With digital transactions and eCommerce soaring during the pandemic, the rate of increasingly sophisticated fraud has also risen. With it, financial institutions need to strengthen their compliance to mitigate the risk of running afoul of the law.
Whether it’s simple online purchases or banking, or more complex areas like cryptocurrency or money laundering, Trevor Wingert, a senior know your customer (KYC) and anti-fraud solutions consultant for GeoGuard, told PYMNTS that rapidly changing use cases and technology highlight gaps in the current security approaches being used.
One recent example of a response to the proliferation was the inclusion of a long-fought anti-money laundering (AML) provision within the recently passed defense spending bill in the U.S. Senate.
“It’s great to see the prioritization on innovation with this bill,” Wingert said, calling the AML regulatory changes important. “Accurate and reliable data is a critical piece of modernizing the AML regimen,” he said.
Detecting potentially suspicious activity more quickly through the use of data also provides more meaningful and actionable information to law enforcement agencies that are facing rapidly evolving threats with limited resources.
“So it’s important for industry to support them aligned with the obligations they face under the Bank Secrecy Act,” he said.
Use Cases
Certainly, the use and availability of cryptocurrencies is another emerging area that is contending with its own unique set of compliance issues, but it is also one Wingert said appears to be closing gaps in regulation. Unlike the crypto markets, Wingert said the banking and payments industries continue to be slow to adapt to the challenges of KYC and fraud prevention.
“Can you really know your customer if you don’t know their location?” Wingert asked, adding that it’s important to have powerful geofencing capabilities for sanctions prevention and account security to ensure compliance with jurisdictions that are prohibited or have sanctions concerns.
“Bad actors are always going to conceal their location and the act of requiring a location check is a strong deterrent, so you’re going to see a big drop off in fraud and chargebacks as they move onto softer threats,” he said.
Moving beyond what he called the “crude, imprecise and blatantly inaccurate” use of IP addresses for determining location is critical, especially when it involves the verification of data.
The Geolocation Opportunity
The fact that consumers have a better understanding of, and are starting to make informed decisions about sharing their location data, is one area of opportunity Wingert sees for the year to come. In fact, a recent GeoGuard survey found that U.S. consumers were increasingly likely to share their location with banks in order to protect them from fraud.
“We’ve seen that people will share important information if they know that it will be used responsibly and to their benefit,” he said, “so when customers recognize the benefits of sharing location, they do.”
However, Wingert said the fact remains that many financial institutions, merchant acquirers and online stores are missing important risk signals by overlooking a proven approach to fraud and risk management. There’s a direct correlation between detecting and stopping location fraud and stopping all fraud, he said, noting that GeoGuard is finding increased awareness of the value of location signals.
Complex Compliance
Compliance requirements are complex and important, but often don’t match the culture of emerging companies, Wingert said, adding that it is important not to downplay the importance of compliance. While FinTechs and neobanks add value by focusing their attention on the user experience and business logic, their value isn’t being added in building better compliance functionality.
“So it makes sense to leverage the systems, the processes and technology that have been built over a long time and successfully operate at scale” within legacy banks. To that point, he said with the prospect of open banking, legacy lenders should use their compliance expertise to become a point of trust.
“FinTechs and neobanks [should] look at how they can best manage compliance holistically,” he said, “to integrate closer to the user and not just at the transaction.”
Assumptions Of Readiness
Within an array of changes brought on by the pandemic, Wingert said the sudden digital transformation has also highlighted shortcomings in digital identity and fraud management and revealed business process inefficiencies.
“The pandemic belies assumptions of readiness in a way that’s similar to untested business continuity plans,” he said. “Since organizations haven’t had to look deeply at their general business processes, they miss how significant the work is that’s necessary to truly meet their digital transformation objectives.”
While there is still much work to be done, one area of needed change he highlighted involves reducing the data security burden that is currently placed largely on the shoulders of consumers, though we are beginning to see the results of years of education and advocacy surrounding safe online transactions.
“For example, Apple’s requirements for app tracking disclosures on the way data is being used by developers is going to raise awareness even further,” he said. “As a result, consumers are going to expect online services to be clear about what kind of information they’re collecting and how they use it to increase trust from consumers.”
On the business side, Wingert said he thinks financial institutions need to accept that the customer experiences they provide have to change and lean into new technologies more than ever.
“Where there’s a customer expectation, the institution needs to respond,” Wingert said.