European Union Initiates Reduced Inter-Regional Card Processing Fees

Kevin Smith, Riskskill: What does the inter-regional interchange fee rate picture look like today and where is it moving to?

 

Cards Inter-Regional Interchange Fees

The European Commission is the first competition authority to take action against Visa and Mastercard for their excessive inter-regional interchange fees. With its experience and successes in reducing intra-regional interchange fees in Europe, this latest action and its positive impacts has set an interesting precedent. It is great news. The European Commission move addresses both regulator and merchant concerns about the unfair and extreme costs of processing non-European cards.

Since 2015, domestic and intra-regional consumer card interchange rates within Europe have been driven down significantly. Although the end result of these fee reductions should have been passed through from merchants to customers, it is not clear how or if this has occurred. Recent Payment Systems Regulator (PSR) attention and their UK industry consultation has shown that the merchant service charge (MSC) also contains many other scheme fees, acquirer fees and margins.

And let’s not forget the myriad of other organisations in the transaction processing flow, providing their services and expecting their fees.

European regulatory attention and merchant concerns should not be a surprise. Not when typical consumer card interchange rates within Europe are now at just 0.20% (debit) and 0.30% (credit) – where they are 1.20% and up to 1.97% for equivalent inter-regional POS transactions in Europe.

Most merchants in Europe, have more domestic card payments than other European card payments; and only lastly non-EU card payments. On this basis, most European merchants, do not experience or notice the impact of accepting cards issued outside of Europe.

However, for many European merchants with lots of international customers, their cost of accepting cards is exaggerated by these disproportionately higher inter-regional interchange fees.

The wide gap between domestic and intra-Europe interchange costs and those for inter-regional transactions makes us ask what the different costs are for processing these transactions, i.e. are there really any greater risks or costs involved with the inter-regional transactions?

Based on the rhetoric use by the European Commission, Visa and Mastercard strangely, did not fight for the status quo, so quickly led to the agreement of new and reduced fees.

So what does the inter-regional interchange fee rate picture look like today and where is it moving to?

Figure 1: Card Present Transactions acquired in Europe

Face-to-Face / Card Present Transactions Inter-regional Interchange Fee – Today Inter-regional Interchange Fee – Pending
Visa Consumer Debit Between 1.10% and 1.97% 0.20%
Visa Consumer Credit 0.30%
Mastercard Consumer Debit Between 1.10% and 1.98% 0.20%
Mastercard Consumer Credit 0.30%

Figure 2: Card Not Present Transactions acquired in Europe

Online / Card Not Present Transactions Inter-regional Interchange Fee – Today Inter-regional Interchange Fee – Pending
Visa Consumer Debit Between 1.44% and 1.97% 1.15%
Visa Consumer Credit 1.50%
Mastercard Consumer Debit Between 1.44% and 1.98% 1.15%
Mastercard Consumer Credit 1.50%

The European Commission argued that this reduction: “will lead to lower prices for European retailers to do business, ultimately to the benefit of all consumers”.

For those merchants with higher card acceptance from outside of Europe, the European Commission believe that the cost savings could be 40%.

The European Commission decision does not raise important further questions about other payment scenarios:

a) Now that the parties have agreed lower inter-regional interchange rates, when will these revised fees come into force?

The European Commission states: “Under the commitments, Mastercard and Visa each undertake to reduce the current level of inter-regional interchange fees to or below the following binding caps, within six months:”

NB: the scheme commitments will apply for five years and six months from the above date.

But when does this six-month period begin?

  1. The date from the which the European Commission made the scheme commitments legally binding under EU antitrust rules, or
  2. Is it from the date communicated by each scheme to its respective client issuers and acquirers?
  3. Or as reported by the BBC UK website on 29th April 2019, i.e. on 19th October 2019 for five years.

Scheme updates posted following the European Commission press release confirm that the effective date for the inter-regional interchange alterations is indeed 19th October 2019.

b) What about inter-regional debit and credit cards in mail order and telephone order (MO/TO) in Europe?

The European Commission only refer to online payments. Can we assume that MO/TO transactions, though not specifically mentioned, are included in the European Commission definition of Card Not Present transactions?

Scheme updates posted following the European Commission press release confirm that Card Not Present transactions are all transactions other than card present transactions, so MO/TO transactions are included in the planned fee reduction.

c) A trustee will be appointed by the Commission to monitor the implementation of the commitments. Who will be monitored?

  1. Will they monitor Visa and Mastercard and whether they enforce the fee reductions in line with the agreement?
  2. Or will they monitor individual merchant acquirers and their agents to see if they deploy lower pricing within the agreed timeframe?
  3. Or will they monitor individual merchants to see if the lower costs lead to lower consumer prices?

d) How will EU card issuers justify and defend their continued receipt of higher interchange rates for card usage outside of Europe – i.e. the reverse of this agreement?

Will similar regulatory and merchant pressure outside of Europe lead to reduced interchange fee costs elsewhere and therefor reduced income for European issuers for non-EU based transactions?

As with previous interchange fee rate reductions, we should expect unexpected and unintended consequences?

e) If a South African-issued card accepted in Europe incurs the new lower interchange rate, what does that mean for the same card accepted in Australia or the US?

This is not a matter for the European Commission, but clearly, they will provide essential guidance and advice to other national payments and competition regulators around the globe to challenge Mastercard and Visa further.

International merchants with a presence in Europe and in other regions and countries around the world will increasingly question why they are incurring very different interchange fees across different regions and markets.

Is this the ‘beginning of the end’ for over-inflated and higher global inter-regional and local interchange rates?

f) What about the three-party model?

Inevitably, such schemes will be forced to revisit their merchant pricing to ensure any merchant preference or favour for such brands.

g) Will lower interchange fees, mean increases in other card processing fees?

In the UK most noticeably, and across the rest of Europe, we have witnessed that lower interchange rates have been offset by increases in acquirer pricing, such that the positive pricing effect does not pass through to the end customers.

Are we going to see a similar offset of inter-regional interchange fees with poorly explained increases in scheme fees for inter-regional transactions and corresponding acquirer processing fees?

h) What about non-EEA countries? The European Commission press release on 29th April 2019 states that the inter-regional interchange rate reduction will positively impact transactions acquired in EEA countries.

Effective April 2019, Visa no longer treats Israel, Switzerland and Turkey as part of their EEA market definition. This means that transactions into and out of these countries, for example the UK or US, are now treated as international for interchange purposes and scheme fee levels.

i) So what does this mean for commercial cards and any other programmes? These have been excluded from regulatory pressure on interchange reimbursement fee reductions.

Inter-regional commercial card transactions do remain a very small percentage of total card expenditure for many European merchants.

Commercial card interchange rates are typically between 0.20% and 2.10%.

Small Business, Commercial and Corporate Card Transactions Inter-regional Interchange Fee – Today
Visa Commercial Debit Between 0.20%+ GBP 0.01 (according to Visa Business Immediate Debit) and 2.00%
Visa Commercial Credit
Mastercard Commercial Debit Between 0.20% (according to Mastercard debit Government payments) and 2.10%
Mastercard Commercial Credit

So how long will it be before commercial debit and credit cards are included in the regulatory challenges to reduce interchange fees?

The changes and this agreement are all great news and positive developments, but the implications and implementation still need to be better understood and defined, and there remain many questions and some big issues there-in.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring. At Visa, Kevin headed acceptance and acquiring development and was instrumental for changing how Visa viewed payment acceptance, acquiring and retailers in Europe. Kevin also led fraud and compliance management functions at a senior level at Visa. Kevin has worked in retail management for a major UK retailer, and for a major UK high street bank in its retail banking cards and acquiring development business; in senior roles at Switch, the original UK domestic debit card scheme; as well as in Visa Europe and Visa International in the US.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks. The firm works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. Riskskill.com is a global GARS Reviewer for Visa and a member of AIRFA, the Association of Independent Fraud and Risk Advisors

For further information, please contact: Bill Trueman or Kevin Smith at www.riskskill.com and enquiries@riskskill.com

Card payments – Who am I dealing with? The parties involved are changing… again

Bill Trueman from Riskskill.com talks about who is involved in the four-party payment models and how and why these are changing

In four party models (those that involve Mastercard and Visa), include:

  • Cardholders – like us.
  • Merchants – the shops that we use, whether in the high-street or on-line.
  • Card Issuers: usually banks that provide us with the plastic-card, the CHIP, PIN and then our statements and customer services.
  • Merchant Acquirers: which provide the equipment to accept payments, but which also settle against the issuers globally through the card schemes and most importantly take the risks involved in doing so.

How these parties operate with one another is shown in figure 1 below. Contracts exist between each party, whether formal, OR

a) the sale of goods and services contract (in shop),
b) Visa and Mastercard rules and contracts – through which issuers and acquirers connect globally.

Base four-party model for Card Payments.png
Base four-party model for Card Payments

This is how the processes have worked in the past, but things are changing and getting increasingly complicated.

Newer Parties

Businesses have evolved because of a need for evolution, and/or because of an evolving internet, mobile technology, increasing demands of ‘new solutions’ from merchants and the need to serve ever-newer cardholder services. Acquirers of yesteryear (banks) did not or could not change with market demands. The types of organisations that have evolved include:

Sales/Introducer organisations

Organisations that ‘sell to’ merchants on behalf of acquirers. Often these ‘take a cut’ of all transactions, and often contractually taking some of the work and the risks.

Technical Gateways

Companies that provide merchants with specialist connectivity / IT solutions in the process; aim to link the merchants to the acquirer akin to an internal IT department for payments. These may include specialist data security and tokenization solutions.

Intermediate Processors – PSPs/ Payment Facilitators

Companies that work with the merchants to process transactions to acquirers, and/or other parties for ‘other’ payment types; adding services that acquirers did not or could not provide. These may be specialisms for particular markets or for particular software or applications. Elements of technical gateways and/or specialist data security and tokenization solutions may be involved.

Acquirer Processors

Companies who will provide the processing services for multiple acquirers, or increasingly, also act as acquirers too; and/or offer ‘white-label’ acquiring solutions/platforms and services.

These are shown in figure 2 – Complications include:

– Many different ‘names’ for parties involved across geographies, by the organisations themselves, through the categorisation of these by the card schemes/ regulators. These names change as the market changes.

– Many of these parties overlap into one another e.g.

  • A sales/introducer may also start to provide equipment or software, a gateway solution, and/or become an intermediate processor themselves.
  • Intermediate processors, may apply for their own acquiring licences to become banks and/or Visa / Mastercard licensed businesses; or set-up or acquire sales businesses.
  • Acquirers may buy or establish intermediate processors, or other parties in the chain and;
  • Technical transaction processors (Gateways) may become sales businesses or provide intermediate processing and/or other services to the merchants.

– Three-party card schemes such as American Express and Diners can also be processed through the different parties involved above, in parallel or separately.

– AliPay and WeChat Pay are making big inroads in Europe, and are now by many reports bigger than Mastercard and Visa and have big ambitions.

– Domestic card schemes operate in many markets across the EU.

– Other payments schemes – electronic money, wallets, digital currencies.

Acquirer intermediates and disintermediation.png
Acquirer intermediates and disintermediation

Challenges

The challenges that arise and cause difficulties include:

a) Bank regulators required Banks to understand, monitor and continually manage all risks involved. The ‘art’ of doing so is being lost as other parties move into acquiring without the same regulation and knowledge.

b) Risks are often not identified, with credit risk largely uncalculated, untracked or ‘priced for’.

c) Customer identification can become diluted when multiple parties are involved; especially when contracts are written without it being clear who is responsible for the risks/exposures; so problems evolve.

d) Regulators and card schemes introduce many and varying rules and requirements that are often hard to understand and to communicate.

e) Capital adequacy / liquidity – banks are always required to manage this; but as non-bank acquirers develop, there is no non-bank regulator to force these business protection solutions with active regulators examining progress.

f) The fallacy that “acquiring is simple”, has led to more ‘new breed’ acquirers emerging with many quickly failing or required to stop trading when things ‘go wrong’.

Common Challenges that must be mitigated

1. Understand a) exposures, b) risk of failure, c) reward for exposures/risks; as well as all the ‘tricks’ used to con acquirers.

2. Have a clear strategy, policy, procedures, documented risk appetite, calculation methodology, management information and reporting structure.

3. Ensure that all card scheme, regulator, AML and other laws and rules are understood, stayed abreast of and corrected when they arise

4. Measure and manage all changes in business models, exposures, risks, management etc.

5. Look for daily / real-time unusual business features and ‘blips’ in the transactions away from norms and then act upon them.

6. Manage and monitor all third-parties employed or delegated-to in the process of card acquiring.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks. The firm works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. Riskskill.com is a global GARS Reviewer for Visa.

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line. For the last 12 years he has been diving-into many other businesses: largely advising merchants, acquirers and others in the payment chain; to reduce risks and costs, and to find improved ways to do business and/or to make significant organisational change. He is a mentor for innovative payments startups and sits on working parties and panels for the UK regulators.

Source: https://www.thepaypers.com/expert-opinion/card-payments-who-am-i-dealing-with-the-parties-involved-are-changing-again-/776837

RiskConnect 2018: The Anatomy of a Good Risk Management Strategy

Webshield Riskconnect Conference 2018 at Frankfurt

Thought leaders and industry experts met at RiskConnect conference in Frankfurt to discuss the newest challenges that risk professionals face within the payments industry and to provide hands-on knowledge they can use in their daily work. RiskConnect is organised by Web Shield, one of the leading onboarding, underwriting and monitoring solution providers.

The event started with a presentation held by Pulitzer Prize winner Carl Bernstein on fake news, the impact this has on our societies and the way truth is perceived via ‘fake news lenses’. Bernstein has preached the gospel of finding ‘the best obtainable version of truth’, stressing the fact that journalists are similar to data miners, permanently searching for info, and that their ultimate role should be connecting these data to offer the best obtainable version of truth. This ideal can be achieved if we present information in context, as simple facts presented isolated from the bigger picture do not cover the truth. A crucial role in this system is played by the validation of our data sources.

He concluded his presentation by drawing a parallel between the role of journalists and risk management professionals, as both categories use similar investigative principles to grasp the whole picture of a given situation / merchant profile, for instance. When you don’t know/suppose you know the truth you face a risk, the risk of missing out the factors that made that truth happen, of not knowing what will be the right consequences, of being part of a distorted world, hence, facing unreal consequences/facts.

What exactly is risk?

There have been a lot of debates around this concept, as it is not a fix, but a variable one, depending on the degree of risk a business/person is willing to accept, the impact the accepted risk has on the business/consumer, risk appetite, the way it makes a business/consumer feel when they take a particular risk etc.. Nevertheless, risk can be monitored/assessed due to ISO 31000 standard on ‘Risk management – Principles and guidelines on implementation’ that states that the process of risk management consists of several concrete steps, such as establishing the context and identifying potential risks and assessment – once risks have been identified, they must then be assessed as to their potential severity of impact.

According to Shaun Lavelle, Senior Vice President Risk, Payment Processing, Paysafe Group and Bill Trueman, Director, RiskSkill (http://www.riskskill.com/) the concept of high-risk is meaningless if the types of risk are not specified. Moreover, the lack of a proper risk scoring analysis can be caused by not taking into consideration operational risk, currency risk, reputational risk, fraud and regulatory risks.

For instance, at the moment there are too many shady merchants under some acquirers’ custody conducting illegal activities, such as child pornography, nutraceuticals, and unfair billing practices causing great fines applied to these acquirers by the regulators/schemes. Not to mention the different perspectives regulators have over these risks and the vast terminology used within this market (that not everyone understands/has consensus over its meaning). Within this context, risk managers plan hard – and put-in place early –warning processes and measures to avoid their business going bust.

Bitcoin, ICOs, crypto… a risky business?

Over the past few years, cryptocurrency has grown exponentially and it seems that a new cryptocurrency pops up every day (currently there are more than 1500 available). The appeal of making a fortune by joining the cryptocurrency market is enticing with mining facilities multiplying and the emergence of “Initial Coin Offerings” (ICOs). Similar with IPOs, ICOs enable startup businesses to raise capital for their projects by issuing their own digital tokens.

However, fraudsters are also exploiting this new digital asset ecosystem. For instance, there are sites that teach you how to launch an ICO in just 20 minutes, or others that through deceiving advertising trick users into thinking that they are buying ‘the next worldwide crypto’ (when actually they don’t receive anything). Also by co-opting well-known brands, such as card schemes – Mastercard, Visa – or by using celebrity names/faces in a deceiving way, ICOs can gather over 30,000 registrants in just a few days, according to the Canadian Financial Authority investigators Annie Leblanc and Maude Blanchette.

The good news is that there are regulators and authorities throughout the world, such as the North American Securities Administrators Association (NASAA), European Securities and Markets Authority (ESMA), Financial Action Task Force (FATF), and many others that monitor these fund raising activities/transactions, investigate any illegal/illicit/deceiving involvement and prosecute where needed.

How to lower the risk?

Mastercard and Visa are preparing their clients/merchants on how to deal effectively with the evolving risk management challenges. During RiskConnect, Jonathan Trivelas, Director, Customer Compliance and Fraud, Mastercard, covered Mastercard’s Business Risk Assessment and Mitigation (BRAM) program and its latest requirements concerning high risks merchants. These initiatives are called AN 1683—Addition of High-Risk Securities Merchants to the BRAM Program and Revised Standards—High-Risk Securities Merchant Registration and AN 1695—Addition of Cryptocurrency Merchants to the BRAM Program and Revised Standards— Cryptocurrency Merchant Registration and apply mainly to cryptocurrency use and chosen high-risk financial instruments trading. This includes recent developments regarding cryptocurrency merchants, high risk security traders (Binary, Forex, etc.), sports betting and high risk negative option billing merchants.

These standards came into effect on October 12th, though discussions around them have been started by Mastercard in spring 2018. Generally speaking, they apply to high risk merchants. It is also worth mentioning that ESMA (European Securities and Markets Authority) has already taken the intervention measures and temporarily prohibited the marketing, distribution or sale of binary options to retail clients. AN 1683 and AN 1695 also aim to provide legal opinions on the possibility of carrying out cryptocurrency business in a particular country.

In a world where anyone can be a merchant, everyone can be a customer, and the regulatory environment continues to extend their enforcement. Another option to lower this risk is to leverage global data points to automate and revolutionise online verifications and fraud prevention.

There are companies such as 4Stop or IdentityMind that, through the power of data, they can achieve automated risk mitigation, even for … cryptocurrency transactions, as technology has the capability to deanonymize an address on the Bitcoin network, thus attaching it to the real world identity of the person controlling it. Once this happens, all transactions made from and to this address become visible and traceable since the beginning of the blockchain and till the very last block.

Education in risk management is crucial

We have the tools and technology, we have the regulations and best practices examples, but how can risk professionals establish a knowledge base in an industry that lacks an established professional educational path and is evolving as quickly as it is? Clearly, by setting industry standards for professionalism and proficiency for the acquiring industry. There are a few associations, companies, groups like Electronic Transaction AssociationWeb ShieldMerchant Acquirer’s Committee that through programs, trainings, book releases, events, and many more are trying to offer new market players the tools to understand the risks associated with financial services.

We cannot but agree with Jason Oxman, CEO, Electronic Transactions Association who says “Through the ETA Certified Payments Professional program, as well as ETA’s new Self-Regulation Program, we are raising the level of education and professionalism in the payments industry, and events like RiskConnect help us increase awareness of the importance of global partnerships.”

We want to take this opportunity to thank the Web Shield team for inviting us for the RiskConnect event and conclude by adding Christian’s Chmiel, CEO&Founder Web Shield remark: “In the fight against fraud, education and collaboration are at least as important as technology”.

Original Source: https://www.thepaypers.com/expert-opinion/riskconnect-2018-the-anatomy-of-a-good-risk-management-strategy/776286

Riskskill Attends 2nd RiskConnect conference – 2018 at Frankfurt

Webshield Riskconnect Conference 2018 at Frankfurt

Riskskill is once again proud to be supporting Web Shield at their second RiskConnect conference – 2018, in Frankfurt.

The networking conference for risk and compliance professionals took place at the Hilton Hotel next to the airport at Frankfurt-am-Main on 29th and 30th November 2018.

RiskConnect a networking conference was hosted by Web Shield, who provide on-boarding, underwriting and monitoring solutions to many in the payments industry.

The two-day conference was attended by thought leaders and payment industry experts to debate the existing and newest challenges faced by the payments industry. Relevant industry developments and challenges are discussed, with opportunities to network with event participants. RiskConnect is the independent event where risk and compliance experts can share their knowledge and broaden their horizons over the topics at hand. so that they can remain ahead of others.

Riskskill is pleased to be supporting Web Shield at this event again. I am talking about the credit risk challenges in the merchant acquiring sector along with Shaun Lavelle, SVP Risk Management at Paysafe Group; we like to support the team from Web Shield as they are doing much to ‘shake-up’ the approach to enhanced risk management, and to improve risk awareness and knowledge in the industry.”

Riskskill is also honoured to be presenting along side a wide range of influential organisations, including senior risk management representatives from both Mastercard and Visa: but also rather pleased to be sharing the stage with Pulitzer Prize winner (and almost a legend in his lifetime: Carl Bernstein.” : http://www.carlbernstein.com

Other speakers include: Brian Kinch from Visa, Jonathan Trivelas from Mastercard, DJ Murphy from Card Not Present, Jason Oxman from the Electronic Transactions Association (ETA), along with speakers from 4Stop, Schiltz & Schiltz, Coinbase, Canadian regulator AMF and the FBI, Deloittes and the Dating Factory.

Riskskill, a boutique payments and risk management consulting company, encourages interested risk and compliance professionals to attend these events as they are a great opportunity to stay in the forefront of industry developments.

Further information on this event is available at http://www.riskconnect.eu

Web Shield RiskConnect Conference 2017: Kevin Smith Also Takes Part

Web Shield RiskConnect event in Frankfurt, Germany in 23-24 November 2017. Web Shield RiskConnect Conference 2017 Focused on Risk Management and Payments Takeaways. Kevin Smith of RiskSkill, presented on Day 1 of the inaugural Web Shield RiskConnect event, held on 23-24 November 2017 in Frankfurt am Main, Germany, he emphasized on the power of networking and information sharing for payments industry risk professionals.

RiskConnect Conference - Risk management and payments takeaways

FRANKFURT, Germany – A well-organised and informative conference held in the Hilton Hotel at Frankfurt Airport in November 2017. It was positioned as the networking event for risk professionals. It really was a superb networking and informative event, an opportunity to meet senior global payment scheme representatives, regulators, acquirers, processors, vendors, industry risk and payment specialists and consultants, and not forgetting our knowledgeable hosts from Web Shield.

Why is this relevant now?

Well, Web Shield in conjunction with Payvision & Acapture have now just released their blog and a YouTube video, summarising the highlights of the event and some thoughts from those who presented and participated in the event, including yours truly.

Web Shield really have challenged the status quo in risk management in payments, through their products and services, technical expertise and knowledge, the training academy and now their networking event and conference.

Supporters and sponsors helped make RiskConnect possible and a success, including Payment Consultants, Payvision, iSignThis, Foregenix and Fibonatix.

Payvision also played an important role of contributing to the event’s success, through their media sponsorship and capturing the two day proceedings on a short video. The seven minute video, summarising the event and engaging with most of the presenters was released on Tuesday, 27th February 2018, along with the Payvision blog.

RiskConnect 2017, was held over two days in November 2017; it brought together a wonderful array of payments and risk management experts. All noted that they may seen as professionals and experts, but all willing to meet a new industry colleague, learn something new and listen to and share industry best practices.

Presenters included senior risk management at the global payment systems, Visa and Mastercard, plus excellent and topical presentations and updates from organisations including Thomson Reuters, Verifi, IWF, HSBC, iSignThis, Vendorcom, the Malta Gaming Authority and the Brunswick and Manitoba regulatory bodies in Canada.

A couple of panel sessions were held that put some of the speakers together on the stage to take questions from the moderator and importantly to take questions from the audience.

Kevin Smith at RiskConnect Conference 2017

Early on Day 1, Kevin Smith representing RiskSkill talked through the challenges affecting the industry and participants, including understanding and managing acceptable risk considering effective risk management in the bigger business picture, and ensuring risk management is viewed as a better business enabler.

Positioned by Web Shield as the networking event for risk professionals, it really did hit the mark“, said Kevin.

Kevin continues….

“This was the first Web Shield conference, building on the success of their training Academy. With an excellent line-up of presenters over the full two-day event, a really good audience of industry professionals eager to learn more, a great location next to Frankfurt airport, and meticulous organisation by Web Shield, it really was a very successful and powerful event. Web Shield have set the bar high for these types of industry event”

Bill Trueman at RiskSkill, added

“RiskSkill has a close business relationship with Web Shield. We were very pleased to be invited to be part of this Web Shield event, and supporting the opportunity to drive greater awareness and education of new as well as existing challenges and developments impacting risk managers in the payments industry. “

“Payvision were an excellent sponsor of the event and pulled together a short video summary of the event. It ha snow been made publicly available and clearly demonstrates the benefits of getting risk management professionals together, excellent networking opportunities and the ability to learn and share best practices.

Last but not least, lets not forget the latest Web Shield book release – The Fundamentals of CNP Merchant Acceptance: Understanding High-Risk Business, 2018 edition. All attendees took away a valuable copy (or more!) of the book, an essential how-to companion for underwriters.

Further details can be located at payvision blog at http://blog.payvision.com/riskconnect-recap-risk-management-and-payments-takeaways/

For full coverage of event watch video https://www.youtube.com/watch?v=fC3_EhiOCG0

Bill Trueman and Kevin Smith are well known and highly trusted specialist in risk review and risk management who works globally independently, are associated with RiskSkill, and AIRFA.

 

In Wake of EMV Switch, US e-Commerce Fraud Soars!

Payments Specialist, Risk Specialist

As the US switched to EMV chip cards system, e-commerce fraud rates jumped by 33% last year, according to Experian. In late 2015 the US finally followed much of the rest of the world when Visa and other card schemes switched the liability for fraud-related losses to retailers that have not upgraded their hardware for EMV.

Experian notes that the increase in e-commerce fraud follows a similar trend pattern from countries that previously rolled out EMV cards – UK, France, Australia, and Canada – that also saw gradual increases in card-not-present fraud.

“We suspect that the EMV liability switch and increased adoption by merchants of chip-and-pin enabled terminals have had a profound impact on driving up e-commerce attacks,” says the firm.

Fraudsters that typically relied on committing counterfeit fraud have shifted their focus to the digital channels where they could have more success, and as more attackers enter a rapidly growing mobile and online commerce space it becomes increasingly difficult for merchants to spot them.

This means that businesses need to expect the increase in e-commerce fraud to continue over time and to be prepared to deal with it by employing a multi-layered approach that pairs transactional data elements with details about the user and their device.

Experian says that the biggest component of credit card fraud trends is the fact that 2016 was a record year for data breaches. There were 1,093 breaches, a 40% increase from 2015, according to the Identity Theft Resource Center.

Meanwhile, the Federal Trade Commission recently revealed a jump in consumers who reported that their stolen data was used for credit card fraud, from 16% in 2015 to more than 32% in 2016.

The record number of data breaches is a signal that future fraudulent activities will take place, warns Experian.

What Bill Trueman, an Eminent Risk Specialist Says About This:

1. Of course e-commerce fraud will rise. It is rising everywhere as e-commerce and m-commerce get used more.

2. Naturally, if you stop fraudsters using cards at the point of sale with EMV, they will move to CNP.

3. If you do not put in protections in your CNP channel, fraud will rise.

4. USA fails to adopt (or plan for) protections in the e-commerce channel.

5. The late adoption of EMV in the USA, has caused a lot more data compromises for longer in this market.

6. EMV adoption is starting to see fraudsters deterred from CO fraud opportunities already as they move to other softer targets.

Bill Trueman is an eminent independent payments and risk specialist helping business and bank owners manage risk & fraud and save millions. He is director of globally well known RiskSkill, and is an active member of a worldwide fraud and risk advisors organization i.e. AIRFA.

Due Diligence: Is the Existing Business Worth Buying?

Due Diligence Specialist, Business Acquisition Consultant, Business Merger Consultant

Is the Existing Business Worth Buying: Due Diligence?

There are times when you might see worth in buying an existing business. You might find the prospective promising and profiting. This is the time when due diligence should start with accessing the records and books of that business. You receive a suitable time to investigate various facts and figures, which will give you a genuine picture of its performance and prospects. It will also present you with the points / issues / problems / loopholes that would require prior warranties or guarantees, before the signing of contract.

Due Diligence

If you are new in purchasing existing but working businesses, then you should educate yourself on the elementary three categories of due diligence that are to be followed, without fail. Also, you might want to hire separate adviser for each of the due diligence that are mentioned below:

Commercial Due Diligence: It includes assessing the credibility of the business in the market, evaluating its competitors and determining the regulatory environment.

Financial Due Diligence: It comprises gauging and comparing the numbers to ensure that there are no loop holes / black holes or hidden monetary matters

Legal Due Diligence: When you venture into a contract of sale & purchase, lawyers should judge the legal title of business to sell. Lawyers should also appraise ownership of every asset along with ensuring that all the litigation and regulation issues are completely addressed.

When to Start Due Diligence?

First agree on a price and terms with the selling business, then begin the due diligence process. There is possibility that they might withdraw their business from the market during your enquiry. This period is called “exclusivity period” and for this the seller generally demands a down payment to ascertain its security. In most cases, this period spans to minimum three to four weeks. Remember that this investigation period is passable.

Where to Get Help From?

One of the most standard and common method of due diligence is to employ solicitors and accountants on your payroll. They will classify the risk zones for you. However, in case the Existing Business which you are buying, is registered with Companies House, you can get hold of reproductions of its accounts, annual returns and various other important documents with the prospect business. For this, you can use the Companies House WebCHeck service.

You can download the documents from the website of Companies House. Note that there might be a small fee for this facility of evaluating the businesses value along with its assets.

What Points to Examine During Due Diligence?

You must understand the it’s just not about finances; due diligence spans across this one important factor. The “exclusivity period” should end with positive results, yielding all-inclusive information about the business and concerning prospects. You should know exactly what you are buying; what will need your immediate attention; what should be fixed; what will be cost of correcting the negative aspects / risks; and lastly whether their business is a right investment for you or not.

In other words, at the end of “exclusivity period”, you must have the answer to whether The Existing Business Is Worth Buying. Due Diligence should cover following points:

Commercial Management that should include marketing, client service, research and development:

Issues related to environment
IT Systems and other technologies
Foremost orders and contracts
Unsettled litigation
Terms and conditions of employment
Information Sources

When carrying out due diligence, make sure to go to depths and find every possible information regarding the business. The information can be unearthed in the form or documents or other ways. You must find out:

Employment Contracts
Payroll Records
Staff Files
Staff Manual

In some cases, following copies might also be relevant:

Financial Statements
Pension and Profit-Sharing Plans
Union Contracts

Rest, you should also contact bank, government taxation department and other external sources. You can also contact any good due diligence company for due diligence investigation services.

Bill Trueman a highly experienced specialist in risk review and due diligence has been providing Due Diligence Services since years. He is permanent member of AIRFA, and director of RiskSkill.

Mitigating Third-Party Risks with Due Diligence

Due Diligence Specialist

Mitigating Third-Party Risks

The entire world is globalized and the new era presents a series of challenges in every domain, including doing business with overseas companies. It has become the need of the hour to implement an approach, which is streamlined, efficient in all the resources and sustainable as well. Through this approach, the third party risks can be mitigated, compliance can be supervised, and issues as well as investigations can be managed more efficiently.

Precis

Expansion of business always brings revenues but it also opens up a window to new risks through third-party relationships that may be with a distributor, supplier, lawyer or even a client. Some common types of risks which they bring are related to IT security, environmental, quality, regulatory compliance, corruption, health and safety. Most of the general risks can be assessed and dealt with by the business / company itself. However, with third-party deals there is always extra scope of risks that can only be minimized through due diligence.

The Catch

If the risks are not identified and mitigated at early stage, they can convert into an avalanche and sabotage the company’s reputation as well as profitability. Adding salt to the wound, in case the fault is of third-party, the original company who made a deal with it, will be held responsible. Hence, one side of coin has progress & growth of their business, the other side has a lot of risks associated with it.

The Solution

“Due Diligence” it the pathway not only to mitigate third-party risks but also to inspect compliance, carry out assessments related to due diligence, finding of gaps that might convert into risk / compliance violation and proactively remediate the found issues. And this is where the role of due diligence firms arises which provides commercial due diligence services globally. If you are planning to buy any firm then you may need their help to save your time and money.

Key Instances of Third-Party Violation

  • In 2009, there was a case in Dallas where a healthcare provider caught its contract security guard for hacking into various computers, which comprised the systems on which the confidential data of the patients was stored
  • In 2011, a UK based international insurance intermediary was fined by FSA as it failed its anti-bribery and corruption systems controls.
  • In 2012, a third-party contractor was found in violation of most of the rules regarding labor and working conditions in its factories that brought unwanted negative publicity to the top technology manufacturing companies.

Mitigating Third-Party Risks with Due Diligence

There are a series of fragmented approaches being followed by companies based globally in order to develop effective systems that will manage the compliance of third-party risks. Still the companies tend to fall short of a fool-proof system for mitigating the third-party risks. Some companies find themselves between a rock and a hard place concerning the constant changes. Whereas there are few companies, who focus only on managing the third-party. Hence, the companies fail on the ethical aspects such as bribery, regulatory violations, security breaches, money laundering and others.

In such situation, a comprehensive framework is required that will assist in 100% third-party due diligence. Important factors in this regard are:

  • Audits
  • Controls
  • Investigations
  • Risk Assessments
  • Policies
  • Timely Issue Remediation
  • Training Programs

If such a strong and comprehensive framework is made and implemented, then not only the the third-party risks will be mitigated, but the companies will be able to forge more credibility in the international arena.

Challenges Related to Third-Party Business Deals

1) The third-party network can be quite complicated. Since they cannot be managed directly like permanent employees of a company, an indirect approach is followed for the management purposes. This makes it very difficult for the main businesses.

2) Redundancies can be seen in case a specific third-party is managed by more than one departments of a business. Duplicate and double efforts are common in this case.

3) High cost are always present that cause the businesses to ignore the due diligence after the deal is made.

4) Regulatory compliance

5) Restricted transparency and huge volume of data to be processed

Highlights of Mitigating Third-Party Risks by Strengthening Due Diligence

The companies or businesses should make a blueprint of schemes or procedures that they need to implement so that risks are reduced to minimum.

1) Take enough time: Businesses should take enough time to conduct background checks on each and every third-party. They should NEVER be casual within even one parameter, as it can lead to unforeseen risks and credibility issues.

2) Conduct comprehensive risk assessment: Companies should consider the country, regions, international laws & regulations, labor issues & guidelines and other related factors will assessing the risks associated with an international third-party deal.

3) Create your own policies and code of conduct rules and make sure to communicate these completely to the third parties. This keeps both the parties on same level and improves the understanding amidst them.

4) Due diligent should be performed without fail for Mitigating Third-Party Risks, especially in the cross border deal.

Authors of this post are Bill Trueman is an eminent payment, due diligence, risk & fraud expert who provide his consultancy services to card issuers, banks, corporates and business organizations all over the world. He is chief executives of RiskSkill, and member of AIRFA.

Merger & Acquisition: How Due Diligence Can Prevent Fraud, Risks and Minimize Losses

Corporate Due Diligence

Whenever someone makes a contract with an organization, there are definite chances of frauds, either very less or very high. However, the organizations always claim to have utmost transparency. As an investor / consumer, you should be aware of the fact that there no thing as 100% transparency or 100% fraud proof contract in any domain. Even though cheating some other party intentionally is considered as criminal offense under law, still frauds are prevalent, if not more than definitely on the small scale.

Commercial frauds are something, which have even caught the attention of the UN that has termed it among the present era’s supreme coercions. They have acknowledged commercial frauds as an international level event that harms the stability of the economics of every country. And this is where the role of due diligence consulting services starts. There are many due diligence companies which you can take help of.

General Commercial Frauds: These are related to activities like Deceptive Advertising or Marketing, False Reporting, Falsifying Documents, Non-Delivery, Piracy, Overriding of Regulatory Breaches and Thefts.

Popular Scandals: Deutsche Morgan Grenfell in England and Enron in the U.S.

Be Cautious in International Contracts

If you plan to get into an agreement, then it is recommended to audit the other contracting party for the relevant matters such as financial records, past complaints / clients etc. This step is very crucial during the negotiations stage and should be continued even after the end of negotiations. This small step will help to minimize your financial loss and prevent from getting into any legal trouble.

Few relevant matters of investigation are:

1. Government rules and regulations of each nation
2. Indemnities, loans and other financial arrangements
3. Information technology such as security of system, upgrades etc.
4. Language or cultural obstructions
5. Potential in the market and prospects of future performance

Stay Safe from Frauds in International Contracts

With every passing year, new fraud surface either at large level or at small. It is only by being self-conscious that you can protect yourself / your company / your investment from fraud in the international contracts. Also, below are some pointers that will guide you in safeguarding yourself from the fraudsters:

Specialization is necessary. You can take assistance of lawyers or consultants, who specialize not just in the international contracts but also in the domain wherein you are dealing in. This is very beneficial if you are not an expert yourself. In addition, you can spend your money in acquiring marketing and accounting specialization.

Use Secure Payment Methods and Letter of Credit. Whether you are dealing with a known entity or not, you should still take all possible precautions to draft clear and secure terms. In the banking industry, there are strong terms for “Letters of Credit” that come with the bank’s guarantee for partial payment or seller’s payment on behalf of buyers. Although the risk is not entirely eliminated, but these can be instrumental for novice traders in mitigating the chances of fraud.

Mention Important Clauses in Contracts. In the international contracts, frauds can be avoided or their chances reduced by the inclusion of important points that can be called negotiating requirements, for instance certification, currency, product samples, insurance, and other regulatory documentation.

Authors of this post are Bill Trueman and Kevin Smith who are eminent payment, due diligence specialists, risk & fraud expert who provide their consultancy services to card issuers, banks, corporates and business organizations worldwide. They are chief executives of RiskSkill and member of AIRFA which is a worldwide known independent organization.

Things You Must Know About Online Payment Frauds

online payment fraud

If you are an e-commerce owner, then the term “payment fraud” must be well known to you. The main reason for its popularity is the huge cost burden caused by these frauds to your business, not to mention the degradation of your credibility as well as client’s trust.

Generally, a payment fraud can be understood as an illegal or false transaction done over the Internet. Since all the e-commerce businesses sell products online, their payment is done online as well and hence there is maximum chance of payment frauds for them. It can be said that such frauds are unstoppable, however if an e-commerce owner uses an efficacious anti-fraud protection in its website / system, then the frauds can be avoided.

Cyber thieves are on constant look out for even the smallest patch or glitch in the online system (website, payment gateways etc.). Through these glitches or patches, they can steal the private information. Various ways of doing so are directly contacting the owners of credit cards via SMS or email (known as phishing frauds); redirecting the transaction to a fraudulent website; or even calling them by pretending the customer care executive of the concerned e-commerce website.

Common Scenarios of Payment Frauds:
Credit Card Frauds
Disagreement in accepting product delivery
Fake Returns

1. Credit Card Frauds

Ranked among the common crimes related to online payments, the easiest way to misuse is that fraudster steals the card and using it, they shop online for various products. In this scenario, the affected party (consumer) can get that specific amount back after some efforts, but the merchant loses that amount as well as the product.

2. Disagreement in accepting product delivery

In this scenario, fraudsters places online order for products then merchants sends the order to fraudsters, who then put forwards the claim that he/she did not collected the product. In this case, the truth lies somewhere between the rock and a hard place, hence is hard to determine.

3. Fake Returns

In this case, the customer puts in effort to win over the merchant over the statement that the ordered items are sent back to him and money should be refunded to him. However, those items never reach the merchant. In its spinoff setting, customer can claim the presence more than the actual number of items returned to merchant and hence claim a complete refund.

Through this information, merchants should understand that although “client is king” but client is not always honest and truthful. Therefore, they should implement suitable measures and policies to counter the aforementioned payment frauds.

Bill Trueman and Kevin Smith are well known and highly trusted specialist in risk review and risk management who works globally independently, are associated with RiskSkill, and AIRFA.