How Can Payment Service Providers Overcome Global Regulatory and Compliance Challenges?
Understanding the Payments Regulatory Compliance Landscape
Digital payments are becoming the standard for moving money around the world and could surpass 3 trillion transactions per year by 2030, almost triple the 2020 level.
There are clear opportunities for payment service providers, whether through eCommerce, in-person mobile, peer-to-peer transactions or a variety of emerging technologies.
But evolving digital payment models pose complex challenges. Integrating new cashless systems, defending against fraud and complying with shifting regulatory requirements can present major hurdles. Cross-border transactions add to the complexity with different payment systems and regulations.
Payment Compliance Fundamentals
Payment service providers generally face strict licensing, operational and compliance requirements.
Regulatory compliance often differs depending on where the payee is, where the recipient is, the payment amount and method, the payment networks involved, and the purpose of the payment.
Despite those differences, there are several common factors that play a role in compliance.
Know Your Customer (KYC)
Verifying customers’ identity, understanding the nature of their financial activities and assessing their risk are fundamental to payments compliance. Partners in the payment chain generally expect payment service providers to have procedures in place to know who they are doing business with to reduce the risk of money laundering, fraud and other financial crimes.
Anti-Money Laundering (AML)
AML programs help ensure illegal funds don’t enter the financial system. AML best practices include KYC procedures, watchlist screening for ties to corruption and ongoing monitoring for exceeded thresholds, suspicious transactions and status changes.
Data Privacy and Security
Securing payment information is essential to compliance and maintaining payment flow integrity.
The Payment Card Industry Data Security Standard is a set of requirements for any business that stores, processes or transmits payment card data. Not every online payment method uses cardholder data, but modeling those requirements demonstrates robust data privacy and security.
Merchant Onboarding
Enabling merchants to provide digital payment options for customers adds a compliance layer. Business accounts can increase the risk of financial crime.
The processes for vetting people for payment accounts apply to merchant onboarding. But there are additional requirements for due diligence and risk management that help determine the merchant’s legitimacy.
When onboarding a merchant, payment service providers can consider:
The transaction level of the merchant and its network
- The industry and segments the merchant serves
- Transaction amounts and ranges
- Payment channels the merchant will use
- The countries where it operates
- The resources required to properly vet and monitor the merchant
Verifying a merchant commonly requires company name, registered business or tax identification number, and registered business address. Due diligence also might require the type of business, sales turnover, bank account details and beneficial ownership details.
Standardizing Compliance
Some payment companies focus their compliance to one region, while others take a holistic approach so they can meet regulatory requirements anywhere in the world. Adopting best practices can position payment service providers to adapt to any regulatory changes they encounter in different regions.
That approach can create consistent data security, compliance and onboarding systems that help minimize costs, decrease failures and improve employee productivity.
Preventing Payment Fraud
Payment fraud prevention programs help detect fraudulent accounts and transactions before they can do financial damage. Understanding evolving fraud threats, establishing robust onboarding and performing ongoing monitoring helps limit losses and protect customers.
Payment fraud includes:
Synthetic Identity Fraud
Synthetic identity fraud is among the fastest-growing types of ID theft. The fraudster combines fake and real information to create an identity. Synthetic identity fraud accounts for a significant percentage of all ID fraud.
Account Origination and Takeover Fraud
Account origination fraud and account takeover fraud (ATO) happen when a fraudster gains access to an individual’s account to make fraudulent transactions or use personal information to create false accounts. ATO is hard to spot because the fraudster uses legitimate credentials to access the accounts.
Card-Not-Present Fraud
Card-not-present (CNP) fraud is a general term for fraudulent transactions when a cardholder doesn’t present a card in person at the time of purchase. CNP generally occurs through mobile payments or online, making it more difficult to prevent and detect.
Chargeback Fraud
Chargeback fraud happens when someone orders products or services and then requests a chargeback from the issuing bank instead of the merchant. Businesses that use 3D Secure 2, a multifactor authentication protocol, can often shift the liability of a chargeback to the issuer.
Optimizing Payment Fraud Prevention
Implementing an enterprisewide payment fraud management program can help payment service companies control risk across all transaction channels.
Creating the program involves:
Assessing Fraud Risk
Perform a comprehensive fraud risk assessment. Consider the requirements associated with regulatory compliance and industry standards. Investigate the common techniques fraudsters use against payment companies.
Armed with that assessment, define procedures for detecting and preventing fraud. Select, develop and deploy fraud risk controls that match a defined risk tolerance.
Implementing Fraud Awareness and Training Program
Ensure employees understand fraud risks and know what to look for and how to respond.
Coordinating Fraud Reporting
Effective fraud reporting includes a coordinated approach to investigating fraud and taking corrective action. As the company monitors fraud risk management, it can report the results and continually improve the process.
Leveraging Fraud Detection Tools
Fraud detection tools such as address verification service and card verification value can help combat fraud from credit and debit cards. The U.S. Federal Trade Commission has reported that most fraud stems from credit card, debit card, payment app or service payment methods.
Applying Fraud Management and Analytics Software
Many automated fraud management systems use machine learning and predictive analytics to reduce fraud by uncovering hidden correlations between people’s behavior and the likelihood of fraudulent actions.
Account verification processes, transaction monitoring, mobile data checks, and threshold and suspicious activity reports provide useful data points for payment fraud analytics, including:
- Spikes in activity
- Exceeded thresholds
- Out-of-area or unusual cross-border activity
- Changing purchase patterns
- Consumer alerts
- Credit reports
- IP address discrepancies
- Fraudulent patterns
Implementing Agile Payment Technologies
Constant change in the payments industry with new technologies, models and business processes has placed a high value on nimble processes that can adapt quickly to new trends.
Faster payments, smoother experiences, more options and advanced capabilities lead to shifting consumer and merchant expectations. Payment service providers understand the importance of staying ahead of those expectations.
Area to watch include:
Cross-Border Payments
There is a push for quick and secure cross-border payments. But technologies and processes that work in one payment market don’t necessarily work in all of them. Flexibility is key to succeeding in multiple payment areas.
Real-Time Payments
Innovations in real-time payments, such as the FedNow℠ Service in the U.S., promise quick settlement and built-in end-to-end channels to improve clarity and transparency for payment communications.
ISO 20022
ISO 20022 is a system for standardizing the messaging systems used for financial transactions. The aim is to offer greater ease and better data availability to facilitate financial transactions and minimize the need for human intervention, improving efficiency and the customer experience.
Embedded Finance
Embedded finance empowers nonfinancial organizations to quickly integrate financial service features into products and services, such as through Buy Now, Pay Later. Embedding payment options can improve the customer experience and expand finance opportunities while helping improve merchant loyalty and profitability.
Crypto
Innovations in crypto technology, such as the Lightning Network, hold promise for instant payments, microtransactions and low fees. The ability to perform international remittances without complex payment chains could become a fundamental use case for the crypto sector.
Digital Wallets
On the consumer side, digital wallets simplify the integration and management of payment options and services. Organizations can add value by offering spending analytics, loyalty programs and new financial offerings.
Wallets could become a primary interface for payment activities, so ensuring simple integration with major wallet providers can position payment companies to create value and build strong relationships with customers.
Building an Agile Payments Platform
Intelligent, nimble systems can help payment service providers keep pace with changes in regulations, fraud and technology while ensuring low-friction experiences for customers.
A compliant, secure platform that quickly adjusts operational workflows to meet a risk-based approach can help payment companies thrive in different markets and use cases. Optimizing control over fraud mitigation enables organizations to match the level of friction to the situation.
Onboarding experiences are crucial. If account creation is too slow, the risk of abandonment rises.
Striking the right balance of fraud mitigation and customer experience often depends on the identity verification platform a payment company chooses. Identity verification is mandatory for AML and KYC compliance, and it drives onboarding with fraud checks.
A quality identity verification experience builds trust with the customer and helps develop long-term relationships.
Some factors to consider when choosing an identity verification platform include its ability to:
- Comply with evolving AML and KYC regulatory requirements
- Easily integrate into existing infrastructure
- Simplify expansion into new global markets
- Maximize match rate coverage for the market
- Optimize fraud and risk mitigation workflows quickly and efficiently
- Deliver smooth and rapid onboarding
- Provide multiple verification technologies and data sources to provide a holistic approach to match specific needs
- Offer expertise for numerous markets, use cases and scenarios
Payment service providers that leverage agile platforms that control risk while delivering smooth customer experiences can gain a competitive edge in a quickly growing digital economy.