Onboarding and its Challenges

Onboarding and its Challenges

Onboarding is already a complex, competitive and ever-evolving process: but is about to become `THE CHALLENGE’ over the next year. But why? And how can we be sure?

We will discuss here:

  1. Some of the current regulatory changes and why these are such a great thing for those of us with onboarding functions
  2. How in the coming year or two, these changes will have a major impact upon onboarding functions, and
  3. What we should look-out for and what we can start doing.

We are having to make major changes to our businesses and more will be needed as further legislation continues to ‘hit-us’. But it is mostly GOOD regulation. We are entering a period now of high-disruption and high-regulation – see below for a UK market example.

The graphic below indicates the balance between disruption in the financial services environment and all of its stakeholders. It is the view of UK Finance[1], the UK Banking industry trade association, and their thoughts on ‘the future of payments and banking’.

Kevin Smith - Risk Review Specialist
Kevin Smith

For all of us, it would appear that we are accelerating into a period of both high national and international regulation as well as high market disruption through new entrants and competition, innovation, data availability and enabling technologies. This is a good thing because it means that the marketplace will evolve in a controlled way and we should rather want to be in such a marketplace than the others shown above. But it is worthy to note that this high regulation is in the main a very good thing because:

  • The legislation is positive rather than punishing – it clarifies who does what, where, how and why,
  • It prevents abuse and misuse of the global payments infrastructure and any ‘more localised’ deployment,
  • It supports consumers and their needs – protecting end-users of the payment system,
  • It encourages further innovation and market development,
  • It is designed to support competition and to challenge the status-quo in the markets.

EXAMPLES

PSD2 is very prominent because of Strong Customer Authentication (SCA) implementation and enforcement at the moment, BUT PSD2 and broader European financial services regulation have also given us Open Banking and push as well as pull payments with the opening-up of banks to new payment organisations such as PISPs[2] and AISPs[3] and their new regulatory registration category.

GDPR was seen as a surprise to many and a headache to most last year, but it really is ‘the best thing that has happened to information management’.  It leads to a greater understanding of our data, our data needs and it requires us to ‘do our jobs’. It reminds us that it is not necessarily our data and that we need to justify why we process the data in the way we do. It enables us to deploy better practices, develop new products and services and to use information sources better to help us know our customers. In turn, GDPR has helped us refocus on the importance of Information Security Management Systems (ISMS) and further this year to comply with ISO 27001 and now additionally with ISO 27701 (a current urgency).

The current and ongoing UK Government-initiated evaluation (and similarly across the EU) of the operations and activities of company registers, highlight the concerns that Governments themselves must also continue to improve the data available and to deliver access to reliable, trusted data.

Money Laundering regulatory changes globally are also now creeping up upon us – but we will say no more about these challenges here as they envelop us.

In the UK, the Payment Systems Regulator (PSR) was established three years ago and is in the process of overhauling the payments regulation with the drive towards more innovation, inclusion and competition. It is now part-way through a deep review of the merchant acquiring marketplace and practices, the economics and the profitability of the big players and other stakeholders. We can expect the PSR to make rulings that will again focus us upon applying greater transparency, and in creating competition and innovation in payments.

Bill Trueman - Risk Review Specialist
Bill Trueman

Key to a lot of regulation in this area is making access to services easier, simpler and faster; removing barriers to entry and services more innovative. So, we can expect this review and further disruption to include regulation mandates (especially the UK PSR requirements due to be published in Q1 2020) around:

  • More shared data across the industry,
  • Faster onboarding – with increased focus on both initial and ongoing merchant underwriting,
  • Mandated acquirer ‘account switching’ service (i.e. to be able to change acquiring partners with greater ease),
  • Data sharing to facilitate this,
  • Easier, faster and more accurate due diligence,
  • Mandating innovation and competition in favour of smaller, newer, innovative technologies,
  • Greater transparency in the application of merchant contracts, operational support, and providing ‘value-add’ services to manage merchant and systems risks.

Accordingly, the challenges for acquirers, and their trusted processing partners, over this coming year (2020) will see a need for us to become smarter, faster, much more automated, more innovative and accommodating to new technologies and solutions in an ever-evolving and faster way. Those who do this quickly and efficiently will survive, those who do not or cannot: will struggle and start to suffer.

Merchant onboarding has often been a ‘race to the bottom’ and must now start to become a ‘technology race’. The challenge will be to stop giving ‘lip-service to innovation’ and to now adopt and meet the onboarding challenges to:

  • Automate (and cleverly) the sanctions / PEPs screening functions,
  • Make greater use of bureaux data for businesses,
  • Make use of stronger and better technology to use the many existing and newer data for merchants, individuals, web-presence, payment solutions, etc.,
  • Secure timely access to critical data across multiple jurisdictions,
  • Gather more data from the web and other trusted sources about businesses, business performance, their people and their customers,
  • Understand businesses better, and bringing compliance and business due diligence into the sales team and other front office rather than seeing it as a ‘back-office function’ only; and the responsibility of risk, credit and compliance teams alone.
  • Develop stronger credit risk skills, risk management understanding and exposure measurement and management both at underwriting and at every stage or significant change in the merchant life-cycle.

We are certainly entering a period where onboarding WILL become even more important and more competitive and the biggest challenges will be for acquirers and their partners to focus upon and to ‘up-their-game’ to compete and innovate in their application of risk management in general, but in particular in their onboarding.

The current Regulatory changes and impositions are a very good thing and will be the catalyst for further innovation, disruption and change in our industry today – and also for the industry that we will evolve over the next few years and into whatever form it may morph into!

Bill Trueman and Kevin Smith work as Riskskill.com to help businesses in the payment sector perform better, whether in complying with regulation, doing more business, challenging partners and/or helping to put things right when they go wrong and if/when regulators, card-schemes and other parties start to challenge what our clients are doing. They are industry commentators and also help companies in the industry establish direction, strategy and new ways of doing things.

[1] UK Finance https://www.ukfinance.org.uk

[2] Payment Initiation Service Provider

[3] Account Information Services Provider

 

RiskSkill Attends WebShield’s RiskConnect Conference 2019 in Warsaw

Webshield RiskConnect Conference 2019 Warsaw

The team at Riskskill were both honoured and pleased to attend and support our friends at Web Shield and yet another successful networking conference for risk management people, this time at RiskConnect 2019 in Warsaw.

Over the 19th and 20th November, Web Shield hosted some 250 risk practitioners from across Europe and many from further afield.

There was a superb group of presenters at the event, who rewarded the audience with powerful presentations; such as:

– Keynote presenters from Süddeutsche Zeitung (Obermayer and Obermaier – who were the original ‘Panama Papers’ 2017 pulitzer-prize winners) who signed copies of their book at the conference.

– Mastercard and Visa executives who presented their visions and key changes to global chargeback and fraud rules.

– USA-based; Better Business Bureau: on the extent of global Deceptive Marketing Practices (also the title of a new publication from our hosts at Web Shield)

– G2A.com and the Belgian Gaming Commission: who presented massively engagingly upon loot boxes.

– The Royal Canadian Mounted Police talking about significant investigations into malpractice

– Deloitte and Deloitte RegTech Lab, MarketScape, Nethone, Bankingblocks, Ethoca and Crystal Blockchain all produced extraordinary presentations about current, interesting and informative topics, as did great people from Web Shield too – who also announced the launch of its multi-language training academy courses on risk management.

Fuller agenda and details on the event can be found on the Web Shield / RiskConnect website.

Bill Trueman from Riskskill moderated a lively and fascinating panel discussion on Day-1 on the rapidly emerging and poorly understood issue of loot boxes (aka loot crates) and the various views taken by individual national regulators, the card schemes and the ultimate need for a greater understanding and potential need for further clarifying regulation. The panel comprised Peter Naessens (Belgium Gaming Commission), Olav Leonov (G2A) and Markus Prause (Web Shield).

Webshield RiskConnect Conference 2019 Warsaw attended by Bill Trueman

Kevin Smith moderated a panel discussion on Day-2 on the thorny topic of deceptive marketing. The panel comprised Steve Baker (Better Business Bureau), Kyle Smith (Ethoca) and Iveta Korenciakova and Chris West (Bankingblocks). They provided further guidance, experiences and emerging challenges that pulled together a lot of the content from their earlier presentations and the entire event overall. The discussion highlighted the growth and global expansion of the ‘tricks’ used against consumers and the risk of harm (or worse) that, for example counterfeit products can cause, as well as those of unlicensed pharma and neutra products – and their often inert, harmful or even illegal ingredients.

Webshield RiskConnect Conference 2019 Warsaw attended by Kevin Smith

Christian Chmiel chaired the event in his usual calm, confident and professional manner. The common theme remains industry collaboration in what is becoming an ever complex and diverse environment.

The quote of the conference, first introduced by Peter Bayley from Visa was: “What are the brakes on a car for? …. To make the car go faster”

Books from Christian Chmiel and Markus Praus, edited by Joyrene Thomas – also available at the conference): https://about-fraud.com/author/christian-a-chmiel/
Panama Papers book on Amazon: https://www.amazon.co.uk/Panama-Papers-Breaking-Story-Powerful/dp/1786070707/ref=sr_1_1?keywords=panama+papers&qid=1574442501&sr=8-1

Bill Trueman and Kevin Smith are leading payment, risk & fraud specialists who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit websites at RiskSkill, and AIRFA.

RiskSkill Attends CIR 10th Annual Risk Management Awards 2019

CIR 10th Annual Risk Management Awards 2019

Bill Trueman on behalf of RiskSkill was delighted to attend the CIR Risk Management awards last week with Joyrene Thomas (pictured), when we supported Christian Chmiel (also pictured) and saw him collect yet another award for the ‘Webshield’ solutions and their ongoing quest to help merchants with their risk management efforts. Webshield is very much an integral part of the industry. We were all looking forward to attending the RiskConnect.eu event in Warsaw next week.

Winners of CIR 10th Annual Risk Management Awards 2019 were declared on 6 Nov 19 organized by comedian Zoe Lyons at the London Marriott Hotel, Grosvenor Square.

These Awards celebrate the excellence in the field of risk management – recognising the expert, products and programmes in the risk sector for a decade.

For more information visit https://www.cirmagazine.com/riskmanagementawards/winners19.php

 

Data Protection Watchdogs Round on Facebook Libra Currency

Facebook Libra Currency

The bucking of the process order here concerns me greatly. Any other business, company and/or industry has a process to follow. This process that should be followed is that the company involved must establish its business plan and business and with that it must complete an application and with that approach the appropriate licensing authorities, regulators and/or government agencies in the jurisdiction in which they intend to operate and apply for appropriate registration, regulation and/or licensing.

What has happened here? Has this already happened here? The licences have been progressed and this is now a response to those applications? I doubt it.

It would seem that the data protection people have seen this announcement and are either a) Afeared that these people are going to go ahead without and of this compliance and outside the law of all jurisdictions including tax authorities! OR b) That the data protection people want to help fast-track the processes.

Either way: I am worried and so should everyone else be – that these people are getting privileged access to regulatory time when they do not pay for it through taxes: or that our regulators should feel the need to be so proactive.

Bill Trueman is a leading payment, risk & fraud specialist who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit his website at RiskSkill, apart from this he is also joint chief executive of AIRFA.

To Read More Visit Source Article: https://www.finextra.com/newsarticle/34211/data-protection-watchdogs-round-on-libra

Facebook Libra Currency – A Serious Threat to Global Banking System?

facebook libra currency

On Facebook’s Libra Currency : “I agree with Donald Trump’s Stand”

It is not often that I feel like agreeing with a world leader / game-show host; but I do. But only on the threatened introduction and launch of the Facebook Libra currency.

Payments are complex and there is a huge need for supervision and regulation. Especially, when things start to get challenging or when they go wrong. Our work, involves helping companies to do the right things, so we know just how tough this can be for every company, irrespective of experience.

So, we should all agree with Donald Trump (a shudder here), and for a couple of key reasons we must all make sure that payments and Banking are performed correctly and legally and appropriately licensed and to properly governed organisations to avoid:

A. An ‘Idiocracy’ future – with Facebook et. al.

B. The Tax / Government issues

Idiocracy

In the 2006 film ‘Idiocracy’ – ‘Joe’ is transported to a dumbed-down future, where the President of the USA doesn’t read or write – and influence stems from a ‘fizzy drinks’ maker and TV game-shows. Should we really cede control to social media companies?

The companies behind Libra, that form the Libra Association , are giants in their own industries . They wipe-out competitors, and direct our lives with their products/ services. As citizens, are we happy for this Facebook-led association of big business to develop and deploy a crypto-currency using blockchain distributed ledger for its rails. Do we want them to harvest all of our shopping and payments information. Do we want them to collect more ‘lifestyle data’, which they will inevitably sell to others with or without our permission?

We know who run these ‘Libra’ companies, but should we worry that they have complex global corporate structures that collect, lose, sell, and abuse our data today, avoid paying taxes, and evade government enquiries. Even this month, Facebook was fined $5billion. But it took years and cost multiple $millions to do.

We should worry also that the initial Libra documentation shows a big intention to control, maybe even to ‘own’ our ‘identities’.

The Tax / Government Issues

We can all dislike taxes, but:

– They are necessary to pay for welfare, social, health service, community, law enforcement etc. But also to watch over and regulate businesses.

– Taxation also comes from corporates including from Banks and other regulated businesses.

– The tax affairs of the Libra ‘gang’ are very nefarious and hidden in the most tax efficient jurisdictions.

– Regulation also requires companies to have capital, to safeguard money and look after ‘people’, to have an ombudsmen and compensation schemes…… and much more.

We all want faster, cheaper, more secure and convenient payments and banking: but we should also want our money (and that of our aging parents and our children etc.) looked after, not to lose everything overnight, not to have our data misused or lost (again). We need oversight, someone to challenge those who look after our money and we must have laws to protect us from Facebook (et. al.). They might (perhaps) be able to deliver ‘faster’, ‘cheaper’, ‘convenient’ to us; but we have to look at the complete picture.

Our leaders should make sure that whoever wants to start operating financial services and other regulated sectors should keep them within strongly regulated risk and operating frameworks.

We should also worry about:

a) A move towards single global payments and currencies. Would this be linked to say the USD / USA? (Where is Facebook? How do you complain? Will you get an answer?)

b) When governments lose their control over their fiat currencies (e.g. Italy and Greece) will they start to lose control of economies, finances and then political decisions. To Facebook?

c) Will bond markets, currency markets, labour movement, currencies, international payment networks, Interest rates, tax jurisdictions, insurance, pensions be next?

d) Governments need time to adopt/change complex issues properly and sometimes we/they need to understand the ramifications before we re-boot 400 year old industries.

e) Does currency union lead towards political union……?

For the first time in my life, I really want regulation, control, governance, transparency and oversight. This is a BIG issue.

Go for it Donald!

Bill Trueman is a leading payment, risk & fraud specialist who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit his website at RiskSkill, apart from this he is also joint chief executive of AIRFA.

E-Money Risk, Fraud & Compliance Advisory Service by RiskSkill

About RiskSkill’s e-Money Compliance Services

Mobile Payment Fraud Prevention

RiskSkill help businesses avoid €multi-million fines and embarrassing brand damaging mistakes from regulatory non-compliance and process and regulatory mistakes. We help clear up the mess when we are called in later.

E-money Licence Changes:

Recent new financial services legislation in the UK, has led to the Financial Conduct Authority (FCA) introducing a Payments Systems Regulator from April 2014. The ECB, and the European Commission are also proposing ways to regulate and police the whole e-money arena, as are the international card schemes. The FCA is now also starting to review and audit the e-money licences they have granted previously and for observance with ALL regulations and also best-practices.

We believe that the FCA have seen that the governance of payment systems, including e-money issuers, is a difficult and continuous task and needs several layers of supervision and oversight in the way that other payment methods have already established (e.g. through the regulations of the international card schemes).

Requirements:

As an e-money licence holder, you need to ensure that your organisation and all of its agents, including passport holders, are fully conversant with and engaged in all due diligence in customer selection and identification, transaction/event screening, suspicion reporting, record-keeping, corporate assessment of exposures and risk, and the Base II (and III) capital assignment to the exposures. Having reporting to the FCA, a clear payment strategy and ABOVE ALL understanding and observance of laws relating to payments in all areas of operation are all also essential.

The main legislation that is pertinent is the meeting of the requirements of the Money Laundering regulations for all countries in which an e-money licence holder, and its agents and Passport Holders, operates. Not doing what is right by the European Money Laundering directives is the quickest way of losing money, being fined, suffering crippling bad media attention, or losing a market – or a full e-money licence (which will happen when firms are reviewed).

emv chip and pin online payment fraud

ACTIONS 

In advance of the FCA performing its own validation on individual license holders (and making high profile examples of those who are not fully compliant), you need to:

A. Make sure that all your processes, operations and compliance teams are all fully observant of all applicable regulatory requirements, laws and best practices.

B. More importantly though, are you confident that your third party agents are also fully compliant?

We Can and Will Help You In: 

1. Determining your current state of preparedness and identify areas for attention and action before the FCA requests an onsite review of your business.

2. Review the state of compliance and preparedness of your third party agents or passport-licences and report to you on them as the principal e-money licence holder?

We can provide you with our credentials when you need help, as we are a team of payment industry specialists, that have previously worked in many banks and card schemes, and now help organisations assess their current operational status, and become and remain compliant. We have also worked extensively with the rules, regulations, legislation and best practice across the sector, in the UK and across Europe and advise payment organisations on market strategy and direction rather than simply focusing on ‘tick-box’ auditing.

Contact RiskSkill for our Services for all Risks, Fraud and Compliance solutions for e-money, e-payment, internet payments, e-funds, e payment systems, online payment and digital cash’s safe transactions. RiskSkill is also a permanent member of AIRFA an independent and global risk and fraud advisors organization.

How to Protect from Being Victim of Mobile Payment & Internet Banking Fraud?

All About Safe ‘Mobile Payments’ and Internet Banking Transactions

What is Mobile Payments and what are the top 10 things that we should be doing to stop us from losing all our money?

Mobile Payment Fraud Prevention

Well as technology moves forward we’re now increasingly using our ‘mobile devices’ – we used to call them phones – to make payments. In its simplest form it is calling the bank to make a payment to someone; or using an iPhone/android app to contact our Bank to make a payment, or pay for something with a credit card. Looking forwards there’s the prospect that our mobiles will become the main payment device in shops and cinemas etc. We will probably just ‘tap and go’ for small transactions. There is naturally then a lot of evolution that has happened and this will continue as everyone from credit card companies to banks jump on the bandwagon. In response phone companies are rapidly integrating device and software technology to make payment by phone easier and easier.

The pace of technology protection for consumers is also developing, but not as fast as the growing number of solutions or providers that are involved. Things like encryption, virus protection and chips and PINS, secret codes and memorable passwords etc are all protections, but the weakest point in the chain is you and me as the users. We are only human, and have to be careful too. More of us will run the risk of having our identities stolen, and with them have all our money stolen and our lives invaded by the people behind these attacks.

How can we Protect Ourselves, and Make Sure that we do not Become the Victims of Mobile Payment and Internet Banking Frauds?

  1. Don’t think that it will not happen to me.Because it will. With more technology use, and easier access to our data, and through more routes, the identities of people in their teens and twenties is increasingly becoming more of a problem as they are the group most eager to embrace new technology.
  2. Stop people from getting to our technology.There are password locks on most devices now. Use them. And make sure that they are not easy to guess, no “PASSWORD”, “0000”, or “Mary” if you or your best friend or dogs are called “Mary”.
  3. Do not keep data on your devices that could be used by others.Invest in an app that password protects your data / details. They only cost a small amount, and make sure that the details are then stored encrypted. If you have to store details on the device without these things, put them behind a code that only you can understand.
  4. Keep key information in different places.A lot of fraud and losses occur because people are still ‘silly’ with their details. Keeping a PIN with the card number, with address details and/or personal details that will help a fraudster. Whilst the advice used to be ‘do not write your PIN on your card”; now it should be ‘do not keep the log on details and password with the web access address!
  5. Beware of Phishing emails.Many fraudsters, half way across the world get your details from you WITH YOUR HELP. They make an email look like it is from your bank, a delivery company or someone else you are expecting emails from – like Paypal, the tax office, Facebook or Ebay; and then present you with a screen to sign on with your password. Then they have your private details. Be extra cautious of such incoming emails.
  6. Beware of sharp talking callers.Many frauds still start with crooks who call/text/email you or me and explain that there has been a problem on your account that has been blocked, and to disclose your card details/PINs addresses or other information, in order to unblock the account. Remember, if they want to ID you, who contacted who? Identify them first.
  7. Do not make payments in a hurry or when you do not want to.This is when we make mistakes and expose ourselves.
  8. Only use machines that you know.Internet Cafes can be infiltrated, have software added, hardware added or any combinations. DO NOT MAKE PAYMENTS from other people’s machines unless you really know what you are doing and you have a safe, end-to-end secure conversation going on; that you know that you are not being overseen, that there is no hardware/software running etc. And do not enter / remember passwords on any machines, especially not strange machines.
  9. Avoid using the same passwords.Obvious that one isn’t it, but so many people do!
  10. Look after all personal details.Be protective with personal details. Do not use your PINs, card numbers, card expiry dates, addresses, phone numbers or mother’s maiden names etc. in public, in earshot of others. Type PINs and passwords covered up, and always assume that someone is watching or that there is a micro-camera installed by crooks anywhere that you are putting, reading or typing personal details.

Remember, that as the technology and connectivity leaps forward it is the fundamentals and people issues that become the biggest weaknesses, and we all have to work to ‘mind the gap’ that this leaves open; until we have remote/mobile real-time DNA testing – which is a long, long way off.

Bill Trueman is a leading payment, risk & fraud expert who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit website at RiskSkill, apart from this Bill is also a permanent member of AIRFA.