Request a Demo
See how 1000+ leading companies are screening against the world's only real-time risk database of people and businesses.
Demo requestA Guide to Anti-Money Laundering for Crypto Firms
There are various definitions of payment fraud, but simply put, it describes an illegal transaction that diverts money or creates false/unauthorized payments from a victim. This is often achieved by stealing their personal payment information or duping them into sharing it.
The 2022 AFP® Payments Fraud and Control Survey reports that 71% of organizations were victims of payment fraud attacks/attempts in 2021, costing businesses billions of dollars globally.
Customers must trust that their money is in safe hands. But one of the most challenging aspects of recognizing and tackling payment fraud is the complexity of the interconnected networks that underpin it.
With potential attacks coming from all directions, taking a proactive, coordinated approach to tackling payment and transaction fraud is vital, particularly with an increased risk of cybercrime. In our annual State of Financial Crime survey, cybersecurity has been cited as compliance teams’ top pain point for the last two years.
But how do you recognize when it is happening? How do you detect the unusual behavior that could indicate fraud, and how confident are you that you know your customers’ identities?
There are many types of payment fraud/transaction fraud, including:
In the UK, authorized push payment (APP) fraud rose by 71% during the first half of 2021 – with the amount taken exceeding card fraud losses for the first time. With APP fraud, a customer is tricked into authorizing a payment to an account controlled by a criminal or handing over personal details and passwords through tactics such as scam phone calls, text messages and emails, fake websites, and social media posts.
One of the most lucrative types of payment fraud is Advanced Persistent Threat (APT), which uses sophisticated hacking techniques to gain unauthorized access to computer networks to steal data.
APTs are often state-sponsored and, according to the European Payments Council (EPC), “must be considered as a potential high risk not only for payment infrastructures, but also for all network related payment ecosystems.”
(Distributed) Denial of service (D)DoS) is a form of online payment fraud in which criminals aim to make machines or networks unavailable to users to disrupt services, often through botnets (hijacked computer networks controlled by a hacker). The number of (D)DoS attacks remains high, and the EPC warns of systematic targeting of the financial sector.
A significant challenge in payment fraud is understanding the differences between good and bad transactions and deciding how to calibrate automated fraud detection solutions to capture relevant information.
While some deviations from a typical customer profile should be simple to spot – shipping addresses too far from an IP address, information mismatches, etc. – fraudsters are becoming more sophisticated and are increasingly cautious about covering any gaps. That means that firms must be vigilant and conduct due diligence in checking for discrepancies.
Payment fraud risks to be wary of include:
A risk-based approach built around customer profiles, security, and payment flows, is key to a robust payment fraud risk-mitigation program – alongside employee and customer awareness of red flags.
Pro-active KYC and customer due diligence can help firms better understand their customers, but managing payment fraud risks needs to take place at every stage of the customer journey and throughout firms’ functions, from back-end to customer-facing.
Online payment fraud, in particular, is dynamic and will keep changing as criminals access new technology and techniques to circumvent controls – and firms need to be able to detect changing tactics.
Alongside encryption of transactions, regular changing of login credentials, and the use of up-to-date software, there are other measures that firms should consider:
Property management firm RealPage processes up to 100 million transactions annually across a portfolio of more than 19 million properties worldwide. As a payments provider, it has a regulatory obligation to monitor transactions through its payment product, to ensure property management companies and their residents are effectively protected from illicit activity such as payment fraud.
RealPage needed a transaction monitoring solution that could screen for evolving fraud typologies in near real-time. The ability to do this using custom scenarios not used by traditional financial institutions was key. Effective case management was also critical to enable analysts to manage and triage alerts effectively.
To find out more, read the full RealPage story.
See how 1000+ leading companies are screening against the world's only real-time risk database of people and businesses.
Demo requestOriginally published July 26, 2022, updated July 26, 2022
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).