The Green Sheet Online Edition
November 23, 2015 • Issue 15:11:02
The very point of sale:
Automated risk is its own reward
Risk management, like the payments industry, has steadily migrated from paper to new digital forms of processing. Beyond the obvious benefit of expediting merchant boarding, digital technologies and advanced data analytics have taken risk management practices to a new level, benefitting all stakeholders in the merchant services value chain.
Many leading acquirers and processors have automated risk management to collect and process enormous amounts of customer data. Automation advocates feel that artificial intelligence has helped their companies stage new accounts faster, less manually and with fewer errors.
"The larger the financial institution, the more difficult it is to be nimble," said Mike Gardner, Chief Executive Officer at Agreement Express Inc. The company, founded in 2001 and based in Vancouver, British Columbia, Canada, provides a software-as-a-service platform that automates new account boarding and underwriting processes for financial services firms.
Gardner, whose clients include Cayan LLC, Global Payments UK and Mercury Payment Systems LLC, said he typically encounters two types of mindsets among clients. "Client One requires highly proprietary risk management inputs, and Client Two just wants me to tell them how to score a merchant," he said. "I firmly believe that you can't build an extraordinary onboarding experience without thoroughly examining your underwriting process."
Identify key objectives
One way to build a sound risk management practice is to take the process to its lowest common denominator by identifying key objectives. By using this approach, which Gardner calls the "minimum viable process," organizations can determine the data elements they want to use and ensure that they are not capturing extraneous or overlapping data. This least-cost approach reduces the process to meeting both regulatory requirements and specific risk model parameters.
"Once you know what you need to capture, you can create an extraordinary onboarding process," Gardner said. "Companies typically collect 1,700 pieces of information on each new merchant customer; physically checking off boxes online or on paper is not a sustainable practice."
Gardner likened the merchant boarding process to a kitchen renovation. Both require upfront planning to ensure that all elements have been accounted for and incorporated into the project. You don't want to get to the end of the project and realize you haven't factored in how to drain the dishwater, he added.
Seek to manage, not eliminate
Remote deposit capture (RDC) originated as a secure method of virtual transport for processing and clearing checks in 2004 and has evolved into a technology platform that enables financial institutions to securely and efficiently process payments, invoices and electronic documents.
RemoteDepositCapture.com, established in 2005 and based in Atlanta, tracks the technology's evolution and use cases. Presenting at RemoteDepositCapture.com's November 2015 conference, John Leekley, the company's CEO, noted that there is no silver bullet for managing risk. "The first question auditors ask is 'What has changed?'" Leekley said. "Any time your market, pricing or risk appetite changes, it opens a window of opportunity for fraudsters."
Leekley noted that Europay MasterCard and Visa chip card technology will reduce card-present fraud, but he warned that the RDC environment could present a lucrative target for cyber criminals. Security analysts and financial services stakeholders need to fill their pipelines with new products and services to stay ahead of fraudsters, he stated.
Unique challenges associated with RDC include duplicate processing, which occurs when a single check image is either accidentally or intentionally deposited with multiple financial institutions, and bait-and-switch schemes that involve fraudsters depositing a legitimate check via RDC, then returning it to the victim and asking for another form of payment.
Use checks and balances
According to Leekley, the Federal Financial Institutions Examination Council views RDC as a delivery system capable of mitigating, monitoring and measuring risk in actionable and sustainable ways. He described the council's core principles as the three pillars of FFIEC guidance: responsibility; risk identification and assessment, and mitigation and controls.
Leekley stated that deposits are "the lifeblood of any financial institution" and that the complexity of risk management strategies varies according to the culture and tolerance of each organization.
"Banks used to manage everything internally until RDC came along," Leekley said. "RDC brought more tools to manage risk, such as verification." He added that many financial institutions shied away from RDC, despite the fact that risk parameters of remote deposits are basically no different than teller deposits. It involves the same rules and the same check type; it just leverages existing technologies to capture images, he stated.
Leekley also noted that risk management for smaller organizations bears an increasing resemblance to enterprise-scale risk management. Both have similar objectives and parameters, increasingly relying on behavioral analytics to mitigate and prevent fraud. All financial institutions have to revisit the entire risk process when a client or vendor adds a product, he added. He suggested that the best approach to preventing loss ultimately lies in the use and handling of original check documents. "Every step you take closes the window of opportunity" for fraudsters, he said.
Take steps to minimize risk
"Criminals will generally target institutions that employ minimal KYC, have few balance requirements, and offer immediate funds availability with no holds or limits on cashed checks," Leekely said. "Beware of customers who don't keep balances, put holds on new customers and set dollar limit thresholds."
He listed the following 10 components as central to effective risk management:
- Client selection (know your customer)
- Exception management of user, location and account parameters
- Education and training
- Functionality restrictions to minimize fraud
- Availability schedules and holds versus short-term lending
- Positive/negative databases
- Integration and reporting to monitor customer trends
- Real-time systems to stop fraud before it happens
- Balanced approach to maximize revenues and minimize losses
- Payment verification and guarantee
In addition, Leekley urged risk managers to include RDC in the audit process and routinely perform self-assessments. "We'll never fully eliminate [risk], but by focusing on our individual company guidelines and risk tolerance levels, we can get better at managing it," he said.
Dale S. Laszig, Staff Writer at The Green Sheet and Managing Director at DSL Direct LLC, is a payments industry journalist and content provider. She can be reached at firstname.lastname@example.org and on Twitter at @DSLdirect.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.