If you have followed the headlines published by newspapers and bloggers over the past month you would be led to believe that Snapchat’s new Snap Map feature is “going to ruin your life” and “is frightening as a privacy threat”, but what does the new feature mean for Snapchat users and should you be concerned?

In the latest Snapchat update, released in June 2017, users are now able to share their current location and activities with their friends. Providing you and a friend follow one another, you are now able to share your locations with each other on the Snap Map in addition to being able to see what is going on around you. Your location on the Snap Map is only updated when you are actively using Snapchat — so you don’t have to worry about your location being updated in the background. Additionally your location on the Map will expire after several hours. Also with the Snap Map, you can view Snaps of sporting events, celebrations, breaking news, and more from all across the world.

In light of this new update however, Snap Chat has received considerable criticism regarding privacy and safety concerns. The majority of the concerns relate to an increased risk for users, specifically younger generation users, to be exposed to stalking, bullying and strangers by individuals who are able to follow their exact locations. These concerns have been supported by police forces and schools around the UK who are scrambling to offer advice to parents and to ban the app on school premises. The update has also prompted the Child Exploitation and Online Protection Centre (CEOP) to update its ‘Thinkuknow’ parents’ and carers’ guide to Snapchat.

Despite these concerns, there are a number of simple ways that users can protect themselves. As part of the Snap Maps, the default setting, known as Ghost mode, allows the user to block their location so that they are not visible on the map. The only exception to this is if the user submits Snaps to the ‘Our Story’ feature as this will appear on the map regardless of the user’s privacy or location settings. The second and most significant piece of advice, is for users to only accept Friend Requests from individuals they know. Maps are only shared between friends and this can be further restricted by specifically selecting the individual friends who are able to see your location. Awareness of these simple features can in fact negate the vast majority of concerns since they essentially render the location feature deactivated.

The use of real-time location sharing presented in Snap Map is not the first of its kind and nor will it be the last. Companies such as Google, Apple, Facebook and WhatsApp already have their own features which allow the user to connect with friends and to share their location. There are even Apps, such as Glympse, whose sole purpose is provide a fast and free real-time location service to connect people. And while all of these apps and platforms offer privacy settings, delving beyond the hype and discussion, there exists a far deeper and more profound discussion relating to the volume of personal content which individuals are actively posting online and the ease at which this is becoming the norm.

Our analysts and experts at Neotas, are constantly amazed by the volume of personal content which exists in open sources whether actively posted by the individual or passively by others, through leaks or data breaches, reviews etc. Awareness of this and identification of an individual’s complete online footprint is key in order to prevent exposed vulnerabilities and risk, especially regarding high net worth individuals and executives.  As such, at Neotas, we provide Human Vulnerability Assessments and Online Reputation Reports in addition to our Staff Screening and Due Diligence services. Our role is not to create hype as we have seen recently within the media but instead to embrace the digital information generation and to create a more holistic view of an individual for all risk based decisions whether personal, professional or commercial.

I started with Neotas about three months ago having spent the previous five years in financial crime. What I have learned in this short time period has blown my mind and if I had known then what I know now, fraud investigations would be dealt with in a completely different manner. Without a doubt, open source intelligence (OSINT) is the future of due diligence and KYC (Know Your Customer).

Working in Financial Crime, I regularly had to investigate cases of fraud or money laundering and prove, without doubt, that a customer had been a victim of fraud. The problem is that fraud investigators are more often than not required to work on gut feelings and instinct more than on actual proof. Don’t get me wrong, working in fraud requires a lot of instinct and trusting that gut feeling, however having evidence to prove the fraud would also be more than helpful. While fraud investigators do have tools to aid their investigations like bank checks and credit files checks, you’re often left questioning what does that really tell you about the person? That they have good credit and their bank account matches their identity? What if you had a husband and wife working together to scam the system? She may be telling you that she and her husband are separated and he has stolen her details. As an investigator you are not able to talk to the husband as he isn’t your customer, therefore you have to take the wife’s word as fact. However by using OSINT you can learn more about the individual including looking at their social media profiles to see if there is any evidence of a divorce or separation. Moreover, is there any evidence to tell you they are working together? If a child has impersonated their parent and both mother and daughter have the same name and live at the same address, there are only two companies in the world whose internal checks would be able to tell them apart. Most companies would accept an application in the mother’s details and send the money to the daughter’s bank account however by using OSINT you can look deeper into the daughters online behaviour, have they recently come into money? Are they talking about it?

Whether we realise it or not, almost everything about you is online. From date of birth on birth records, to your address, email addresses, phone numbers, interests, and key individuals, the list is often endless. The reason for this is simple. Most people do not read the endless pages of terms and conditions or adopt privacy settings, moreover most people feel that they can be themselves online and that is where they will often give away their plots and plans. By using OSINT you can find out a multitude of sins. A professional money launderer may look like the perfect customer from the outside: the credit file looks good; the bank matches; and they use the product regularly and always pay back on time. Someone like this may show up on a CDD or EDD list but after a few simple checks no issues would be found. If compliance departments and fraud departments had knowledge of OSINT they could look deeper into the individual, the house they are living in, can they afford that on their salary? The company they are a trustee or director of, does it make sense that the customer is involved with a company like that? OSINT paints a picture of what is going on and tells you what a standard background and credit check cannot.

Simply put, most financial crime departments do not have enough knowledge of OSINT and therefore follow “a checklist system” that was written in a policy because the regulator told you to. The problem is that as long as you are following the minimum requirements put forward by the regulator, financial companies will believe that the check list system is sufficient. It is not and this is allowing fraudsters to continue to get away their crimes while they are laughing at you publically on Facebook. Don’t get me wrong, I’m not saying that fraud investigators are not doing enough, what I am saying is investigations need to go further, OSINT is the future and before long the FCA will make this a requirement.

Neotas is a due diligence company that has developed an analyst driven Open Source Intelligence platform. The platform is used in many areas from financial regulations such as KYC/AML, Anti-Bribery, Modern Slavery Act, plus staff background screening, due diligence for VC and PE investments and lastly human vulnerability assessments as part of a cyber security strategy.

In 2009, while in the process of applying to University in the United States, a rumour began to circulate that universities were likely to review the Facebook pages of applicants for any disqualifying content. At the time, Facebook was still an up and coming social media platform rather than the pervasive giant it is today but nevertheless I had an account and I started to worry. Having grown up in Europe, where the legal drinking age was lower than twenty-one, some of my content immediately fell into the ‘disqualifying’ category. In a panic, I rushed to remove any photograph, post or connection between myself and alcohol. Moreover, ever since that first rumour, I have regularly monitored content relating to myself through search engines and have regulated privacy settings on social media to manage my online footprint for jobs, university, and my own personal safety.

Fast forward a few years to when I joined Neotas in 2017. I felt confident that I had been actively sanitising my online footprint for years and everything was good. In an instance, however, I was amazed, not only by just how much information could be found about me with the right training and tools, but also how relevant every part of one’s online footprint could be. With every exercise or fitness application comes the ability to live track your activity and location. With every geolocated holiday snap, you are telling the world that your home is most likely left empty. From fraud to kidnapping, from robbery to stalking, the applications are only limited by one’s imagination.

As I have progressed as a Junior Analyst at Neotas, I have uncovered everything from hateful posts plastered across Twitter and Facebook and evidence of drug use, but also people using aliases to avoid bullying. To think that I was worried about a few photographs from a graduation party seems so insignificant with the material I have uncovered. I have seen how finding even the smallest element of risk or concern about a person, from either professional or a personal point of view, can tell you more about a person than any background check or interview. More importantly, the truth of the matter is that this is only going to increase as more and more information about us is digitised. Google’s recent announcement for its Google Lens app, for example, will allow the user to turn their camera into a search box, where anything it is pointed at is searched using artificial intelligence. A future where facial recognition on a phone camera brings up their social media profiles or any other online content with a picture of them is no longer science fiction but something that is possible and is on our horizon. While this may seem a frightening future, the reality is that most of this information is already available, if one simply knows where and how to look for it.

What may or may not have been a rumour back in 2009 is a definite reality in 2017, and not just for university applications, but for any prospective relationship, both personal and professional. With insider threats posing the single most dangerous issue in today’s professional world, the standard background or credit checks are simply missing the critical information. With people putting so much of their lives up online, at Neotas we are able to go beyond the standard investigation to obtain a profile of the subject rather than completing a tick in the checklist.

Moreover, content is contextualised to formulate a complete profile of the individual so the rather innocent photographs of me with an alcoholic drink all those years ago would not be an issue today with Neotas’ analyst driven platform.

I just thought I’d share some thoughts, 3 months after Neotas was born. For those of you that don’t know us, we are a next-generation due diligence company. We have brought together a collection of ex-military and law enforcement intelligence specialists along with technology and finance experts to create an analyst driven platform that uses OSINT to conduct due diligence.

The whole exercise has really opened my eyes to how open-source intelligence can help across a wide number of areas, from employee and client onboarding, ‘fit and proper’ tests under SMR, KYC/AML reviews, supply chain audits to human vulnerability assessments as part of your cybersecurity strategy.

Every day the information we uncover never fails to amaze me. Knowing your people is more important than ever, it’s important to understand these risks so you can make better decisions.

51% of the people we vetted, that had already gone through standard background checking had additional flags raised against them. These included undisclosed directorships, second jobs, gambling addictions, drug habits, religious extremism, IP theft. We even found a video of a candidate assaulting a police officer that he stupidly posted online, and no, I’m not making that one up! And these were people looking at jobs in financial institutions……

51% seems a ridiculous statistic and right now as we just get going, it only covers 100’s rather than 1000’s of people but we still feel it’s a broad enough selection to get a sense of the scale of the problem.

As we go on, I’ll think about the stories I can share, I already feel I have enough material to write a book! Right now current screening and vetting processes are no longer fit for purpose. You need to think about how you can use the information that now exists about people and companies to make more informed decisions. directly.

In the meantime. if you would like to know more, please feel free to contact the team directly on our contact page.