Know your criminal: Where are the blind spots in your organisation?

Share this post

Hiding behind technology enables fraudsters to use emotive language to target their victims, so industry experts examine how can people identify the red flags.

What is this article about? How the payments industry can improve its approach to fighting fraud and what needs to be done to improve business and consumer protection.

Why is this important? Fraud is a huge and growing problem that is affects individuals and organisations alike. With an increasingly digitised society, criminals are exploiting weak spots and lack of awareness to cause harm. It is in companies’ and society’s interest to minimise fraud for themselves and consumers.

What’s next? Payment organisations must look at their success rates around preventing fraud and whether they need to take a different approach to strengthen internal and external culture towards fraud.

The existing and complex relationship between society and technology is interlinked with fraud. Criminals steal funds faster and more easily by exploiting payments frameworks using emotive language to push victims to make decisions.

While face-to-face interactions allow people to notice cues that ring alarm bells, intuition is handicapped when it comes to online enabled crime. One the key factors that contributes to this is the language around fraud.

“If I say ‘fraud,’ there isn’t an image that comes to mind to give you an emotional hook as to why you should assess it as a problem,” explains Paul Maskall, manager of fraud and cyber-crime prevention at UK Finance/DCPCU, who spoke in a recent webinar hosted by The Payments Association.

A broader industry and social shift around fraud is required to allow people and organisations to discuss fraud with a more accurate risk profile.

There are different types of fraud: investment fraud, which is largely directed at non-banks, where an entity would present itself as a legitimate business. Another is when entities present websites giving investment advice or acting as investment brokers – this is often targeted at older, more vulnerable people.

“What worked for us in terms of deterring this activity was going above and beyond your typical tick-box, KYC-type process and focusing on what the typology is here,” says Simon McFeely, global head of risk and compliance at TransferMate.

He adds: “ In most instances we found that those websites were copied from elsewhere. That, coupled with the Companies House information, quickly led to an aggregation of red flags.”

Companies must look beyond a select few red flags

To uncover these red flags, staff need training and a change in their broader mindset. It is important for companies to have robust procedures and processes around identifying fraud, however, but the investigating analyst must have a degree of flexibility to look at a select few red flags and apply a deeper approach to investigation.

McFeely points out that there is a difference between ‘regulatory risk’ and ‘real risk.’

“If your whole programme is set up from a typology-led kind of position, then that means your actual risk is going to be managed, your risk assessments are going to be better informed and naturally your AML programme is going to be more targeted,” explains McFeely.

He adds: “I’m a very firm believer that if you’re managing a real risk and you’re serious about it, that trickles down to your sales teams, to your analysts, and how you actually project that to your consumers and customers that are interacting with your products.”

McFeely notes that this approach also helps regulatory checks, allowing the supervisory body to see that the company’s senior leadership team is actively supporting the development of fraud programmes, as well as ensuring the business is carrying the right kind of training, business and consumer risk assessments.

This reflects the difference between implementing policies as part of a tick-box exercise as opposed to reflecting a deeper cultural appreciation of fraud prevention. If that message is not echoed and led from the top, it is reflected in the company’s approach to compliance.

Companies can also turn to RegTech solutions to streamline compliance processes and identify suspicious activity more effectively. However, there is still a lack of awareness around the opportunities that leveraging technology can provide around compliance.

Another key barrier to adoption is the sheer number of solutions available, making it difficult to select the right RegTech.

“Vendors need scrutiny in terms of whether they are they really making it easier or are just in it for the money and the opportunity,” says Sarah Sinclair, founder of Change Gap. “Are they really focused on helping and do they have integrity of the data they use?”

Key themes to identify fraudsters

Mitch Trehan, UK head of compliance and MRLO at Banking Circle, notes that while analysts will have access to the data, they need to take different approaches to high-risk and low-risk entities.

“We have all these checklists, we know this data, we are getting it, so let us take it to that next stage of evolution…,” he states. “What is the information you are getting? What are you doing with it? How can you make it better? How can you get the culture of your firm up to scratch?”

While good practice on knowing your criminal will depend on each organisation’s activities, there are core themes that companies must strive for:

  • Law enforcement outreach programmes – be proactive in public-private partnerships and build out industry networks;
  • Identify scenarios – understand that risk assessment is not a tick-box exercise; you must proactively identify the typologies, capture the risk, and use it to strengthen your programme;
  • Tailored approach – employ system controls tailored to the product/service/client verticals and map it to inherent vulnerability scenarios; and
  • Adjust methodology – tailor procedures for KYC/KYB focused on real risk scenarios for specific clients based on the inherent vulnerability.

McFeely also believes there are ways to do more: “How can we work as an industry and put together a paper to see what good looks like? How can we get all this information that we have in our programmes to a level of industry expertise that is going beyond what the government is trying to do, so were doing more for the consumer?”

Across the sector, there is agreement that there needs to be better education on fraud, as well as applying this learning to a company’s culture and the need for a broader societal shift in thinking about fraud. Organisations must think creatively and proactively to tackle the constantly evolving challenges of fraud.

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Continue reading

This content is only available to members - please see instructions below!

Become a member to continue reading

Member of The Payments Association? Log in to continue reading

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?