How Can Due Diligence Prevent Fraud in International Contracts

Corporate Due Diligence

Whenever someone makes a contract with an organization, there are definite chances of frauds, either very less or very high. However, the organizations always claim to have utmost transparency. As an investor / consumer, you should be aware of the fact that there no thing as 100% transparency or 100% fraud proof contract in any domain. Even though cheating some other party intentionally is considered as criminal offense under law, still frauds are prevalent, if not more than definitely on the small scale.

Commercial frauds are something, which have even caught the attention of the UN that has termed it among the present era’s supreme coercions. They have acknowledged commercial frauds as an international level event that harms the stability of the economics of every country.

General Commercial Frauds: These are related to activities like Deceptive Advertising or Marketing, False Reporting, Falsifying Documents, Non-Delivery, Piracy, Overriding of Regulatory Breaches and Thefts.

Popular Scandals: Deutsche Morgan Grenfell in England and Enron in the U.S.

Be Cautious in International Contracts

If you plan to get into an agreement, then it is recommended to audit the other contracting party for the relevant matters such as financial records, past complaints / clients etc. This step is very crucial during the negotiations stage and should be continued even after the end of negotiations. This small step will help to minimize your financial loss and prevent from getting into any legal trouble.

Few relevant matters of investigation are:

1. Government rules and regulations of each nation
2. Indemnities, loans and other financial arrangements
3. Information technology such as security of system, upgrades etc.
4. Language or cultural obstructions
5. Potential in the market and prospects of future performance

Stay Safe from Frauds in International Contracts

With every passing year, new fraud surface either at large level or at small. It is only by being self-conscious that you can protect yourself / your company / your investment from fraud in the international contracts. Also, below are some pointers that will guide you in safeguarding yourself from the fraudsters:

Specialization is necessary. You can take assistance of lawyers or consultants, who specialize not just in the international contracts but also in the domain wherein you are dealing in. This is very beneficial if you are not an expert yourself. In addition, you can spend your money in acquiring marketing and accounting specialization.

Use Secure Payment Methods and Letter of Credit. Whether you are dealing with a known entity or not, you should still take all possible precautions to draft clear and secure terms. In the banking industry, there are strong terms for “Letters of Credit” that come with the bank’s guarantee for partial payment or seller’s payment on behalf of buyers. Although the risk is not entirely eliminated, but these can be instrumental for novice traders in mitigating the chances of fraud.

Mention Important Clauses in Contracts. In the international contracts, frauds can be avoided or their chances reduced by the inclusion of important points that can be called negotiating requirements, for instance certification, currency, product samples, insurance, and other regulatory documentation.

Authors of this post are Bill Trueman and Kevin Smith who are eminent payment, due diligence, risk & fraud expert who provide their consultancy services to card issuers, banks, corporates and business organizations worldwide. They are chief executives of RiskSkill, UKFraud and member of AIRFA which is a worldwide known independent organization.

Understanding Online Payment Frauds

online payment fraud

If you are an e-commerce owner, then the term “payment fraud” must be well known to you. The main reason for its popularity is the huge cost burden caused by these frauds to your business, not to mention the degradation of your credibility as well as client’s trust.

Generally, a payment fraud can be understood as an illegal or false transaction done over the Internet. Since all the e-commerce businesses sell products online, their payment is done online as well and hence there is maximum chance of payment frauds for them. It can be said that such frauds are unstoppable, however if an e-commerce owner uses an efficacious anti-fraud protection in its website / system, then the frauds can be avoided.

Cyber thieves are on constant look out for even the smallest patch or glitch in the online system (website, payment gateways etc.). Through these glitches or patches, they can steal the private information. Various ways of doing so are directly contacting the owners of credit cards via SMS or email (known as phishing frauds); redirecting the transaction to a fraudulent website; or even calling them by pretending the customer care executive of the concerned e-commerce website.

Common Scenarios of Payment Frauds:
Credit Card Frauds
Disagreement in accepting product delivery
Fake Returns

1. Credit Card Frauds

Ranked among the common crimes related to online payments, the easiest way to misuse is that fraudster steals the card and using it, they shop online for various products. In this scenario, the affected party (consumer) can get that specific amount back after some efforts, but the merchant loses that amount as well as the product.

2. Disagreement in accepting product delivery

In this scenario, fraudsters places online order for products then merchants sends the order to fraudsters, who then put forwards the claim that he/she did not collected the product. In this case, the truth lies somewhere between the rock and a hard place, hence is hard to determine.

3. Fake Returns

In this case, the customer puts in effort to win over the merchant over the statement that the ordered items are sent back to him and money should be refunded to him. However, those items never reach the merchant. In its spinoff setting, customer can claim the presence more than the actual number of items returned to merchant and hence claim a complete refund.

Through this information, merchants should understand that although “client is king” but client is not always honest and truthful. Therefore, they should implement suitable measures and policies to counter the aforementioned payment frauds.

For more information about the online fraud, payment fraud, commercial fraud, cyber frauds and fraud prevention strategies visit website http://www.riskskill.com/

How to Keep Payment Frauds at Bay?

Mobile Payment Fraud Prevention

Skimmers & cybercriminals are some of the terms used for fraudsters, who are responsible for payment frauds. Such criminals strip the funds, property, and crucial personal information of victims. Generally, three scenarios can result in payment frauds. First, being stolen / lost goods; second being unauthorized transactions on Internet; and lastly false requests for refund or similar scenario. The main reason of these being prevalent factors for online frauds is the immense boom in e-commerce sector, which majorly relies on online payments for selling / buying of goods.

There is various modus operandi or interactions that the fraudsters follow for acquiring sensitive information and make an online fraud possible. The popular ways are Email, instant messaging, online auctions, phone calls, rerouting internet traffic to fallacious websites and lastly by sending text containing malware to smart phones. Since everything is online nowadays, there are an increasing number of gaps or patches or glitches in some online systems. These are the weakness, which is targeted by the cybercriminals. Even if there is firewall, which is not updated as per new technology, then also it can be explored by fraudsters to steal user’s sensitive data and make payment fraud a possibility.

There are some ways by which you and e-commerce industry can help reducing or keeping the payment frauds at bay. The first method is to ensure regular automatic update of your anti-virus, anti-malware, and firewall. These software programs play the role of shield against hackers and blocks their attempts to gain access to a secure network. Hence, their continuous update is necessary. Talking about few other ways to safeguard your online presence and shopping experience are mentioned below:

1. Stay update with the latest fraud trends. You can subscribe to a newsletter of reputed organization delivering such service
2. Always pay online via the authorized and well-known payment gateway
3. Change your login credentials and tokens on regular basis
4. For each transaction, customer should log in to complete the payment.
5. Keep checking your system with the anti-virus and anti-malware software
6. Try using an encryption program for emails and / or transactions where important information sharing is needed

Types of Payment Frauds

Phishing Scams: These are the most common forms of payment frauds. These frauds are prevalent in those emails or URLs wherein it is required to enter private / personal data. Some examples are bank account and credit card login credentials. You can stay away from the phishing swindles by trusting only the known and original websites of the merchants. In case you receive an e-mail from unknown account or person, then just mark it as spam.

Page jacking: Here, the hackers take control on some part of an e-commerce website through which they reroute the website traffic to a different website that may have malicious codes that can be used to access a network security system. It is the responsibility of e-commerce business owners to be aware of such activities.

Identity theft: This type of fraud is not limited to Internet; it is possible offline as well. Once the user’s personal information is stolen by a fraudster, it is used under false pretense – this is identity theft. One way of avoiding it is NOT to log into public Wi-Fi.

Authors of this post are Bill Trueman and Kevin Smith who are leading payment, risk & fraud expert who provide their payment fraud prevention consultancy services to card issuers and banks worldwide. For more information one can visit their website at http://riskskill.com/

 

Cameras at the POINT OF SALE? Worldpay Trial Analysis

As a risk, security, fraud, compliance specialist; I should be shouting from the rooftops that this MUST be a great idea to reduce the risks and add a layer of security to the transactions. But in reality, it is not that simple, and veers towards being a big mistake and a legal and operational disaster waiting to happen.

EMV Chip Card

CUSTOMER POSITION

I am also a customer. I am a customer of a bank that issues me with a card and a customer of a retailer where I shop. As a customer of a bank who issues me with a card, I might be happy to let them have a picture of me to put on my card or to make sure that it is me that visits their ATM. But when I signed up for a trial 20 years ago for this, I had to give explicit consent for my issuer to store and use these details on the card and on their systems.

In this case, it is not my issuer that is collecting my photograph or checking it. It is not even the retailer that I am transacting with who is collecting it; it is the bank who is processing the card for the merchant; and as a customer, I DO NOT WANT MY PHOTO taken, kept or processed by the retailer, nor do I want the merchant’s acquirer to keep or store it without my consent.

This is an invasion of my privacy. Do not do it. You have no consent from me to take, keep, store or use my personal details (my photo and card details) for any other purpose than is necessary to undertake the transaction. Indeed, you should be encrypting and anonymising my personal details as is required by many anti-fraud measures, and mandates in-play at the moment. Just how legal this is we will no doubt learn from the Information Commissioner in days, weeks to come. The fraud issue is one for my card issuer, and is of no interest to the acquirer (or merchant) so long as I use a card with a CHIP and a PIN and an EMV protocol.

SECURITY POSITION

OK – so in the customer journey, there is no justification, but what about the security. We have already established that this is not the acquirer’s problem. The acquirers need to focus their attentions upon making their part of the process secure, with encryption, stronger depersonalisation (tokenisation) of the transaction, storing less data, and not losing data. They should also focus upon looking for unusual transactions that are likely to cause future difficulties and improving security at the till, staff training, improving merchant awareness, ensuring PCI DSS conformity and clarity and better terminal and tampering awareness and notifications; all of which could help stop compromises, data theft and attacks that cause £€$millions in losses and crime at the point of sale.

It is a pure folly to introduce a ‘photo at the point of sale’ (as well as a customer invasion of privacy), and certainly NOTHING to do with improved security or reduced fraud: and a big diversion from more important things that MUST be done at the point-of-sale to help security, and help the merchants.

Equally, it is not too great a security foundation to start letting ALL acquirers (WorldPay is one of many 100s globally) store data somewhere without controls. And how legal is it for them to store pictures for those from other countries, or of a picture of my child hanging on to me.

STRATEGY

I would suspect that the eye catching ‘biometric trials’ headlines will make it all sound like a good idea, and let’s all applaud Worldpay for ‘doing something’ – even if it has not been fully thought out yet. But I would suspect that these trials are not very big at all yet – maybe just a staff canteen? – as the legal issues may not yet have been addressed or looked at properly yet. I am also certain that the Information Commissioner will not have been involved either – but I’d hope it will be on the agenda with Christopher Graham’s  when I see him tomorrow morning!

The whole industry though is also racing faster into biometrics with fingerprints via Applepay and Androidpay / Googlepay etc. with the added security of tokenisation, secure element, customer control of the biometric (i.e. it is stored nowhere other than on the phone by the customer), etc. So, what happened to the transaction if there is no PIN, or if it is an NFC payment. Mmmmmm – more thinking to be done somewhere about where all this is going.

PRACTICALITIES

And let’s not ignore the issues around whether I change my hairstyle, make-up, or remove my beard this week, wrap-up warmer with a hat as we will do next month etc.

SCHEME RULES

Is this allowed by the schemes? Is there a compliance issue here? Yes – dammed right there is; The message collected with the card must comply to a format, the full messaging must be sent to the issuer, and it is the issuer that must make the authorisation decision about the customer – NOT THE ACQUIRER. If the card schemes have been involved and/or permitted this – which I doubt – then the normal route that is taken with these things is for the scheme to join in with the publicity and announcements – which I have not yet seen.

Great idea Worldpay, great initiative, but it is not for me as a customer, as a merchant, nor as an issuer or as a card scheme.

For further information, contact Bill Trueman or Kevin Smith  both eminent risk and fraud specialist, or you can contact at http://www.riskskill.com/ and enquiries@riskskill.com

News Source

Risk Review FAQ – A Guide to Risk Review

Fraud Specialist, Risk Specialist, Compliance Specialist, Due Diligence Specialist

A Comprehensive Guide to Commercial Risk Review, Risk Management, Fraud Prevention, Business Loss Prevention, Bank Fraud Prevention, Due Diligence, Compliance, Audit, and Much More…

Recently Bill Trueman (an independent fraud and risk specialist) director of RiskSkill, wrote a comprehensive article on Risk Review, Due Diligence, Compliance, Fraud Prevention, Risk Management, Fraud Detection, Mobile Payment Risks, Card Risks, and lot more. After reading this article you will get answers of all the following questions.

What should I do to prevent Losses in my Business/ Bank/ Organisation/ etc?
What can I do to Stop/Detect/Prevent any kind of risk in my Organisation?
How a Risk Specialist Can Help to Stop Losses in a Company/ Bank/ Organisation?
How to Review the risk within an organisation before making an acquisition?
What is Due Diligence?
What is Compliance?
What is Operational Risk Review?
What is Credit Risk Review?
What is Financial Risk Review?
What is Enterprise Risk Management?
Can Fraud/Risk be Prevented ?
Can Card Fraud be Prevented ?
What is a Risk Review?
Can Mobile Payment Fraud be Prevented ?
How can Frauds be Prevented in Insurance Companies?
How can Frauds be Prevented in Telecom Companies?
Is Hiring a Fraud & Risk Professional is Costly Affair?
Where can I Find a Good Reliable Risk & Fraud Specialist?
Does RiskSkill Provide its Services Globally?
When Should I take Solutions provided by Riskskill or other Consultants?
What is VISA/MasterCard Compliance?
Our organisation has been instructed to perform an independent risk review by one or more the international cards schemes, what should we do?
Is hiring a Risk / Fraud professional expensive?
What are the Benefits of Hiring a Risk Specialist?
What does a Risk Specialist do?
How to Hire a Risk Specialist?
Where to Hire a Risk Specialist from?

I hope you got lots of good & useful information about risk review and fraud prevention, if you like this article please also share this with  others.

Other Posts Which You May Also Like:

What is Risk Management? Definition & Importance

11 FAQs on EMV Chip & Pin Credit Card Technology

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Top Technology Trends in Payments, Risk and Fraud in 2014

 

Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

EMV Chip Card

I read with interest that news in Finextra and elsewhere that the banks have been given the go-ahead to sue Target for $30m for the reissue costs associated with the data compromise in 2013. This puzzles me, as I then want to know how the figure of $1200 per card is calculated.

The cost of re-issue will be less than a tenth of that per card. How they can justify that size of loss based upon a reissue alone is not conceivable.

Accordingly, this figure MUST be calculated to include some of the ‘consequential loss’ – i.e. that the compromised cards were then used. Accordingly the banks will have to show a loss on their cards (as well as the costs to them of re-issue).

If I were in Target (and/or the Lawyers in the the defence team) then I would have plenty of defence arguments to tender:

  1. a) What did the banks do to mitigate the losses.
  2. b) What did their systems look for in the unusual transactional activity.
  3. c) As the cards were compromised with limited security feature details lost, why did the banks not check the security feature details and prevent the transactions at the time of the authorisations for the fraud losses on these cards (as is done in most other banks – certainly around the rest of the world).
  4. d) As a preventative solution, why had the banks not implemented greater security with EMV (and/ or EMV with CHIP and PIN) as this would have significantly (or completely) removed the possibility that these cards could have been of use. The US issuers involved are far behind the global ‘curve’ on upgrading to the latest technology that was introduced across the rest of the world 15 – 10 years ago.

Someone please introduce me – or any other card-fraud/risk/loss specialist to the consortium of banks or their lawyers to help build their case against Target – or better still to the Target people (and/or their indemnity insurers) – they probably have the much better and more fun case to present to the courts.

In all cases and scenarios, this will be a superb case to watch; and reveals how poor the infrastructure in the USA is, and how far behind both the infrastructure and the thinking actually is – on all sides of the argument.

Thanks

Bill Trueman

 

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Fraud Specialist, Risk Specialist, Compliance Specialist, Due Diligence Specialist

I do not agree with this at all, we should exercise some degree of balance:

Maybe we should have called for a ‘national’ business-case to be written – as this has not been done.

Perhaps we should have examined the global context too: USA is only one country in the world, and just about the only one that has not attempted to create the business case, and the only one where the retailers are/have been (allegedly) feeling this way. Again, the US is the ONLY developed country that has not implemented this USA designed and led initiative.

In many (most?) countries, the retail consortia / lobbying groups have driven these initiatives forward in order to make the sales process better and smoother. For instance, in most countries now, the retailer no longer even touches (or sees) the card – the customer simply dips the card – on his/her/its side of the counter, enters a PIN and removed the card and leaves with a printed receipt. Retailers have insisted on this to:

  1. a) Ensure that the process is speeded up
  2. b) To increase / improve security – by avoiding retailer ‘touched’ on the card
  3. c) To make the transaction fully electronic and thereby reduce chargebacks, a need for paper handling and re-handling when chargebacks and disputes occur.

There needs to be a lot better thinking before we start calling EMV the “Money Pit” for Retailers.

Author (Bill Trueman) is Payments, Fraud and Risk Specialist helping businesses worldwide for risk review, risk management, due diligence, compliance solutions, fraud prevention, mobile payment fraud prevention, card fraud prevention, and much more.

Also visit another blog post on EMV Chip and Pin by Kevin Smith, an eminent fraud and risk specialist and Joint Chief Executive at AIRFA.

For more information on EMV Chip and Pin technology, fraud, risks, pros and cons visit here.

Other Posts Which You Would Also Find Useful:

25 FAQs on Risk Review, Risk Management, Compliance, Due Diligence and Fraud Prevention

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

11 FAQs on EMV Chip & Card Technology