by Tim Attinger
LESSON 2 DISCUSSION QUESTION: What has been the most important result in the application of risk management services in payments processing? How have network-based risk services delayed the adoption of device-based risk management services, such as Chip + PIN? Click here to respond.
In our first class, we reviewed how payments businesses began storing, mining, and using information primarily as a way to more efficiently manage the core business of facilitating payments transactions. As we discussed in our last class, payments businesses began life by linking consumers and merchants together for financial interactions that wouldn’t require paper money to pass between them. Financial institutions that had built deep relationships with consumers and retailers — on the basis of highly-detailed and often very localized information about them both — began to represent those respective customers as simple account numbers in their burgeoning computer systems, to the processing networks that managed those interactions, and therefore to each other.
Account numbers loaded into transaction messages identified the consumer and merchant party to each transaction as that numerical representation of a commercial exchange passed through the payments network, showing clearly to the computer systems that had begun to replace paper-sorting consumers who exactly owed money to whom, from what time and date, and for how much. As those transactions multiplied, the processing systems managing consumer payments began storing and analyzing large sums of transaction records in their systems and on backup tapes to ensure an historical record of the financial transactions and sums of money that passed through their operations.
Aggregate Analysis. As those systems began to review and compile transaction records and portfolio profiles, individual account records were compiled into large snapshots of network and participant portfolio activity. Activity reports and portfolio management analyses provided topline overview or averages of the detailed transaction activity of which aggregate reports were comprised. Reports showed the total amount of money moved, the aggregate value of transactions, the total number of transactions, and the average value of each transaction. Reports may have shown the value of transactions by segment for each participant — by merchant class, by product type, by geography, by time of day.
Payments networks and processors gave little thought to how transaction records might be used individually to drive more value to financial institution participants. Aggregate data was the most useful way to use transaction records, or so most payments managers believed. And sadly, for any who might have believed differently, analyzing and interpreting transaction-level detail required massive amounts of computing power (rather expensive at the time). And to what end? What could possibly be gained from diving into a network full of transaction records and individual customer detail? Certainly, you did this when investigating a transaction for return, chargeback, or dispute required it. But how and why would you do it proactively?
Profile and Risk Management. As networks and transaction volumes grew, helping financial institution participants manage the risk of financial loss grew to be one of the most important activities in which a network manager could invest. As the total value of transaction records flowing through the system grew exponentially, the amount of money leaking out of the system from bad transactions, spurious disputes, and organized malpractice increased as well — particularly as organized crime rings began to realize that setting up a phony merchant account, taking consumer money, and then shutting down without ever delivering could be a highly profitable racket. (Related Briefing Room: Security and Fraud)
So the first ancillary systems inside payments networks and value-added processors built were rudimentary applications that analyzed merchant and consumer portfolios to determine how exactly they had gone bad. Processors began to use the results of these analyses to inform their strategies for authorizing the transactions to follow. But as the processes and processing for managing risk became more sophisticated, so too did the fraud rings working to exploit those very processes. What’s more, as the volume of transactions accelerated, fraud began to migrate to compromising or replicating live account credentials and then using them fraudulently. So, interrogating transactions as they happened, and doing so in the context of all the other transactions in the system, became even more critical. And modern transaction-based risk management systems were born.
The other side of the coin. Risk management systems moved from static applications and analyses that informed authorization response strategies to flexible modeling capabilities that looked at transactions as they occurred and assessed risk against each in the context of the others. And if a transaction appeared to be out of order, the systems would… simply step in and decline it. Cut it off. As anyone who has ever struggled to manage the balance between maximizing revenue and minimizing risk knows, the simplest way to mitigate the risk of loss in a transaction is simply to stop it cold, to kill commerce. (Related Article: First-Party Fraud: Why You Might Be at Risk)
But what if that transaction looked suspicious but was actually OK? Or even if it was not, what if the financial institution that manages the consumer or merchant account associated with the transaction would prefer to make that decision? After all, it may be that this is the first time the network has seen a consumer account that normally generates transactions in and around Omaha, Nebraska attempt a purchase in Oman. But perhaps the bank behind that consumer knows more about how and why that consumer is travelling? And so an enlightened network manger developed the ability to take the intelligence generated by the risk systems in the network, interrogate a transaction in real time, and then deliver the results of that interrogation by dropping score into the transaction message as it traverses the network.
And in that small innovation was born the opportunity to someday turn a risk scoring system on its head and create in the same process a method to drive loyalty benefits and promotion capabilities to the same financial institution. Might a risk management function become revenue generating one as well? We will discuss this in our last class. But for now, let’s discuss risk.
LESSON 2 DISCUSSION QUESTION: What has been the most important result in the application of risk management services in payments processing? How have network-based risk services delayed the adoption of device-based risk management services, such as Chip + PIN? Click here to respond.
Click here to officially register for PYMNTS University
Driving Payments Innovation through Education- PYMNTS University
Durbin Debit 101 (required): Retail Deposits Have Changed Radically Overnight
Debit 201 (Required. Debit 101 prerequisite): Is Prepaid “Debit-Lite?”
Point of Transaction 201 (required): Competition for Consumer Choice
Mobile 205 (required): GPC Payments Value Proposition
Mobile 206 (elective. Mobile 205 prerequisite): Emerging Payments Value Proposition.
Cloud Payments 210 (required): Building Value in the Network
eCom 301 (elective): Evolution of Online Commerce
eCom 302 (elective): Emerging Competition
Mobile 305 (elective. Mobile 205 and Debit 201 recommended): Emerging Markets Mobile Prepaid
Cloud 310: Adding Value to Network Transactions
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More