When creating a fraud strategy, the top concern for many organizations accepting online payments is preventing payment fraud. This makes sense, but failing to consider other types of illicit activity can be costly. In fact, most marketplace fraud spending is not related to payment fraud, but rather other forms of illicit activity that includes collusion, trade base laundering, and transaction laundering. These result in economic losses, and worse in negative reputation impact.
There is a wide margin for organizations to address other types of risk before it becomes fraud on the payments side, yet many fall short in managing non-payment related threats. Bank Secrecy Act (BSA) compliance is the needed counterpart to payment fraud for a holistic risk strategy approach that effectively addresses digital marketplace threats.
To talk about how risk goes beyond payment fraud and how BSA compliance can bolster organizations’ risk strategy approach in digital marketplaces, PaymentsJournal sat down with Jose Caldera, Chief Products Officer at IdentityMind, an Acuant company, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.
Fraud Encompasses Much More than Just Payments
Companies usually assess their losses based on payments fraud, highlighting why it’s so important to prevent and reduce such attacks. But payments related illicit activity makes up just a fraction of common crimes. In the United States alone, there are over 200 types of specified unlawful activity (SUA) in Title 18, including financial fraud, identity theft, and other common fraud.
The chart below, provided by Mercator Advisory Group, identifies the top 15 fraud categories reported by consumers to the Federal Trade Commission (FTC) in 2018. It starts with impostor scams and debt collection and trickles down to foreign money offers and counterfeit check scams.
Certain types of fraud are often precursors to payments fraud. “There is such a wide margin to assess risk before it actually becomes fraud on the payments side,” explained Caldera. “While many organizations are already thinking about payments fraud, there are multiple other aspects relevant to address every component of risk and fraud.”
The second chart provided by Mercator Advisory Group, shown below, reveals the payment methods used to perpetrate fraud. Unsurprisingly, credit cards are at the top of that list, but are not as high as wire transfer fraud in terms of dollar volume.
Organizational Structure Should Reflect a Wider Variety of Fraud Threats
Most organizations are not set up to handle all the risks they face, and the compliance issues that they engender. Being prepared for these risks requires the right processes, systems, knowledge and organizational teamwork.
Recognizing and preventing identity fraud and other illicit activity is somewhat unique for every business. What this means, said Caldera, is that “every business has different areas they can tap into. Each one of those areas offers information that, if put together, can improve the detection of criminal activity. And, data collection, if done properly will not affect the user experience.”
It is important to have a profile that assess client risk not only during account onboarding, but also takes into consideration what capabilities clients will have access to (e.g., money transferring capabilities), what products they can access, and the amount of money they can spend or sell. That risk profile needs to assess every customer touchpoint, from onboarding to the end of a transaction, but doing so could look very different from one organization to another.
Monitoring is also critical, as individuals’ risk profiles change over time. Monitoring infrastructure that tracks the behavior of clients and adjusts their risk profile accordingly is crucial in addressing the unique risks that online transactions pose, particularly when it comes to customer authentication.
Compliance Has Many Overlaps with Fraud And Risk Management
With certain types of fraud, such as money laundering, businesses have a plethora of regulatory obligations that must be fulfilled. Conveniently, putting regulatory strategies in place to meet anti-money laundering (AML) and other regulations significantly overlaps with fraud analysis and risk assessment.
“The concept of compliance to an AML regulation is very connected to the notion of understanding who the user is, their risk, and how they need to be monitored so that companies can understand and identify any suspicious activity,” Caldera added.
Fraud and Compliance Management Teams Find Value in Similar Data
To achieve proper BSA compliance, organizations need to look at fraud as part of the compliance process. Fraud risk management can be improved by forming it alongside other processes that are already happening, especially those associated with AML and regulatory compliance.
Connecting the dots between compliance and fraud teams relies on data sharing, which can better inform each team of their own processes and lead to greater accuracy and efficiency. What is learned from fraud and risk analyses can inform the compliance world and vice versa. Despite this, fraud and compliance teams have historically worked independently of one another.
Digital Identity Technology Can Be Leveraged By Multiple Teams
Technological platforms have the ability to empower fraud and compliance teams to access overlapping, valuable customer data. Doing so ties into the concept of a digital identity. If companies are able to accurately represent individuals and businesses as digital identities, those identities can be leveraged by multiple teams to inform decision making that bolsters security.
That technological platform serves as a centralized container of information, monitoring and detecting changes in behavior, risk profiles, and other information pertaining to the digital identity of a client. Teams can then access the data in real time, regardless of whether they are involved in fraud management or compliance processes.
By being able to embed the functionalities of this technology into day-to-day operations, organizations’ operational processes become more effective and efficient. IdentityMind is an example of a strong technological provider that enables companies to make and find daily value in that connection between transaction monitoring for fraud and compliance through the use of patented digital identity technology.
The Takeaway? Compliance is the “Secret Sauce” to Manage Fraud Risk
Compliance can be described as a “secret sauce” for organizations because a lot of the processes needed to be compliant are the same processes needed to mitigate the risk of fraud. Some organizations have pushed all of their resources into fraud risk, but are also required to meet regulatory compliance. By enhancing compliance, fraud management is similarly enhanced, and illicit activity can be detected at an earlier level before it becomes payment fraud.
Organizations required to follow regulatory compliance from the BSA perspective already have a set of tools that can–and should–be better utilized by their fraud teams. Simply put, better compliance means better fraud and risk operations.