Author Archives: Ohad

Lost knowledge and failing teams: how managers undermine successful cultures

Leave a reply

My last year at the army was as a cadet instructor. This was the last step in the training of officers in my core, training young platoon commanders, and we all took pride in the structure of the course which – after having gone through it with several cadet groups – we felt like we almost perfected. When we finished our last course two months ahead of getting discharged, the team spent all this time to document and preserve the methods, drills and exercises we ran our cadets through.

One single month after most of us left, the course commander was promoted to a senior position within the core, and a replacement was pooled from within the ranks. His first move? Throwing all of the documentation out the window and declaring it obsolete. Now, were we the best instructors who ever lived? Probably not. Did he know a thing or two about cadet instruction? I should hope so. Was this move smart? No way.

The same thing happens every day in the business world, especially in medium and large companies. Lately I’ve been investigating a new industry and wondered why some very simple optimization steps haven’t been adopted. I kept wondering until I ran across an experienced advisor, who told me the story of how my suggestions were implemented in the early 90s. Wait, I asked, so why aren’t they doing it now?

They forgot, he said. They forgot. Spend a moment to realize how interesting this is.

People remember, organizations forget, and the vehicle of that forgetfulness is managers who are too short term focused to recognize that an aspect of the culture has to be maintained or improved. They tend to neglect knowledge transfer and maintenance until the loss of key employees leads to key knowledge having to be re-learned over and over again.

How do you make sure this doesn’t happen to you?

  • You must have a work manual, your “bible” so to speak. The manual is where your methods and terms are kept and what new employees get trained on, repeatedly, until they speak your language. Organizational culture doesn’t evolve bottom up on its own, or rather it does when you don’t pay attention to it but not necessarily as you’d need it to. Anything from how you treat your customers to expense report ethics is impacted by what you instill.
  • The manual must evolve. In my teams most of the new entrants were required to add to the training plan, based on material they were missing when they went through it, as close as possible to their start date. The “beginner’s mind” is priceless in challenging your status quo and your manual’s assumptions. Use that.
  • No single points of failure. Code must be documented, responsibility must be shared or at least have some redundancy. Everybody should be replaceable – that doesn’t make them expendable or not important, just not single points of failure. If you need to contract a developer who left last month since he is the only one who knows his part of the code, you did something wrong.
  • Have a succession plan. This is related to the previous point but very hard to implement in fast paced organizations and war-time. Still, as long as you’re growing, your team must be filled with people who are ready, and preparing, to step up. You will usually not enjoy the luxury of a transition period for any of your key hires, and being left without anyone to take a job will spread you thin and rattle the team.
  • You don’t have to make a change. I’m not saying “If it ain’t broken, don’t fix it”. What I’m saying is that if it clearly works well, don’t change it. You don’t have to leave your mark on everything. Find what’s not working and fix that before going after the low hanging fruits of your comfort zone.
  • Last, but maybe most important: Always understand the reason. Aristotle is attributed with the saying “Law is mind without reason”. Many senior managers never bother learning the details of the day to day work of their teams, and thus remain unqualified to make some very important decisions, that they take anyway. If you don’t understand why something was put in place, if the reason behind a norm or method is lost, investigate. Don’t assume it’s wrong. Understand your subject matter, then use your best judgement to decide.

The worst thing you can do as a succeeding manager is break something that works well. The best thing you can do is build on strong foundations to continue driving your team to success. Doing that is pretty straightforward, albeit not very easy.

Getting advisors on board: a few practical tips

Leave a reply

One of the kinds of help you get in a startup comes from advisors. It makes sense: getting an experienced person to be tied to your company and help you out when you’re stepping in a path they’ve already taken is smart, and well worth the price.

It’s not an easy task: an advisor is a pretty vague term pertaining to anything from just having some big name on your newco’s website to someone actually being hands on with the product or the executive team. Accordingly, approaching potential advisors and compensating them is a repeating issue. As I’m being approached more regarding advisory positions in various companies, I’ve noticed a few common pitfalls in the way this matter is being handled by entrepreneurs.

First, the initial communication. It’s always best to get introduced through a mutual connection, but sometimes it’s impossible. I’ve had some success in cold emailing advisors, potential customers and so on – on LinkedIn and with other means, and most messages I get do not comply with a few simple rules of structure:

  • Have a short and meaningful title (i.e. not “Hi”).
  • Start with an explanation of why you’re emailing this person, with an emphasis on their interest (leading with praises of your achievements and following up with how I can help you is not appealing).
  • Explain what you do succinctly. No one is going to read a wall of text, a long presentation or look through 5 minutes of video tutorials. If the value isn’t immediately clear, you have bigger problems than getting an advisor.
  • Given a brief explanation of where you think this person could help. Again, use language that creates interest: instead of “It would really help us if you could work on setting up our xxx function” use “I thought you’d be interested in providing your feedback about what were doing”. Language that hints to limited engagement will get you more responses.
  • Refer to something they might get out of the engagement. This can be a hint to proper compensation but can also be an offer to exchange knowledge, whatever you feel is right for your negotiation tactics. I always prefer an upfront offer.

Second, be respectful of their time. Coffee is better than lunch. A short phone call is better than coffee. If what you’re doing is interesting to them you’ll get the second meeting – when someone asks for lunch right out of the blue, I get the sense that they’re more into schmoozing than doing. My time is limited, and so it the time of anyone you’d want as an advisor.

Last, have an ask ready. When the meeting is done, don’t ask what the advisor can do for you; if you don’t know that in advance, you shouldn’t have turned to him. Have a few options for working together relatively defined with a ball park of compensation attached to them, and be ready to negotiate. Failing to do that makes you look unprofessional and might make you lose the opportunity – anyone worth having as an advisor has very limited time for engagement.

Getting an advisor on board isn’t very easy. Follow these steps and you have a better chance. Remember – word travels fast, and especially with high profile individuals, even if you can’t get them on board you want to make sure that you engage with them properly. I would be much more inclined to take an introduction or even work with a team that’s better focused on how and when I could help them.

 

What are the risks of mobile POS systems?

Leave a reply

I’m embedding another Quora answer, since this is a topic that gets debated quite a lot. I don’t view mPOS as inherently more vulnerable, and frankly, the limited scale is (as always) the reason why I believe fraudsters will go elsewhere. Online is almost always easier.

Read Quote of Ohad Samet’s answer to Online and Mobile Payments: What are the risks of mobile POS systems? on Quora

Why isn’t anyone using MoneyBookers?

3 Replies

An excellent answer on Quora shows what old school (10 years old) payment services look like, and also explains why is MB only active in adult and gambling (without mentioning it’s obscene pricing).

EDIT: See Daniel’s response below, it seems like the facts here are disputed (as well as my understanding of Skrill’s business model. I haven’t looked at the company deeply since 2005 or maybe a bit later). My apologies to the team.

Read Quote of Patrice Laperriere’s answer to Why nobody uses Moneybookers (now called Skrill) anymore? What’s wrong with this payment system? on Quora

An Englishman (or Israeli) in the Valley: why lingo matters when you pitch

1 Reply

One of the fun things I sometimes do is help startups with various aspect of their business. Naturally, often these are risk, security and commerce startups; however, as an Israeli in the Valley I am also often asked to give feedback before a fund raising trip for Israeli, and sometimes European, startups.

When looking at pitch decks and listening to founders talk about their work, I hear almost nothing different than some of the most talented young entrepreneurs that I meet in California: same drive and enthusiasm, product and technology understanding, care for users and creation of value. However it’s quite often that I start my feedback by saying: “You have a great team, product and market, but the way you deliver your pitch you’ll have a really hard time getting funded around here.”

The reason? They don’t talk the talk. Their lingo is off.

Some of you may scoff. “Talking the talk” is a lot of time connected to hype, lack of substance, hustle with no meaning. That is not the case. Communicating value and traction is almost as important as creating it, since without the realization that value is created, you’ll have a hard time getting others on board. It has been demonstrated, through a series of researches starting as far back as the 70s, that native speakers tend to underestimate non native speakers with heavy accents on many aspects including intelligence, work competence and social status. Unfair? Maybe, but an important reality you must accept and learn to work with so you can succeed. It is not only about accent, though; it’s also about the words you use to communicate your ideas. There’s a lot of (rightful) snark around terms like “growth hacker”, “data scientist”, “social media expert” etc. and I’m not suggesting that you fall into the trap of using only hyped up terms (that would peg you even more as a provincial noob). Consider these questions: what’s considered an engaged user? What counts as traction? What are DAU and MAU and when are they relevant? Do you say “top line” or “revenues”? Should you describe yourself as “the X for Y”? Are you innovating, disrupting or ground breaking (or neither)? Using the right terms matters.

How do you do that? Approaches vary, and depend on the time you have available. Max Levchin, not one to take the easy way out, is one of those who invested a lot of time. He once told the story of how, as a teenager, he forced his Russian accent away by listening to and imitating American movies. You may not be available to take something like this on, though. The second best alternative is, like in any online forum, to lurk around until you get it. Reading Valley-speak-heavy blogs like TC and PandoDaily is one way to go, but participating in meetups such as Hackers & Founder and 106 Miles and hearing how others pitch their ideas is a priceless experience. Last but not least, practicing with a native speaker before you pitch is a very good idea.

Raising money is never an easy process, be there a bubble or excess of funds or whatever other story publications are now selling. You need to be able to tell your story in a way that resonates with people, and much like you wouldn’t expect pitching only in your native language, you must be prepared to use the right lingo for the right ideas. Too often do I see founders missing that point and ending up making a much lesser of an impression than they should. Don’t let that come between you and continuing to grow your company.

Forget Big Data

4 Replies

These are the slides from a talk I gave last week. The gist of it: “Big Data” in Fraud and Risk prevention for payments won’t suffice, and must be augmented by domain experts (including a few notes about reasons for that, a bit about domain experts, and some real life examples). Nothing new for readers of this blog, but you may find the slides or wording helpful.

 

Even good things come to an end – Why I’m leaving Klarna

2 Replies

I wasn’t sure I was going to write this post, but I’ve had several of these conversations in the past few weeks and putting my thoughts here is a good kind of closure.

The Analyzd team joined Klarna in 2011 to bring our way of doing Risk and Product to a company that was starting its international push. Klarna simplified payments in a way I found appealing but was easy to fraud and abuse, and what we brought to the table made a difference. It was also my first attempt at testing my philosophy about Risk completely on my own – not as a group leader in a small startup or a huge behemoth like PayPal but a company in hyper growth. Boy, was I in for a ride!

It’s been two years. I learned a ton – first, that this thing really worked. The amazing team and I managed to bring Klarna to new levels of fraud and risk prevention as well as technical prowess, introducing technical and predictive innovation that allowed for some of the lowest rejection and default rates in the industry on an annual payment volume of close to $2.5 Billion in online, real-time short term credit. Klarna Risk is not only a great place to work at and a well-oiled machine delivering results but also a great place to be from, and I expect many of the young leaders to move on to lead teams in the coming 5 years, much like the FraudSciences team did. I also learned what it means to be part of a hyper-growth company, raise money and work with some of the most impressive VCs in Financial Services and in general, work with regulators and traditional finance companies and many other things.

I also learned something else – I like building and inventing, much less so the exec type, and with the team’s maturation they needed me less. After much deliberation I decided that it’s time for me to go a build something new, and let the professional executives run the show. I’m leaving behind a big, mature and strong team led by some of the most talented people I had the fortune to work with and a company with a bright future, led by smart and capable leaders. I will continue to be bullish about Klarna’s ongoing success and help them out as much as I can, while I go back to square one and build something new, hopefully again something helpful.

I am slowly transitioning out of my role, and will stick around through the end of 2012, but come 2013 I am planning to be out and about. More info on my next steps to come in the near future. Stay tuned.

Feature companies in risk and fraud (or: enterprise and consumer startups are different)

Leave a reply

David Pakman quoted Tim Armstrong today: “I’ve seen too many feature companies get hot, raise too much $ and get way too overvalued.”

It is interesting to see that this is true in various markets. The trend is extremely obvious in payments/security as well, and is a by product of the boom in seed funcing for consumer startups. I wrote extensively about payments startups and how important it is to know where you are in the value chain. The thing is that I see the same in risk and fraud detection, where you’d expect the need for complete and complex products to be obvious.

Indeed, the concepts of consumer and lean startups trickled into enterprise; as a result, small 2-3 person teams are trying to build rudimentary detection mechanisms, mostly based on “social data” (a euphemism for opt-in Connect or scraping Facebook directly) and expect to position themselves in the market as serious providers in a short time frame. This is far from a reasonable expectation, however since money is abundant and is only looking for a way out of pure consumer plays, some of these teams get funded and end up overvalued and unable to cut losses with an acqui-hire, the most likely scenario.

While I agree consumerization of the enterprise is real, this is not a sustainable approach. The definition of an MVP (much more feature complete) and iteration (much longer) as well as what it means to do customer development is very different in enterprise. Small merchants continue to think more and more like consumers and are becoming more tech savvy, and that leads to more usage of SaaS tools and more openness to outsourcing some non-core activities (in eCommerce, fraud prevention may well be considered non-core). That doesn’t mean they are open to testing any new tool that gets put out there; the time as well as expertise to integrate and evaluate its performance may be more than they can afford. You can’t trust your tool to just get picked up at random to a reasonable scale and learn from there, unless you have a very big war chest; then we go back to the funding issue.

Case in point is device fingerprinting (DFP) companies. A few years back DFP (a lot of times a glorified javascript) was all the rage. Since it wasn’t a text or flash based cookie most fraudsters, themselves not more than script kiddies, did not have the knowledge or tools to properly resist being profiled. As a result, for a while it worked well especially in reducing short term horizontally scaled attacks. Only there were a few problems: overfunded companies built too big a team, especially heavy on the Sales side since Sales cycles with financial institutions were long and require a lot of patience, as well as multiple integration solutions. Since the teams were big and sales took time each contract had to be big, so pricing went up as much as possible rather than adapt a freemium model that could boost adoption. Moreover, once fraudsters and engineers caught on it was easy to circumvent or duplicate, either internally at retailers and banks and by competitors. As a result, most of these companies are struggling and dealing mostly with litigation against competitors for some negligent IP.

In enterprise, specifically in security, one feature isn’t enough, starting lean is more complicated, and just a feature will not do not matter how many patent you have pending. One option is to take your time to come with a holistic solution, and that is tremendously harder to build (in fact, since FraudSciences was acquired, only Signifyd and Sift Science have tried building a standalone risk-as-a-service solution). The other is to start very slow and very lean, and raise very little capital. MaxMind is a good example of the latter. It’s a whole different world out there now, especially for enterprise startups. Make sure you build a real product that can sell. Don’t built a feature.

Vouch for me: social collateral and voter fraud

4 Replies

With the elections concluded and the winner decided, a few words about voter fraud and identification.

There has been a lot of talk about voter ID requirements and policing and its sometimes adverse effects (such as this story about an elderly woman not allowed to vote since she doesn’t drive and therefore has no driver’s license). Voter fraud and voting machine malfunction have been contentious subjects; in previous campaigns, there have been multiple cases of identity fraud – as bad as dead people registering to vote.

How do you solve the problem of identification? Interestingly enough the suggestions are very similar to attempts for stopping account take-over in online services. There are basically two common responses.

The first is – get a 3rd party certificate. The equivalent in the online world is using Facebook connect – basically your online passport – or other types of openID solutions. That requires trust in that 3rd party. We know that FB is riddled with fake accounts, but as far as government issued driver’s licenses our trust is a little bit more warranted – if only due to the physical, offline nature of issuing a new one.

The second is – issue yet another authentication factor for citizens to identify themselves. I wrote about this topic in the past; issuing new secrets tends to not work (since fraudsters will target getting those secrets, and will be less likely than legitimate users to have them handy when prompted). Using biometrics, such as DNA samples or finger prints, as the blogger I linked to suggests is the beginning of a slippery slope of lack of privacy[1].

Let me offer a third options: social collateral. Let groups of pre-registered voters vouch for one another as being who they are, as long as at least one of them can be recognized with a government issued ID, while you register them jointly as a “voting batch”. Have those people sign a pledge to maintain voting in good faith. The mechanics of having to commit to that pledge as a group as well as include at least a minimum amount of outside validation will govern against voter fraud. This could be a cheap, reasonable and research-supported way to enforce identity and reduce incentive for fraud.

As President Obama noted in his acceptance speech, the voting process must be fixed in the next 4 years. Using social mechanics is one way that must be considered.

[1] Edit: In the comments, Nir Alfasi presented a biometric solution that doesn’t require an actual database. I believe it still falls under the complexity of the first  type of solutions since it, too, requires pre-registration. It’s however good to know that such solutions exist.