Understanding Online Payment Risk
Risk management is focused on the analysis and reduction of risk in various types of activities. Specifically, it relates to the analysis of those activities, identification of potential risks – from operational through to regulatory – and the design and implementation of controls to identify, understand, and mitigate those risks when they occur.
In the wonderful world of online payments, risk management is part of the daily routine. Would-be criminals are always lurking in the most unlikely places, just waiting for their moment to pounce and take advantage of unsuspecting victims. PSPs working in the digital payment space are ever-aware of these threats, and they spend a lot of time, money, and resources on mitigating them. Let’s take a closer look at three of the most significant risks in the world of payments.
The risk of financial loss for one of the parties involved in a payment transaction can arise from wrongful or criminal deception. The risk is that a transaction cannot be properly completed because the payee does not have a legitimate claim against the payer. In general, payment fraud is any false or illegal transaction, which can happen on the internet. Cybercriminals usually steal someone’s money, personal property, or sensitive information. There are three main types of fraud:
- Identity Theft. This type of fraud refers to a situation where someone carries out a fraudulent transaction while pretending to be someone else. Instead of creating a whole new identity which takes time and effort, online criminals steal a person’s information and banking details. They then use this fraudulent identity to make purchases.
- Friendly Fraud. In friendly fraud cases, customers falsely initiate the chargeback process (see below for more information) after they receive a product or service. In such cases, the customer gets the product and benefits from a refund due to the chargeback, hence the name ‘friendly fraud.’
- Clean Fraud. Clean fraud is one of the hardest fraudulent activities to detect. In such cases, would-be criminals closely monitor and analyze a company’s in-house fraud-detection protocols and systems and use stolen payment information to maneuver around them.
Chargebacks can appear very similar to traditional refunds, but there is one very relevant difference. Rather than contacting the business for a refund, the client asks the bank to forcibly take money from the business’s account. An investigation follows, and if the bank feels the cardholder’s request is valid, funds are removed from the merchant’s account and returned to the client.
Chargebacks, in addition to being costly, can damage business reputations, while an excessive number of chargebacks can lead to closed merchant accounts, effectively killing the business. While chargebacks do sometimes happen for legitimate reasons, use of customer service practices based on know-your-customer principles, including a scan of the credit card used showing the user’s details to ensure there is no fraudulent activity, as well as merchant accessibility, can substantially reduce or eliminate chargebacks.
3. Card Data Security
Security of personal data is a growing concern. Criminals are always looking for ways to get this type of information from different sources. A vulnerable point of compromise which fraudsters have identified is card financial data that has been collected during the acceptance of cards. The Payment Card Industry Data Security Standard (PCI DSS) is a globally mandated standard that is supported by Card Schemes to bring a greater level of security to this type of data. This certification is required for every merchant or business accepting credit or debit cards, online or offline.
The PCI DSS deals with data leak prevention (DLP) and the exposure of credit card details and other sensitive information to the wrong parties. The PCI DSS regulates the storage of credit card databases and other vital information.
All of the above can suffer negative outcomes from recurring issues. If these issues occur in large and regular numbers, this can disrupt settlements, and result in fines, loss of licenses, legal implications with local authorities.
4. The Vital Role of Risk Teams
Companies involved in the digital payments space must ensure they have robust procedures and systems in place for the monitoring of potential fraud. It’s vital for those working in Risk departments to have excellent quantitative and analytical skills, along with the ability to apply those skills across a variety of business processes. Risk departments must always be aware of processing activity at all times while inspecting and spotting any out-of-the-ordinary issues. For advanced approaches, Risk staff may even enter specific transactions, attempting to make an on-the-spot analysis of the transaction, identifying if it may be fraudulent.
If you have questions about how to transform your online business and take it to the next level, our dedicated customer support is at your service. Simply drop us a message HERE.
Did you like