InfoSec People Profile: GeoComply’s Chris Purvis

By Roy Urrico

Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions, other financial institutions, and fintechs serving the financial services industry.

One of the concerns GeoComply’s Director of Business Development Chris Purvis has is that credit unions, and other financial institutions, do not react fast enough to threats from cybercriminals. “They are not used to dealing with (scammers) that move this fast and this quickly,” Purvis told Finopotamus.

Vancouver, British Columbia, Canada-based GeoComply – a cybersecurity firm specializing in geolocation and fraud prevention technology – gained recognition for its work with online sports betting and gaming, helping companies like FanDuel and DraftKings prevent financial crime, provide consumer protection, and stay in compliance with regulations.

GeoComply leverages its expertise to help credit unions and banks with know your customer/anti-money laundering (KYC/AML) requirements, fraud prevention, and criminals using sophisticated techniques to mask their location and identity to access financial systems.

From BofA to Amex

Purvis described his early entry into financial services. After attending the University of North Florida in Jacksonville, he joined the technology team at Bank of America (BofA) in 2001. “I started out working on the operation side of the house for online banking making sure the system was always up and running 24/7, (and performing) code installs.”

Purvis eventually moved into “the product development side of the house for online banking. We were rolling out new features to online banking. Bank of America was one of the first ones to roll out free bill pay.”

With the release of the Apple iPhone in 2007 Purvis flipped to the mobile banking development side at BofA. “Looking at the mobile banking applications when it first came out, all you could really do is look at your balance,” he recalled.

Purvis later became responsible for implementing mobile banking security measures when BofA expanded capabilities to allow users to move money, open accounts, pay bills, do person-to-person (P2P) transfers, wires, et cetera, he recollected.

In 2013, Purvis became the vice president of technology sales with mobile security and device intelligence at startup company InAuth. Purvis said InAuth grew rapidly between 2013 and 2016, signing top major banks in the U.S., and expanding to Europe and Asia Pacific. American Express (Amex) acquired InAuth in 2016. Purvis worked at Amex for a few years on the credit side, overseeing areas such as retail, e-commerce and card payments.

iGaming and Security

Purvis landed at GeoComply in May of 2024. “(They) presented me with an opportunity to move GeoComply beyond their traditional iGaming space.” iGambling, also known as online gambling, covers numerous betting activities undertaken digitally including virtual casinos, poker, sports betting, lotteries, bingo, and horse racing.

“(GeoComply) wanted to take the company into financial services, fintech, and crypto. With my background in both the technology security and banking, we both thought it was a good fit to bring me in to really help move this company into this space and provide more fraud solutions outside of the gaming space,” said Purvis.

Purvis described his current role as focused on fintech, crypto and financial institutions. “We have a really good team. We are a global organization,” he said. He is also very active in the information security community. “I have a lot of information that I've learned and gathered for so many years, and it's all about sharing that information.”

When it comes to fraud and security, Purvis noted “the bad guys are collaborating. They are all talking to each other, and they are all sharing information and selling information between each other. So, all of the security professionals even across industries should be sharing information as well. This is an effective way to stop attacks. It really comes down to just sharing knowledge and information.”

GeoComply and Infosec

“You plug a hole, you fix a vulnerability, the bad guys find another one,” said Purvis. He specified “because we move so fast and have to be so compliant and so secure in the gaming world, this creates a solution for banks and credit unions. It creates a very secure ecosystem no matter what kind of company we're doing business with.”

When asked by Finopotamus, “Are there any threats that keep you up at night?” Purvis replied, “I do not sleep at all. I do not work on the operations side anymore, but when I did, I tried to keep my boss (clients) out of the news.”

Admittedly, the things Purvis fears the most are the things “you do not know about, where they are scamming people into sending money voluntarily to someone else. They gain your trust or your friend or romantic partner online or ‘Hey, I’ve got this great investment opportunity.’ That is not a technological fraud piece. Somebody did not hack into your account; you voluntarily sent money to someone who is using that money and they just disappear.”

Another scam category gaining notoriety in financial services, he noted, is called “pig butchering,” which is an investment scam where fraudsters gain the trust of victims over time and then deceive them into investing in fake crypto assets or another fraudulent investment opportunity. Purvis explained how GeoComply “started noticing some odd transactions happening along the Myanmar/Vietnam (corridor). That is where the pig butchering compounds are. We started noticing a lot of unusual traffic from that area. Before this news of pig butchering even broke, we had already started putting preemptive blocks in those areas because they were considered high fraud areas for us.”

Top FI Security Concerns

Purvis identified some of frauds currently threatening credit unions and other financial institutions. He mentioned first-party fraud where an individual or organization intentionally misrepresents their identity or provides false information; and takeover bots, aka account takeovers (ATOs), which use automated software to gain unauthorized access to online accounts.

“One of the things that we see in credit unions (and) in mid-tier regional banks, there is a lot of perception there that the top-tier banks are big targets. But from the bad guys' perspective, they typically go after those smaller credit unions and banks not realizing they have access to the same (anti-fraud) solutions,” said Purvis.

Another area Purvis warned financial institutions about is shifting digital fraud to more traditional fraud tactics. “That is something that we are seeing quite frequently now, and I think people need to be aware of.” Purvis explained traditional schemes like check fraud involve thieves whitewashing the checks by changing the amount, or stealing checks out of a mailbox and then trying to deposit it at a bank in their own name.

“Check fraud has moved back to that kind of concept. Now they are doing paper check fraud, but then (fraudsters) are using a digital solution to try to increase that fund,” said Purvis. Or criminals commit remote check deposit fraud, where they intercept and deposit stolen checks through mobile banking. This can involve altering checks, creating fake checks, or using stolen checks to make fraudulent deposits. Once deposited, the funds are quickly cashed out, often before the financial institution detects the fraud.

Purvis also warned “Artificial intelligence (AI) is changing the way people do fraud. It can even help you write scripts. You can code in AI now. What is coming next with AI: synthetic identities, fake profiles, real liveness detection (schemes). People should be concerned about what AI can do to beat your controls.”