Web Shield RiskConnect Conference 2017: Kevin Smith Also Takes Part

Web Shield RiskConnect event in Frankfurt, Germany in 23-24 November 2017. Web Shield RiskConnect Conference 2017 Focused on Risk Management and Payments Takeaways. Kevin Smith of RiskSkill, presented on Day 1 of the inaugural Web Shield RiskConnect event, held on 23-24 November 2017 in Frankfurt am Main, Germany, he emphasized on the power of networking and information sharing for payments industry risk professionals.

RiskConnect Conference - Risk management and payments takeaways

FRANKFURT, Germany – A well-organised and informative conference held in the Hilton Hotel at Frankfurt Airport in November 2017. It was positioned as the networking event for risk professionals. It really was a superb networking and informative event, an opportunity to meet senior global payment scheme representatives, regulators, acquirers, processors, vendors, industry risk and payment specialists and consultants, and not forgetting our knowledgeable hosts from Web Shield.

Why is this relevant now?

Well, Web Shield in conjunction with Payvision & Acapture have now just released their blog and a YouTube video, summarising the highlights of the event and some thoughts from those who presented and participated in the event, including yours truly.

Web Shield really have challenged the status quo in risk management in payments, through their products and services, technical expertise and knowledge, the training academy and now their networking event and conference.

Supporters and sponsors helped make RiskConnect possible and a success, including Payment Consultants, Payvision, iSignThis, Foregenix and Fibonatix.

Payvision also played an important role of contributing to the event’s success, through their media sponsorship and capturing the two day proceedings on a short video. The seven minute video, summarising the event and engaging with most of the presenters was released on Tuesday, 27th February 2018, along with the Payvision blog.

RiskConnect 2017, was held over two days in November 2017; it brought together a wonderful array of payments and risk management experts. All noted that they may seen as professionals and experts, but all willing to meet a new industry colleague, learn something new and listen to and share industry best practices.

Presenters included senior risk management at the global payment systems, Visa and Mastercard, plus excellent and topical presentations and updates from organisations including Thomson Reuters, Verifi, IWF, HSBC, iSignThis, Vendorcom, the Malta Gaming Authority and the Brunswick and Manitoba regulatory bodies in Canada.

A couple of panel sessions were held that put some of the speakers together on the stage to take questions from the moderator and importantly to take questions from the audience.

Kevin Smith at RiskConnect Conference 2017

Early on Day 1, Kevin Smith representing RiskSkill talked through the challenges affecting the industry and participants, including understanding and managing acceptable risk considering effective risk management in the bigger business picture, and ensuring risk management is viewed as a better business enabler.

Positioned by Web Shield as the networking event for risk professionals, it really did hit the mark“, said Kevin.

Kevin continues….

“This was the first Web Shield conference, building on the success of their training Academy. With an excellent line-up of presenters over the full two-day event, a really good audience of industry professionals eager to learn more, a great location next to Frankfurt airport, and meticulous organisation by Web Shield, it really was a very successful and powerful event. Web Shield have set the bar high for these types of industry event”

Bill Trueman at RiskSkill, added

“RiskSkill has a close business relationship with Web Shield. We were very pleased to be invited to be part of this Web Shield event, and supporting the opportunity to drive greater awareness and education of new as well as existing challenges and developments impacting risk managers in the payments industry. “

“Payvision were an excellent sponsor of the event and pulled together a short video summary of the event. It ha snow been made publicly available and clearly demonstrates the benefits of getting risk management professionals together, excellent networking opportunities and the ability to learn and share best practices.

Last but not least, lets not forget the latest Web Shield book release – The Fundamentals of CNP Merchant Acceptance: Understanding High-Risk Business, 2018 edition. All attendees took away a valuable copy (or more!) of the book, an essential how-to companion for underwriters.

Further details can be located at payvision blog at http://blog.payvision.com/riskconnect-recap-risk-management-and-payments-takeaways/

For full coverage of event watch video https://www.youtube.com/watch?v=fC3_EhiOCG0

Bill Trueman and Kevin Smith are well known and highly trusted specialist in risk review and risk management who works globally independently, are associated with RiskSkill, UKFraud, and AIRFA.

 

Advertisements

In Wake of EMV Switch, US e-Commerce Fraud Soars!

Payments Specialist, Risk Specialist

As the US switched to EMV chip cards system, e-commerce fraud rates jumped by 33% last year, according to Experian. In late 2015 the US finally followed much of the rest of the world when Visa and other card schemes switched the liability for fraud-related losses to retailers that have not upgraded their hardware for EMV.

Experian notes that the increase in e-commerce fraud follows a similar trend pattern from countries that previously rolled out EMV cards – UK, France, Australia, and Canada – that also saw gradual increases in card-not-present fraud.

“We suspect that the EMV liability switch and increased adoption by merchants of chip-and-pin enabled terminals have had a profound impact on driving up e-commerce attacks,” says the firm.

Fraudsters that typically relied on committing counterfeit fraud have shifted their focus to the digital channels where they could have more success, and as more attackers enter a rapidly growing mobile and online commerce space it becomes increasingly difficult for merchants to spot them.

This means that businesses need to expect the increase in e-commerce fraud to continue over time and to be prepared to deal with it by employing a multi-layered approach that pairs transactional data elements with details about the user and their device.

Experian says that the biggest component of credit card fraud trends is the fact that 2016 was a record year for data breaches. There were 1,093 breaches, a 40% increase from 2015, according to the Identity Theft Resource Center.

Meanwhile, the Federal Trade Commission recently revealed a jump in consumers who reported that their stolen data was used for credit card fraud, from 16% in 2015 to more than 32% in 2016.

The record number of data breaches is a signal that future fraudulent activities will take place, warns Experian.

What Bill Trueman, an Eminent Risk Specialist Says About This:

1. Of course e-commerce fraud will rise. It is rising everywhere as e-commerce and m-commerce get used more.

2. Naturally, if you stop fraudsters using cards at the point of sale with EMV, they will move to CNP.

3. If you do not put in protections in your CNP channel, fraud will rise.

4. USA fails to adopt (or plan for) protections in the e-commerce channel.

5. The late adoption of EMV in the USA, has caused a lot more data compromises for longer in this market.

6. EMV adoption is starting to see fraudsters deterred from CO fraud opportunities already as they move to other softer targets.

Bill Trueman is an eminent independent payments and risk specialist helping business and bank owners manage risk & fraud and save millions. He is director of globally well known RiskSkill, and UKFraud and is an active member of a worldwide fraud and risk advisors organization i.e. AIRFA.

Due Diligence: Is the Existing Business Worth Buying?

Due Diligence Specialist, Business Acquisition Consultant, Business Merger Consultant

Is the Existing Business Worth Buying: Due Diligence?

There are times when you might see worth in buying an existing business. You might find the prospective promising and profiting. This is the time when due diligence should start with accessing the records and books of that business. You receive a suitable time to investigate various facts and figures, which will give you a genuine picture of its performance and prospects. It will also present you with the points / issues / problems / loopholes that would require prior warranties or guarantees, before the signing of contract.

Due Diligence

If you are new in purchasing existing but working businesses, then you should educate yourself on the elementary three categories of due diligence that are to be followed, without fail. Also, you might want to hire separate adviser for each of the due diligence that are mentioned below:

Commercial Due Diligence: It includes assessing the credibility of the business in the market, evaluating its competitors and determining the regulatory environment.

Financial Due Diligence: It comprises gauging and comparing the numbers to ensure that there are no loop holes / black holes or hidden monetary matters

Legal Due Diligence: When you venture into a contract of sale & purchase, lawyers should judge the legal title of business to sell. Lawyers should also appraise ownership of every asset along with ensuring that all the litigation and regulation issues are completely addressed.

When to Start Due Diligence?

First agree on a price and terms with the selling business, then begin the due diligence process. There is possibility that they might withdraw their business from the market during your enquiry. This period is called “exclusivity period” and for this the seller generally demands a down payment to ascertain its security. In most cases, this period spans to minimum three to four weeks. Remember that this investigation period is passable.

Where to Get Help From?

One of the most standard and common method of due diligence is to employ solicitors and accountants on your payroll. They will classify the risk zones for you. However, in case the Existing Business which you are buying, is registered with Companies House, you can get hold of reproductions of its accounts, annual returns and various other important documents with the prospect business. For this, you can use the Companies House WebCHeck service.

You can download the documents from the website of Companies House. Note that there might be a small fee for this facility of evaluating the businesses value along with its assets.

What Points to Examine During Due Diligence?

You must understand the it’s just not about finances; due diligence spans across this one important factor. The “exclusivity period” should end with positive results, yielding all-inclusive information about the business and concerning prospects. You should know exactly what you are buying; what will need your immediate attention; what should be fixed; what will be cost of correcting the negative aspects / risks; and lastly whether their business is a right investment for you or not.

In other words, at the end of “exclusivity period”, you must have the answer to whether The Existing Business Is Worth Buying. Due Diligence should cover following points:

Commercial Management that should include marketing, client service, research and development:

Issues related to environment
IT Systems and other technologies
Foremost orders and contracts
Unsettled litigation
Terms and conditions of employment
Information Sources

When carrying out due diligence, make sure to go to depths and find every possible information regarding the business. The information can be unearthed in the form or documents or other ways. You must find out:

Employment Contracts
Payroll Records
Staff Files
Staff Manual

In some cases, following copies might also be relevant:

Financial Statements
Pension and Profit-Sharing Plans
Union Contracts

Rest, you should also contact bank, government taxation department and other external sources. You can also contact any good due diligence company for due diligence investigation services.

Bill Trueman a highly experienced specialist in risk review and due diligence has been providing Due Diligence Services since years. He is permanent member of AIRFA, and director of RiskSkill and UKFraud.

Mitigating Third-Party Risks with Due Diligence

Due Diligence Specialist

Mitigating Third-Party Risks

The entire world is globalized and the new era presents a series of challenges in every domain, including doing business with overseas companies. It has become the need of the hour to implement an approach, which is streamlined, efficient in all the resources and sustainable as well. Through this approach, the third party risks can be mitigated, compliance can be supervised, and issues as well as investigations can be managed more efficiently.

Precis

Expansion of business always brings revenues but it also opens up a window to new risks through third-party relationships that may be with a distributor, supplier, lawyer or even a client. Some common types of risks which they bring are related to IT security, environmental, quality, regulatory compliance, corruption, health and safety. Most of the general risks can be assessed and dealt with by the business / company itself. However, with third-party deals there is always extra scope of risks that can only be minimized through due diligence.

The Catch

If the risks are not identified and mitigated at early stage, they can convert into an avalanche and sabotage the company’s reputation as well as profitability. Adding salt to the wound, in case the fault is of third-party, the original company who made a deal with it, will be held responsible. Hence, one side of coin has progress & growth of their business, the other side has a lot of risks associated with it.

The Solution

“Due Diligence” it the pathway not only to mitigate third-party risks but also to inspect compliance, carry out assessments related to due diligence, finding of gaps that might convert into risk / compliance violation and proactively remediate the found issues. And this is where the role of due diligence firms arises which provides commercial due diligence services globally. If you are planning to buy any firm then you may need their help to save your time and money.

Key Instances of Third-Party Violation

  • In 2009, there was a case in Dallas where a healthcare provider caught its contract security guard for hacking into various computers, which comprised the systems on which the confidential data of the patients was stored
  • In 2011, a UK based international insurance intermediary was fined by FSA as it failed its anti-bribery and corruption systems controls.
  • In 2012, a third-party contractor was found in violation of most of the rules regarding labor and working conditions in its factories that brought unwanted negative publicity to the top technology manufacturing companies.

Mitigating Third-Party Risks with Due Diligence

There are a series of fragmented approaches being followed by companies based globally in order to develop effective systems that will manage the compliance of third-party risks. Still the companies tend to fall short of a fool-proof system for mitigating the third-party risks. Some companies find themselves between a rock and a hard place concerning the constant changes. Whereas there are few companies, who focus only on managing the third-party. Hence, the companies fail on the ethical aspects such as bribery, regulatory violations, security breaches, money laundering and others.

In such situation, a comprehensive framework is required that will assist in 100% third-party due diligence. Important factors in this regard are:

  • Audits
  • Controls
  • Investigations
  • Risk Assessments
  • Policies
  • Timely Issue Remediation
  • Training Programs

If such a strong and comprehensive framework is made and implemented, then not only the the third-party risks will be mitigated, but the companies will be able to forge more credibility in the international arena.

Challenges Related to Third-Party Business Deals

1) The third-party network can be quite complicated. Since they cannot be managed directly like permanent employees of a company, an indirect approach is followed for the management purposes. This makes it very difficult for the main businesses.

2) Redundancies can be seen in case a specific third-party is managed by more than one departments of a business. Duplicate and double efforts are common in this case.

3) High cost are always present that cause the businesses to ignore the due diligence after the deal is made.

4) Regulatory compliance

5) Restricted transparency and huge volume of data to be processed

Highlights of Mitigating Third-Party Risks by Strengthening Due Diligence

The companies or businesses should make a blueprint of schemes or procedures that they need to implement so that risks are reduced to minimum.

1) Take enough time: Businesses should take enough time to conduct background checks on each and every third-party. They should NEVER be casual within even one parameter, as it can lead to unforeseen risks and credibility issues.

2) Conduct comprehensive risk assessment: Companies should consider the country, regions, international laws & regulations, labor issues & guidelines and other related factors will assessing the risks associated with an international third-party deal.

3) Create your own policies and code of conduct rules and make sure to communicate these completely to the third parties. This keeps both the parties on same level and improves the understanding amidst them.

4) Due diligent should be performed without fail for Mitigating Third-Party Risks, especially in the cross border deal.

Authors of this post are Bill Trueman is an eminent payment, due diligence, risk & fraud expert who provide his consultancy services to card issuers, banks, corporates and business organizations all over the world. He is chief executives of RiskSkill, UKFraud and member of AIRFA.

How Can Due Diligence Prevent Fraud in International Contracts

Corporate Due Diligence

Whenever someone makes a contract with an organization, there are definite chances of frauds, either very less or very high. However, the organizations always claim to have utmost transparency. As an investor / consumer, you should be aware of the fact that there no thing as 100% transparency or 100% fraud proof contract in any domain. Even though cheating some other party intentionally is considered as criminal offense under law, still frauds are prevalent, if not more than definitely on the small scale.

Commercial frauds are something, which have even caught the attention of the UN that has termed it among the present era’s supreme coercions. They have acknowledged commercial frauds as an international level event that harms the stability of the economics of every country. And this is where the role of due diligence consulting services starts. There are many due diligence companies which you can take help of.

General Commercial Frauds: These are related to activities like Deceptive Advertising or Marketing, False Reporting, Falsifying Documents, Non-Delivery, Piracy, Overriding of Regulatory Breaches and Thefts.

Popular Scandals: Deutsche Morgan Grenfell in England and Enron in the U.S.

Be Cautious in International Contracts

If you plan to get into an agreement, then it is recommended to audit the other contracting party for the relevant matters such as financial records, past complaints / clients etc. This step is very crucial during the negotiations stage and should be continued even after the end of negotiations. This small step will help to minimize your financial loss and prevent from getting into any legal trouble.

Few relevant matters of investigation are:

1. Government rules and regulations of each nation
2. Indemnities, loans and other financial arrangements
3. Information technology such as security of system, upgrades etc.
4. Language or cultural obstructions
5. Potential in the market and prospects of future performance

Stay Safe from Frauds in International Contracts

With every passing year, new fraud surface either at large level or at small. It is only by being self-conscious that you can protect yourself / your company / your investment from fraud in the international contracts. Also, below are some pointers that will guide you in safeguarding yourself from the fraudsters:

Specialization is necessary. You can take assistance of lawyers or consultants, who specialize not just in the international contracts but also in the domain wherein you are dealing in. This is very beneficial if you are not an expert yourself. In addition, you can spend your money in acquiring marketing and accounting specialization.

Use Secure Payment Methods and Letter of Credit. Whether you are dealing with a known entity or not, you should still take all possible precautions to draft clear and secure terms. In the banking industry, there are strong terms for “Letters of Credit” that come with the bank’s guarantee for partial payment or seller’s payment on behalf of buyers. Although the risk is not entirely eliminated, but these can be instrumental for novice traders in mitigating the chances of fraud.

Mention Important Clauses in Contracts. In the international contracts, frauds can be avoided or their chances reduced by the inclusion of important points that can be called negotiating requirements, for instance certification, currency, product samples, insurance, and other regulatory documentation.

Authors of this post are Bill Trueman and Kevin Smith who are eminent payment, due diligence specialists, risk & fraud expert who provide their consultancy services to card issuers, banks, corporates and business organizations worldwide. They are chief executives of RiskSkill, UKFraud and member of AIRFA which is a worldwide known independent organization.

Understanding Online Payment Frauds

online payment fraud

If you are an e-commerce owner, then the term “payment fraud” must be well known to you. The main reason for its popularity is the huge cost burden caused by these frauds to your business, not to mention the degradation of your credibility as well as client’s trust.

Generally, a payment fraud can be understood as an illegal or false transaction done over the Internet. Since all the e-commerce businesses sell products online, their payment is done online as well and hence there is maximum chance of payment frauds for them. It can be said that such frauds are unstoppable, however if an e-commerce owner uses an efficacious anti-fraud protection in its website / system, then the frauds can be avoided.

Cyber thieves are on constant look out for even the smallest patch or glitch in the online system (website, payment gateways etc.). Through these glitches or patches, they can steal the private information. Various ways of doing so are directly contacting the owners of credit cards via SMS or email (known as phishing frauds); redirecting the transaction to a fraudulent website; or even calling them by pretending the customer care executive of the concerned e-commerce website.

Common Scenarios of Payment Frauds:
Credit Card Frauds
Disagreement in accepting product delivery
Fake Returns

1. Credit Card Frauds

Ranked among the common crimes related to online payments, the easiest way to misuse is that fraudster steals the card and using it, they shop online for various products. In this scenario, the affected party (consumer) can get that specific amount back after some efforts, but the merchant loses that amount as well as the product.

2. Disagreement in accepting product delivery

In this scenario, fraudsters places online order for products then merchants sends the order to fraudsters, who then put forwards the claim that he/she did not collected the product. In this case, the truth lies somewhere between the rock and a hard place, hence is hard to determine.

3. Fake Returns

In this case, the customer puts in effort to win over the merchant over the statement that the ordered items are sent back to him and money should be refunded to him. However, those items never reach the merchant. In its spinoff setting, customer can claim the presence more than the actual number of items returned to merchant and hence claim a complete refund.

Through this information, merchants should understand that although “client is king” but client is not always honest and truthful. Therefore, they should implement suitable measures and policies to counter the aforementioned payment frauds.

For more information about the online fraud, payment fraud, commercial fraud, cyber frauds and fraud prevention strategies visit website http://www.riskskill.com/

How to Keep Payment Frauds at Bay?

Mobile Payment Fraud Prevention

Skimmers & cybercriminals are some of the terms used for fraudsters, who are responsible for payment frauds. Such criminals strip the funds, property, and crucial personal information of victims. Generally, three scenarios can result in payment frauds. First, being stolen / lost goods; second being unauthorized transactions on Internet; and lastly false requests for refund or similar scenario. The main reason of these being prevalent factors for online frauds is the immense boom in e-commerce sector, which majorly relies on online payments for selling / buying of goods.

There is various modus operandi or interactions that the fraudsters follow for acquiring sensitive information and make an online fraud possible. The popular ways are Email, instant messaging, online auctions, phone calls, rerouting internet traffic to fallacious websites and lastly by sending text containing malware to smart phones. Since everything is online nowadays, there are an increasing number of gaps or patches or glitches in some online systems. These are the weakness, which is targeted by the cybercriminals. Even if there is firewall, which is not updated as per new technology, then also it can be explored by fraudsters to steal user’s sensitive data and make payment fraud a possibility.

There are some ways by which you and e-commerce industry can help reducing or keeping the payment frauds at bay. The first method is to ensure regular automatic update of your anti-virus, anti-malware, and firewall. These software programs play the role of shield against hackers and blocks their attempts to gain access to a secure network. Hence, their continuous update is necessary. Talking about few other ways to safeguard your online presence and shopping experience are mentioned below:

1. Stay update with the latest fraud trends. You can subscribe to a newsletter of reputed organization delivering such service
2. Always pay online via the authorized and well-known payment gateway
3. Change your login credentials and tokens on regular basis
4. For each transaction, customer should log in to complete the payment.
5. Keep checking your system with the anti-virus and anti-malware software
6. Try using an encryption program for emails and / or transactions where important information sharing is needed

Types of Payment Frauds

Phishing Scams: These are the most common forms of payment frauds. These frauds are prevalent in those emails or URLs wherein it is required to enter private / personal data. Some examples are bank account and credit card login credentials. You can stay away from the phishing swindles by trusting only the known and original websites of the merchants. In case you receive an e-mail from unknown account or person, then just mark it as spam.

Page jacking: Here, the hackers take control on some part of an e-commerce website through which they reroute the website traffic to a different website that may have malicious codes that can be used to access a network security system. It is the responsibility of e-commerce business owners to be aware of such activities.

Identity theft: This type of fraud is not limited to Internet; it is possible offline as well. Once the user’s personal information is stolen by a fraudster, it is used under false pretense – this is identity theft. One way of avoiding it is NOT to log into public Wi-Fi.

Authors of this post are Bill Trueman and Kevin Smith who are leading payment, risk & fraud expert who provide their payment fraud prevention consultancy services to card issuers and banks worldwide. For more information one can visit their website at http://riskskill.com/