As P2P continues to expand and accelerate – FinTech and bank companies alike want to make payments as instantaneous as possible. That begs the question of whether fraud prevention can actually kick in before it’s too late. Darcy Berringer, Fraud Management Specialist at nTrust, joined Karen Webster to discuss how the company’s partnerships are helping to keep their fraud management ahead of the game.
Moving money between people is risky business – and P2P payments have become yet another fraudster’s playground.
Why? Because, as the famous Doublemint Gum commercial once said, it’s two, two, two chances to defraud in one. Fraudsters using P2P payments as their platform are able to attack from both sides, and they’re doing it while payments continue to get faster – even real-time.
If fraud prevention tools can’t keep up, the results could be disastrous.
Once a fraudulent transaction has occurred, not only is the money hard to recover but the fraudsters themselves are typically gone and onto the next scheme before anyone knows what happened.
So it would seem that launching a new P2P payments network might be among the riskiest moves of all.
Online money remittance platform nTrust got its start by seeing an opportunity to change the way money is sent and received in the Philippines, where many people are locked out of the financial system.
nTrust Fraud Management Specialist Darcy Berringer said what began as a chance to offer an alternative to a somewhat behind-the-times banking system has now developed into a worldwide money transfer service that recently set its sights on the Canadian market.
One of the biggest challenges when it comes to fraud prevention is keeping the balance of safeguarding data without introducing friction when onboarding new users.
It’s what Berringer described as a tightrope – always wanting to stop fraud at the front door, but also needing to take the necessary measures to authenticate that a user is who they say they are.
Unfortunately, these actions can often be at odds.
Internally, nTrust relies on its own internal fraud tools – including an internal database that contains information pertaining to its members, such as their behaviors, characteristics and geolocation, in order to help monitor and mitigate the risk they may pose to the system.
“We look at multiple attributes of a member’s cloud — geolocation, financial, profile information and IP address, to name a few,” she said, noting that this data is then used to help determine where nTrust may see higher-risk behaviors occur.
A key part of nTrust’s fraud management is having procedures in place that prevents member from taking any money out of the system until they are fully vetted and KYC requirements are met.
With these types of security measures in place, it also helps to ensure that the transactions coming in are coming from sources that are already validated, such as online bank accounts.
“We’ve put a structure in place where we can build parameters that identify layers of risk from low too high to help mitigate fraud and allow us to conduct enhance due diligence,” she said.
Berringer noted that partnerships have also played a huge role in ensuring its fraud management is not just reactive, but proactive in shutting fraudsters down. Last year, the Vancouver-based company teamed up with global ID verification company Trulioo to bring additional online authentication services into the fold.
By utilizing Trulioo’s global AML Watchlist and profile verification services, nTrust is able to make decisions about how much risk it is willing to take on for a member before it has to deliver any friction.
Trulioo authenticates the information of every member that comes through nTrust’s system, enabling the company to perform due diligence on any individual, Berringer said.
If an individual is flagged for any reason, nTrust is then able to place the account under review, and the system will automatically send an email request to the member to submit verification documentation.
nTrust is also notified, allowing it to closely monitor the account and see if any other notifications or warnings come through for the individual.
Trulioo also sends each member’s profile information details to be checked against a number of independent global data sources, which advises nTrust whether the account details are a match or not., which tells nTrust whether the account is a match to any other authentication systems. From there – depending on what information comes back about a member – nTrust can examine its own risk appetite and all the business rules set out to determine if it’s willing to take on the risk for that individual.
Berringer explained that being able to integrate with third-party services and utilize their tools and experience has helped to safeguard nTrust members and relieve the burden that can come with manual processes.
“It saves a lot of time, which is huge,” she noted. “Before I was manually uploading and checking lists and subscribing to every sanction list you could possibly imagine to get updates.”
Now, Berringer has one less thing she has to worry about. Instead, she can focus on the notifications received and investigate any risk alerts or warnings that come in accordingly.
“If we decide that our risk appetite is too great for something that comes back, then we’ll put parameters in place where you might be able to add money to your cloud but won’t be able to send those funds to someone else who could be working with you to commit fraud,” she explained.
It comes down to a weighting system – if the risk is high then nTrust will take steps to simply limit a user’s capabilities in the system.
One of the best parts, Berringer noted, is that any changes or parameters that are introduced on a member’s account happen in real time and don’t require waiting for a deployment or upload to kick in.
“Now I’m waiting for the fraud to come through because I’m ready for it,” she said.