GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Congress takes on security, privacy, pot, CFPB

Patti Murphy


Industry Update

U.S. inches closer to faster payment systems

Merchants go to court over hidden fees

RDC summit explores next-gen banking, technologies

Amazon bows out of card processing

Las Vegas hosts global, regional payments events


EMV observations at the liability shift

Stephen Kiene
First Annapolis Consulting

DOE moves forward on campus card regulation

Loyalty redefined

Mobile search engine market heats up


Automated risk is its own reward

Dale S. Laszig
DSL Direct LLC

Words that kill (deals)

Adam Hark


Street SmartsSM:
Advice from pros on tradeshows

Jeffrey I. Shavitz
TrafficJamming LLC

What you should know about payment security

Michael Gavin

Electronic payments and small business loans

Ty Kiisel
OnDeck Capital Inc.

Company Profile

Comodo Group Inc.

New Products

White-label platform for mPOS providers

payworks GmbH

Driverless, multitasking, secure scanner

EC9600i series
RDM Corp.


Keys to motivation


Letter From the Editors

Readers Speak

Boost Your Biz: Avoid financial mistakes and gain

Resource Guide


Skyscraper Ad

The Green Sheet Online Edition

November 23, 2015  •  Issue 15:11:02

previous next

The very point of sale:
Automated risk is its own reward

By Dale S. Laszig

Risk management, like the payments industry, has steadily migrated from paper to new digital forms of processing. Beyond the obvious benefit of expediting merchant boarding, digital technologies and advanced data analytics have taken risk management practices to a new level, benefitting all stakeholders in the merchant services value chain.

Many leading acquirers and processors have automated risk management to collect and process enormous amounts of customer data. Automation advocates feel that artificial intelligence has helped their companies stage new accounts faster, less manually and with fewer errors. "The larger the financial institution, the more difficult it is to be nimble," said Mike Gardner, Chief Executive Officer at Agreement Express Inc. The company, founded in 2001 and based in Vancouver, British Columbia, Canada, provides a software-as-a-service platform that automates new account boarding and underwriting processes for financial services firms.

Gardner, whose clients include Cayan LLC, Global Payments UK and Mercury Payment Systems LLC, said he typically encounters two types of mindsets among clients. "Client One requires highly proprietary risk management inputs, and Client Two just wants me to tell them how to score a merchant," he said. "I firmly believe that you can't build an extraordinary onboarding experience without thoroughly examining your underwriting process."

Identify key objectives

One way to build a sound risk management practice is to take the process to its lowest common denominator by identifying key objectives. By using this approach, which Gardner calls the "minimum viable process," organizations can determine the data elements they want to use and ensure that they are not capturing extraneous or overlapping data. This least-cost approach reduces the process to meeting both regulatory requirements and specific risk model parameters.

"Once you know what you need to capture, you can create an extraordinary onboarding process," Gardner said. "Companies typically collect 1,700 pieces of information on each new merchant customer; physically checking off boxes online or on paper is not a sustainable practice."

Gardner likened the merchant boarding process to a kitchen renovation. Both require upfront planning to ensure that all elements have been accounted for and incorporated into the project. You don't want to get to the end of the project and realize you haven't factored in how to drain the dishwater, he added.

Seek to manage, not eliminate

Remote deposit capture (RDC) originated as a secure method of virtual transport for processing and clearing checks in 2004 and has evolved into a technology platform that enables financial institutions to securely and efficiently process payments, invoices and electronic documents., established in 2005 and based in Atlanta, tracks the technology's evolution and use cases. Presenting at's November 2015 conference, John Leekley, the company's CEO, noted that there is no silver bullet for managing risk. "The first question auditors ask is 'What has changed?'" Leekley said. "Any time your market, pricing or risk appetite changes, it opens a window of opportunity for fraudsters."

Leekley noted that Europay MasterCard and Visa chip card technology will reduce card-present fraud, but he warned that the RDC environment could present a lucrative target for cyber criminals. Security analysts and financial services stakeholders need to fill their pipelines with new products and services to stay ahead of fraudsters, he stated.

Unique challenges associated with RDC include duplicate processing, which occurs when a single check image is either accidentally or intentionally deposited with multiple financial institutions, and bait-and-switch schemes that involve fraudsters depositing a legitimate check via RDC, then returning it to the victim and asking for another form of payment.

Use checks and balances

According to Leekley, the Federal Financial Institutions Examination Council views RDC as a delivery system capable of mitigating, monitoring and measuring risk in actionable and sustainable ways. He described the council's core principles as the three pillars of FFIEC guidance: responsibility; risk identification and assessment, and mitigation and controls.

Leekley stated that deposits are "the lifeblood of any financial institution" and that the complexity of risk management strategies varies according to the culture and tolerance of each organization.

"Banks used to manage everything internally until RDC came along," Leekley said. "RDC brought more tools to manage risk, such as verification." He added that many financial institutions shied away from RDC, despite the fact that risk parameters of remote deposits are basically no different than teller deposits. It involves the same rules and the same check type; it just leverages existing technologies to capture images, he stated.

Leekley also noted that risk management for smaller organizations bears an increasing resemblance to enterprise-scale risk management. Both have similar objectives and parameters, increasingly relying on behavioral analytics to mitigate and prevent fraud. All financial institutions have to revisit the entire risk process when a client or vendor adds a product, he added. He suggested that the best approach to preventing loss ultimately lies in the use and handling of original check documents. "Every step you take closes the window of opportunity" for fraudsters, he said.

Take steps to minimize risk

"Criminals will generally target institutions that employ minimal KYC, have few balance requirements, and offer immediate funds availability with no holds or limits on cashed checks," Leekely said. "Beware of customers who don't keep balances, put holds on new customers and set dollar limit thresholds."

He listed the following 10 components as central to effective risk management:

In addition, Leekley urged risk managers to include RDC in the audit process and routinely perform self-assessments. "We'll never fully eliminate [risk], but by focusing on our individual company guidelines and risk tolerance levels, we can get better at managing it," he said.

Dale S. Laszig, Staff Writer at The Green Sheet and Managing Director at DSL Direct LLC, is a payments industry journalist and content provider. She can be reached at and on Twitter at @DSLdirect.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | Humboldt Merchant Services | Impact Paysystems