --> 00:07:34.560
But to the degree of what you can share, how have you seen that progression and evolution?

00:07:35.040 --> 00:07:35.519
Absolutely.

00:07:35.519 --> 00:07:42.959
I mean, it's been the, as you said, the professionalization of hacking, network intrusion, the marketplaces that we see out there.

00:07:42.959 --> 00:07:48.720
Back in the early uh 2000s, there was a case out of our Newark office called Operation Firewall.

00:07:48.720 --> 00:07:59.360
The agent was Steve Ward, and it was uh after the apprehension of an individual named Albert Gonzalez, who was running one of the largest English-based uh carting forums out there.

00:07:59.360 --> 00:08:00.480
Um I worked on that.

00:08:00.480 --> 00:08:03.040
So that's the carting forum is.

00:08:03.040 --> 00:08:04.160
Yeah, absolutely.

00:08:04.160 --> 00:08:11.199
It's uh it's a website where you gain membership into it, and they regularly traffic stolen credit card information.

00:08:11.199 --> 00:08:16.319
Uh that credit card information could come from a gas pump skiver.

00:08:16.319 --> 00:08:38.720
It may come from a major network intrusion, it may come from a piece of malware, but we're talking about everything that you would need to either effect a credit card transaction or do a full identity takeover, whether you're just buying the track data from the credit card or you're buying what we call fulls, which include your name, your social security number, everything you can to take over a person's identity.

00:08:38.720 --> 00:08:41.039
And those marketplaces are out there plentiful.

00:08:41.039 --> 00:08:48.399
We've seen a lot of that migrate to the dark web, to the unaddressable space where you would access via Tor these days.

00:08:48.399 --> 00:09:06.000
But back in the early 2000s, it was uh open, well, not necessarily open, but regular uh web portals of web pages that were password protected, and you gained a reputation as a reliable criminal because there is honor amongst thieves, and that's how you got into those portals.

00:09:06.559 --> 00:09:14.879
And I cut you off, and then for the professionalizations, you're you're talking about this operation that you did, and you caught someone who ran the largest card for him or one of the larger ones at the time.

00:09:15.200 --> 00:09:17.679
Yeah, uh, I didn't personally run the investigation.

00:09:17.679 --> 00:09:34.240
I was in New York at a time, but I assisted with it whenever they eventually did a roundup, and we had some arrest over in New York, but it was an individual that was arrested for um for other violations, and they figured out that he was the main administrator of this um carting portal.

00:09:34.240 --> 00:09:38.240
And so in that undercover operation, there's been a lot of stories out there written about it.

00:09:38.240 --> 00:09:50.960
The Secret Service essentially took over that courting portal for a span of months and was able to apprehend multiple um perpetrators of that stolen credit card information that were located all over the world.

00:09:51.360 --> 00:09:58.720
Now, when you you think about an operation like this, uh that obviously many things have to go into the successfully.

00:09:58.720 --> 00:10:05.919
You you need cooperation against multiple teams, uh you you need uh this diligence over many months.

00:10:05.919 --> 00:10:13.840
People talk about fraud is this cat and mouse game of you know, fraudsters are trying to do things and risk teams are trying to respond.

00:10:13.840 --> 00:10:24.480
What did what did being in the government and the secret service feeling teach you about how to manage teams that that have maybe diverse skill sets and getting those different teams to work together towards this type of goal?

00:10:24.559 --> 00:10:29.919
Aaron Powell I think it it it poised us in a unique position with being in the Secret Service to begin with.

00:10:29.919 --> 00:10:37.519
The Secret Service is a very small federal law enforcement agency when you look at comparatively to the FBI and some of the other ones out there.

00:10:37.519 --> 00:10:49.120
Just when you look at the protection mission that the Secret Service has, whenever we go into a city to to set up a security plan for the president or the vice president when they travel in there, it's not the Secret Service doing that security plan.

00:10:49.120 --> 00:10:55.039
It's the Secret Service, it's the local police, it's it's the state police, it's other our other federal partners.

00:10:55.039 --> 00:10:59.600
Everybody has their piece of the pie and their piece of the puzzle to make that that plan happen.

00:10:59.600 --> 00:11:03.200
The same thing goes with the complex uh criminal investigation.

00:11:03.200 --> 00:11:06.960
Uh my specialty at the time in the early 2000s was computer forensics.

00:11:06.960 --> 00:11:11.840
We had other individuals that specialized investigating in network intrusion investigations.

00:11:11.840 --> 00:11:17.919
You had other individuals that were that were uh network administrators that had a background in IT.

00:11:17.919 --> 00:11:22.639
You need to to, nobody's gonna be an expert in anyone's situation.

00:11:22.639 --> 00:11:28.639
So you really have to be a force multiplier, and you cannot only just rely on that within federal law enforcement.

00:11:28.639 --> 00:11:41.200
When you get into large-scale operations such as that one and any of them subsequently, you have to partner with corporate America because corporate America is always gonna be a couple of steps ahead of the government.

00:11:41.200 --> 00:11:42.480
That's just the way it is.

00:11:42.480 --> 00:11:49.200
And if you're not engaging and working with your corporate corporate partners, then you're not gonna be as effective as you could otherwise.

00:11:49.440 --> 00:11:51.840
I I I there there's so much here.

00:11:51.840 --> 00:12:06.320
I I think when you talk about um the idea of kind of speed of corporate maybe versus government, definitely a hot topic when we think most people today is artificial intelligence and how you can use AI to drive uh kind of effectiveness, to drive precision.

00:12:06.320 --> 00:12:11.440
At the same side, uh, there can be hallucinations as we know.

00:12:11.440 --> 00:12:15.759
And AI isn't always about telling you where it has hallucinated.

00:12:15.759 --> 00:12:30.559
We're dealing with an area here where if you get something wrong, if you're wrong and this person actually is on a sanctions list and now the bank is able to uh is now running afoul of the Patriot Act, they could get in a lot of trouble.

00:12:30.559 --> 00:12:43.759
How do you think about that balance of you know having AI make decisions quicker, but making sure there's still people in the loop, uh, whether they're do you think that a human should always be approving from a QA perspective?

00:12:43.759 --> 00:12:46.320
What do you think that balance should look like?

00:12:46.639 --> 00:12:51.120
This is something we're going through right now in imprint, and I'm sure a lot of corporations are.

00:12:51.120 --> 00:12:53.840
How do you most effectively bring AI in?

00:12:53.840 --> 00:12:58.559
I don't think AI is a substitute for personnel whatsoever.

00:12:58.559 --> 00:13:03.440
Uh I don't believe it's going to eliminate the people working in risk and fraud.

00:13:03.440 --> 00:13:05.360
I think it is a force multiplier.

00:13:05.360 --> 00:13:10.240
It makes us more efficient, it makes us better at what we're doing and make where we can do it quicker.

00:13:10.240 --> 00:13:12.639
But there are some things that we can automate.

00:13:12.639 --> 00:13:18.879
If you train that LLM well enough, can it do, can it follow your standard operating procedure?

00:13:18.879 --> 00:13:31.279
Can it analyze the evidence, the data itself, and make an educated decision in a way that both you or like with us with imprint, we have to look to our sponsoring banks as well, making sure they're comfortable with those decisions.

00:13:31.279 --> 00:13:38.720
We don't have that in the workflow as of yet, but you know, that's always something that we want to explore is how do we properly deploy AI?

00:13:38.720 --> 00:13:41.840
How do we ensure that there aren't hallucinations?

00:13:41.840 --> 00:14:03.919
And I think, Eli, you're right on right on the the target there, that I do think that the human is always going to be involved with that, not only to make sure that it is coming through and it's doing everything accurately, but on top of that, something that I shared with you earlier before we we did the talk is I think fraud is so human-based.

00:14:03.919 --> 00:14:08.639
No matter what the fraud looks like, there's always going to be a human element to it.

00:14:08.639 --> 00:14:11.360
It's the motivation behind the criminal act.

00:14:11.360 --> 00:14:20.240
It's the motivation behind why they are are doing what and where in the steps of the intrusion or the the steps of the violation.

00:14:20.240 --> 00:14:25.679
Are they utilizing AI and other pieces of technology because they're lazy?

00:14:25.679 --> 00:14:33.120
Or are they doing it because they don't have the knowledge, you know, the old script kitties that we always used to see with malware production?

00:14:33.120 --> 00:14:36.799
Or is it just making them more efficient on there?

00:14:36.799 --> 00:14:52.799
Um that's hard for a computer always to figure out, and I think the human has to be evolved in there, and experience really drives that in evaluating um what the the accuracy of those fraud investigations would look like.

00:14:53.360 --> 00:14:58.480
Yeah, you shared with me in advance a line that I love, which is fraud is fundamentally human.

00:14:58.480 --> 00:15:13.360
And I think this is really interesting when you think about AI, and I I like, and you did as well, to bucket synthetic fraud in here, in that what when you think about what synthetic fraud is, it's creating identities, nurturing them into a bureau that shouldn't exist.

00:15:13.360 --> 00:15:19.919
AI makes it easier to create combinations of this, and Gen AI makes it easier to create more fake identities.

00:15:19.919 --> 00:15:25.200
So AI and synthetic are increasing the amount of overall identities we have to sift through.

00:15:25.200 --> 00:15:35.200
When you say fraud is fundamentally human, I'm guessing that you're kind of staying to the fact that at some point a human must do something to take advantage of these identities.

00:15:35.200 --> 00:15:40.720
You know, the fraud technically isn't necessarily happening at the moment of application, is what you're doing with it.

00:15:40.720 --> 00:15:42.960
What do you how do you think about that?

00:15:42.960 --> 00:15:45.600
How do you think about kind of deriving the intent?

00:15:45.600 --> 00:15:49.600
Or or do you even kind of uh do you think it even steps starts to step sooner?

00:15:50.000 --> 00:15:53.440
I think more than anything is I'm looking for the motivation of what's happening.

00:15:53.440 --> 00:15:57.919
Why is the person doing what they're doing on the platform?

00:15:57.919 --> 00:16:02.159
Are they trying to gain access to the platform to steal information?

00:16:02.159 --> 00:16:08.159
Are they trying to gain access to the platform to exploit uh stolen information they already have?

00:16:08.159 --> 00:16:17.120
Do they have a bunch of of stolen account numbers that they're looking to engage in money laundering to wash money in one way or another through a transaction?

00:16:17.120 --> 00:16:24.559
I think the human is always part of that because uh fundamentally people are greedy and people are lazy.

00:16:24.559 --> 00:16:38.000
And to what extent that's what dictates where they fall in the fraud line is how greedy are they, how lazy are they, and how determined are they to try to exploit your your network and exploit your platform.

00:16:38.639 --> 00:16:46.080
And do you do you think, um, what when you're kind of talking about I I like the thing in that we say we work in many different verticals.

00:16:46.080 --> 00:16:54.399
And I say on the one hand, fraud is fraud, in that the tool you use to catch synthetic fraud for a real estate company is probably the same tool you're using to catch it for a credit company.

00:16:54.399 --> 00:17:03.759
However, I say fraud is not fraud in that the real estate company is worried about eviction rates going up and the credit lending companies worried about uh chargebacks and disputes.

00:17:03.759 --> 00:17:07.119
So these are worried about fundamentally different motivations.

00:17:07.119 --> 00:17:13.519
When you talk about this and figure out the motivation, do you think that changes from your perspective?

00:17:13.519 --> 00:17:14.960
One, I guess.

00:17:14.960 --> 00:17:19.279
Do you think fraudsters operate in multiple uh kind of vectors?

00:17:19.279 --> 00:17:27.279
Like are fraudsters a diversified horizontal suite, if you will, where they're kind of trying to use the same tools to get access?

00:17:27.279 --> 00:17:39.599
Uh or do you think that kind of you've seen maybe a develop of specializations where there are different kind of fraudsters or rinks that have developed specialties at romance scams or develop specialties at defrauding certain types of companies?

00:17:40.000 --> 00:17:46.960
I think overall we see a great uh specialization, uh, especially if you look back at the marketplaces we discussed earlier.

00:17:46.960 --> 00:17:50.799
If you go in there, you could shop around for exact skill set you need.

00:17:50.799 --> 00:17:54.319
Did you need somebody that was a malware writer?

00:17:54.319 --> 00:17:59.759
Did you need somebody that was able to deploy the malware and collect the information from you?

00:17:59.759 --> 00:18:06.240
Did you need to go in and purchase large-scale access devices so you can go out and exploit them?

00:18:06.240 --> 00:18:10.240
Did you need somebody to produce fake identification documents for you?

00:18:10.240 --> 00:18:13.440
All those specialties are out there and available.

00:18:13.440 --> 00:18:20.319
And the individuals in the criminal uh, the overall marketplace, they serve different functions.

00:18:20.319 --> 00:18:33.200
Uh, if you're really good at running a set of mules, mules would be people that if you have a bunch of credit card numbers with associated pins, debit cards, and you encode them to white plastic.

00:18:33.200 --> 00:18:42.799
And in previous years, you used to mail those pieces of white plastic out with the ATM numbers, and you would have people go out and actually go to the ATMs and do cash outs.

00:18:42.799 --> 00:18:44.960
Uh, we still see that from time to time.

00:18:44.960 --> 00:19:06.079
We've seen uh lately a lot more of ghost tapping where they will preload several credit card numbers into virtual wallets via Google Wallet or or Apple or things of that nature and encode those on phones and actually ship the phones out so the phones can do can do the transactions at the point of sale uh right from the phone.

00:19:06.079 --> 00:19:10.480
There's a lot of specialization in there, and it's just what is your motivation and what do you need?

00:19:10.480 --> 00:19:13.039
What piece of that do you need to complete your fraud?

00:19:13.440 --> 00:19:14.799
You brought up Mule accounts.

00:19:14.799 --> 00:19:18.960
There's this interesting study, I think, that I could be slightly off on it.

00:19:18.960 --> 00:19:24.559
Uh Texas is the state with the number one remittances via bank to Mexico, which makes sense.

00:19:24.559 --> 00:19:25.519
Uh, it's on the border.

00:19:25.519 --> 00:19:37.599
And I believe uh one year Minnesota was two, which people thought was very suspicious, in that this seems like these are perhaps accounts being leveraged to send money uh with less of a connection.

00:19:37.599 --> 00:19:40.240
And I want to throw this to you for two reasons.

00:19:40.240 --> 00:19:48.400
One is I think mule accounts are on the rise because fraudsters realize that they may not be able to open accounts anymore, so can they get people to do their dirty business?

00:19:48.400 --> 00:19:59.759
But two, to me, this goes back to I think an important area that uh when we talk about fighting fraud, we're fighting, you know, like that example is highlighting how cartels bring in money to them.

00:19:59.759 --> 00:20:03.839
And do uh kind of crime and and and traffic substances.

00:20:03.839 --> 00:20:15.279
And I think maybe I'm curious, do you uh like kind of bring a sense of like and I mean this in the most sincere way, kind of real pride of what you're working on in the Secret Service?

00:20:15.279 --> 00:20:20.880
Those organizations aren't discriminating if they're targeting government or private companies, but they're using the proceeds all the same.

00:20:20.880 --> 00:20:25.920
And I feel that maybe we we don't spend as much time talking about what does it mean to catch a bad actor?

00:20:25.920 --> 00:20:28.720
Who are those bad actors and what what would they actually be doing?

00:20:28.720 --> 00:20:32.880
So I know that was a lot, but I'm curious from mule accounts to to cartels.

00:20:33.519 --> 00:20:37.039
Well, I think we're unique when we're talking about the Secret Service.

00:20:37.039 --> 00:20:40.480
Um when we were formed, we were part of the Treasury Department originally.

00:20:40.480 --> 00:20:44.400
And then after the Patriot Act, we became part of the Department of Homeland Security.

00:20:44.400 --> 00:20:50.240
Um we have always been a white-collar financial fraud investigation agency.

00:20:50.240 --> 00:20:56.240
And that's why we are always interested in protecting the payment, uh, the payment networks of the of the U.S.

00:20:56.240 --> 00:20:57.039
corporate system.

00:20:57.039 --> 00:21:00.880
So that's why we are always involved with access device fraud from the beginning.

00:21:00.880 --> 00:21:08.559
Um and what differentiates us from other law enforcement uh entities is just that is we're looking for in fraud.

00:21:08.559 --> 00:21:21.279
Uh we changed the vernacular that we used for for access device fraud and other crimes that the Secret Service um investigated several years ago to say that we we were investigating cyber-enabled fraud.

00:21:21.279 --> 00:21:27.200
So that would be any type of fraud where uh some type of some type of cyber is involved with it.

00:21:27.200 --> 00:21:30.079
Are you using crypto to use to move the money?

00:21:30.079 --> 00:21:32.559
Are you trafficking in the credit card numbers?

00:21:32.559 --> 00:21:35.200
Are you exploiting those credit card numbers over the internet?

00:21:35.200 --> 00:21:38.640
Are you re-incording white plastic and doing it at ATMs?

00:21:38.640 --> 00:21:40.559
Are you going in and doing point of sales?

00:21:40.559 --> 00:21:43.359
We look at it more in the financial fraud side of it.

00:21:43.359 --> 00:21:45.519
Now, you brought up cartels and things of that nature.

00:21:45.519 --> 00:21:49.920
There's also what we could look at when we're talking about especially network intrusions.

00:21:49.920 --> 00:21:52.480
Are we talking about nation-state and things of that nature?

00:21:52.480 --> 00:22:01.519
The Secret Service overall, we don't have any Title 50 authorities, so we are not an intelligence agency as the way FBI is uh when they're dual hats.

00:22:01.519 --> 00:22:07.039
So when it came to nation-state type of investigations, we would not actively engage in those.

00:22:07.039 --> 00:22:15.119
But with the Secret Service, we were always looking for that financially motivated criminal looking to exploit the uh financial services networks.

00:22:15.599 --> 00:22:17.680
It it's it's really interesting.

00:22:17.680 --> 00:22:32.960
Um when you when you think about kind of looking to exploit financial networks, would will you be going preemptively to a payment rail or some type of method and saying we think this is an exploitation that you should be worried about?

00:22:32.960 --> 00:22:48.160
And part two of that is how do you feel about now with whether it's stable coins, agentic commerce, or like there are newer methods that are being introduced and regulations definitely lagging behind, protocols are lagging behind.

00:22:48.160 --> 00:22:50.240
I still haven't really seen much with agentic commerce.

00:22:50.240 --> 00:22:57.759
Um but how how do you uh and I'm not sure when we will, but that's not for me to raise money on, so I'll let them figure it out.

00:22:57.759 --> 00:23:12.640
But when you think about these new uh these new methods, how do you how do you think about kind of like what should the role be of government or agencies to make sure that these are actually built in a way that the protocols aren't able to be exploited?

00:23:12.960 --> 00:23:24.079
That's a that's a tough question because I would often say that a lot of those exploitations that are out there to exploit the payment rails that we don't know they're out there, I don't think it's going to be the government that identifies them.

00:23:24.079 --> 00:23:27.519
I don't necessarily think it's always gonna be the criminal element that identifies them.

00:23:27.519 --> 00:23:32.960
I think it's gonna be corporate America as we're going through and we're looking to implement these new methods.

00:23:32.960 --> 00:23:35.839
I am absolutely fascinated by stable coins right now.

00:23:35.839 --> 00:23:40.160
Um I'll I'll talk those upside, uh one side up and the other.

00:23:40.160 --> 00:23:45.680
I think that is the next step of what we're seeing in payment systems, especially for cross-border payments.

00:23:45.680 --> 00:23:50.400
And AI is going to be involved, especially what you said with the genetic commerce.

00:23:50.400 --> 00:23:57.039
And we just saw, you know, the disagreement that we've got going on right now with ChatGPT and with Amazon.

00:23:57.039 --> 00:24:12.400
Are those are those agenic merchants going to be able to operate on Amazon, or is Amazon rightfully classifying them as a bad actor because it does have the same indications of somebody looking to exploit their their platform?

00:24:12.400 --> 00:24:16.160
A lot of these problems, I you can't look to government for that.

00:24:16.160 --> 00:24:23.359
And that's why it's particularly interesting for me for being out of government now and being in private industry and is and being in a startup.

00:24:23.359 --> 00:24:28.720
You know, imprint's been around for a little over five years now, so we're still a small pre-public company.

00:24:28.720 --> 00:24:31.839
And it's fun because we are moving at the speed of light.

00:24:31.839 --> 00:24:34.640
As soon as we can figure something out, we're we're moving along.

00:24:34.640 --> 00:24:37.519
The same thing with you guys, Eli, with Footprint.

00:24:37.519 --> 00:24:39.200
You guys are doing the exact same thing.

00:24:39.200 --> 00:25:00.319
I think a lot of what we're going to see for the agent of change that is going to come from small, young, nimble companies like ours that are addressing the issues in the space as they're seeing them in real time because we're not hamstrung by the old brick and mortar uh financial services processes that some of our larger corporate partners are involved with.

00:25:00.720 --> 00:25:03.039
Think about, I guess, the future of the space.

00:25:03.039 --> 00:25:04.160
What gives you hope?

00:25:04.160 --> 00:25:19.200
Like what have you kind of discovered that has really given without you know letting people know what they can't do to get past you anymore, but what broadly do you think kind of is giving you hope that kind of there are more and more tools for people like you in the seat uh of fighting these threats?

00:25:19.759 --> 00:25:27.279
I think by enabling some of the more uh innovative ways of making payments out there, it's going to make it more secure.

00:25:27.279 --> 00:25:28.720
I think blockchain is a great thing.

00:25:28.720 --> 00:25:30.400
Blockchain is highly traceable.

00:25:30.400 --> 00:25:34.720
It's it you can you can utilize some really good tools to figure out who's doing what.

00:25:34.720 --> 00:25:37.279
Once it hits the blockchain, it's then it's in there.

00:25:37.279 --> 00:25:40.400
You just have to learn how to how to how to utilize it.

00:25:40.400 --> 00:25:42.480
Stable coins fall right into that.

00:25:42.480 --> 00:25:56.559
I think by utilizing crypto, you know, back in the past, when we were talking about it in the early 2000s, we were talking about web money and e-gold and some of these old um online currencies that work just because we agreed they work.

00:25:56.559 --> 00:26:11.359
Now that we're seeing crypto with blockchain, based off the blockchain, Bitcoin, uh, Ethereum, Solana, uh, everything we're seeing with stable coins, USD, USDC versus USDT, you know, with the Genius Act being passed this year.

00:26:11.359 --> 00:26:26.559
Um seeing that coming back into shore, where we were seeing a lot of things with stable coins going offshore in the past couple of years, because maybe we weren't as as forgiving for those new technologies with the U.S., but we're seeing more of it going on now.

00:26:26.559 --> 00:26:48.319
I guess just a long-winded way of saying there's so much that is changing and has changed quickly in the last couple of weeks to months in the crypto space that I believe that what was largely seen as foreign just months ago that nobody understands when we say stablecoin, it's just some fad that we're actually seeing it be endorsed by U.S.

00:26:48.319 --> 00:26:52.480
government entities, by major corporations like JP Morgan Chase.

00:26:52.480 --> 00:27:05.359
And then you have the preeminence of a lot of what were going on with the with the fintechs, with Coinbase and others, Fireblocks, all those type of companies that are just really making these technologies mainstream.

00:27:05.359 --> 00:27:07.839
Could you maybe touch on the traceability aspect?

00:27:07.839 --> 00:27:09.599
Why is that so tough traditionally?

00:27:09.599 --> 00:27:12.400
Mainly because it's an education gap.

00:27:12.400 --> 00:27:14.880
People need to learn how to utilize the tools.

00:27:14.880 --> 00:27:16.160
The blockchain is there.

00:27:16.160 --> 00:27:19.200
I'm not the best, I'm not the most well trained on it.

00:27:19.200 --> 00:27:30.799
I have experience in it, but we always utilize people that have more experience that we're doing that to assist us in law enforcement to do those, uh, to utilize those tools on the blockchain to look at them.

00:27:30.799 --> 00:27:34.480
But the capability is there, the technology is there.

00:27:34.480 --> 00:27:36.799
You just have to learn how to utilize it properly.

00:27:36.799 --> 00:27:39.519
And like I said, I'm not the best one to speak to that right now.

00:27:39.839 --> 00:27:41.839
A final fun question for me.

00:27:41.839 --> 00:27:43.839
Uh, you may or may not be able to answer it.

00:27:43.839 --> 00:27:45.440
Did you ever get to ride in the beast?

00:27:45.759 --> 00:27:49.680
I never rode in the beast because I was never in the transportation section.

00:27:49.680 --> 00:27:54.720
I was in the follow-up vehicle, the very large uh suburban that followed it quite often.

00:27:54.720 --> 00:27:56.640
But uh no, never on the beast.

00:27:56.640 --> 00:27:59.440
Was on Air Force One, was never on Marine One.

00:27:59.440 --> 00:28:03.599
But uh yeah, we uh we there were some unique experiences there.

00:28:04.559 --> 00:28:05.599
I'm sure.

00:28:05.599 --> 00:28:08.319
Jason, thank you so much for coming on.

00:28:08.319 --> 00:28:13.440
Really appreciate you coming and sharing sharing these stories and all you've learned and appreciate all the work you do.

00:28:13.680 --> 00:28:18.720
Uh I really appreciate the opportunity and uh look forward to running into you again sometime soon.

00:28:18.960 --> 00:28:20.160
Likewise, sir.