The modern-day terrorism financier is a master manipulator of social media platforms. In part one of this blog, we explored how terrorists use social media. This time, we’ll delve more into some of the questions around mitigating risk and preventing the exploitation of these platforms.
Blurring the Lines
Today’s consumers want greater convenience along with a more personalized, integrated and seamless online experience overall — something many traditional financial institutions have struggled to provide and that social media companies have pioneered. So in many ways, social media’s foray into the payments space is a natural fit.
But moving into the financial sector comes with a significant learning curve. Financial products are highly regulated, and the scrutiny associated with highly regulated sectors is not something that social media companies are necessarily keen to be exposed to, especially when they exist in a space that faces almost no regulatory controls.
The simplest and most common way for social media companies to enter the online payments space is by working with third-party payment processors. Snapchat did this to create its short-lived mobile payment system, and more recently, Facebook Pay partnered with companies like PayPal and Stripe to facilitate peer-to-peer transfers across Facebook, Messenger, Instagram and WhatsApp. So, while on the surface, it may seem as though these social media companies are taking market share from the financial sector, really fintechs are working with social media companies to accomplish a shared goal.
There’s undoubtedly a huge potential market for payment processors willing to work with social media companies. During the 2016 Chinese New Year period, for example, WeChat announced that its users exchanged 32 billion digital red envelopes, a virtual twist on the Chinese tradition of gifting cash during the holidays and on special occasions — and a staggering amount of money to be flowing from user to user while bypassing the traditional banking system altogether.
Who Owns the Risk?
But this raises questions: who conducts the required due diligence checks prior to funds exchanging hands, at what point in the process is this done, and finally, how is risk shared between the social media company and payment processor — if it’s shared at all?
Liability in this sense is unfamiliar territory. The conversation is ongoing, and so far, the answers are more often murky than not. It’s likely that social media companies and the fintechs that partner with them have worked out a unique system for what actions trigger certain checks and who is responsible for carrying out those checks.
For instance, since signing up for a social media account tends to be relatively easy, it’s conceivable that identity verification (IDV) and KYC checks are performed the first time a user tries to send money through the app — a vital process when, as discussed previously, terrorism financiers are taking advantage of social media to hide the identities of both ends of the payment. Yet it’s also possible that this step is performed only after the transfers reach a certain monetary threshold, which presents a loophole that terrorists soliciting small donations can exploit.
Perhaps payment processors are conducting those checks instead because of their risk threshold. This is where the depth of integration with social media companies becomes interesting. Do the payment processors have access to the identifying information customers provide? And if so, how is it verified? Usually, it’s just a case of adding a debit or credit card but questions remain as to whether that’s secure enough. On the other hand, if it is secure enough, then customers could be making far more information available to payment processors than intended. Depending on the depth of integration, financial companies may be able to access behavioral and opinion-based data on customers.
Whether or not FIs are capable of storing that data in a usable format is a question for another time. But if they are, then it means that adverse media checks, credit checks and EDD are suddenly far easier on those who are heavy users of social media.
Data = Opportunity?
But this data isn’t necessarily valid. Social media companies could be opening a whole new can of worms in regards to cuckoo smurfing, fraud and other money laundering or terrorism financing techniques. If a credit card and a hacked or spoofed social media account are all it takes to send funds, then the fight against financial crime will never shift in balance. So verification checks need to be airtight and the transactions made via social media may need closer scrutiny than more traditional ones, simply to prevent legitimate customers from being hoodwinked into funding terrorism and to prevent conscious terrorism financiers from easily providing funds.
Nevertheless, partnering with social media companies may also provide an opportunity to lower the risks associated with such payments. Social media companies collect all sorts of information about the users on their platforms. While data privacy concerns mean this would require a delicate touch, tapping into the information would be an extremely powerful tool in the fight against terrorism.
Moving forward, payment processors may have a unique opportunity to work with social media companies to create more robust, comprehensive due diligence processes, ones that are more effective than those used by traditional financial institutions and if incorporated into adverse media, could provide unparalleled insights into customers.
Further, as social media companies continue to blend fintech services with their own offerings, the question will quickly become one of how and whether such services are considered separate from the rest of their ecosystem. The barriers between services are already thin; it’s only a matter of time before they disappear altogether.