Show Notes
Everything you trust online is about to break, and André Ferraz built a company to catch the people breaking it.
Picture a 12-year-old kid riding his bike through Brazil when a stranger points a gun at his face to steal it. That kid grew up with two computer scientist parents, an early love of code, and a peculiar fascination not with building systems but with breaking them. Three decades later, that instinct for thinking like an attacker became the foundation of Incognia, a company now embedded in 1.2 billion monthly active devices and built on a single contrarian belief: your location behavior is the strongest signal of who you really are.
But the road there nearly ended before it began. André moved to the United States six years ago to chase the biggest market, bringing a thriving location-based advertising business with him. Then the pandemic hit. Physical retailers shut down. Revenue collapsed 95% in a single month. The team went from 250 people to 50, keeping only the engineers. Most founders would have folded. André and his co-founders looked at the precise location technology they had spent over a decade perfecting and asked a different question: what else can this do?
The answer was fraud prevention, and it turned out the world needed it desperately. Incognia now serves banks, fintechs, crypto exchanges, and marketplaces, answering one deceptively simple question for every login, transaction, and signup: is this user who they say they are? The results speak loudly. Triple revenue growth. Six times the return on investment delivered to clients. A 100% trial-to-paid conversion rate. And a 180% net dollar retention rate that means customers keep expanding once they see the data.
The conversation gets genuinely unsettling when André lays out the asymmetry of modern fraud. The criminals are professionals, not hoodie-wearing loners. They run 60,000 fake accounts in two days. They factory-reset devices in 30 seconds to dodge detection. They share tools and open-source software while the banks defending against them compete and stay siloed. The money pouring into making deepfakes dwarfs the money fighting them. As André puts it, if you brought him a deepfake detection company, he would not invest, because detection can never outspend generation.
So Incognia plays a different game entirely. Rather than analyzing whether a video is a deepfake, it checks whether the camera feeding that video is even real. Rather than trusting a spoofable GPS coordinate, it fuses Wi-Fi, Bluetooth, cell tower, compass, accelerometer, and gyroscope signals to locate a device down to eight foot accuracy, close enough to separate two fraudsters in different apartments of the same building. The bet is that AI can fake your face, your voice, and your data, but it cannot cheaply fake the real physical world at scale. Make the attack economically unfeasible, and the fraudster moves on.
The episode closes on a vision that goes beyond catching criminals. André imagines a world without buttons, where the hotel TV logs you in automatically, the thermostat already knows your preferred temperature, and the world quietly personalizes itself around you because it recognizes you everywhere. Stop the fraud first, because that hurts. Then make the world more elegant.
The Asymmetry of FraudAndré's core mental model for why defenders are structurally disadvantaged:
Criminals break rules freely while banks must follow heavy financial and privacy regulation.Fraudsters collaborate and share open-source tools while competing banks stay siloed.Deepfake generation attracts vastly more capital than deepfake detection ever will.The takeaway: never fight on the attacker's terms, find a different angle.
https://www.linkedin.com/in/andreferraz/
https://www.linkedin.com/in/estesryan/