Fraud and identity trends, with John Cannon
My very first job was building models to catch credit card fraud, at that time we were most concerned with counterfeited cards, then lost/ stolen cards, and in third place at best came identity fraud. It was an emerging threat, and we were hearing word of the likes of Hunter being rolled out in the bigger markets, but we were able to keep a pretty good handle on it with a system my boss had cobbled together in an Access database.
Then online channels started to emerge, but they were so insignificant early on that we could throw countless extra checks at those, not worrying if - and indeed hoping that - applicants would get fed up and apply via traditional channels instead. And that was only twenty years ago. Today, though, the fraud landscape is very, very different. Chip and PIN has got a grip on counterfeit fraud, and identity fraud has become far more complicated.
“And I've said this many, many times: when you really sit down and think about it, identity in the digital world... it is broken in many ways”
In this episode of HTLMTS I speak to John Cannon of Oakford Consulting about the changes that have occurred in fraud prevention over the last few decades, and about what it takes to defend an organisation against fraud today.
You can contact John Cannon via his LinkedIn page or by emailing him at john.cannon@oakfordconsulting.co.uk
If you have any feedback, questions, or if you would like to participate in the show, please feel free to reach out to me via the contact page on this site.
Regards,
Brendan
The full written transcript, with timestamps, is below:
John Cannon 0:00
In the same way that I didn't find a passion for chemistry, I also came to the conclusion that I thought credit was... quite boring. I was more interested in the fraud space.
Brendan Le Grange 0:32
Welcome back to How to Lend Money to Strangers, the podcast about lending strategies around the world and across the credit lifecycle. My very first job was building models to detect credit card fraud. Now in my day, the biggest source of losses was counterfeited mag strips/ copied mag strips, but the industry solved that problem with chip and PIN. However, the fraudsters didn't go away, they looked for new weaknesses. In today's episode, I speak to John Cannon. He's an industry leader and advisor on all things fraud and digital ID related.
John is currently an independent consultant, but until recently, he was also managing director of TransUnion's global fraud solutions. We talk a little bit about where those fraudsters have gone, the trends in fraud and how those have changed over his career, and the fundamental flaws in the way in which we verify identities today.
Let's jump into it. So yeah, John, thanks for making the time, more than 15 years you've been working in fraud prevention and so I wonder if maybe if you could just give a quick introduction to yourself and your career, and what you've seen happen to the market in that time.
John Cannon 1:51
I think it's probably more like 'more than 25 years' and that's me feeling old now saying that, but in terms of career and how you end up - and I'm always interested to ask people how they end up in particular lines of business - but for me, I came out of University of Manchester with a chemistry degree. All that taught me was that I didn't want to spend any more time in a lab doing chemistry anymore. So I went about looking for a job, as lots of people that come out of university do, and I joined a commercial credit reference agency.
So that's how I ended up in the infomation industry, and just picked it up as I went. It was then was acquired by Equifax - and I'll get hate mail from your listeners for saying this, this but in the same way that I didn't find I had a passion for chemistry, I also came to the conclusion that I thought credit was quite boring. Shoudn't say that on your podcast, but that's the truth. And so I was more interested in the fraud space, and identity. And certainly when the AML regulations started to come into the UK, that's kind of what interested me.
And that's how I ended up sort of moving over into that kind of world. So worked there for a while, and then CallCredit were being founded as the third bureau in the UK. New. Startup. And when I got an approach, it was quite exciting to, to go and be part of that. And it was an intention to invest in the fraud and identity space. So I moved over to CallCredit, and been there through quite a period, really, two four-year cycles of private equity ownership, and then the last three years with TransUnion acquiring the business, and so becoming part of the global corporation. And it's been an exciting time.
I often look back and think how did it end up being a 14, nearly 15, year stint there. But each of those areas were very different, you know, the business is growing rapidly and going through a lot of change. So whilst it was a long time, it felt like working for different businesses through that period. And then more recently been heading up fraud for TU International, setting the go to market strategy as part of global fraud, working across a number of different time zones with a number of teams - thoroughly enjoyed that, but then everything comes to an end.
So I spent a lot of time in, in the corporate world and decided I wanted to go back and be part of something a bit more startup again. So I left TU. And I thought I'd take a little bit of a break, but things don't quite work out that way. I'm very busy. And I have my own consultancy business have done a number of consultancy advisory roles with some small startup businesses that are looking to scale set up their go to market strategy, product strategy in the fraud space. So ended up being probably busier than it was.
Brendan Le Grange 4:33
Yeah, it seems to be the way. And yeah, you don't need to worry about the audience - we do all things lending, not just credit. But I think there is also a natural level of extra interest when we talk about fraud and we can maybe touch on some of the reasons why as we go along, but my first role happened to be in credit card fraud, and we've always under resourced but you could always count on being able to convince somebody to do your favour off the side of their desk because you could tell a more interesting story. Do you want to build just another scorecard, or do you want to help us catch some fraudsters?
20 years ago now, when it came to things like fraud and identity, it was maybe somebody would forge a document, they might try stick their photo on somebody else's papers, print something, it looks like a pay slip, or they might even just make up some identity details and hope that they get through the system unchallenged. It's obviously over the last 20 years grown far more sophisticated than that. And I may be putting words in your mouth, maybe you'd describe it differently, but if we think through the ages of fraud, the types of fraud you've maybe seen at the forefront during the various stages of that 25 year career.
John Cannon 5:43
Yeah, I suppose, you know, the shift in technology and the way we live our lives today, has changed landscape the most. And again, you know, if you if you go back over that time period you're talking about, you only has to look back at some famous fraudsters from those times - and I've met quite a few of them - like the Catch Me If You Can film, most people have seen that, so can relate to it. You know, when you wanted to commit fraud back 20 years ago, then it was very much a face to face, branch based transaction, and therefore be a certain type of person to walk into a bank and try and imitate somebody to get hold of money, versus today, that can be done very anonymously. And so it opens up becomes more attractive to a wider range of people who find it easier to detach themselves from actually being anything wrong.
It is something I'd like to talk a lot about, the rationalisation elements of the psychology of fraud. So all fraudsters all have that same rationalisation in their mind, they think, Well, I'm not doing any harm, it doesn't hurt anyone. And I think, you know, over that period, what you find is that trust and identity has become increasingly important. Because whatever it is you want to do in the digital channel, as you go about your your daily life, you may not always be aware of it but identity plays a central role in just about everything you do.
And in fact, on a day to day basis, as you go about your daily life, you're subconsciously carrying out identity checks all the time. So whenever you meet someone, someone who you've met before, you know, your brain works out based on how they look and the location, they're in the time of day, etc, you don't even think about it, you know, it's and if you walked into work well, when we used to be able to walk into work, you may walk past someone in the office and see them. And every day, they sat at their desk in the same place. And you may say good morning to them and carry on about your day. And if you walked into the office one morning, and that same person had made a significant change their appearance overnight, let's say that they're gone from being brunette to blonde, then you'd probably do more than just say your money, you probably do a double take. So the locations right, the time of day's right, persons where you're expected to see them, but there's something different about their appearance, which you don't recognise, and therefore you kind of think 'is that the person'.
You might do a double, double check, and then you realise it is and you'd say good morning, you might even have no compliment them on their hair or whatever. Now, say you were, I don't know, in Mexico on holiday, somewhere nice, and you saw that same person from work at the end of the bar, probably initially, you'd be unsure whether it is that actual person because, you know, it's out of context, you can't establish anything from the location or the time of day, you might ask somebody else you think that's somebody from work or whatever, before even approaching them. And that's because as human beings, we place a lot of emphasis on location, and time.
And that's no different to how businesses operate today. And if you consider 20 years ago, a customer would be coming in through a branch door, it'd be between the hours of nine to five, and there'd be a lot of engagement. Today, that same customer may come in 24 hours a day from anywhere in the world. And they also expect an instant response, whereas 20 years ago, they might have been happy to wait around a week while you did various checks. So it's a real challenge for businesses, and it presents an opportunity for fraudsters. So identities become increasingly important. But I'd also say that we've got some big problems to solve when it comes to identity, not just in the UK, but globally. And I'd go as far as - and I've said this many, many times - when you really sit down and think about it, identity in the digital world... it is broken in in many ways.
And again, I'll give you an example of what I mean by that. We spend a lot of time in trying to educate consumers around fraud. So protect your personal data, protect your identity, don't ever give information out to fraudsters who are trying to get all your information so they can go and bypass systems. And that's a really good message to put out there. But the problem with it is that the moment that you want to do anything, apply for a loan or apply for a credit card or a current account or an online gaming, whatever it might be. At that point, even though you've been told, never give your information out, like guarded with your life, the moment you apply for anything, you're asked to do exactly that, right, you now need to give us all of the personal data and all of your information so we can verify your identity.
So that's a problem. Because for people like you and I, we can probably work out when it's okay to give out information when it's not. But for for huge sort of sections in the population. It's, it's problematic, because not everybody is aware of when things and what checks to look for and what to do. So example of my parents there in the mid 80s. You know, they struggle to know when it's okay, and when it's not okay to give, give information out. So there is a problem, though, with identity. And I think the future direction is that it will take away the emphasis on us as consumers having to proactively provide information, and will be more of a seamless picking up on attributes and things that exist in the digital world to be able to verify and establish trust without actually having to rely on consumers know when it's okay to give things out. And when it's not.
Brendan Le Grange 11:08
When we're moving house, I made the payment for the down payment for the rent of the new space. And we were on holiday at the time. And the the bank to their credit, they sent me an SMS. And in that SMS, it said, you need to reply today. But I didn't read the SMS because I was on holiday, and it was from the bank. Obviously, in hindsight, what happened because I waited more than a day, they closed my account. But I didn't know that until the day the movers were packing the house, and the new landlord sort of phoned and said, where's this down payment? And I phoned the bank, and they said, okay, we can verify you on the phone, you just need to tell me, what was your phone number when you open your account, which was the address that's linked to this. And you know, I know some of that because I know my past addresses. But I don't know which one I had at the time I open the bank account.
So I wasn't able to pass the verification and the questions they were asking, in my opinion, were questions that were more likely to be known by a fraudster then by a real person in the day to day lives. What is the name of the product of your current account? Now I don't spend any energy, understanding what my bank calls the current account. It's just the current account. The marketing team might work very hard to make me remember that I'm not sure what it's called. I don't know what date x&y transactions run on. So it hasn't helped anybody. In a world where yeah, there's invariably data x anyway. So I'm sure there are people out there who can read off an Excel sheet, some old address of mine and have just as good a chance that that's the one that I lost use for the bank.
It always makes me laugh a little bit, because my late father in law was incredibly technophobic. He refused to use an ATM. For most of his professional life, he had used one bank branch. And even when he moved house and moved office, he would drive into the city and go to the same bank. And his kids would be encouraged him dad just use the ATM around the corner, don't do a half hour drive just to get cash over the counter. But once they were going on holiday, and the day before his briefcase was stolen, and it included a whole lot of his documents. And he walked into the branch, they just greeted him by name. And then they just did all their transactions because they knew who he was. And then he said, yeah, you wouldn't have to get that with an ATM.
And I feel like, while it takes a long time for organisations that need to be extra secure, that need to be extra conservative, to adopt the technology, it does feel like we've finally come around to that sort of level where consumers expect that just by looking at their phone, or putting their fingerprint there, they can have access to everything, that people should just know who you are as if you had been at their bank branch for 30 years. You recognise me, the machine recognises me. It's not the 'what's your mother's maiden name?'.
John Cannon 13:56
I've got 10 year old twins, the younger two. And if you want to see how digital channel is going to kind of continue to evolve and have to evolve further. You want to look at how expectant they are of things just working and being quick and efficient and how little attention span they have when things don't work. I mean if you if you distil down the kind of digital channel and what we've been talking about, the thing that kind of underpins it is value. So why do we as consumers want to use an ATM using the example you just gave? Well, it's because it offers me convenience, it's more convenient for me to go to an ATM to get some cash out if I need cash. Although in this day and age, it's more convenient not to have cash. And but the value the value for me is convenience. It's quicker and easier than if I had to go into a branch and wait in line and get the cash out.
But that doesn't mean the offers the same values for everyone. So you know your late father in law that you just mentioned, you know, all the value that he saw the personal touch, the things that you saw in the branch outweighed the convenience for him. So you know different different people We'll see value in different, different ways. But certainly, when you think of the shift to digital in recent years, if I go back 1015 years ago, talking to as a fraud in financial services, or wherever, you know, their role would very much be focused on protecting the organisation from fraud. So first and foremost, it's protecting the organisation. And in some instances, that would be to the point where, you know, if it results in lots of genuine customers not being able to get through these controls, then I don't really care about that, because my job is to actually protect from fraud. And over the years, that's significantly changed now. So today, any fraud controls any, any security, anything around identity goes hand in hand with the need to provide this digital experience this convenience for people. So for controls that do not callosity, and customers generally don't get a look in. So that balance between the two.
Also, you know, compliance plays a part in this as well, because if you want to open accounts, for lots of organisations, especially in the regulated sector, you're expected to meet certain criteria around sort of regulation, when it comes to identity, a lot of the foundation of that is still built on interpretation of regulation that was created a long, long time ago, it still exists. So you have this challenge today, where there's lots of cool technology today, which can provide different aspects of identity validation and identity verification to help prove that an identity exists and that somebody actually owns that identity. But then compliance is always some somewhere behind that. So even if you see something that's, you see some technology that you think this can really help my organisation could be a really good technological way of preventing fraud and identifying people that might not translate into something that is understood from a compliance perspective, because from a compliance aspect needs to meet these various criteria until the interpretation of that regulation has been updated and changed, then that will continue. So there is that kind of lag between the two. And that's, again, a trend that I've seen a lot of over the last sort of 10 years.
Brendan Le Grange 17:15
On the fraud side, the cost benefit calculations a bit different as well. Whereas if the lender does a bad job modelling credits, the lender loses the money. But if they do a bad job defending against fraud, me as the innocent victim of identity theft, could be in for a lifetime of pain, having the stolen identity and do all that damage, and then still live a normal life with a protected credit bureau and such. So it doesn't make sense that lenders need to put on more levels of conservatism than they might for credit. But the flip side is that it's also usually at the most inconvenient time for a customer. And I feel like when you're applying for a loan at a lender, you are going to be a little bit forgiving, because you're looking for money. So it might be annoying. You might think, why are they still making me fill out these forms? Why are they asking me for the five years of old addresses or whatever, but I'll put up with it because I want the mortgage, I want the credit card. And that is that obviously sometimes when fraud checks are happening, too.
But often, we'll also get caught up in fraud checks when we're trying to access accounts we already have, and we no longer feeling like we're getting something out of the deal. So I do have a lot of sympathy for this. And I try remind myself whenever a transaction gets blocked for a fraud check or something, and I have to phone the bank and sit on the phone a few minutes and answer some questions to get put through. It is a tricky balance. And I don't think many organisations fully appreciate that the fraud team are juggling that you did mention that obviously there has been a cultural shift from fraud, just saying no, but I think for many fraud did start deep in the back office. And when it comes to who's CEO of the lending organisation whose chief product officer, you know, who's got the power in the board to make decisions. It's seldom somebody who came from fraud. And so investments and things, I think a lot of fraud teams to struggle to get those. But they are playing with quite a tricky balance high stakes if they get it wrong, both in terms of, you know, the bad press and the losses. And also, if you stop the wrong person, it's a big inconvenience.
John Cannon 19:25
yeah, and I think, and I've spoken about this many, many times, take banks, and they sometimes get bad press in this space, because someone's had money taken out their accounts or whatever. And what we shouldn't forget is that, you know, the banks don't want fraud to occur. They don't go kind of, you know, looking for that. And they're spending huge amounts of money to defend and protect against it. And trying to balance that with making sure that the service they provide to customers is convenient and easy because you just talked about the frustration of being stopped from getting access to something When that happens, they don't want to inconvenience you, or they also don't want you to be a victim of fraud. We shouldn't forget. And it sounds like I'm a massive supporter of banks, and to some degree, but there are some things that you know, you could you could set and we could talk about banks all day. But I think certain things I see regularly where I often read articles, and I think the article is completely ignoring the fact behind all of this. There's a bad guy, there's a fraudster who's gone out and committed fraud, committed deception. They've taken money out of that, or whatever it might be, the bank didn't ask for that don't want that. I'm just trying to protect against it. So we shouldn't forget that.
Now, I'm not saying all banks are perfect, and they all adopt all controls, they could, there are clearly areas where more can be done to protect consumers. And that's right. And they do get called out on that, I think, and rightly so. But equally, it feels like the fraudsters have become this anonymous thing in the background that everybody ignores. And when something happens, it's either the consumers fault because they didn't protect their information. Or it's the bank's fault, because it didn't protect the consumer. And nobody really points the finger and says actually, it's the fraudsters fault. Just on sort of identity fraud suit, again, bring your attention on how difficult the job is. Over the years, I've spent time doing a tour of a number of journalists of national newspapers. And the challenge that was set was, could I steal their identity and without using any sophisticated technology of any way, so just using, what's available and what's out there, and what anybody can kind of access and what happened in each of those instances, but even even when they locked everything down, and all of their financial services, all of the social media, everything, they were felt very confident that I wouldn't be able to find anything else about them in every case was able to get a lot of these l personal data without too much trouble. To be honest with you. I've done the same thing with executives of banks where at events, I've spent very little time and pulled up a whole raft of data, because because our lives in the digital channel are out there.
And whether you think you've locked down Facebook, and nobody can see that, you know, think again, you might have locked down Facebook settings so that people can't go in and see much of your data. Or then quite often things that you've liked visible in your public profile, you go to most people's Facebook profile and look at what they've liked, people tend to like things near to where they live. So local pub, local shops, whatever. So straightaway, you've got an in there, you've got someone's name, now know the area that live in, and then you can start to build the profile from there. And then on top of that, then fishing techniques are advancing. Most people now know if somebody rings up and ask them for the bank accounts shortcode, not to give it out.
But if, say, you received an email from Macmillan Cancer charity, saying, Hi, we can see you've liked our Facebook page, really appreciate it. And we'd love you to provide two pounds a month to help our charity, we'd all the work for you, we've got a direct debit form below filled out, it's got your name in details, all you need to do is put your bank account sort Code, and we'll do the rest. Yeah, that becomes much more difficult for somebody to realise that because that person has liked that page. And therefore the emails coming in, it's actually saying something that is true. And using that other way of establishing that trust with them. So it is difficult. And it's difficult for everybody to come back to the point I made earlier about lots of aspects of identity is is broken. And the more we rely on consumers to not give out data, but then they give it out different times, it makes it hard for people to understand when they should and when they shouldn't.
Brendan Le Grange 23:42
And if we pause on that just a little bit. So obviously, as a consumer sitting in, in the general public, you would probably read the most headlines about data breaches. So x y companies let 100,000 records be exposed a million records be exposed. And often that's narrative that that's where you've got to be worried about your data being stored somewhere who doesn't have good controls, and it will get released in a batch. For the actual fraud, though, is that where most of these compromised of identities is happening? Or is it ongoing in lots of smaller, more sophisticated ways the whole the whole time? You know, if if we think about what should we try to do to protect ourselves?
John Cannon 24:25
I mean, it's a mixture of both both cause an issue but I think, you know, when when you think of some of the large data breaches that have happened, in similar cases, the actual data that's been compromised on the face of it doesn't look that sensitive to going into these like names, addresses, whatever. And you sort of think, well, if someone's got that data, you know, what, what can they actually do with it, but it's almost like the start of what they can then build on from there. So a typical chain of a data breach might be breach happens that data is then made available on the dark web to people who want to buy it may just be some Information, it may include passwords and things which they can then they might have a username and a password for something. And, you know, unfortunately, we are creatures of habit, or they use the same password and then add a number one on the end of it or add a number one and an exclamation mark on the end of it. And I'm imagining lots of people suddenly go in and changing their passwords, results that because we all do it, because it's hard to remember them. And yeah, there's a lot to be done in the authentication space. And there's lots of good work being done to remove the need for passwords and using things like biometrics, so access things, but you know, today, we still have that issue. So process or by that data, they might get enough from that to be able to do something. But if they haven't, then they will go about social engineering to actually try and pick up more data. And that'll that'll be taken number of forms. So, you know, what is fraud? Well, it's intentional deception for personal gain. In most forms, the fraudsters looking for money or something, they can convert into money. You know, that's what that was, what interests them. And so therefore, if financial services companies that offering loans for example, well, there's a direct correlation, if I can defraud this company, or scam this company into sending that money to me, then I've got the money and I go kind of thing. So feels like a quicker exit from those things. But they will sort of have that information that they picked up on the dark web. And they'll also then sort of test the other controls are trying to bypass and keep sort of testing to see what sort of control workout what controls are in place. Again, to come back to your example earlier in the call, where a bank may be asking you for certain information in order to prove your identity. If the fraudsters then keeps trying to attack that service. So understand what that requirement is, they then might know, well, I need to go and find out this information from this individual and Wilberforce right social engineer them. So there will always be a problem, as long as the control of proving identity falls on to the consumer, again, not to keep making the same point over and over.
Brendan Le Grange 27:00
No, but well, I think what's what's interesting, they're talking about the single password, we got to make sure we're not using identity in a way where it's just the same set of data, that there is something more interactive, which is the location data, the device data, you know, when I first opened my bank accounts, it was my identity number - assigned, basically at birth in South Africa - so that never changes. And then something like your address, but there wasn't much beyond that. Maybe they had some questions that I'd set up, but guessable or find out'able questions around what was your first pet or your first school or your mother's maiden name. And if those were ever once compromised, they were always compromised, because none of that ever changed.
Whereas it does feel now that at least there's a movement away from that from static data that stops using a social security number and ID number and starts to use something that's more dynamic, maybe biometrics - obviously, that is still static, but the device that's reading it can read all sorts beyond just a picture, clever things in the background to make sure that is you being photographed, you've been videoed - but I guess as with everything, It's an arms race, and the fraudsters are getting more sophisticated just as quickly.
John Cannon 28:13
Yeah, absolutely. And I think, on the one hand, we as consumers would hope for a scenario whereby we never ever have to put in passwords, usernames to access things that we do today. And also, when we enrol into a process that we don't have to provide anything, really, and it's all just on, instantly, seamlessly, and without any any issues. You know, I guess that's the future goal for a lot of organisations. Technology's advancing, there's lots of really good ways to adopt services to help to do that. But then there's always going to be, I guess, exceptions, further enhanced challenges that need to take place during that interaction to establish whether this is a genuine customer or not. And if you if you get caught in that, then your experience won't be the same as others. But you know, things are moving on. And I think, you know, it's interesting time really, and, and you're right, in that in a short period of time. And certainly over the last couple years with a pandemic, we've seen a lot of businesses accelerating their digital plans, and therefore, you know, it's given this much more priority in a lot of organisations.
Brendan Le Grange 29:16
Yeah. Which is a similar message that I'm hearing from collections teams who are in a similar boat often, yeah, if we accept, we are going to inconvenience 1 in 1,000 1 in 10,000 people, let's make sure that stopping the transaction is done in the best possible way. So perhaps it's just a case of the fraud teams working with customer experience teams to make sure that where we do have to block somebody inconvenience somebody pose a transaction or an application that is done not in a policeman style way of this is stopping here because I say so. But then we build a nice process around that to limit that felt inconvenience.
We're at time now. So I know you said you are very busy already. Do you want to talk about how people can reach you in the work you're doing now? Or have you got enough on your plate that you would rather just sign off?
John Cannon 30:09
This is the point in the podcast where I feel like the chat show host plugging a book or whatever. No, I'm happy to give a plug to the work that I'm doing. So yeah, if anybody needs help in terms of scaling the business in fraud solutions or or putting fraud defences in place, yeah, I'm very happy to chat and being me either through LinkedIn, or through my email address, which is John.Cannon@Oakford.consulting.co.uk
Brendan Le Grange 30:42
I will put those details in the show notes as well. Yeah, thank you very much for making the time. Certainly, I think it will be very interesting for the audience, and as I said, my first job was in fraud so it's something close to my heart. Identity, though, I've probably done it a bit of a disservice by talking about it in fraud, where it is now far more encompassing than simply a background part of the fraud process. It is something as you say, that's central to our lives, not even just in financial services to most interactions we do today. So yeah, thank you very much. It was great catching up (glad I could be part).
And thank you for listening. If you're enjoying the show, don't forget to subscribe, like and share it on your podcast player of choice. And I'll see you next Thursday. When we talk BNPL in Spain, Mexico and Poland with Jaime Maron of Fiizy.
John Cannon 31:57
Was hoping I was going to take like about three months off. Just a bit of downtime. And I guess what's my network got to hear that I was moving and offered a few consultancy contracts or advisory roles, ended up having a couple of weeks, but during that two weeks, I ended up doing a load of meetings anyway. So I don't feel like I had much of a break, but it's not like you can turn around to people and say, yeah, I'll tell you what, I'll come back in three months and hopefully you'll still be needing some help.