Broken Trust – Sift Science

As written last year (The Coming SaaS Pricing Armageddon) we are headed to a reckoning for many unicorns and software companies. While I didn’t expect it to happen so soon I guess the downfall always happens quicker. Anyways Sift Science aka nowadays Sift is the canary. There are a few companies sharing this name, but this is focused on the fraud prevention tool. It is not enjoyable to write a potential obituary of a company, but I don’t see how they pull up from their spiral with the bad moves made over the years. But like many newspapers I thought might as well be prepared with a story. While I ultimately believe they will survive long term aptly non-unicorn status this is more about the disappointment of them straying away from their original mission. I do understand it might be a necessary evil of the modern economy, but change should be done in an ethical manner.

Let’s start from the beginnings when I was first introduced to Sift. As a consultant you get the privilege of seeing many problems and solutions from varying companies. Sometimes there is no OTB solution, but you may get lucky with a tool fitting exactly your requirements. Back in 2014 I was looking for a solution to help with ecommerce fraud. There was little to no solutions for big non-enterprise companies. You had to setup massive contracts / on-prem implementations and hoped they provided good information about risky orders. Most of the reviews were negative about the legacy providers so I didn’t go down that route. Along came Sift Science a startup that provided what everyone wanted. It promised machine learning and a network of protection with a community that fought together against bad actors. Being in the fraud industry many have the feeling of being in their own silos working with little support against a siege of fraud. Companies rarely share their strategies as each have their own secret sauce to stop fraud. Now Sift Science had a dead simple integration and setup experience. In no time we could see the power of the solution and how great it was for investigating fraud. The video linked is similar to the interface I remember when we first started using it The network feature was comprehensive with the clear mapping of bad actors across different sessions and identifiers. We knew competitors were using the solution so even though we directly went after the same customers we saw we were sharing the same goal to stop fraudsters.

Everything was not perfect at the start but Sift was willing to work with everyone to make their product better. Their pricing was also so competitive I heard from some companies it basically was free. This made sense to me as they were growing and wanted a good dataset to accurately score payments. In machine learning having more data is critical. I found some old correspondences with their teams and it shows how responsive and enthusiastic they were about the problem. Michelle was helpful getting the team integrated and brought in other team members (Marcus) when she couldn’t help with a technical question. They were even open to new ideas and actively sought feedback on the product. There was also a simple way to use live chat with their team. The developer documentation was amazing with integrations examples in multiple programming languages. I remember getting on maybe one call with their team about the product to provide some feedback and chat. It was positive and enjoyed their inquisitive nature into complex fraud problems. Even though I knew the companies I consulted with weren’t their largest client they still took the time to improve their product. I remembered too feeling a part of the Sift community as a customer which is a great motivator in creating a robust solution. Back when free t-shirts were all the startup craze I was sure to grab one from Sift and wear it proudly. Even if my wife mocked it as being nerdy, I kept wearing it the below picture showing the luster faded away. Over time Sift made a series of moves that eventually led it to the conundrum it faces now.

There are various ways to benchmark a SaaS or to evaluate the health of it. Ultimately a lot of it falls on the people running the company as they are the brains of the operation. Looking at the team they had some smart founders that obviously set them on the right track. There must have been growing pains and other undisclosed problems as the original founders eventually both ceased their day-to-day activities. While after the initial Sift setup I didn’t have much correspondences with the team as everything just worked I did notice a few things change. The live chat disappeared as well as the helpful employees around 2017. They had moved on to new companies. I brushed it aside as necessary for a growing company to mature and scale. During this time the product stayed relatively the same working fine in the background. The main improvements came from the vast clients they were onboarding which made the network effect even more powerful. The UI kept improving too but to the point I started to wonder was that all? Looking at a products changelog, blog posts, and archived pages can give some insight into the companies direction. Sift started to fall behind with more and more times I felt key features were missing. Fraudsters were not going to give up but they too eventually adapted to outsmart Sift. I started seeing cases where no signals were caught by Sift and the bad actors had strategies that countered the once powerful Sift. They did pioneer in their ability to attract Architects that had real world experience countering fraud. However, I think after time those architects missed opportunities by not actually fighting fraud in the weeds. Seeing live fraud in action is almost always the best way to experiment and think about ways to stop it in the future.

I remember one day in 2019 coming across a WSJ article about Sift thinking great more companies will use the tool making it better at stopping fraud. However, it was about some of the downsides of the technologies that I previously brushed aside thinking it was the only way we could stop these bad actors. Over the years though I have noticed many false cases showing there are limitations with the technology and actions using the Sift score should be reviewed. The bad publicity didn’t help with other articles coming out but eventually the news cycle died down. It would have been nice if they were more forward thinking about a solution to the privacy issues such as Identiq introduced later on. At this point the momentum of Sift seemed to be stalling. There were less changes to the product and the value of everything kept decreasing.

There was one change which was the workflow feature which took a long time to get right with their initial release too confusing and complex to use. The pricing however stayed consistent so they were still probably not making much profit with their large overhead. Looking at the historical records of their enterprise customers and 3rd party intelligence I started to notice some big clients missing. Uber, Grubhub and Opentable were big supporters of the tool originally but maybe they just wanted the fact hidden as most companies don’t want fraudsters to easily know which tool is being used on the backend. Interestingly doing research on fraudsters you will find that the tool doesn’t really matter to them. Twitter still shows the logo but I give it less than 1% chance that the contract continues with all the upheaval in their Trust and Safety departments. As I stated back in 2020 it seems that tailored models and owning your data is becoming more important and powerful in stopping fraud. (Amazon Fraud Detector the One to Rule them All) These networked solution providers only work as well as the data quality they have in them and sometimes that data is completely off. I am not sure if it was to stay relevant but Sift scores eventually started going off the boards making them worthless for awhile. They seemed to be having bad updates and none of their scores made sense. One early benefit of the tool was their transparency into the risk score outcomes. You could see which factors of thousands were impacting the score to better determine if the user was really bad. The trust in the models and scoring had been broken with silence as the only response.

Next, a little deeper dive into the people of Sift. Jason (CEO / founder) took a back seat in 2020 and replaced by Marc an experienced executive. I was surprised by this move but it started to make sense when I read the Glassdoor and employee reviews. While usually I take them with a grain of salt they were corroborating with the events I was seeing as a consultant. I used to follow the Sift blog and engineering posts for interesting tidbits and no longer did that as everything turned to marketing fluff that practitioners gained little value from. Another tip to monitor a company’s quality is to sign up to their sales process as a new customer. I became more concerned about the state of Sift so in 2020 I went through their sales process with another company. At this time, I was still praising the tool and referring clients to use it. No longer was it the easy signup and transparency I was used to. They had outsourced and automated many steps, but it was more difficult than ever to actually test the product. I felt their entire focus had shifted to enterprise sales. Their technical team was no longer based in all SF they had people all over the world but they seemed to lack any direction or cohesion. I would get continuous spam mails and calls after that I became more disappointed. Eventually I decided it wasn’t worth the hassle but maybe mid-size and enterprise would still benefit from it, so I didn’t write them off.

I had been working with a startup to create a tool that complemented Sift and other fraud tools. As many times getting the risk score alone was not enough for a decision, and manual reviews were required. We kept going back to the same issue that good customers were still getting bad scores and sometimes fraudsters were attacking at a pace that was affecting sales / customer experience. So in turn an automated friction tool that could dynamically route orders based on the score and other criteria was created. Eventually I met with the Sift team who coincidentally was building out their own partnership program and planned to allow apps to integrate with Sift much like other marketplaces like Stripe’s. They had some basic ones like ingesting chargeback data and populating information from services like Ekata which both were already possible with some extra code. They however seemed to be stretched on bandwidth and were probably not going to invest much time into a small startup. So, everything was built out and integrated hoping we could get around to a more formal integration in the future. Now I started to contact sites that had once used Sift or found the solution through searching the web. It is easy to find them if you search in a websites source code for Sift or use builtwith data as some do not obfuscate the information. However, the responses were the more interesting find in which many actually dismissed the greatness of Sift and told me the issues they faced with the company. Many revolved around pricing but also I started to hear about the product failing to stop many cases of fraud. Again, the doubts stayed with me, but I ultimately dismissed it thinking there was still a lot of employee upheaval and scaling issues.

As I focused more on a different startup I kept talking to more clients that looked into Sift or used it in the past. Interestingly they were all getting different price terms that had little fairness in them. The initial $0.01 to $0.03 per transaction was gone. Even existing customers were getting rate hikes with no notices until invoicing with some receiving 2x increases. All of this pointed to some trouble that I could no longer ignore. I started referring clients to new tools that were transparent and seemed interested in the fraud problem.

I became even more disappointed when I saw where they were investing all their money. In 2021 they attained over a billion-dollar valuation. The Payment Abuse product which for ecommerce is the number one solution kept stagnating. They offered more products such as account defense and content moderation. These matter little for ecommerce fraud teams. Account defense can be easily implemented separately by engineering into the actual product and has little benefit relying on a third party for security. Companies need to realize some security measures are better off in house. Same with the content management and I predict companies like Twitter will rely less and less on Sift. Now back to their big investments. The first was a dispute management company that helps automate and outsource some of the dispute process. For many businesses the ROI is not there to justify these kinds of services. So this investment I believe has less synergies than they initially expected. Next, they moved into passwordless authentication with Keyless. Again eCommerce apps and sites do not need this feature. If anyone has tried to get an ecommerce user to take a selfie you will most likely face the wrath of many angry customers. Apple and Google have native biometric solutions that work so much better with more privacy. I do not see how they could upsell these 2 new product offerings to existing clients and furthermore there are hundreds of independent companies that have the same features or better. This is one of the deadly cycles venture backed companies run into. The need for constantly higher valuations can leave themselves open to malfeasance. In their quest to become public and cash out they stray away from their original mission. Public investors might not be so accommodating after similar companies like Riskified diminished rapidly.

Now for the final straw that broke all trust at the start of 2023. First we must remember Sift Science goes hand in hand with the term Trust & Safety. Go back to 2011 and search in Google the terms and you will see many early customers of Sift. They put it at the forefront of the market and many solutions to this day still use the term. As their customers are trust and safety professionals you would think they wouldn’t play games to break that trust. Trust can be built over years and seem as strong as ever but it only takes a second to lose it all when cracks exist. A client I had previously suggested Sift to contacted me about an issue they faced at the start of the month. It appeared the Sift scores were no longer being returned by their API. A quick debug returned a strange error that the score service was not available for the account. Next, we looked at the console and data and everything seemed like a flashback to 2014 with minimal data. The UI was basic with lots of information missing. The score was only attainable by looking at the score via the browser with no reasoning. I thought it was some major update gone wrong but more digging I found they had a new account tier called Lite. Now I assume this is their plan for many of the legacy smaller vendors that were still somehow using their product without a yearly contract. Their site now states they have 34k sites and apps using the product but I have a hard time believing that number. The client stated they received no warnings or emails about the abrupt move to Lite tier and only discovered it after contacting their support. During these days to weeks they potentially were open to more fraud without Sift’s protection. Fortunately, I had earlier suggested they diversify their security posture, and they shifted over to another solution. While it may need some additional training its always good to have a backup. Oddly, Sift took a further turn and completely disabled their account cutting off even access to old user information. This happened before a weekend and the account manager was on vacation. Finally Sift follows up that a new contract must be in place before anymore access to the data holding them hostage. However, it was exorbitantly higher than their prior year pricing of $0.02-0.03 per transaction costs. Yearly billing too with higher monthly minimums with usage based on orders not successful payments. Initially it might have been worth it to keep the service after all the years it still provided more value than what they were now charging. Even after requesting to move to the Lite account mode their sales and finance teams would not budge on access to the account. A poor negotiation tactic if it was one or just ambivalence of the situation. Dealing with bad actors for a living exposes you to many types of situations but when a company that you had put so much trust in then turns around and uses those same methods on you spells the end of the relationship.

A brief reconnaissance onto why this might have happened resulted in the news that Marc the CEO left and was replaced by Kris from Ping Identity. Being in the IAM space I am very familiar with Ping and their sales processes. It was no surprise for me when I saw this change and further confirms the company’s direction. Even enterprise companies who usually never air dirty laundry have noticed the degradation of quality so likely this is not an isolated event. I can hypothesize that like many SaaS companies everyone is desperately getting their finances in order. I do not blame them for trying to make more money as almost everyone does that at some point. This is an acceptable course of action, but it goes back to the ethics of implementing the changes and trust lost.

To wrap it up Sift is not alone in their actions and another major chat software that a client used also modified their pricing strategy at the start of this year. Mimicking the same move of cutting off access with little notice, but they were much easier to deal when getting back on board, ultimately restoring trust. Ekata another fraud tool seems to be making similar moves with cut offs on service with more clients moving to Trestle at the end of the month. If anything let this be a cautionary tale to companies using SaaS solutions. There are hidden risks that many have taken for granted for a long time and companies should have contingency plans for any unforeseen events.