With digital transactions and eCommerce soaring during the pandemic, the rate of increasingly sophisticated fraud has also risen. With it, financial institutions need to strengthen their compliance to mitigate the risk of running afoul of the law.
Whether itâs simple online purchases or banking, or more complex areas like cryptocurrency or money laundering, Trevor Wingert, a senior know your customer (KYC) and anti-fraud solutions consultant for GeoGuard, told PYMNTS that rapidly changing use cases and technology highlight gaps in the current security approaches being used.
One recent example of a response to the proliferation was the inclusion of a long-fought anti-money laundering (AML) provision within the recently passed defense spending bill in the U.S. Senate.
âItâs great to see the prioritization on innovation with this bill,â Wingert said, calling the AML regulatory changes important. âAccurate and reliable data is a critical piece of modernizing the AML regimen,â he said.
Detecting potentially suspicious activity more quickly through the use of data also provides more meaningful and actionable information to law enforcement agencies that are facing rapidly evolving threats with limited resources.
âSo itâs important for industry to support them aligned with the obligations they face under the Bank Secrecy Act,â he said.
Use Cases
Certainly, the use and availability of cryptocurrencies is another emerging area that is contending with its own unique set of compliance issues, but it is also one Wingert said appears to be closing gaps in regulation. Unlike the crypto markets, Wingert said the banking and payments industries continue to be slow to adapt to the challenges of KYC and fraud prevention.
âCan you really know your customer if you donât know their location?â Wingert asked, adding that itâs important to have powerful geofencing capabilities for sanctions prevention and account security to ensure compliance with jurisdictions that are prohibited or have sanctions concerns.
âBad actors are always going to conceal their location and the act of requiring a location check is a strong deterrent, so youâre going to see a big drop off in fraud and chargebacks as they move onto softer threats,â he said.
Moving beyond what he called the âcrude, imprecise and blatantly inaccurateâ use of IP addresses for determining location is critical, especially when it involves the verification of data.
The Geolocation Opportunity
The fact that consumers have a better understanding of, and are starting to make informed decisions about sharing their location data, is one area of opportunity Wingert sees for the year to come. In fact, a recent GeoGuard survey found that U.S. consumers were increasingly likely to share their location with banks in order to protect them from fraud.
âWeâve seen that people will share important information if they know that it will be used responsibly and to their benefit,â he said, âso when customers recognize the benefits of sharing location, they do.â
However, Wingert said the fact remains that many financial institutions, merchant acquirers and online stores are missing important risk signals by overlooking a proven approach to fraud and risk management. Thereâs a direct correlation between detecting and stopping location fraud and stopping all fraud, he said, noting that GeoGuard is finding increased awareness of the value of location signals.
Complex Compliance
Compliance requirements are complex and important, but often donât match the culture of emerging companies, Wingert said, adding that it is important not to downplay the importance of compliance. While FinTechs and neobanks add value by focusing their attention on the user experience and business logic, their value isnât being added in building better compliance functionality.
âSo it makes sense to leverage the systems, the processes and technology that have been built over a long time and successfully operate at scaleâ within legacy banks. To that point, he said with the prospect of open banking, legacy lenders should use their compliance expertise to become a point of trust.
âFinTechs and neobanks [should] look at how they can best manage compliance holistically,â he said, âto integrate closer to the user and not just at the transaction.â
Assumptions Of Readiness
Within an array of changes brought on by the pandemic, Wingert said the sudden digital transformation has also highlighted shortcomings in digital identity and fraud management and revealed business process inefficiencies.
âThe pandemic belies assumptions of readiness in a way thatâs similar to untested business continuity plans,â he said. âSince organizations havenât had to look deeply at their general business processes, they miss how significant the work is thatâs necessary to truly meet their digital transformation objectives.â
While there is still much work to be done, one area of needed change he highlighted involves reducing the data security burden that is currently placed largely on the shoulders of consumers, though we are beginning to see the results of years of education and advocacy surrounding safe online transactions.
âFor example, Appleâs requirements for app tracking disclosures on the way data is being used by developers is going to raise awareness even further,â he said. âAs a result, consumers are going to expect online services to be clear about what kind of information theyâre collecting and how they use it to increase trust from consumers.â
On the business side, Wingert said he thinks financial institutions need to accept that the customer experiences they provide have to change and lean into new technologies more than ever.
âWhere thereâs a customer expectation, the institution needs to respond,â Wingert said.