Is Frictionless Onboarding Too Risky?

With frictionless underwriting, it’s easy to sign up for merchant accounts in seconds. If that’s the case, what’s to keep bad actors from signing up for multiple accounts, with multiple service providers?

In the latest in our series of industry perspectives on frictionless onboarding, we talk to Danny Klein, the COO of cyber risk intelligence provider EverCompliant, about how risk has evolved along with the practice.

Read More

Podcast: What You Don’t Know Can Hurt You

This week, we talk with Chris Bucolo, director of market strategy for managed security service provider ControlScan, about e-commerce security.

When they take on payments, companies jump into a complex system where all parties are responsible for maintaining data security.

In some cases, payment facilitators are companies that have created applications that work well for the vertical they serve. But they may not always be aware of all the risk elements associated with that application.

Read More

Payment Facilitators and Risk: How the Market Views Submerchants

There is plenty of evidence that the payment facilitator market will grow significantly over the next few years. There are multiple drivers for this growth, including the belief that the increased complexity of compliance/security requirements for merchants will generate more interest in this payments model.

Although there is general agreement that the growth potential is large, there is a divergent set of opinions on how risky the model is, and how risk needs to be approached.

Read More

Are APIs Vulnerable? Two Crucial Places PFs Should Focus Now to Help Mitigate Risk

In the payment facilitator world, APIs are everywhere you look. In many cases, they’re the mechanism that allows the system to work – enabling payments infrastructure to integrate with other functions in a way that solves businesses’ unique problems.

So not surprisingly, API security is a hot topic. Does the use of APIs leave merchants more vulnerable to fraud? What are the special security considerations?

Read More

Unregistered Third Party Regpack’s Exposure Of 324,000 Transactions Proves A Cautionary Tale For PFs

A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.

In addition to making sure their own houses are in order, they bear responsibility for their submerchants and service providers as well.
PFs who control all aspects of the card entry, where it’s impossible for a transaction to enter outside of their interface, may be able to certify compliance on behalf of all their submerchants. However, if any submerchant or service providers could conceivably get access to card data, the PF must ensure they are certified and registered. BlueSnap had to learn that the hard way.

Read More

If Chargebacks And False Declines Are The Problem, PFs Are A Solution

Chargebacks and false declines present many problems to merchants and issuers alike but where there’s complications, there’s payment facilitator opportunity, says one risk management expert.

“Whereas merchants may not be familiar with all aspects of payment processing and risk management controls, payment facilitators provide affordable accessibility to systems, knowledge and focused expertise that may otherwise be unattainable,” says Marcus Smith, the senior vice president of risk management for processor iPayment Inc. “Due to scale and buying power, payment facilitators can also allow merchants to benefit from their data acquisition, proprietary and third party technology and other value added service that meet the needs of their aggregate clientele. Ultimately, payment facilitators can eliminate various administrative costs and distractions allowing merchants to place their money, time and attention on managing and growing their business.”

Read More

Global Mobile Brew Is Strong

Turkish coffee is almost as strong as Turkish use of mobile devices for banking and shopping and payments, but not as strong as the payments industry action in Europe. The Turks led a group of 15 countries in most of the categories of questions asked about mobile device usage for a recently released report on mobile banking, mobile shopping and mobile payments conducted for ING International by Ipsos.

The report is titled ING International Survey Mobile Banking 2016 but as ING economist Ian Bright explains, one thing has led to another, as it usually does in fintech, and banking only scratches the surface now, four years after its first mobile banking report.

Read More

How To Get Cracking On Your PayFac-ing

There are at least two great reasons to jump into the payment facilitator game– increased revenues and market share—and many many tools to help. One of those tools is advice from the hard-won success achieved by those who have made the leap.

In a session on the ins and outs of starting a payfac at the second annual Payment Facilitator Day at Transact16 in April, Kevin Harris of RunSignUp said training people was more of a challenge than software concerns, and David Weiss of Yapstone shared the difficulties of international expansion. Nick Starai of gateway tech company NMI told the audience to concentrate on the business they know best rather than focus on technological bells and whistles. The highlights of the discussion fill this week’s podcast, the next best thing to having been there.

Read More

Fraud And Compliance And Rules, Oh My!

The pain of keeping all the rules and regulations straight for a payment facilitator is only exceeded by the pain of not keeping them straight. A PF has to protect itself from merchant problems with underwriting and monitoring, while adhering to the mandates from card brands and acquirers. It’s a lot now, but as everyone knows, there’s more coming.

As heard in this week’s edition of the podcast, the best PFs can do to mitigate excessive regulation from without is to do more within, said Rich Consulting president Deana Rich, moderator of the session Emerging Threats Cage Match: Compliance v. Fraud at the second annual Payment Facilitator Day at Transact 16 in April.

Read More

A Surreal Peek Into The Payment Data Underworld

If you’re in the mood for a truly surreal peek into the stolen payment card data market, check out this profile of a data-seller called Joker’s Stash, over at KrebsOnSecurity. This vendor’s employees, solely selling illegal stolen data mind you, “set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service.” Heck, it’s hard enough to get legitimate retailers to do that.

Indeed, the Bitcoin-accepting company markets itself as proudly only selling data that it’s own people stole, as opposed to selling what any lowlife on the street steals. And it offers limited guarantees: “All sales are final, although some batches of stolen cards for sale at Joker’s Stash come with a replacement policy — a short window of time from minutes to a few hours, generally — in which buyers can request replacement cards for any that come back as declined during that replacement timeframe.” Even their loyalty program is better than that offered by some large retailers.

Read More