RiskConnect 2019, or how businesses can thrive in a risky environment

For a business to thrive, innovation is essential, and the more we innovate, break new boundaries, and access worlds that used to seem far away, the more we discover that the level of danger, of risk exposure is bigger. But how to deal with risks in a way that we don’t shut down on innovation and make the business process sustainable and lasting? Clearly by applying regulation, using innovative technologies, supporting actively dialogue, collaboration, and flow of information among all parties involved, plus sharing education and knowledge.

RiskConnect is a conference organised by Web Shield and dedicated to payment risk professionals. It was born while discussing the newest challenges facing the payments and transactions industry and providing hands-on knowledge that we can apply in our daily work. For two days, 19-20 November 2019, over 200 delegates from 28 countries gathered in Warsaw, Poland to be delighted with the hot story behind Panama Papers, savour panel discussions on loot boxes, deceiving marketing, cryptocurrency use, and taste famous Polish pierogi (and more). The Paypers was one of the key media partners of the event, thus having the opportunity to find out the latest trends and developments in risk management.

‘Hello. This is John Doe. Interested in data?’ Or the story behind Panama Papers.

The event debuted with Web Shield’s CEO drawing a parallel between the job of an investigative journalist and of an underwriter, because each of them start with a story/client to observe and has as main mission gathering and connecting all info surrounding the story/topic in order to come up with the best obtainable version of truth, as Pulitzer Prize winner Carl Bernstein said. And what better guests to speak about truth than Frederik Obermaier and Bastian Obermayer, the two investigative journalists behind the Panama Papers case, who were invited as keynote speakers on RiskConnect’s stage.

The story began in 2015, when Bastian Obermayer received data about the world's fourth largest offshore legal and corporate services company, Mossack Fonseca, located in Panama. Together with his colleague at the German newspaper Süddeutsche, Frederik Obermaier, and later with the help of the International Consortium of Investigative Journalists (ICIJ), over 2.6 TB of data were analysed (which was massive compared with 2.7 GB contained by Cablegate/WikiLeaks in 2010 or 260 GB by Offshore Leaks in 2013). In terms of structure, the leaked data contained emails, databases, pdfs, images and text documents, and to navigate this sea of info and stay protected, the two journalists applied two principles: shut up and encrypt data. The data revealed where super rich people hid billions of dollars and included big names of institutions like HSBC and personalities - Vladimir Putin, Muammar Gaddafi.

The audience had their breath held until the end of the presentation. And of course since there were so many questions, a panel discussion followed on the topic of money laundering. Greed, lack of experienced compliance experts, too specific regulation, too much reliance on third parties - all added up to the fighting money laundering issue.

Technology – RegTech – one remedy to money laundering

Panama Papers have sent an important signal: no crook can feel safe anymore. Nevertheless, transaction monitoring and reporting suspicious transactions, particularly for businesses processing high volume transactions, is still a cause for concern for authorities. Experts from Deloitte RegTech Lab, Anna Werner and Manfred Wandelt, believe new technologies have the capability to better fight financial crime.

Compliance modernisation is no longer optional, but mandatory, due to increased number and value of the regulatory fines applied to large US and EU universal banks, high volume of regulatory changes and amendments, plus the outdated IT infrastructure and error prone processes. Moreover, USD 1.45 trillion of the global turnover is lost to financial crime, with bribery, corruption, and money laundering being top 'revenue makers'.

As a result, regtech goes beyond just a buzz word. And because it is based on innovative software solutions, it can significantly advance the digitisation of the regulated environment.

Card scheme propose new action plan for acquirers when onboarding high risk merchants

One of the recurrent topics on RiskConnect’s agenda is Mastercard’s Business Risk Assessment and Mitigation (BRAM) program and its latest requirements for high-risk merchants. ‘BRAM program has always enforced the core Mastercard principle that we will not tolerate any illegal activity on the network.’ This was the main message Jonathan Trivelas, Director, Customer Compliance and Fraud, Mastercard delivered on RiskConnect’s stage.

To help acquirers monitor merchants that exceed established thresholds, Mastercard announced the new Excessive Fraud Merchant (EFM) program and changes to the Excessive Chargeback Program (ECP). EFM defines and establishes a benchmark for excessive fraud on CNP transactions processed by Mastercard’s global network and recommends the use of industry standards and best practices to address excessive fraud.

The program analyses the monthly number of ecommerce transactions (1,000 and more), fraud chargeback amount (USD 50,000 or more), fraud chargeback basis points (50 or more), and 3DS utilisations (less than 10% for non-regulated countries and less than 50% for regulated countries). Acquirers and merchants that take action to authenticate consumers using incremental data about the consumer and transaction environment (device ID, IP address, location, etc.) will reduce the likelihood of being identified in this program.

ECP closely monitors and receives alerts from Mastercard as to chargeback activities of all merchants and aims to promptly identify excessive chargeback trends and implement mitigation action plans to protect the cardholder experience. Under the new assessment structure, an acquirer with a merchant that acts quickly to resolve their chargeback issue will be assessed significantly less. Among benefits of the new program, Jonathan mentioned removing dedicated resources that were usually needed by acquirers to report merchants that exceed the ECP threshold to Mastercard. Plus, an acquirer with a merchant that takes quick corrective action to address the cause of the chargeback issue will no longer face the potential of thousands or hundreds of thousands of dollars in ECP assessments.

Meeting the minimum legal requirements, or NOT? Deceiving marketing

For the last decade, people in the US have lost USD 80 million trying to buy magical products that make them lose weight, have whiter teeth, and no wrinkles. Apparently, these products are endorsed by celebs such as Angelina Jolie or Oprah Winfrey and seem to pose a minimal risk to the customer, as many think they are free samples or that the credit card protects them when they purchase the magic pills. This practice is called deceiving marketing, and the celebrities don’t always know that their name and pictures are used for such activities.

Such purchases may render any card transaction illegal, even if the products are sold legally, because the way merchants sell these products create the acceptance risk. Moreover, sometimes even the authenticity or the ingredients of the goods can be duped or absconded.

Deception takes many forms and could include anything from misleading claims, unfair terms, negative option selling, pyramid scams to affiliate marketing, fake reviews and aggressive commercial practices. These deceiving businesses have exploded due to the use of new techs, and consumers are daily bombarded with bogus emails and robo-calls. Most of these practices come from US and Canada; however they spread quickly everywhere via social media, landing pages, and affiliate marketing.

Collaboration and education are key to risk management

Big challenges need big collaborations. And to fight serious organised crime, anti-fraud and risk professionals must be similarly serious and organised as an industry. During the event, all speakers stressed the necessity that industry players, law enforcers, technology providers need to collaborate and share data. To enable this objective, organisations such as the International Consortium of Investigative Journalists (ICIJ), the Belgian Gaming Commission, the Royal Canadian Mounted Police, Visa, Mastercard have been invited to share their knowledge at RiskConnect. And for those who couldn’t make it to Poland, WebShield launched the fifth book in the Web Shield ‘Fundamentals of Card-Not-Present Merchant Acceptance’ series and an online Academy on how to become an underwriter expert.

Thanks to Web Shield team for having us in Poland at RiskConnect, and what better way to conclude than by asserting that RiskConnect is the best place to meet exceptional unsung heroes of the payments industry and learn from their adventures.

About Mirela Ciobanu

Mirela Ciobanu is a Senior Editor at The Paypers and has been actively involved in covering digital payments and related topics, especially in the cryptocurrency, online security and fraud prevention space. She is passionate about finding the latest news on data breaches, machine learning, digital identity, blockchain, and she is an active advocate of the need to keep our online data/presence protected. Mirela has a bachelor degree in English language and holds a Master’s degree in Marketing.