E-Money Risk, Fraud & Compliance Advisory Service by RiskSkill

About RiskSkill’s e-Money Compliance Services

Mobile Payment Fraud Prevention

RiskSkill help businesses avoid €multi-million fines and embarrassing brand damaging mistakes from regulatory non-compliance and process and regulatory mistakes. We help clear up the mess when we are called in later.

E-money Licence Changes:

Recent new financial services legislation in the UK, has led to the Financial Conduct Authority (FCA) introducing a Payments Systems Regulator from April 2014. The ECB, and the European Commission are also proposing ways to regulate and police the whole e-money arena, as are the international card schemes. The FCA is now also starting to review and audit the e-money licences they have granted previously and for observance with ALL regulations and also best-practices.

We believe that the FCA have seen that the governance of payment systems, including e-money issuers, is a difficult and continuous task and needs several layers of supervision and oversight in the way that other payment methods have already established (e.g. through the regulations of the international card schemes).

Requirements:

As an e-money licence holder, you need to ensure that your organisation and all of its agents, including passport holders, are fully conversant with and engaged in all due diligence in customer selection and identification, transaction/event screening, suspicion reporting, record-keeping, corporate assessment of exposures and risk, and the Base II (and III) capital assignment to the exposures. Having reporting to the FCA, a clear payment strategy and ABOVE ALL understanding and observance of laws relating to payments in all areas of operation are all also essential.

The main legislation that is pertinent is the meeting of the requirements of the Money Laundering regulations for all countries in which an e-money licence holder, and its agents and Passport Holders, operates. Not doing what is right by the European Money Laundering directives is the quickest way of losing money, being fined, suffering crippling bad media attention, or losing a market – or a full e-money licence (which will happen when firms are reviewed).

emv chip and pin online payment fraud

ACTIONS 

In advance of the FCA performing its own validation on individual license holders (and making high profile examples of those who are not fully compliant), you need to:

A. Make sure that all your processes, operations and compliance teams are all fully observant of all applicable regulatory requirements, laws and best practices.

B. More importantly though, are you confident that your third party agents are also fully compliant?

We Can and Will Help You In: 

1. Determining your current state of preparedness and identify areas for attention and action before the FCA requests an onsite review of your business.

2. Review the state of compliance and preparedness of your third party agents or passport-licences and report to you on them as the principal e-money licence holder?

We can provide you with our credentials when you need help, as we are a team of payment industry specialists, that have previously worked in many banks and card schemes, and now help organisations assess their current operational status, and become and remain compliant. We have also worked extensively with the rules, regulations, legislation and best practice across the sector, in the UK and across Europe and advise payment organisations on market strategy and direction rather than simply focusing on ‘tick-box’ auditing.

Contact RiskSkill for our Services for all Risks, Fraud and Compliance solutions for e-money, e-payment, internet payments, e-funds, e payment systems, online payment and digital cash’s safe transactions. RiskSkill is also a permanent member of AIRFA an independent and global risk and fraud advisors organization.

Advertisements

How to Protect from Being Victim of Mobile Payment & Internet Banking Fraud?

All About Safe ‘Mobile Payments’ and Internet Banking Transactions

What is Mobile Payments and what are the top 10 things that we should be doing to stop us from losing all our money?

Mobile Payment Fraud Prevention

Well as technology moves forward we’re now increasingly using our ‘mobile devices’ – we used to call them phones – to make payments. In its simplest form it is calling the bank to make a payment to someone; or using an iPhone/android app to contact our Bank to make a payment, or pay for something with a credit card. Looking forwards there’s the prospect that our mobiles will become the main payment device in shops and cinemas etc. We will probably just ‘tap and go’ for small transactions. There is naturally then a lot of evolution that has happened and this will continue as everyone from credit card companies to banks jump on the bandwagon. In response phone companies are rapidly integrating device and software technology to make payment by phone easier and easier.

The pace of technology protection for consumers is also developing, but not as fast as the growing number of solutions or providers that are involved. Things like encryption, virus protection and chips and PINS, secret codes and memorable passwords etc are all protections, but the weakest point in the chain is you and me as the users. We are only human, and have to be careful too. More of us will run the risk of having our identities stolen, and with them have all our money stolen and our lives invaded by the people behind these attacks.

How can we Protect Ourselves, and Make Sure that we do not Become the Victims of Mobile Payment and Internet Banking Frauds?

  1. Don’t think that it will not happen to me.Because it will. With more technology use, and easier access to our data, and through more routes, the identities of people in their teens and twenties is increasingly becoming more of a problem as they are the group most eager to embrace new technology.
  2. Stop people from getting to our technology.There are password locks on most devices now. Use them. And make sure that they are not easy to guess, no “PASSWORD”, “0000”, or “Mary” if you or your best friend or dogs are called “Mary”.
  3. Do not keep data on your devices that could be used by others.Invest in an app that password protects your data / details. They only cost a small amount, and make sure that the details are then stored encrypted. If you have to store details on the device without these things, put them behind a code that only you can understand.
  4. Keep key information in different places.A lot of fraud and losses occur because people are still ‘silly’ with their details. Keeping a PIN with the card number, with address details and/or personal details that will help a fraudster. Whilst the advice used to be ‘do not write your PIN on your card”; now it should be ‘do not keep the log on details and password with the web access address!
  5. Beware of Phishing emails.Many fraudsters, half way across the world get your details from you WITH YOUR HELP. They make an email look like it is from your bank, a delivery company or someone else you are expecting emails from – like Paypal, the tax office, Facebook or Ebay; and then present you with a screen to sign on with your password. Then they have your private details. Be extra cautious of such incoming emails.
  6. Beware of sharp talking callers.Many frauds still start with crooks who call/text/email you or me and explain that there has been a problem on your account that has been blocked, and to disclose your card details/PINs addresses or other information, in order to unblock the account. Remember, if they want to ID you, who contacted who? Identify them first.
  7. Do not make payments in a hurry or when you do not want to.This is when we make mistakes and expose ourselves.
  8. Only use machines that you know.Internet Cafes can be infiltrated, have software added, hardware added or any combinations. DO NOT MAKE PAYMENTS from other people’s machines unless you really know what you are doing and you have a safe, end-to-end secure conversation going on; that you know that you are not being overseen, that there is no hardware/software running etc. And do not enter / remember passwords on any machines, especially not strange machines.
  9. Avoid using the same passwords.Obvious that one isn’t it, but so many people do!
  10. Look after all personal details.Be protective with personal details. Do not use your PINs, card numbers, card expiry dates, addresses, phone numbers or mother’s maiden names etc. in public, in earshot of others. Type PINs and passwords covered up, and always assume that someone is watching or that there is a micro-camera installed by crooks anywhere that you are putting, reading or typing personal details.

Remember, that as the technology and connectivity leaps forward it is the fundamentals and people issues that become the biggest weaknesses, and we all have to work to ‘mind the gap’ that this leaves open; until we have remote/mobile real-time DNA testing – which is a long, long way off.

Bill Trueman is a leading payment, risk & fraud expert who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit website at RiskSkill, apart from this Bill is also a permanent member of AIRFA.

European Union Initiates Reduced Inter-Regional Card Processing Fees

Kevin Smith, Riskskill: What does the inter-regional interchange fee rate picture look like today and where is it moving to?

 

Cards Inter-Regional Interchange Fees

The European Commission is the first competition authority to take action against Visa and Mastercard for their excessive inter-regional interchange fees. With its experience and successes in reducing intra-regional interchange fees in Europe, this latest action and its positive impacts has set an interesting precedent. It is great news. The European Commission move addresses both regulator and merchant concerns about the unfair and extreme costs of processing non-European cards.

Since 2015, domestic and intra-regional consumer card interchange rates within Europe have been driven down significantly. Although the end result of these fee reductions should have been passed through from merchants to customers, it is not clear how or if this has occurred. Recent Payment Systems Regulator (PSR) attention and their UK industry consultation has shown that the merchant service charge (MSC) also contains many other scheme fees, acquirer fees and margins.

And let’s not forget the myriad of other organisations in the transaction processing flow, providing their services and expecting their fees.

European regulatory attention and merchant concerns should not be a surprise. Not when typical consumer card interchange rates within Europe are now at just 0.20% (debit) and 0.30% (credit) – where they are 1.20% and up to 1.97% for equivalent inter-regional POS transactions in Europe.

Most merchants in Europe, have more domestic card payments than other European card payments; and only lastly non-EU card payments. On this basis, most European merchants, do not experience or notice the impact of accepting cards issued outside of Europe.

However, for many European merchants with lots of international customers, their cost of accepting cards is exaggerated by these disproportionately higher inter-regional interchange fees.

The wide gap between domestic and intra-Europe interchange costs and those for inter-regional transactions makes us ask what the different costs are for processing these transactions, i.e. are there really any greater risks or costs involved with the inter-regional transactions?

Based on the rhetoric use by the European Commission, Visa and Mastercard strangely, did not fight for the status quo, so quickly led to the agreement of new and reduced fees.

So what does the inter-regional interchange fee rate picture look like today and where is it moving to?

Figure 1: Card Present Transactions acquired in Europe

Face-to-Face / Card Present Transactions Inter-regional Interchange Fee – Today Inter-regional Interchange Fee – Pending
Visa Consumer Debit Between 1.10% and 1.97% 0.20%
Visa Consumer Credit 0.30%
Mastercard Consumer Debit Between 1.10% and 1.98% 0.20%
Mastercard Consumer Credit 0.30%

Figure 2: Card Not Present Transactions acquired in Europe

Online / Card Not Present Transactions Inter-regional Interchange Fee – Today Inter-regional Interchange Fee – Pending
Visa Consumer Debit Between 1.44% and 1.97% 1.15%
Visa Consumer Credit 1.50%
Mastercard Consumer Debit Between 1.44% and 1.98% 1.15%
Mastercard Consumer Credit 1.50%

The European Commission argued that this reduction: “will lead to lower prices for European retailers to do business, ultimately to the benefit of all consumers”.

For those merchants with higher card acceptance from outside of Europe, the European Commission believe that the cost savings could be 40%.

The European Commission decision does not raise important further questions about other payment scenarios:

a) Now that the parties have agreed lower inter-regional interchange rates, when will these revised fees come into force?

The European Commission states: “Under the commitments, Mastercard and Visa each undertake to reduce the current level of inter-regional interchange fees to or below the following binding caps, within six months:”

NB: the scheme commitments will apply for five years and six months from the above date.

But when does this six-month period begin?

  1. The date from the which the European Commission made the scheme commitments legally binding under EU antitrust rules, or
  2. Is it from the date communicated by each scheme to its respective client issuers and acquirers?
  3. Or as reported by the BBC UK website on 29th April 2019, i.e. on 19th October 2019 for five years.

Scheme updates posted following the European Commission press release confirm that the effective date for the inter-regional interchange alterations is indeed 19th October 2019.

b) What about inter-regional debit and credit cards in mail order and telephone order (MO/TO) in Europe?

The European Commission only refer to online payments. Can we assume that MO/TO transactions, though not specifically mentioned, are included in the European Commission definition of Card Not Present transactions?

Scheme updates posted following the European Commission press release confirm that Card Not Present transactions are all transactions other than card present transactions, so MO/TO transactions are included in the planned fee reduction.

c) A trustee will be appointed by the Commission to monitor the implementation of the commitments. Who will be monitored?

  1. Will they monitor Visa and Mastercard and whether they enforce the fee reductions in line with the agreement?
  2. Or will they monitor individual merchant acquirers and their agents to see if they deploy lower pricing within the agreed timeframe?
  3. Or will they monitor individual merchants to see if the lower costs lead to lower consumer prices?

d) How will EU card issuers justify and defend their continued receipt of higher interchange rates for card usage outside of Europe – i.e. the reverse of this agreement?

Will similar regulatory and merchant pressure outside of Europe lead to reduced interchange fee costs elsewhere and therefor reduced income for European issuers for non-EU based transactions?

As with previous interchange fee rate reductions, we should expect unexpected and unintended consequences?

e) If a South African-issued card accepted in Europe incurs the new lower interchange rate, what does that mean for the same card accepted in Australia or the US?

This is not a matter for the European Commission, but clearly, they will provide essential guidance and advice to other national payments and competition regulators around the globe to challenge Mastercard and Visa further.

International merchants with a presence in Europe and in other regions and countries around the world will increasingly question why they are incurring very different interchange fees across different regions and markets.

Is this the ‘beginning of the end’ for over-inflated and higher global inter-regional and local interchange rates?

f) What about the three-party model?

Inevitably, such schemes will be forced to revisit their merchant pricing to ensure any merchant preference or favour for such brands.

g) Will lower interchange fees, mean increases in other card processing fees?

In the UK most noticeably, and across the rest of Europe, we have witnessed that lower interchange rates have been offset by increases in acquirer pricing, such that the positive pricing effect does not pass through to the end customers.

Are we going to see a similar offset of inter-regional interchange fees with poorly explained increases in scheme fees for inter-regional transactions and corresponding acquirer processing fees?

h) What about non-EEA countries? The European Commission press release on 29th April 2019 states that the inter-regional interchange rate reduction will positively impact transactions acquired in EEA countries.

Effective April 2019, Visa no longer treats Israel, Switzerland and Turkey as part of their EEA market definition. This means that transactions into and out of these countries, for example the UK or US, are now treated as international for interchange purposes and scheme fee levels.

i) So what does this mean for commercial cards and any other programmes? These have been excluded from regulatory pressure on interchange reimbursement fee reductions.

Inter-regional commercial card transactions do remain a very small percentage of total card expenditure for many European merchants.

Commercial card interchange rates are typically between 0.20% and 2.10%.

Small Business, Commercial and Corporate Card Transactions Inter-regional Interchange Fee – Today
Visa Commercial Debit Between 0.20%+ GBP 0.01 (according to Visa Business Immediate Debit) and 2.00%
Visa Commercial Credit
Mastercard Commercial Debit Between 0.20% (according to Mastercard debit Government payments) and 2.10%
Mastercard Commercial Credit

So how long will it be before commercial debit and credit cards are included in the regulatory challenges to reduce interchange fees?

The changes and this agreement are all great news and positive developments, but the implications and implementation still need to be better understood and defined, and there remain many questions and some big issues there-in.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring. At Visa, Kevin headed acceptance and acquiring development and was instrumental for changing how Visa viewed payment acceptance, acquiring and retailers in Europe. Kevin also led fraud and compliance management functions at a senior level at Visa. Kevin has worked in retail management for a major UK retailer, and for a major UK high street bank in its retail banking cards and acquiring development business; in senior roles at Switch, the original UK domestic debit card scheme; as well as in Visa Europe and Visa International in the US.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks. The firm works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. Riskskill.com is a global GARS Reviewer for Visa and a member of AIRFA, the Association of Independent Fraud and Risk Advisors

For further information, please contact: Bill Trueman or Kevin Smith at www.riskskill.com and enquiries@riskskill.com