RiskConnect 2018: The Anatomy of a Good Risk Management Strategy

Webshield Riskconnect Conference 2018 at Frankfurt

Thought leaders and industry experts met at RiskConnect conference in Frankfurt to discuss the newest challenges that risk professionals face within the payments industry and to provide hands-on knowledge they can use in their daily work. RiskConnect is organised by Web Shield, one of the leading onboarding, underwriting and monitoring solution providers.

The event started with a presentation held by Pulitzer Prize winner Carl Bernstein on fake news, the impact this has on our societies and the way truth is perceived via ‘fake news lenses’. Bernstein has preached the gospel of finding ‘the best obtainable version of truth’, stressing the fact that journalists are similar to data miners, permanently searching for info, and that their ultimate role should be connecting these data to offer the best obtainable version of truth. This ideal can be achieved if we present information in context, as simple facts presented isolated from the bigger picture do not cover the truth. A crucial role in this system is played by the validation of our data sources.

He concluded his presentation by drawing a parallel between the role of journalists and risk management professionals, as both categories use similar investigative principles to grasp the whole picture of a given situation / merchant profile, for instance. When you don’t know/suppose you know the truth you face a risk, the risk of missing out the factors that made that truth happen, of not knowing what will be the right consequences, of being part of a distorted world, hence, facing unreal consequences/facts.

What exactly is risk?

There have been a lot of debates around this concept, as it is not a fix, but a variable one, depending on the degree of risk a business/person is willing to accept, the impact the accepted risk has on the business/consumer, risk appetite, the way it makes a business/consumer feel when they take a particular risk etc.. Nevertheless, risk can be monitored/assessed due to ISO 31000 standard on ‘Risk management – Principles and guidelines on implementation’ that states that the process of risk management consists of several concrete steps, such as establishing the context and identifying potential risks and assessment – once risks have been identified, they must then be assessed as to their potential severity of impact.

According to Shaun Lavelle, Senior Vice President Risk, Payment Processing, Paysafe Group and Bill Trueman, Director, RiskSkill (http://www.riskskill.com/) the concept of high-risk is meaningless if the types of risk are not specified. Moreover, the lack of a proper risk scoring analysis can be caused by not taking into consideration operational risk, currency risk, reputational risk, fraud and regulatory risks.

For instance, at the moment there are too many shady merchants under some acquirers’ custody conducting illegal activities, such as child pornography, nutraceuticals, and unfair billing practices causing great fines applied to these acquirers by the regulators/schemes. Not to mention the different perspectives regulators have over these risks and the vast terminology used within this market (that not everyone understands/has consensus over its meaning). Within this context, risk managers plan hard – and put-in place early –warning processes and measures to avoid their business going bust.

Bitcoin, ICOs, crypto… a risky business?

Over the past few years, cryptocurrency has grown exponentially and it seems that a new cryptocurrency pops up every day (currently there are more than 1500 available). The appeal of making a fortune by joining the cryptocurrency market is enticing with mining facilities multiplying and the emergence of “Initial Coin Offerings” (ICOs). Similar with IPOs, ICOs enable startup businesses to raise capital for their projects by issuing their own digital tokens.

However, fraudsters are also exploiting this new digital asset ecosystem. For instance, there are sites that teach you how to launch an ICO in just 20 minutes, or others that through deceiving advertising trick users into thinking that they are buying ‘the next worldwide crypto’ (when actually they don’t receive anything). Also by co-opting well-known brands, such as card schemes – Mastercard, Visa – or by using celebrity names/faces in a deceiving way, ICOs can gather over 30,000 registrants in just a few days, according to the Canadian Financial Authority investigators Annie Leblanc and Maude Blanchette.

The good news is that there are regulators and authorities throughout the world, such as the North American Securities Administrators Association (NASAA), European Securities and Markets Authority (ESMA), Financial Action Task Force (FATF), and many others that monitor these fund raising activities/transactions, investigate any illegal/illicit/deceiving involvement and prosecute where needed.

How to lower the risk?

Mastercard and Visa are preparing their clients/merchants on how to deal effectively with the evolving risk management challenges. During RiskConnect, Jonathan Trivelas, Director, Customer Compliance and Fraud, Mastercard, covered Mastercard’s Business Risk Assessment and Mitigation (BRAM) program and its latest requirements concerning high risks merchants. These initiatives are called AN 1683—Addition of High-Risk Securities Merchants to the BRAM Program and Revised Standards—High-Risk Securities Merchant Registration and AN 1695—Addition of Cryptocurrency Merchants to the BRAM Program and Revised Standards— Cryptocurrency Merchant Registration and apply mainly to cryptocurrency use and chosen high-risk financial instruments trading. This includes recent developments regarding cryptocurrency merchants, high risk security traders (Binary, Forex, etc.), sports betting and high risk negative option billing merchants.

These standards came into effect on October 12th, though discussions around them have been started by Mastercard in spring 2018. Generally speaking, they apply to high risk merchants. It is also worth mentioning that ESMA (European Securities and Markets Authority) has already taken the intervention measures and temporarily prohibited the marketing, distribution or sale of binary options to retail clients. AN 1683 and AN 1695 also aim to provide legal opinions on the possibility of carrying out cryptocurrency business in a particular country.

In a world where anyone can be a merchant, everyone can be a customer, and the regulatory environment continues to extend their enforcement. Another option to lower this risk is to leverage global data points to automate and revolutionise online verifications and fraud prevention.

There are companies such as 4Stop or IdentityMind that, through the power of data, they can achieve automated risk mitigation, even for … cryptocurrency transactions, as technology has the capability to deanonymize an address on the Bitcoin network, thus attaching it to the real world identity of the person controlling it. Once this happens, all transactions made from and to this address become visible and traceable since the beginning of the blockchain and till the very last block.

Education in risk management is crucial

We have the tools and technology, we have the regulations and best practices examples, but how can risk professionals establish a knowledge base in an industry that lacks an established professional educational path and is evolving as quickly as it is? Clearly, by setting industry standards for professionalism and proficiency for the acquiring industry. There are a few associations, companies, groups like Electronic Transaction AssociationWeb ShieldMerchant Acquirer’s Committee that through programs, trainings, book releases, events, and many more are trying to offer new market players the tools to understand the risks associated with financial services.

We cannot but agree with Jason Oxman, CEO, Electronic Transactions Association who says “Through the ETA Certified Payments Professional program, as well as ETA’s new Self-Regulation Program, we are raising the level of education and professionalism in the payments industry, and events like RiskConnect help us increase awareness of the importance of global partnerships.”

We want to take this opportunity to thank the Web Shield team for inviting us for the RiskConnect event and conclude by adding Christian’s Chmiel, CEO&Founder Web Shield remark: “In the fight against fraud, education and collaboration are at least as important as technology”.

Original Source: https://www.thepaypers.com/expert-opinion/riskconnect-2018-the-anatomy-of-a-good-risk-management-strategy/776286

Advertisements

Riskskill Attends 2nd RiskConnect conference – 2018 at Frankfurt

Webshield Riskconnect Conference 2018 at Frankfurt

Riskskill is once again proud to be supporting Web Shield at their second RiskConnect conference – 2018, in Frankfurt.

The networking conference for risk and compliance professionals took place at the Hilton Hotel next to the airport at Frankfurt-am-Main on 29th and 30th November 2018.

RiskConnect a networking conference was hosted by Web Shield, who provide on-boarding, underwriting and monitoring solutions to many in the payments industry.

The two-day conference was attended by thought leaders and payment industry experts to debate the existing and newest challenges faced by the payments industry. Relevant industry developments and challenges are discussed, with opportunities to network with event participants. RiskConnect is the independent event where risk and compliance experts can share their knowledge and broaden their horizons over the topics at hand. so that they can remain ahead of others.

Riskskill is pleased to be supporting Web Shield at this event again. I am talking about the credit risk challenges in the merchant acquiring sector along with Shaun Lavelle, SVP Risk Management at Paysafe Group; we like to support the team from Web Shield as they are doing much to ‘shake-up’ the approach to enhanced risk management, and to improve risk awareness and knowledge in the industry.”

Riskskill is also honoured to be presenting along side a wide range of influential organisations, including senior risk management representatives from both Mastercard and Visa: but also rather pleased to be sharing the stage with Pulitzer Prize winner (and almost a legend in his lifetime: Carl Bernstein.” : http://www.carlbernstein.com

Other speakers include: Brian Kinch from Visa, Jonathan Trivelas from Mastercard, DJ Murphy from Card Not Present, Jason Oxman from the Electronic Transactions Association (ETA), along with speakers from 4Stop, Schiltz & Schiltz, Coinbase, Canadian regulator AMF and the FBI, Deloittes and the Dating Factory.

Riskskill, a boutique payments and risk management consulting company, encourages interested risk and compliance professionals to attend these events as they are a great opportunity to stay in the forefront of industry developments.

Further information on this event is available at http://www.riskconnect.eu

Web Shield RiskConnect Conference 2017: Kevin Smith Also Takes Part

Web Shield RiskConnect event in Frankfurt, Germany in 23-24 November 2017. Web Shield RiskConnect Conference 2017 Focused on Risk Management and Payments Takeaways. Kevin Smith of RiskSkill, presented on Day 1 of the inaugural Web Shield RiskConnect event, held on 23-24 November 2017 in Frankfurt am Main, Germany, he emphasized on the power of networking and information sharing for payments industry risk professionals.

RiskConnect Conference - Risk management and payments takeaways

FRANKFURT, Germany – A well-organised and informative conference held in the Hilton Hotel at Frankfurt Airport in November 2017. It was positioned as the networking event for risk professionals. It really was a superb networking and informative event, an opportunity to meet senior global payment scheme representatives, regulators, acquirers, processors, vendors, industry risk and payment specialists and consultants, and not forgetting our knowledgeable hosts from Web Shield.

Why is this relevant now?

Well, Web Shield in conjunction with Payvision & Acapture have now just released their blog and a YouTube video, summarising the highlights of the event and some thoughts from those who presented and participated in the event, including yours truly.

Web Shield really have challenged the status quo in risk management in payments, through their products and services, technical expertise and knowledge, the training academy and now their networking event and conference.

Supporters and sponsors helped make RiskConnect possible and a success, including Payment Consultants, Payvision, iSignThis, Foregenix and Fibonatix.

Payvision also played an important role of contributing to the event’s success, through their media sponsorship and capturing the two day proceedings on a short video. The seven minute video, summarising the event and engaging with most of the presenters was released on Tuesday, 27th February 2018, along with the Payvision blog.

RiskConnect 2017, was held over two days in November 2017; it brought together a wonderful array of payments and risk management experts. All noted that they may seen as professionals and experts, but all willing to meet a new industry colleague, learn something new and listen to and share industry best practices.

Presenters included senior risk management at the global payment systems, Visa and Mastercard, plus excellent and topical presentations and updates from organisations including Thomson Reuters, Verifi, IWF, HSBC, iSignThis, Vendorcom, the Malta Gaming Authority and the Brunswick and Manitoba regulatory bodies in Canada.

A couple of panel sessions were held that put some of the speakers together on the stage to take questions from the moderator and importantly to take questions from the audience.

Kevin Smith at RiskConnect Conference 2017

Early on Day 1, Kevin Smith representing RiskSkill talked through the challenges affecting the industry and participants, including understanding and managing acceptable risk considering effective risk management in the bigger business picture, and ensuring risk management is viewed as a better business enabler.

Positioned by Web Shield as the networking event for risk professionals, it really did hit the mark“, said Kevin.

Kevin continues….

“This was the first Web Shield conference, building on the success of their training Academy. With an excellent line-up of presenters over the full two-day event, a really good audience of industry professionals eager to learn more, a great location next to Frankfurt airport, and meticulous organisation by Web Shield, it really was a very successful and powerful event. Web Shield have set the bar high for these types of industry event”

Bill Trueman at RiskSkill, added

“RiskSkill has a close business relationship with Web Shield. We were very pleased to be invited to be part of this Web Shield event, and supporting the opportunity to drive greater awareness and education of new as well as existing challenges and developments impacting risk managers in the payments industry. “

“Payvision were an excellent sponsor of the event and pulled together a short video summary of the event. It ha snow been made publicly available and clearly demonstrates the benefits of getting risk management professionals together, excellent networking opportunities and the ability to learn and share best practices.

Last but not least, lets not forget the latest Web Shield book release – The Fundamentals of CNP Merchant Acceptance: Understanding High-Risk Business, 2018 edition. All attendees took away a valuable copy (or more!) of the book, an essential how-to companion for underwriters.

Further details can be located at payvision blog at http://blog.payvision.com/riskconnect-recap-risk-management-and-payments-takeaways/

For full coverage of event watch video https://www.youtube.com/watch?v=fC3_EhiOCG0

Bill Trueman and Kevin Smith are well known and highly trusted specialist in risk review and risk management who works globally independently, are associated with RiskSkill, UKFraud, and AIRFA.

 

In Wake of EMV Switch, US e-Commerce Fraud Soars!

Payments Specialist, Risk Specialist

As the US switched to EMV chip cards system, e-commerce fraud rates jumped by 33% last year, according to Experian. In late 2015 the US finally followed much of the rest of the world when Visa and other card schemes switched the liability for fraud-related losses to retailers that have not upgraded their hardware for EMV.

Experian notes that the increase in e-commerce fraud follows a similar trend pattern from countries that previously rolled out EMV cards – UK, France, Australia, and Canada – that also saw gradual increases in card-not-present fraud.

“We suspect that the EMV liability switch and increased adoption by merchants of chip-and-pin enabled terminals have had a profound impact on driving up e-commerce attacks,” says the firm.

Fraudsters that typically relied on committing counterfeit fraud have shifted their focus to the digital channels where they could have more success, and as more attackers enter a rapidly growing mobile and online commerce space it becomes increasingly difficult for merchants to spot them.

This means that businesses need to expect the increase in e-commerce fraud to continue over time and to be prepared to deal with it by employing a multi-layered approach that pairs transactional data elements with details about the user and their device.

Experian says that the biggest component of credit card fraud trends is the fact that 2016 was a record year for data breaches. There were 1,093 breaches, a 40% increase from 2015, according to the Identity Theft Resource Center.

Meanwhile, the Federal Trade Commission recently revealed a jump in consumers who reported that their stolen data was used for credit card fraud, from 16% in 2015 to more than 32% in 2016.

The record number of data breaches is a signal that future fraudulent activities will take place, warns Experian.

What Bill Trueman, an Eminent Risk Specialist Says About This:

1. Of course e-commerce fraud will rise. It is rising everywhere as e-commerce and m-commerce get used more.

2. Naturally, if you stop fraudsters using cards at the point of sale with EMV, they will move to CNP.

3. If you do not put in protections in your CNP channel, fraud will rise.

4. USA fails to adopt (or plan for) protections in the e-commerce channel.

5. The late adoption of EMV in the USA, has caused a lot more data compromises for longer in this market.

6. EMV adoption is starting to see fraudsters deterred from CO fraud opportunities already as they move to other softer targets.

Bill Trueman is an eminent independent payments and risk specialist helping business and bank owners manage risk & fraud and save millions. He is director of globally well known RiskSkill, and UKFraud and is an active member of a worldwide fraud and risk advisors organization i.e. AIRFA.

Things You Must Know About Online Payment Frauds

online payment fraud

If you are an e-commerce owner, then the term “payment fraud” must be well known to you. The main reason for its popularity is the huge cost burden caused by these frauds to your business, not to mention the degradation of your credibility as well as client’s trust.

Generally, a payment fraud can be understood as an illegal or false transaction done over the Internet. Since all the e-commerce businesses sell products online, their payment is done online as well and hence there is maximum chance of payment frauds for them. It can be said that such frauds are unstoppable, however if an e-commerce owner uses an efficacious anti-fraud protection in its website / system, then the frauds can be avoided.

Cyber thieves are on constant look out for even the smallest patch or glitch in the online system (website, payment gateways etc.). Through these glitches or patches, they can steal the private information. Various ways of doing so are directly contacting the owners of credit cards via SMS or email (known as phishing frauds); redirecting the transaction to a fraudulent website; or even calling them by pretending the customer care executive of the concerned e-commerce website.

Common Scenarios of Payment Frauds:
Credit Card Frauds
Disagreement in accepting product delivery
Fake Returns

1. Credit Card Frauds

Ranked among the common crimes related to online payments, the easiest way to misuse is that fraudster steals the card and using it, they shop online for various products. In this scenario, the affected party (consumer) can get that specific amount back after some efforts, but the merchant loses that amount as well as the product.

2. Disagreement in accepting product delivery

In this scenario, fraudsters places online order for products then merchants sends the order to fraudsters, who then put forwards the claim that he/she did not collected the product. In this case, the truth lies somewhere between the rock and a hard place, hence is hard to determine.

3. Fake Returns

In this case, the customer puts in effort to win over the merchant over the statement that the ordered items are sent back to him and money should be refunded to him. However, those items never reach the merchant. In its spinoff setting, customer can claim the presence more than the actual number of items returned to merchant and hence claim a complete refund.

Through this information, merchants should understand that although “client is king” but client is not always honest and truthful. Therefore, they should implement suitable measures and policies to counter the aforementioned payment frauds.

Bill Trueman and Kevin Smith are well known and highly trusted specialist in risk review and risk management who works globally independently, are associated with RiskSkill, UKFraud, and AIRFA.

Why 80% of Online Crime are Covered Up by Banks?

A widely-held suspicion that UK banks are covering up the true scale of cybercrime has been confirmed by the City of London Police chief Adrian Leppard, who says that up to 80% of online crime goes unreported to the authorities.

Speaking at a Tech UK conference, Leppard says that the vast gap between what is reported and the actual threat level arises “primarily because banks are happy to write off incidents as costs, thereby costing the consumer collectively and funding ongoing cyber-criminality”.The Commissioner told the audience that the scale of the threat is much greater than the public think, so much so that it may have even surpassed what drugs have delivered to the criminal economy.He argues that the banks’ unwillingness to report the true extent of cybercrime, makes it harder to gain an accurate picture of the threat to the national economy and the resources required by police to counter the criminals.In November last year, a Treasury Select Committee hearing into cybercrime and fraud heard evidence from Dr Richard Clayton, a senior researcher in security economics at the University of Cambridge, who said that “insider” accounts of fraud losses at banks are double the numbers generally reported publicly.This followed a July Home Affairs Committee report on e-crime that accused British banks of letting cyber-crooks carry out crime in a ‘black hole’ of impunity by failing to report or investigate fraud.

Comments by Bill Trueman over this News:

We need to be very careful about articles like this, and comments like this too.

The issue here is about REPORTING not dealing with (investigating, prosecuting and deterring) the crime.

The real question here is, of the crimes that are reported to the authorities (i.e. the police), how many are investigated and how many are prosecuted and how many organised gangs identified and stopped and how many opportunists deterred. We can assume that the answer to these will be “almost ZERO %” on all counts.

I have sat with senior COL police people over many years (mainly in the 1990s) – who have refused to accept reports of fraud from banks, because they have no resources to investigate and prosecute. Accordingly £100 millions’s of card fraud ARE reported and not progressed, and £100 million’s of insurance fraud go the same way without even being reported – except for the MAJOR, MAJOR cases that are accepted by the police from the Insurance fraud bureau.

Try and get Leppard to accet such cases is nigh on impossible as only the top – fraction of 1% are progressed. And do not even start talking about or reporting to the police the Inland Revenue, Local Authority, NHS, Benefits etc. fraud because they won’t look there either.

In the UK, we are held up globally (mainly the banks) for the exceptional fraud collation and reporting on card and banking fraud and insurance fraud – and we were leading with the statistical collation of fraud as UKPLC. This was all done 20 years ago as a fall-out from the Levi Home Office reporting – and ‘wrapped up nicely’ except for the police investigation, and prosecution bit, which is still absent.

So it is easy, but also abhorrent that a police officer shoudl stand up and throw stones at an industry that has been doing its bit for a long time. The industry also funds the fraud reporting centre that HE RUNS as part of the COL police force – so it is actually a) Under his control and b) HIS issue too!

BUT…. lets look at what we are talking about here….. We are asked to believe that banks are “covering up Cybercrime”. What is this cybercrime? As far as the banks are involved, the banks lose money from criminals who are attacking the banks to obtain money through the abuse of the systems and processes. This is always how it has happenned and the banks are good at losing money in this way. Just because a new term started to be used 3-4 years ago – does not change the fraud position:

– Banks are attacked and lose money

– Some of it will always get misrecorded as bad-debt when the crooks have managed to con the banks that it was thus. The agreement with all parties has always been that this will not be considrered as fraud (Cybercrime) and will not get reported. The police adamantly refuse to accept such reports too – believeing that the banks have brought this upon themselves by lending money in the first place to these cybercriminals (Ironic eh?).

– Cybercrime / fraud losses are experienced, reported and not investigated.

It is OK to moan at the banks these days – for everything, and often they are to blame for a lot of their mistakes, but in this case we must be careful to spot that here we have a big policeman throwing stones from a very big greenhouse.

Perhaps we should start asking him a few big questions and stop this outrageous reporting. It is probably too that he was taken out of context in this reporting, as I am afraif that I cannot believe that a responsible policeman would be so stupid as to criticise his partner banks, his funding bodies and people who are patiently waiting for him to do his job rather than trying to do theirs.

Bill Trueman is a leading payment, risk & fraud expert who provide payment fraud prevention consultancy services to card issuers and banks worldwide. For more information one can visit website at RiskSkill, UKFraud, and AIRFA.

 

Source News: http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

Riskskill – Visa Inc. Approved GARS Reviewer to Assist Acquirers Globally

Riskskill has been approved as a trusted vendor for Visa Inc., and specifically as a Global Acquirer Risk Standards programme (GARS) reviewer. The Visa Inc. risk team monitor acquirer performance – i.e. organisations, often major banks, who process card transactions and other electronic payments for merchants. Riskskill will now assist such acquirers that want to demonstrate their compliance with applicable legislation and card scheme rules.

There are only a small number of similar approved vendors globally and most of these are based in California. With the addition of Riskskill on the Visa Inc. programme, there is now payment and risk management expertise available to acquirers in EMEA and around the globe, including across the wider USA.

Riskskill is a business advisory and management-consulting specialist, which focuses upon risk management practices and compliance within financial services and retail businesses.

The Riskskill team is heavily engaged in this part of the payments sector and has helped many acquirers (and large merchants) to review and grow their business in the right way with strong risk and exposure controls.

Visa Inc, proposes that acquirers engage a Visa-approved reviewer such as Riskskill to carry out a GARS review. They will then work on-site with management and teams at an acquirer to look at current practices and procedures to identify business improvements.

Within a GARS review, Riskskill advises on all aspects of the merchant acquiring business, including merchant and third-party partner/agent recruitment and management, underwriting and sales policy and practice; agreements and contracts; settlement operations and procedures; portfolio quality, ongoing merchant management and monitoring; merchant closure and termination; fraud, chargebacks and compliance programmes; merchant training; and data/systems security.

Kevin Smith, who manages the acquirer GARS practice at Riskskill commented that: “With a deep knowledge of the payments business and risk management requirements, the team at Riskskill look forward to working closely with more acquirers that want to improve their acquiring performance and be able to independently demonstrate this to other organisations such as Visa Inc. We are delighted that Visa Inc. recognises the skills and expertise at Riskskills, and our capabilities in global risk management.”

About Riskskill (www.riskskill.com)

Riskskill is a leading Europe-based risk management consultancy, with an impressive international track record of eliminating the risk of losses, reducing risks and exposures, and working with clients to put in place strategies and programmes of work to remove or prevent losses, regulatory issues and other fraud or bad-debt and compliance problems. Its people are widely accepted as some of Europe’s leading risk and fraud experts and they are frequent commentators on the issues involved. The key team have a wide experience in banking, insurance and the financial services and payments sectors and are thought leaders at the forefront of many industry wide and international debates.

Riskskill(http://www.riskskill.com/) is just one of only six organisations globally that have been confirmed as qualified and approved to complete GARS Reviews for Visa Inc.

For further information, contact:  Bill Trueman and Kevin Smith are leading payment, risk & fraud expert. For more information one can visit their website at RiskSkill, UKFraud, and AIRFA.
enquiries@riskskill.com
or
Leigh Richards, The Right Image PR, 0844 561 7586 – leigh.richards@therightimage.co.uk

Read the full story here: http://www.pr.com/press-release/614755