With frictionless underwriting, it’s easy to sign up for merchant accounts in seconds. If that’s the case, what’s to keep bad actors from signing up for multiple accounts, with multiple service providers?
In the latest in our series of industry perspectives on frictionless onboarding, we talk to Danny Klein, the COO of cyber risk intelligence provider EverCompliant, about how risk has evolved along with the practice.
He explains how frictionless onboarding can be used not only to hide one illegitimate business behind a single front, but also to create a more complicated network.
Klein points out that there are valid reasons the payments system required extensive data collecting to open merchant accounts in the first place.
“Any form of risk that you can think of, from credit to fraud to money laundering – anything that drove the banking system not to do that is now an exposure, basically,” he said.
In a typical example of transaction laundering, people set up shell businesses and web sites that enable them to sell prohibited goods while pretending to conduct legitimate business.
But the risk has also evolved to include many more instances of people who use a network of fake businesses to launder money, Klein said. The ease with which businesses can set up merchant accounts enables bad actors to move money through multiple transactions, making it much more difficult to track.
“So in terms of payment methods,” Klein said, “think about how you can use a prepaid card to finance an e-wallet to then transact through a PSP like PayPal or one of those payment services, and then you can use a credit card transaction against that account as well.”
“They go through so many payment methods and value holders in the chain that it’s very hard to really track the original. You can set up a complex network of B2B and B2C web sites and transact between them, layering activities that would be hard to detect,” he said.
What does this level of risk mean for the practice of frictionless underwriting?
“The most naive thing to do is to say, ‘let’s stop frictionless onboarding,’” Klein said. “That’s fighting the market, and that’s fighting technology.”
Instead, the solution is effective monitoring that evolves with the system, fighting technology with technology.
As commerce increasingly moves online, the needs of risk management have changed anyway, Klein said.
“A lot of the KYC data which is collected traditionally is becoming less and less relevant in the digital world,” Klein said.
In today’s environment, he said, risk management requires paying closer attention to a company’s footprint on the web. Relevant monitoring includes understanding what countries web sites originate from, how they are connected, and who operates them, for example.
Ultimately, Klein said, frictionless onboarding is worth its unique risks. It has enabled businesses that wouldn’t have otherwise had the ability to get a merchant account to operate, and that’s a good thing.
“When you talk about risk, it’s kind of easy to focus on the bad guys,” he said. “But we need to remember that the vast majority of the customers of those frictionless onboarding providers are good guys – people with no access to process payments.”
“Like any other technological advance, it’s a good thing. It brings a lot of value,” Klein said. “It opened a gap on the risk and compliance side of things. That always happens. That’s not the first, maybe the second, maybe the third thing that people are thinking about, but we can bridge that gap.”
“Then you have better service for more people, and you include more parties in the economical and the business game, the commercial world, and the same time, you don’t have to compromise on your risk controls and on your compliance with regulations.”