This month’s newsletter, we had a conversation with Pedro Sanzovo, co-founder of Legiti, a startup that received an investment from us at the end of last year. Learn more about the business by reading the chat with Sanzovo.

What exactly is Legiti?

We define ourselves as a data company that offers solutions to fight fraud. We extract and interpret data. Our initial thesis is to apply our knowledge in data extraction and interpretation to solve credit card fraud. We are, then, a data fintech. With our techniques, we help e-commerce companies reduce fraud and increase their direct billing.

Who is in charge of Legiti?

My partner, Pearson Henri, and I. We met about 10 years ago at Stanford University and then worked together at Palantir Technologies, a company founded by Peter Thiel that is worth USD 25 billion today and has a strong name in the United States and Europe as a market leader in high-scale data analytics products. I ran the company’s office in Brazil when it opened from the end of 2016 to the end of 2017, focusing on fighting money laundering. Pearson followed a transverse path compared to mine, as he became a leader in the architecture of high-scale data analytics systems, which is largely applied to defensive technologies.

When did you decide to become entrepreneurs together?

In early 2019, I talked to Pearson about bringing him to Brazil. Our initial idea was to do consulting projects and data freelances with companies to try to understand if there was a niche or a special space that would make sense in the medium term. This ended up happening quite quickly. We were hired initially for three projects. The third one was a ticketing company that helped us look more closely at the problem of transactional fraud, as these companies’ platforms are frequent targets of attacks.

What specifically caught your attention in this case?

E-commerce platforms are responsible for reimbursing fraudulent purchases to banks, which, in turn, pass on funds to end customers. This process creates a disproportionate financial impact for many e-commerce companies that are trying to grow in Brazil and even others already established. From the moment you enter into more complex e-commerce nuances, such as a ticketing company selling a QR code delivered to a mobile phone 10 minutes before a party, or a delivery service that is delivering something with no time to analyze that transaction, the rules of the game and of fraud change significantly. Pearson and I started studying this project a little better to understand what we could do to tackle this problem in a unique way.

What were your conclusions?

First of all, it wasn’t an easy solution. It wouldn’t be enough to work three months on it to solve the problem. What we started to develop was a relatively complex solution for structured data collection and for handling and processing this data at high speed. Second, we found out that the problem wasn’t specific to the ticketing company. We talked to several companies like 99, Rappi, iFood, and we understood that this cycle between direct impact of fraud, adjustments through market solutions, followed by direct impact on conversion, was extremely common.

What does this mean in practice?

When you try to create a solution to prevent fraud, one of the side effects is an impact to good customers by making it harder for them to buy. It’s a hard balance to achieve. The third thing we’ve learned with this project was to note that the existing solutions in Brazil were designed by an e-commerce world different from the current one, a much more traditional one — primarily focused on sale of physical products and in which customers accepted days or weeks of delivery deadlines.

Was it from these learnings that the idea of creating Legiti was born?

We started studying the foreign market. Some companies have managed to create effective solutions in the United States, Europe, and Israel with a strong core in data analysis and artificial intelligence. We thought about creating a solution that has as its core model a high level product, with a scalable, innovative data analysis that uses the best available technologies to make this prediction. This is what we are committed to doing since June 2019.

What makes Legiti different from its competitors?

As we focus on products and data, we knew that we could not follow the same path as our competitors, who bet on a solution that was not simply a product and was based very much on manual analysis. For our biggest competitors, about 20% of transactions are sent to humans, who run manual analyses and make decisions. For us, this makes no sense because we need automated responses to our customers. We knew that, in order to create a good product with cutting-edge technology, we needed time and money. Then, the idea of raising funds and of venture capital arose.

When did the first round take place?

Our seed round included investors like Kaszek, GFC, Iporanga and Norte. USD 1.7 million were raised. We aim at Q3 2021 for a new fund raising.

And how have these funds been invested?

Today we are 13 people, 11 of whom are focused on data products. So 75% of the investment is in people. We’re using money to put together a team of cutting-edge engineers who can build a prime product. We haven’t made any investment in marketing. Our thesis for 2020 is not commercial expansion. If we can get to the end of the year with a portfolio of five clients, but who are passionate about Legiti, we will be happy. Then we think of 2021 with a somewhat different focus.

Did the pandemic hinder the plans?

It was a double-edged sword in our case. The company’s origin and initial focus were ticketing companies, which stopped selling everything overnight. We were forced to change the focus and look the other way, which is the delivery companies. These took off. One of our customers had a 100% growth in one month in sales numbers. We believe that in the medium and long term the pandemic is beneficial to us. Even because it forces the market to pay more attention to e-commerce. Besides, we already have evidence that more fraudulent attacks are taking place in this period. At any time of crisis there is an increase in attacks and unlawful activities.

How much does a company lose due to fraudulent attacks?

That varies. There are two parts of this cost that are significantly large. One part concerns the direct costs. In this case, it is between 0.5% and 1% when considering all the amounts traded in various e-commerce companies, especially non-traditional ones. This also involves the marketplace, which has a take rate of 10% for each item sold. If I sell a cell phone for BRL 100, I’ll get BRL 10 for myself. Now, if I’m rigged, I have to pay BRL 100. Then all of a sudden, 0.5% and 1% becomes 5% and 10% of revenue.

And when we minimize these attacks, don’t we run the risk of blocking a good client too?

Yes. Exactly! There’s the other side, which refers to the indirect costs, the false positives. Most often, when a credit card purchase is rejected with an online merchant, it is due to a suspicion of fraudulent activity. For some businesses, this is paramount; as the erroneous rejection of legitimate customers can immediately push them to a competitor for good. In Brazil, we estimate that two-thirds of rejected purchases are actually false positives. Our role is to help the customer reduce fraud while increasing direct billing by approving legitimate customers.

Is it possible to estimate how much you can save?

To one of our customers we were able to deliver a 1,8% increase in conversion, with a 54% chargeback reduction, in almost 2 months of partnership.

Are the attacks in Brazil different from those in other parts of the world? Is the Brazilian fraudster more creative?

There are two aspects that differentiate fraudulent attacks in Brazil from the rest of the world. The first one is related to the characteristics of the transactions respecting payments and even data security. In Brazil, it is very common to share the Individual’s Taxpayer Number (CPF) anywhere. There is reduced awareness when it comes to data security. This allows people to use this data for malicious activity. In the United States, for example, their Social Security Number (SSN) is kept top secret. Secondly, as in other areas, such as music and football, the Brazilian’s fame for creativity does not fall behind in fraud. We have seen scams that mix naivety and high level technical capability, with some juggling. So, yes, the characteristic of fraud in Brazil is quite unique, it differs from any other place in the world.

And what size is this market? How far can you go? What’s the big dream?

In Latin America, in 2020, e-commerce is expected to have a value of more or less USD 75 billion, with more than 150 million users. In 2019, the estimates are that more than USD 500 million were lost in Latin America with direct fraud and more than USD 1 billion in false positives, i.e. rejections of legitimate customers. It’s a giant market. Even if we only work with transactional and e-commerce fraud, this already allows us a huge growth. In addition, our goal is to solve the problem of transactional fraud, but also to think about data for defensive technologies, in a wider range. So expansions that go beyond transactional fraud and include other types of fraud, like cybersecurity, are possibilities in the medium and long term.

Does the implementation of the PIX, the Central Bank of Brazil’s instant payments platform, somehow interfere with the market in which you operate?

Yes. It is important to know that PIX will work, especially in the short and medium term, to replace wire transfers, point-to-point transactions. Gradually, PIX will begin to be used to replace card transactions, but it is not expected to replace the credit card, but a debit card. Much in the credit market will not yet be replaced, especially because Brazilians have a historical tendency to use the credit card. Perhaps, that will change in the long run. On the other hand, we see PIX as an opportunity for growth. We are creating an extension of our product that will be applied directly to PIX and will expand a range of different potential customers. PIX will also be the target of fraud. We don’t know exactly how this is going to happen, but it’s only natural that whenever there’s an opening, it’s exploited. We want to be well placed to help financial institutions solve this fraud problem that they will inevitably be faced with.