Here is What Happened…..
Step 1: Make it known far and wide that something is wrong with higher education in the United States. That group of graduates carries an average of $30,000 in debt.
Step 2: Launch a financial technology company. Help guide college-bound members of Generation Z through the maze of forms required to apply for grants and other forms of financial aid.
Step 3: For your noble efforts, be included in Forbes’ prestigious “30 Under 30” list. It’s time for you to stand out.
Step 4: Get the attention of a financial institution that wants to acquire your customer database. After all, a bank’s ideal target demographic is represented on your list of college-aged users. Get them while they’re still young.
Step 5: The fifth and final step is the most crucial: fake the customer data if you don’t have 4.25 million users to justify a $175 million buyout. Yes, it’s imperative that you lie to the bank and make it seem like your startup has been a smashing success. And don’t forget to cross your fingers!
Or, “fake it till you make it,” as the cool kids in tech like to say.
Charlie Javice, the brains behind the fintech company Frank, did just that. If JPMorgan Chase, the financial institution that paid $175 million to acquire the startup, is to be believed, this is the case. Says it was duped by Javice.
You may be scratching your head right about now, wondering how a major financial institution like JPMC could have possibly overlooked the warning signs before forking over so much cash. Who conducted the research to validate Javice’s claims?
Let’s just say that Javice dominated the financial powerhouse. And completely undermined the effectiveness of its checks and balances.
For now, let’s focus on JPMC’s possible awakening to the possibility that it had been duped before we get into how she did it.
Once the acquisition was finalized in January 2022, the bank began spamming Frank’s clientele to hopefully convince them to invest in the bank’s money-making financial product. As a result, it chose 400 thousand of users at random from the list Frank had provided during due diligence and emailed them.
But…the whole campaign was a huge failure.
It turns out that only 28% of sent emails actually reached their intended recipients. Even more impressive is the fact that JPMC’s average campaign delivery rate is 99%. Worse yet, only 1.1% of all sent emails were actually read. That’s a significant increase over the 30% seen in the average JPMC advertising campaign.
This is when JPMC first began to suspect foul play. It started looking into it. It obtained Charlie Javice’s old email archive. And just like that, the hoax was exposed for what it was.
You can see that Frank does not have as many customers as it claims. Just 300,000 people attended the event. But you know that won’t net you $175 million.
In that case, what action did Javice take?
Javice apparently began by forwarding an article titled “Generating Tabular Synthetic Data Using GANs” to her Director of Engineering via email. “[t]he goal is to generate synthetic data that is similar to the actual data in terms of statistics and demographics,” the article states.
Essentially, she was hoping to inflate the number of users by using phoney information.
Not even the director could find anything to praise. He questioned whether such action was even permitted by law. You can probably guess that Javice’s answer is going to be yes. She even went so far as to say that it was an industry-standard practice during investments and that no one would be “orange-jumpsuited” (i.e., sent to jail) because of it.
Okay.
However, the Director would have none of this. He flat-out refused to go along with the charade (clap, clap) and instead sent over a list containing the actual user base of 293,000 people.
Not even a tenth of what Frank said he had, that’s for sure.
Surely Javice wouldn’t have dared to share this with JPMC. She was after that $175,000,000 prize. Therefore, she sought assistance elsewhere.
Chief Growth Officer Olivier Amar, one of her coworkers, chimed in. He made contact with a firm he learned was called ASL Marketing, Inc. One company boasted that they had “the most complete, accurate, and responsive data of high school students, college students, and young adults available anywhere.” This might be just what poor Frank needed!
Amar forked over $100,000 in ASL. in addition to purchasing a database containing the names of 4.5 million students.
When he needed access to ASL’s student email list, he went to a third-party service provider named Enformion. And for their trouble, I paid them $70,000.
In the meantime, Javice was also preparing something. There was a “Data Science Professor” she could learn from. A professor at a New York City university. And needed his assistance in making phoney mailing lists.
So now it’s truly scandalous, right?
Javice then had the Professor produce addresses for his fictitious pupils. And the Professor of Data Science wrote to Javice, “I can’t seem to find addresses in my raw files. Should I make an effort to make them up?
I just wouldn’t want the street to not exist in the state,” Javice replied. It’s possible that these addresses are not legitimate. A nonexistent XYZ street name, however, was something she hoped wouldn’t appear. This could not be a hoax.
The Professor, however, countered that “real addresses” might be impossible to implement.
As a result, Javice was inspired. In her analysis, she asked, “If we can’t do real addresses, what’s the best we can do for that?” In the event that things get really bad, we can always try using a random ID.
Simply put, she tricked JPMorgan into thinking that the Unique ID in the list was there to safeguard the privacy of the student users, when in fact it was there to fool them. In the background, the Unique ID was associated with physical locations. The bank, surprisingly, took her word for it.
Next, we had email addresses. That’s juicy, but this is even better.
Here is a snippet from the formal complaint filed by JPMC.
Referring to the template Javice sent an hour earlier, the Data Science Professor emailed him at 12:56 p.m., asking, “You have the student email marked as “provided as a unique ID,” but didn’t we agree to make fake ones a la “asdugnsdf@gmail.com”? So, in the end, you want a special ID, right?
After waiting for a response for six minutes, at 1:02 p.m., Javice asked, “Will the fake emails look real with an eye check, or is it better to use a unique ID?”
At 1:37 p.m., the professor of data science affirms, “They will look fake.” So, let’s use a one-of-a-kind ID.
Well, then, it looks like the Unique IDs have reemerged. All done in the name of “privacy.”
Everything felt entirely sincere. So, after JPMC conducted its investigation, they found nothing untoward.
Last but not least, there’s the post-crime “scam invoicing” phase.
A very detailed invoice totaling $13,300 was sent to Javice by the Professor. He claimed to have generated “first names, last names, emails, and phone numbers” in addition to “college majors” during his time in higher education.
Indeed, he is a man of his word.
Nonetheless, Javice’s anxiety level skyrocketed. The diligent auditor will want answers to these questions.
She then requested that he take it all away. Send a single-line invoice that reads, “for data analysis.” Even more, she forwarded him a bonus check for $4,700. Probably to get him to stop talking.
The professor reacted with a “Wow. You’re very welcome. Please find the updated invoice attached. To be honest, the deception was irrelevant at that point.
Nonetheless, Javice added some extra sauce to the pot. After the buyout, she offered the Professor a permanent position at JPMC. It’s a cunning move to hire the man to work for the same bank he helped defraud.
Seems too fantastic to be true at this point.
But that folks is how a Forbes 30 Under 30 winner fooled one of America’s largest banks.
In sum, Frank spent a grand total of $193,000 on a list of “fake” email addresses from ASL, Enformion, and the Professor. And then they sold that database to JPMorgan for $175 million.
