Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.
What drew you to this type of work?
It was a natural progression in my roles within the organization. I've always had an interest in the online world, and how websites truly function. After seeing the amount of fraud that happens online, I was intrigued in the number of ways to mitigate it.
What is your background and training?
I have a background in customer service, account management and fraud prevention, and have been working with the Merchant Risk team for about three years. I was lucky to work for a company that saw my potential and was willing to provide the necessary guidance and training.
Did you need special training before you took this job? If so, describe it. Did it prepare you for the reality of the work?
When I initially joined Payza, I received in-depth training on how the company functions, and started in customer service. The Merchant Risk department is cross-trained in CS, Fraud, and Risk, which are vital to understanding how someone might try and take advantage of our system. However, as industries and trends are always evolving it's important to keep up to date. Having good analytical skills, and a general curious nature is key to mitigating. That said, while it has prepared me for the reality of the job, I am still sometimes surprised at what you can find online. Some other skill sets that prove vital for this role are a good understanding of web technologies and a strong investigative drive.
How long do you think you can continue doing it, and why?
While, the job entails reviewing websites and content online that some many find disturbing, graphic or unethical, it remains rewarding, knowing that we can do our part to investigate, catch and help shut down the illegal ones.
Payza's has a global operation, and we work closely with various law enforcement organizations in different parts of the world, such as RCMP, FBI, Department of Homeland Security, Interpol etc. So, knowing that I am contributing to weeding out the bad players, and having them prosecuted if necessary, makes it worth it.
Do you really spend your days poring over some of the worst sites on the Internet?
For the most part, the websites that people submit to us for review are general e-commerce websites. However, there are times we have to review websites that make you question who comes up with that kind of stuff. Some websites go against our user agreement, whereas there are others that are very illegal.
Initially some of the websites I came across when I first started did pose a shock, however over time, you do get used to it. It's obvious that there are a variety of unique websites and ways people use them to make money online.
Describe a typical day.
I wouldn't say that any day is typical, which is one of the reasons I love this job. I'm never really sure what the day will hold. However, generally speaking my day consists of reviewing websites for both new and existing clients, mitigating our risk exposure by using the numerous tools and processes we have in place such as persistent website monitoring and our proprietary fraud matrix.
What does a job like this do to you emotionally and psychologically?
While it takes a certain type of person to be able to do this job, the truth is your can't un-see what you saw. There are times when you feel like going home to watch a cartoon to reclaim some innocence.
Have you ever sought therapy to cope with it?
Luckily, it hasn't come to that. We have a great HR department that is always available if I need them. While there are many terrible things out there, and not just online, I take solace in all the good people I have around me both at work and in my personal life.
Is your job to track down and catch predators, shut down bad sites or more than that?
Our primary goal is to review, monitor, investigate and help mitigate the risk associated with e-commerce. Our objective is to allow legitimate merchants to use our systems, while restricting illegitimate ones from getting in. We have numerous procedures and processes in place that allow us to monitor illegal and unethical use of our brand and services. When these are found, and some are found easier than others, we take the appropriate action on our side, along with advising the necessary governmental agencies.
Without getting too graphic, describe some of the worst sites on the Web. What are they trying to do?
Most bad sites will try and hide the true nature of what they're doing. They'll offer a simple product like coffee or shoes, but behind the scenes be selling illegal drugs, or promoting hate, racism, etc. But the ones that bother me the most are any that have pre-adult content. Unfortunately content like that exists and I'm happy to be able to help shut it down.
Do you know how successful you and your colleagues are in achieving your goals?
We've seen immediately response to our tips and action within days. Helping to shut down illegal websites, phishing websites, reducing credit card fraud and malware is what I strive for.
What are some of the more interesting stories that have come out of your work -- humorous, tragic, revolting or horrific?
I've seen all kinds of websites, and I am often surprised with the nature of products or content people choose to sell and or promote online, but there is a market for literally everything online.
One of the more recent was a "client" who sent us a website to review and wasn't trying to hide the graphic content involving gruesome videos and images related to death.
Another sold access to videos or images that were extremely graphic of people being brutally murdered, attacked, tortured, violated, etc., and also linked to other websites that offered underage pornographic content.
Another example is a website that was "selling" what first appeared to be car-washing liquid, but after digging deeper we found that it was actually the date-rape drug.
In all these cases, the accounts were immediately suspended and the information sent to the appropriate law enforcement.
What specific things give you a sense of pride?
As I've said before, once you see something you can't un-see it. However, you have to take it in stride. I know I do my job and we do our best to make the Internet a safer place.
How many people like you would it take to solve, or at least address, the problems you are addressing?
I belong to a team of dedicated staff that help me on a daily basis. While my job is unique and requires that I look at not the nicest things, I am pretty sure the websites we locate and report are only a portion of what is out there, as the internet is a vast environment.
Anything I'm missing that you think is significant?
Fortunately, even after a website has been on boarded to the Payza platform, Payza continues to monitor websites via a variety of methods which include secret shoppers, customer quality assurance calls, key word detections, and persistent website monitoring, etc.
We have seen cases where a website that was approached last month for something very mainstream became something illegal the month after. This is something we have to be vigilant for. We need to make sure we keep up with the ever-evolving methods that the criminals use.