Payments companies are stepping into increasingly important roles as the global payment processing solutions market is slated to hit $62.3 billion by 2024.
Such firms cannot grow safely without robust security measures blocking fraud and other abuses from their offerings. Payment providers must ensure that their customers are genuine — not fraudsters or shell companies for illicit actors — and that users are not utilizing solutions to launder money. Regulators will be quick to crack down on companies that enable criminal activity, and merchants and consumers will depart if they cannot trust services with funds or data.
Payment service providers (PSPs) must carefully attend to their know your customer (KYC) and know your customer’s customer (KYCC) checks, anti-money laundering (AML) strategies and other fraud prevention approaches. This task will become more difficult as real-time payments demand increases, causing PSPs to rapidly perform security procedures.
This month’s Deep Dive examines how the right automation tools and strategic approaches can help PSPs keep up with current and emerging challenges.
Identity Verification and Confirmation
PSPs must ensure that onboarding procedures adequately vet new merchant clients without becoming a deterrent to joining.
A key aspect of that balance occurs when payments companies evaluate how risky new businesses are and decide how thoroughly to investigate them. Risk factors include a merchant’s industry, its customers’ average transaction values, and its operating locations. Automated data collection tools can improve KYC efforts’ accuracy, enabling PSPs to gather necessary identity verification details without time-consuming, error-prone manual processes.
Security concerns extend beyond onboarding — payments companies must continually observe their clients’ activities for suspicious signs and stay informed about risk factor changes. Merchants may revise their business models or experience significant changes in transaction volume, modifying their risk profiles.
PSPs must therefore remain cognizant and detect abnormalities, which can include sudden activity increases, unusually large transactions, payments made to unusual geographic locations for certain merchants, and engagement with recipients or senders on sanctions lists.
PSPs must approach security strategically or risk misidentifying legitimate merchants simply seeking to onboard or switch business strategies. Each provider will need to determine whether it prefers tighter security measures that could generate more false positives or looser procedures that reduce friction but may make customers vulnerable to fraud. All KYC and AML measures must nevertheless meet PSPs’ home countries’ legal standards. Artificial intelligence (AI)-based screening tools could help companies better balance their desires for lower customer friction with their needs for tighter security. Such tools aim to better assess data pinpointing fraudsters while filtering out legitimate users.
Fighting fraud — and money laundering in particular — is becoming harder as payments systems modernize. Banks traditionally handle payments in batches that clear within several days, during which they can search for signs of risk. Real-time payments are gaining popularity, and these move instantly and irreversibly. PSPs and financial institutions (FIs) both must ensure that providing customers their desired speed does not harm security.
Some observers of the financial space advise PSPs to develop methods that instantly screen even low-value transactions for potential fraud. Predictive analytics and machine learning (ML) tools can be especially valuable in identifying potential misbehavior and helping companies refine their screening approaches’ accuracy. Immediate payments make it even more important for PSPs to ramp up surveillance of traditional fraudster schemes, such as account takeovers (ATOs), social engineering scams and synthetic identity abuse.
PSPs provide high-demand services that must be delivered safely and conveniently. Payments companies cannot risk angering regulators by not doing the most they can to stop criminal use of their services.
AI and other technologies are key tools that can be leveraged to provide security without imposing undue customer frictions, and such solutions will become increasingly critical as real-time payments and other market changes introduce new threats.