Combating the rise of financial crimes in Payment Service Providers

By Kristina Nikipolska, CAMS (Certified Money Laundering Specialist), Head of AML & Compliance Department of ECOMMPAY

Financial crime in eCommerce has been a problem since the very beginning of the industry, but a rise in online shopping during the pandemic has been accompanied by significant increase in fraudulent activity. Approximately £17 billion ($20 billion USD) were lost to payment fraud in 2021, and with eCommerce predicted to grow by 55% globally within the next three years, the eCommerce fraud and detection prevention market is set to grow to almost £60 billion ($70 billion USD) in tandem.

Payment Service Providers (PSPs) need to therefore understand the reasons behind this increase in financial crimes, to then find ways to manage and overcome fraudulent activity.

The factors behind the current rise

The sudden surge in online transactions brought on by the pandemic has caused an increase in the innovation and development of new technologies, particularly in the payment space, so PSPs have had to adapt to greater traffic. To put it simply, there is more money being handled online than ever before, which also obviously creates compliance load issues.

With the growing array of payment options now available, fraudsters and hackers have even more avenues through which to conduct financial crime, be it Buy Now Pay Later (BNPL), Swift payments or mobile payments. On top of this, fraudsters are also continuously expanding their technological arsenal to reach any and every area of payment that may have weak security measures.

With the sheer growth occurring in the sector, new PSPs are created every day. Many of these providers launch with less effective due diligence controls and need time to adjust to the payments environment, gain expertise, and put the right processes in place to be able to defend themselves against perpetrators. These vulnerable PSPs are highly likely to become key targets for criminals in this time.

Another factor in the mix is the fact that, whereby banks will have lengthy onboarding processes to ensure risk mitigations, PSPs must instead work and react faster, usually in a digital and remote manner so that customers aren’t lost, which therefore means accepting the associated risks that come through this process.

Finally, IT infrastructure vulnerabilities is another way that fraudsters can wreak havoc in a PSP. Weaknesses within data storage, electronic funds storage, and personal information storage make major data leaks and hacks easier to enact.

With all these factors in mind, PSPs must ensure they are aware of the risks related to the different parts of their systems – such as the different products and solutions they provide – and implement systems and controls that are appropriate for the specific risks presented by using the latest available technology.

Managing the risks – the customer side

There is no “one size fits all” approach in payments, therefore each solution must be tailored both in terms of the customer experience and compliance/safety measures (such as the financial hacking and fraud monitoring measures required that must be adjustable to mitigate any potential risk).

PSPs shouldn’t overwhelm potential customers with unreasonable questions, but instead ensure that they are able to recognise and promptly escalate any suspicious activity. Customer education is therefore vital. In fact, challenges often occur when there is a knowledge gap between customers and PSPs. For example: an emerging startup with limited understanding of regulatory requirements such as Anti Money Laundering (AML) or Counter-Terrorist Financing (CTF) may find some of the due diligence requests from PSPs unreasonable, leading to friction in the customer relationship, as well as weaknesses that fraudsters can exploit.

Without an understanding on the customer side on the nature of the security and due diligence measures concerning financial crime, customers may develop a lack of trust in  the PSP they are working with causing vital information to be omitted, or even choosing to switch to a PSP  which asks less questions and therefore further increases their risk exposure.

Managing the risks – the PSP side

The main challenge that comes with this new era of increased technological advances is remaining up-to-date. PSPs need to have a control system flexible enough to deal with constantly evolving fraudulent schemes and the technology behind them. This means constantly adjusting and calibrating existing measures to adapt to the times – failure of which will likely result in security systems quickly becoming outdated and therefore easy to evade.

PSPs need to ensure their Know Your Customer (KYC), Strong Customer Authentication (SCA), and sensitive information storage technology are all at the highest level they can be, while also ensuring that they are conforming to governmental regulations set in place like the Payment Service Directive 2 (PSD2).

This consequently also means having a new generation of specialists, with high technical expertise and in-depth understanding of AML and CTF requirements. PSPs will often need to teach and upskill employees to work in this fast-paced environment where risks are continuously evolving.

In addition, PSPs can reduce the occurrence of these crimes by using reliable external sources and vendors, such as credit bureaus and public registers along with other trustworthy databases, to confirm customer information. The challenge here though lies in ensuring the external sources are reliable.

Finally, one aspect that hasn’t been explored much within PSPs when it comes to defending against modern financial crimes is collaboration. Sharing of information between PSPs and Financial Institutions could prove crucial to developing an effective AML and CFT framework which promotes financial transparency. This doesn’t just have to mean sharing financial and non-private customer data, but instead finding a balance with sharing views on financial crime trends, typologies, and patterns.

Ultimately, financial crimes, or at least the number of financial crime attempts, are set to increase as we continue to develop new technology in the payment space. However, knowing where financial crime stems from and how it can be managed will be the key in reducing fraudulent success – providing a safer space for both PSPs and their customers.