To stay ahead of increasingly savvy, globetrotting criminals, international collaboration is more important than ever.
Within the payments industry, those tasked with keeping criminals at bay are all too aware of the growing threat these bad actors pose. Criminal activity targeting payment networks has reached industrial proportions, with NASDAQ estimating $3.1 trillion flowed through the global financial system in 2023. Faced with such a monumental challenge, it is natural that anti-financial crime experts working to safeguard payments are increasingly looking at the bigger picture.
The threat of bad actors exploiting legitimate payment networks to steal, defraud or even launder is nothing new. However, the tools these criminals use are advancing and posing a more sophisticated threat. Jimmy Roussel, COO at ID verification provider IDScan. net, says criminals have seized upon AI to take their schemes to the next level. “Criminals are becoming increasingly sophisticated, employing tactics such as generating fake IDs, using deepfake images and video, and mimicking human movements to deceive detection systems,” says Roussel. “The technology to combat exists but is often challenged by the disparity in technological capabilities and resources across jurisdictions, which leaves gaps in global Jon Yarker fraud prevention efforts.”
This ability to globetrot is something criminals use to their advantage, given there are natural differences in how countries regulate payment processing. Andrew Doyle, CEO at know your customer (KYC) firm NorthRow, points out that this, unfortunately, undermines each country’s own specific approach— given other countries with weaker or outdated laws can become havens for criminals.
“The payments industry is inherently transnational, meaning criminals looking to move dirty money often exploit jurisdictions with weaker regulatory frameworks to shift money from country to country to obscure its clandestine origins,” says Doyle. “Coordinating efforts to combat financial crime among nations with vastly different legal systems, priorities, and enforcement capabilities adds a significant challenge to the ongoing battle against dirty money.”
Operating at such a scale, criminals are not afraid to attack firms of all sizes—from budding startups to listed giants—and can be brazen in how they do this. Jessica Cath is partner (financial crime) at compliance consultancy Thistle Initiatives and often helps startups with their risk assessments and how they safeguard against these. She says payments processing is particularly prone to “low-value, high-volume” fraud, with some startups quickly swamped by bad actors soon after launch.
“If you’ve just gone live, you may be targeted by gangs opening thousands of fraudulent accounts,” says Cath. “The challenge for startups is they need to demonstrate value to investors, and on the surface, this looks great—but 90% of their customers could be fake! Many have had to switch off all transactions before they bring this back under control—quite blunt controls are needed.”
To give the payments industry a chance of keeping international criminals at bay, it is clear that legitimate firms must coordinate themselves. Collaboration on this front is “essential” according to Doyle, who points out that with financial crime being borderless that criminals will keep exploiting inconsistencies between differing regulatory frameworks.
“Many payment processors often operate on a global scale, which means exposure to varying degrees of regulatory scrutiny,” explains Doyle. “Without close coordination and collaboration between countries, payment processors face the near-impossible task of identifying and mitigating threats originating from jurisdictions with weaker enforcement.”
A key part of collaboration is the sharing of insights. Whenever a breach happens, there will be information to gain from this detailing how the criminals worked and the strategies they deployed. Thara Brooks, market specialist (fraud, financial crime and compliance) at FIS, says international organisations such as the United Nations Office on Drugs and Crime, Interpol, FATF, and the European Commission have raised increased awareness of the importance of international intelligence sharing.
“For effective cross-border collaboration, improved intelligencesharing mechanisms, common definitions of fraud and financial crime, centralised databases, and standardised frameworks for enforcement and supervision can enable relevant parties to coordinate efficiently across borders,” says Brooks. “This results in accurate transnational data-driven insights, faster co-ordinated investigations, timely prosecutions, and prompt asset recovery across borders.”
For the largest companies, such as Uber, internal collaboration can be an option to strengthen security. The ride-sharing platform operates in over 70 countries. Though this makes the company a target, Kathy Griffin, chief risk and compliance officer for Uber Payments UK, says they use this to their advantage. Being data-rich allows Uber to know “what normal looks like in an area at different times”, says Griffin, which can then influence which transactions are scrutinised further. Importantly, these insights are then communicated to her counterparts in different regions, and Uber has formalised this to enable better intelligence-sharing.
“We are fortunate in the way we are structured—I’m part of a function called regulated entities, which includes the UK, Mainland Europe, Mexico, and Taiwan, and we spend a lot of time together sharing best practices,” says Griffin. “Despite our different regulatory environments, we try to keep our processes as consistent as possible. I’m quite lucky to have counterparts whose brains I can pick frequently, and vice versa.”
Policymakers are also embracing collaboration. Later this year, the EU’s Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) goes live, inspiring optimism for some. Anna Kostus, managing director and financial crime regulatory expert at FTI Consulting, is one expert looking forward to the new authority.
“This has the potential to be a real game-changer when it comes to crossborder financial crime prevention,” says Kostus. The two main reasons for this are—the AMLA’s mandate to develop a comprehensive set of ITS/ RTS, which paves the way for a new unified EU AML/CTF rulebook, and, more importantly, still is its role in coordinating the information exchange between national FIUs.
“The new agency will not only manage FIU.Net, the information exchange platform used by different nationals but will also establish and maintain a new central database holding data on suspicious transactions, high-risk individuals or entities, and other useful information for combatting financial crime.”
With criminals using the latest technology in their schemes, payment firms are also exploring how they can use the latest innovations to safeguard their networks. This has led to AI being used to defend against attacks that ironically use the same technology.
“Whilst advances in technology are changing the dynamic for ID verification and the fight against financial crime, they are also significantly improving the ability of authorities in different locations to share information and coordinate efforts,” explains IDScan.net’s Roussel. “Generative AI detection tools, for example, can identify deepfake images and AI-generated text, allowing for early detection and reporting of fraudulent activities.”
Roussel adds that AI-enabled detection systems will also amalgamate these insights for the benefit of both authorities and market participants: “Centralised databases and query systems integrate data from trusted sources such as government agencies and telecom records, enabling real-time identity verification across borders. The implementation of smartphone-based digital ID systems facilitates secure and streamlined identity verification processes, ensuring that institutions worldwide can adapt quickly to emerging fraud trends.”
In a similar vein, the corporate digital identity (CDI) is being used to facilitate faster cooperation and data-sharing, specifically for the benefit of public private partnerships. Henry Balani, global head of industry and regulatory affairs at Encompass Corporation, explains: “CDI’s ability to provide real-time insights into client verification and risk assessments strengthens collaboration by ensuring that all parties involved have access to accurate, consolidated data. “The key here is the rapid identification of financial threats leveraging CDI which allows for swift responses to emerging threats. Such coordinated efforts are critical in addressing financial crime that often operated across multiple regions.”
The onus on rapid sharing of information is dictating how such collaborations are formed. For example, Pay.UK and UK Finance have led the development of the Enhanced Fraud Data (EFD) system which enables payment service providers to share detailed data with the authorities about criminal activity in real-time. NorthRow’s Doyle says such an approach has changed the way in which compliance works, and he argues that compliance software now acts as a bridge—allowing payment firms to notify regulators and enforcement agencies in near-real time when suspicious activity is detected.
“For instance, when a payment firm’s AML system identifies a potential case of fraud or money laundering— perhaps through unusual risk patterns or connections to sanctioned entities— it can automatically generate a detailed report and send it directly to the relevant authorities,” adds Doyle. “This integration eliminates manual delays, ensuring that authorities have the information they need to act quickly.”
The payments industry is increasingly collaborating and sharing information in the battle to keep criminals at bay. Fortunately, this is leading to some best practices being spread and acting as examples for others to follow.
Speaking from experience, Uber UK’s Griffin highlights the importance of being responsive to new threats as criminals continually innovate. This includes not arbitrarily sticking to certain ways of doing things, and over the past 18 months, the ride-sharing platform has been actively reviewing and culling processes not yielding results.
“There is a sweet spot we want to be in—between being innovative and being fast-paced, but while also fulfilling our regulatory requirements and being safe and compliant,” says Griffin. “Using our data cleverly is important to this, and we benefit from not being held back by legacy systems like some established financial services firms would. This allows us to be responsive to threats.”
Additionally, those tasked with keeping accounts safe must work harder and introduce novel tactics to outsmart increasingly smart technology. At IDScan. net, Roussel explains that this has led to the firm investing in new systems and processes in response to AI.
“One key practice is liveness detection, which requires users to perform specific actions, such as looking in different directions or smiling, to confirm their authenticity and detect deepfakes,” explains Roussel. “Advanced AI detection systems are being implemented to identify inconsistencies in ID documents and associated data.”
The advances of increasingly brazen criminals equipped with the latest technology are not being taken lightly in the payments industry. Security protocols are tightening throughout, and collaboration is being used to share best practices, inform new safeguards, and exploit any weaknesses criminals have. A new era of financial crime is forcing many to innovate, but Thistle Initiatives’ Cath argues that traditional approaches are still meritorious.
“You should build a framework, but you do not need to do it with fancy tools,” says Cath. “In payments, you could maybe use less of a fancy tool and have more flexibility in building your control framework.”
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
