Connecting the industry to fight financial crime and identify risks

It’s been one year since the last RiskConnect Virtual conference. How has the payments landscape changed since then?

In payments, the more things change, the more they stay the same. Card-not-present fraud is not going away. It’s a USD 6.5 billion a year problem. That’s approximately how much was lost to fraudulent online payments made with stolen cards in 2020, according to Brighterion, a Mastercard company. If anything, the problem’s getting worse as more people shop online on account of the pandemic. Juniper Research predicts that CNP fraud will cost nearly USD 80 billion by 2023.

Again, social engineering as an attack vector is not new. Over the last 12 months we’ve seen criminals honing COVID-19 hooks for social engineering scams. For example, sending e-mails or texts requesting card details to book a vaccination, claim a business rebate, or pay a fine for breaking lockdown. Other forms of third-party fraud also continue to be an issue. For example, data security breaches, credential phishing attacks, ransomware, and terminal swap-out fraud.

When it comes to money laundering, counterfeit remains the number one predicate offence for money laundering. We heard from the European Union Intellectual Property Office about the worrying trend in global fakes. Corruption is also about as old as money itself. Our keynote speaker, Oliver Bullough, explained how kleptocrats steal trillions of dollars every year. And then hide and spend it by exploiting loopholes in the international financial and legal system, something he dubs ‘Moneyland’.

How have these changes influenced fraud levels/attacks? Were industry participants (merchants, payment service providers (PSPs), acquirers, regulators etc.) ready?

It’s not just criminals that can adapt and evolve. Risk management professionals can, too. It’s actually something they’re quite good at, because risk is dynamic by nature. Anything can change in a business, a merchant’s business, or the external environment. Therefore, risk professionals are used to operating dynamically. 

Industry participants were broadly ready for new attacks and old attacks re-purposed. But they’ve faced a double-whammy of a rise in online scams since the start of the COVID-19 pandemic. And a huge decrease in law enforcement’s ability to respond to scams. In some instances, fraud police who normally field complaints from victims have been redeployed. 

The combination of these two factors places even further strain on government and regulatory agencies to respond effectively. And it places a higher burden of responsibility on individuals and businesses to protect themselves, be more vigilant and take control to mitigate these online risks.

One way to be prepared for the future is by sharing lessons learned and best practices when coping with fraud and scams. How do the major themes of RiskConnect Virtual tie into the topic of market education towards spotting bad actors?

Countering online fraud and scams is one thing, but let’s not forget first-party fraud by unscrupulous merchants. Some merchants are just mad, bad, or dangerous to know. They’re out to obtain an acquiring contract to beat the system and cheat their acquirers.

They engage in everything from bust-out fraud to artificially inflating their transaction count to reduce their chargeback-to-sales ratio. They sell illegal goods and launder money and/or transactions. Such attacks are definitely not going away either. That’s why we made high-risk acquiring, following the money and current trends the major themes of RiskConnect Virtual.

How can merchants address their immediate regulatory needs while also future-proofing their strategy for the changes to come? Can technology help?

Technology can certainly help in the fight against financial crime and with regulatory compliance. This is evidenced by the take-up of regulatory technology, or RegTech, by businesses, and supervisory technology, or SupTech, by regulators. 

Yet technology is not a panacea. It’s most effective when it’s tailored to the needs of a business and integrated with effective processes and people. The popular ‘ABC of Underwriting’ presentation at this year’s RiskConnect Virtual showed that day-to-day policies, procedures and controls are the fundaments of risk management. 

Good-quality, well-trained people are another fundament of a good risk management approach. With seven Web Shield Online Academy courses now available, and the return of our in-person Academy next year, Web Shield remains committed to educating risk professionals. 

Looking into your crystal ball, what will be the important trends for 2022?

Risk management professionals will need to keep a watching brief on the risks arising from crypto investment fraud. Legislation around the cannabis-derived compound cannabidiol or CBD will continue to evolve. As will high brand-risk acquiring, particularly with the introduction of new Mastercard rules for adult content merchants.

We’ve all seen the fallout from the Pandora Papers and whistle-blower disclosures from a former Facebook employee. They speak to the dark side of global connectivity. While money and data can cross borders easily, laws and law enforcement struggle.

To combat serious organised crime, we must be similarly serious and organised as an industry. Anti-fraud and risk professionals must stand up and stand together to face down the challenge. We have to collaborate better than the criminals.

With that in mind, the entire RiskConnect Virtual 2021 programme remains freely available for 12 months at https://www.riskconnect.eu. 

About Alex Noton

Alex Noton is Web Shield’s Chief Executive Officer. He is responsible for the broader strategic direction of the company which includes optimising business and product development efforts, coordinating with the board of directors and implementing internal workflow improvements. Alex has over two decades of experience in senior roles at investment banks and accountancy firms. He started his career as a lawyer.

About Web Shield

Web Shield has been equipping the payments industry with tools to protect businesses from merchants involved in illegal or non-compliant activities since 2010. Our highly precise solutions enable acquirers, PSPs, and other financial organisations to evaluate new merchants and monitor existing ones, thereby saving both time and money.

Web Shield also organises RiskConnect, a networking conference for risk management professionals. Delegates can access hours of great keynotes, presentations, and panels, featuring industry experts on-demand for free over the next 12 months at https://www.riskconnect.eu.