The global financial sector is undergoing radical transformation! One area demanding immediate attention is the transition from 3D Secure (3DS) version 1 to 3DS2.

3DS, the added security layer for online credit and debit card transactions, is shifting to a new model - 3DS2. The shift carries significant enhancements such as improved user experience, particularly on mobile, and the introduction of risk-based authentication, reducing challenges for low-risk transactions. This shift also signals a change in fraud (refer to our Fraud vs Scam Article) detection mechanisms, but brings with it new complexities and challenges.

Risk-Based Authentication (RBA) is an integral part of 3DS2. Unlike static authentication methods that employ a one-size-fits-all approach, RBA tailors the authentication process based on the user's risk profile. This approach takes into account various factors such as user behavior, device type, and location, to decide the level of authentication needed. It leads to a smoother customer journey for low-risk transactions while ensuring high-risk transactions get the scrutiny they deserve.

The overall Changes:

This table illustrates the changing liability landscape, but each transition comes with its implications on fraud management.

The Different Identification types:

How are Chargebacks affected by all this?

The adoption of 3DS2 carries potential implications on chargebacks. The liability for chargebacks shifts from merchants to the card issuer. While it presents a relief to merchants, it adds a layer of complexity in case of fraudulent transactions. The issuer would now need to scrutinize transactions more carefully, increasing the need for strong risk management frameworks.

The liability shift under 3DS2 can create an environment that empowers scams. Despite 3DS2’s sophisticated security, it falls short in covering social engineering on web-based scams where the user is coerced into accepting the 3DS due to urgency or misinformation. In such cases, victims may not be protected by chargebacks, leaving them exposed to financial loss.

How are Financial Institutions at risk?

Financial institutions, now assuming the liability for fraudulent chargebacks, face increased financial and regulatory risks. They also risk reputational damage due to their direct involvement in customer disputes. These risks necessitate financial institutions to rethink their dispute management approach and re-evaluate their online fraud identification strategies.

A risk-based approach to merchant dispute management involves monitoring and categorizing merchants based on their risk profiles. This can be achieved by regularly tracking key risk indicators such as chargeback ratios, sales patterns, customer complaints, merchant traffic indicators among others. By focusing resources on high-risk merchants, financial institutions can mitigate risks effectively.

The successful navigation of the 3DS2 landscape requires robust fraud identification training, especially for online acquisitions. This training should include identification of potential scam tactics, understanding the mechanics of social engineering, and awareness of the latest fraud trends.

In conclusion, the shift to 3DS2 is not just a technological upgrade, it is a paradigm shift demanding a proactive and robust risk management approach. Financial institutions must understand these changes, assess the potential impacts, and take action to protect themselves and their customers. The task ahead is challenging, but with adequate preparation, it is an opportunity to fortify security, enhance customer experience, and build trust in the rapidly evolving digital financial landscape.

#Fraud #VDMP #ECP #FinancialCrime #Fincrime #AML #Chargeback #Scam #Dispute #3DS #RBA

In an increasingly interconnected world, online fraud and scams represent two distinctive yet interlinked phenomena that continue to threaten the integrity of financial institutions. This in-depth examination delineates their defining features, legal implications, escalating global presence, and devastating impact on financial institutions.

Online fraud and scams are terms often conflated due to their overlapping characteristics, yet they represent different facets of internet-based deception:

Fraud:

Online fraud is a criminal act that involves illicitly using someone else's personal information without their consent, usually leading to monetary loss for the victim. It is an insidious crime often perpetrated through advanced hacking techniques or the exploitation of data breaches.

Scams:

Conversely, online scams are marked by cunning use of social engineering. Here, the victim is subtly manipulated into becoming an unknowing accomplice to the crime. Scammers often create a web of deceit, playing on human vulnerabilities by using misinformation, urgency, or ambiguous fine print to lure their prey. While the manipulation or misinformation may not be criminal per se, the outcome often leads to unlawful enrichment, rendering it a criminal act.

One common method involves the exploitation of victims’ emotions, playing on fear, optimism, or a sense of urgency to induce action. A notable example of this was the false COVID-19 treatment scams that emerged during the pandemic. Victims were promised entry into fictitious vaccine trials in exchange for sensitive information. Scammers created convincing yet fake websites, often mimicking legitimate sites such as DMV or banking sites, duping their victims into divulging their financial details.

How are Financial Institutions Affected?

Financial institutions are at the front lines of this battleground, facing significant legal and reputational risks when dealing with entities embroiled in fraud or scams. As custodians of financial transactions, the unlawful enrichment processed through their systems taints their integrity. Furthermore, financial institutions can find themselves liable for dispute management, repaying correspondent banks when chargebacks are issued, or even facing litigation. These issues are compounded by the fact that accounts involved in such scams typically do not generate substantial revenue for the institution.

Dealing with chargebacks from fraudulent transactions comes at a considerable cost. As elaborated in a prior article on dispute management systems, these systems, while important, are not flawless. Visa and MasterCard's dispute management systems, for instance, are often manipulated by scamming rings operating under the radar, exacerbating the problem for financial institutions.

The Scale?

A clear illustration of the growing global concern is the disturbing trend highlighted by INTERPOL's recent research and subsequent Orange Notice warning. This reveals an emerging, large-scale human trafficking phenomenon linked to cyber-enabled financial crime, demonstrating the profound global reach and escalation of these criminal activities.

Victims, lured through fake job ads to online scam centers, are forced to commit these crimes on an industrial scale. Initially concentrated in Southeast Asia, this Modus Operandi is now replicating across continents, reaching West Africa and beyond. The diversity of the victims, initially Chinese-speaking individuals, has broadened, encapsulating people from South America, East Africa, and Western Europe.

The cost of combating these issues can be immense. In 2022 alone, victims in the U.S. were defrauded of approximately $10.3 billion due to scams. This staggering statistic underscores the gravity of the problem and its far-reaching financial implications.

What's Next?

To navigate this precarious landscape, financial institutions need to arm themselves with robust cybersecurity measures, stringent customer verification processes, and constant vigilance. Training employees to recognize potential fraud or scam activities and establishing strict protocols are crucial steps towards mitigating these risks.

In conclusion, the battle against online fraud and scams is indeed an uphill one, demanding a collaborative effort from individuals, financial institutions, and regulatory bodies alike. While the stakes are high and the challenges formidable, victory lies in vigilance, technological innovation, and a steadfast commitment to ensuring security.

#Fraud #VDMP #ECP #FinancialCrime #Fincrime #AML #Chargeback #Scam #Dispute #humantrafficking #interpol

In a key development that underscores the European Union's commitment to human rights advocacy and financial regulation, the Council of the European Union has expanded its sanctions against Iran. Seven new individuals, accused of orchestrating serious human rights violations, have been added to the restrictive measures list as per Council Implementing Regulation (EU) 2023/LI 160/1 of 26 June 2023. This step reflects the EU's response to a series of concerning incidents in Iran, including suppression of non-violent protestors, restriction of internet access, and the controversial handling of the killing of Mahsa Amini.

The following persons have been added to the restrictive measures list:

1. Seyyed Mohammad Mousvian: As the Public and Revolutionary Prosecutor of Isfahan Province, Mousvian held significant responsibility for the trials and subsequent executions of several protestors. Mousvian also issued indictments against Iranian music artist Toomaj Salehi for his participation in anti-government protests.

2. Ali Zare Nouri: Serving as the Deputy Judge of and advisor to the Provincial Criminal Court of Isfahan Province, Nouri was directly involved in the trials and executions of protestors.

3. Seyyed Nader Safavi Mirmahalleh: As the governor and head of Rezvanshahr Security Council in Gilan Province, Mirmahalleh ordered officers to open fire on protestors during Iran’s 2022–2023 nationwide protests, resulting in numerous casualties.

4. Seyyed Khalil Safavi: As the Police Commander of Rezvanshahr in Gilan Province, Safavi held a crucial role in the police response to protests in late September 2022, which resulted in several deaths and injuries.

5. Seyyed Abbas Hosseini: As Governor of Amol, Hosseini is responsible for the deaths of two young protesters in September 2022 by government forces.

6. Mojtaba Fada: As the commander of IRGC forces in Isfahan province, Fada oversaw the actions of security forces during anti-government protests in 2022.

7. Rashid Kaboudvandi: Kaboudvandi, the commander of the Imam Hossein Guards Corps of Karaj, Alborz Province, is implicated in the detention, killing, and reported sexual assault of protestors.

The addition of these individuals to the EU's sanctions list is pertinent and significant as it strengthens the international stance against human rights violations. Financial institutions and businesses operating within the EU jurisdiction are legally bound to adhere to these sanctions. Non-compliance could lead to severe legal and reputational consequences.

To ensure compliance, financial institutions are advised to:

• Maintain up-to-date information on sanctioned individuals and entities.

• Regularly screen transactions and clients against sanctioned lists.

• Incorporate strict due diligence procedures to ensure no indirect transactions with sanctioned individuals.

• Train employees to understand sanctions and their implications.

If a client transacts with these individuals or any associated entities, financial institutions should immediately freeze such accounts and report to the competent EU authorities. In case of mere associations, enhanced due diligence should be conducted to understand the nature and extent of the connection and, if one of the abovementioned individuals is in control or significant influences the operations of a client or movement of funds, external AML/Sanctions or legal advice is encouraged.

As the situation evolves, remaining alert to updates and regulatory changes is crucial. By doing so, financial institutions will not only safeguard their operations from reputational and financial risks, but also contribute to the broader global effort to uphold human rights and peace.

#FinancialCrime #Fincrime #AML #Iran #circumvention #humanrights #Sanctions

In the rapidly evolving world of e-commerce, an increasing number of transactions are taking place online. This growth, while promoting global commerce and convenience, has inadvertently created opportunities for online scams. In particular, sophisticated merchants have learned to exploit the safeguards of dispute management programs put in place by payment service providers and acquiring banks.

To safeguard customers and maintain the integrity of their services, payment service providers and card networks like Visa and Mastercard have developed dispute and fraud card monitoring programs. These programs are designed to identify and manage accounts that have excessive levels of disputes (chargebacks) and fraudulent activities. Unfortunately, while these programs have been instrumental in mitigating many forms of fraud, they are not without their flaws.

Thresholds:

Visa chargebacks are calculated based on data collected from the first day of a given month to the first day of the following month.

Mastercard chargebacks are calculated based on data collected from a chosen date, to the same day of the following month.

The monitoring programs operated by Visa and Mastercard work by tracking the volume and rate of disputes related to a particular merchant account. Thresholds are set to trigger when disputes reach a certain volume or percentage of the total transaction. For example, in Visa's Dispute Monitoring Program (VDMP), an early warning is triggered at 75 disputes or a 0.65% dispute rate, and in Mastercard's Excessive Chargeback Program (ECP), the threshold begins at 100-299 disputes or a 1.5-2.99% chargeback rate.

The Loophole:

A potential loophole arises because these thresholds are set to consider only the absolute number of disputes, not necessarily the dispute rate. This means that if a merchant has a high dispute rate but doesn't meet the minimum number of disputes in a given month, the dispute management program won't be triggered.

Furthermore, some crafty merchants run their operations across multiple websites. By spreading out their transactions, they stay under the radar, with none of their sites reaching the dispute threshold, despite their collective operations harboring a high dispute rate. This dilution strategy makes it difficult for dispute management programs to detect fraudulent activity.

Moreover, some merchants employ a method of temporarily disconnecting their websites. By halting operations for a couple of months, they effectively reset their dispute count with many monitoring programs, which typically require consecutive months of high dispute activity to be triggered. When these merchants resume their scam activities, they do so with a clean slate, undetected by the monitoring programs.

From the perspective of an acquiring bank or a payment service provider, this presents a serious challenge. Undetected, these merchants could continue running scams, which could lead to substantial financial loss and damage to the reputation of the bank or provider. Furthermore, these illicit activities could undermine customer confidence, affecting the broader e-commerce ecosystem.

To tackle these challenges, financial institutions and payment service providers must take a more holistic and robust approach to fraud detection. This might involve considering the overall dispute rate even if the absolute dispute count is below the threshold, looking for patterns across multiple websites, and considering non-consecutive months of high dispute activity.

Advanced data analytics and machine learning techniques can also be employed to detect unusual patterns, correlate activities across different websites, and identify potential fraud before it reaches a significant level. Additionally, closer cooperation with regulatory bodies and other stakeholders in the e-commerce ecosystem could help improve the rules and practices of dispute management programs.

While the current dispute management programs play a significant role in fraud prevention, they are not perfect. As the online world continues to evolve, so too must our strategies to combat fraud. It is only through continuous learning, adaptation, and innovation that we can stay ahead of those looking to exploit the system.

#Fraud #VDMP #ECP #FinancialCrime #Fincrime #AML #Chargeback #Scam #Dispute

1. Please make sure to stay on topic. Off-topic posts may be removed by our moderation team.

2. Be respectful and constructive. Disrespectful or inappropriate content will not be tolerated.

3. Always use the search bar to see if your topic has already been covered. Duplicate threads will not be approved by the moderation team.

4. Before you post, please read and follow our Terms and Conditions. Failure to comply may result in your post being removed or your account being suspended.

5. Ensure you never share data on clients you worked with, or otherwise any data pertaining to employers or clients you may have worked, or are currently working with.

6. Utilization of this website should in no shape or form, facilitate the breaking of any laws or privacy breaches.