Being a payment risk professional is challenging: you routinely have to ferret out fraudsters and expose dubious business models, often based on very limited information. Your success not only depends on your work experience, but also on your willingness to constantly educate yourself on emerging fraud scenarios, card scheme regulations, and advances in payments technology. For underwriters, compliance officers and risk managers, standing still means going backwards. You need to evolve at least as fast as your environment – or be left behind in the dust.
This sounds intimidating at first – but don’t worry, there are many ways you can get better at your job! We have compiled seven ways to become a better risk professional:
1. Read the right books
For the traditionalist, books remain the number one source of information. Though online due diligence is a relatively new topic, and the market is far from saturated, there are still a few classics that should be recommended to everyone:
Joseph T. Wells’ Internet Fraud Casebook: The Wold Wide Web of Deceit is one of them. The casebook is a collection of Internet scam case studies gathered throughout various industries by different authors and covering topics like phishing, online auction fraud, security breaches, counterfeiting, and others. Although already three years old – ancient history in terms of the internet – its real-life cases can still teach us much about the dynamics of fraud in the online space.
If you are interested in the dynamics of international cybercriminal networks, the spam community is a great case study. Lots of shady characters, government entanglements and international politics. Brian Krebs’ classic investigative report Spam Nation exposes the length to which one has to go to really understand criminal ecosystems.
If you want something specifically aimed at underwriters in the card acquiring space, Fundamentals of Card-not-present Merchant Acceptance is for you. Written by Web Shield’s own Christian Chmiel and Markus Prause, the series currently comprises three publications in two languages. All iterations taken together are a masterclass in merchant on-boarding, from its foundations to more advanced topics. Keep a lookout for the next volume, due to release at this year’s RiskConnect!
Of course, these are just some examples. In general, you can always learn a thing or two from real-life examples of (more or less) successful fraud. Many bad actors in the online space are just repackaging old scams with the current technological means. If you know the original, you are better prepared to identify any new mutations.
2. Attend training courses
A more immediate, interactive and often time-saving alternative to books is training. A simple Google search yields several results on due diligence trainings or online investigation courses. However, to find something explicitly focused on merchant onboarding, online fraud detection and card scheme regulations, is far more challenging.
Training for acquirers does exist, though the options are few and far between.
In terms of online courses, Visa Business School is a sure bet. As the name indicates, their focus lies on payments administered by Visa: from risk management strategies to ways of increasing payment transactions. Their Understanding Merchant Acceptance and Acquirer Business Fundamentals are two highly recommended courses for anyone who wishes to learn more about Visa’s payment acceptance rules and procedures as well as how to run their acquiring business.
Like Visa, Mastercard has also developed an e-learning platform where you can study their rules and standards as well as dispute resolution processes and compliance programs. No one can clarify Mastercard’s process and programs better than they do, and the best thing is: all online modules are free of charge, so feel free to explore as much as you can! One of the most relevant modules every underwriter should know is Mastercard’s Business Risk Assessment and Mitigation Program (BRAM). It covers the basis of underwriting a merchant and features an instructional case study which illustrates the potential risks associated with the card-not-present sale of prescription medication.
Apart from the card associations, the Electronic Transactions Association’s (ETA) online course on guidelines for underwriting is also of note. It teaches attendees comprehensive merchant underwriting, risk monitoring, and ISO oversight policies.
Online courses are one thing, but they can’t replace the engagement and interactivity of an in-person training. Our own Web Shield Academy is a great example: It introduces a whole host of important issues, some by guest speakers, and backs them up with real-life test cases of high-risk merchants that have to be investigated alone or in groups.
It would be amiss of us if we wouldn’t mention the Association of Certified Fraud Examiners (ACFE) here. With almost 85,000 members, it is the world's largest anti-fraud organization and provides its members with anti-fraud education. Their focus is far broader than the specialized Web Shield Academy: They cover the topics of investigation and examination, ethics and compliance, financial transactions and fraud schemes, among others. There are several options to learn with the ACFE: attend their live events, use a self-study course or take advantage of their online resources, all of which can be accessed via their website, if you are a member.
3. Join trade organisations
In any industry, trade organisations offer unique avenues of cooperation and knowledge exchange. These groups play a key role in communicating news, providing education, and encouraging networking among their members. Some organisations you should be aware of in the payments space are the MAC – Merchant Acquirers’ Committee, ETA – Electronic Transactions Association, IRTA – International RegTech Association, ACAMS – Association of Certified Anti-Money Laundering Specialist and EPA – Emerging Payments Association, to name but a few.
However, being part of these organisations doesn’t come cheap. All of them have certain annual membership fees that vary according to your organisation type or subscription choice. Depending on your budget, you may have to prioritize the ones which make the most sense for your specific market niche.
4. Subscribe to newsletters
Risk professionals should be aware of the general state of the industry as well as developments in their specific field of expertise. One of the most effective ways to do this is to follow payments news channels: It’s easy, often free of charge, and you have lots of choices! However, that many options may make it hard to pick the most relevant ones.
Our suggestion would be to research and categorise your findings, then select the ones that make the most sense for you out of each category (a reasonable maximum would be three). This makes sure you cover the news from all corners of the payments ecosystem, while avoiding being buried in emails.
As an example, we have laid out some suggestions for four relevant categories:
- Regulators & Law Enforcement: They are the primary source for legal actions against criminals like scammers and fraudsters – indispensable knowledge for underwriters having to rate similar business models. If you are mainly operating in the US (or are interested in their enforcement trends), you should at least subscribe to the Federal Trade Commission - FTC, Food and Drug Administration – FDA, and The United States Department of Justice. There are domestic equivalents to these agencies in most countries.
- Investigative Journalists: If you want to know about shady business dealings before law enforcement acts, investigative journalism is your friend. Two bigger projects to recommend are the International Consortium of Investigative Journalists - ICIJ known for the famous Panama Papers, as well as the Organized Crime and Corruption Reporting Project – OCCRP, but there are many more out there.
- Payments News: There are a bunch of payments newspapers and magazines. They deliver insights into every corner of the industry, publish their own research, reports, and thought leadership pieces – most of which are accessible through their newsletters. Here are some examples you probably already know about: The Paypers, PYMNTS.com, Payments Cards and Mobiles, the Nilson Report. Find the ones that do the best job covering the topics you need and subscribe. Piece of cake!
- Payments Companies: Because they understand the underwriter’s dilemma – high demand for industry news but a shortage of time – some companies are offering regular newsletters that summarises the most relevant information. Web Shield’s Newsletter, for example, has this mission: to help audiences save time while conveying the most important news items. All you need to do is subscribe.
In the end, how to segment your news channels is totally up to you and highly depends on your own field of expertise. It should also be noted that your list of newsletter subscriptions should evolve over time: If the information provided isn’t relevant anymore, unsubscribe – and sign up to new sources of information you find when exploring.
5. Follow thought leaders
We don’t suggest to blindly follow a leader, but there are undoubtedly some people out there with insights you can profit from. Their blogs are quite similar to journalistic news channels, but often feature their own, idiosyncratic voice. Two quite interesting blogs for underwriters are Ethan Vanderbuilt and Brian Krebs’ KrebsonSecurity.
Ethan’s blog focuses on reporting business opportunity scams, and his articles are often a good first sign that something shady might be going on. Brian, on the other hand, writes about a broad range of topics: online crime investigations, the latest digital threats, security updates, data breaches and cyber justice. His articles often open areas of enquiry you did not think about previously.
What else is there to do? We would recommend connecting and networking; in the fight against fraud, risk experts are stronger together. Attending an in-person training course is an option here, but there are some further steps you can take:
6. Join an online community
If your aim is to connect internationally, a LinkedIn account is a must-have. If you already have one, join some payments-related groups to really take advantage of the platform.
Each LinkedIn group is a forum where people come to exchange knowledge and build relationships. If you don’t know where to start, here are some suggestions:
- Risk Managers
- Payment, Fraud & Crypto Professionals
- Payments Experts
- Compliance & AML Professionals
- Fraud Prevention Specialists
- Payments Executive Group
7. Participate in events
The endless possibilities of the digital world, especially in the payments space, may sometimes leave you under the illusion that simply engaging online is enough. But meeting face-to-face adds a whole new layer to your client or peer relationships. Therefore, attending conferences, trade fairs and workshops is indispensable.
The question is, what events to attend? Lists like the one compiled by The Paypers give you a good overview of the international event landscape.
If expanding your network is on your agenda, don’t miss RiskConnect, the networking conference for risk and compliance professionals. During the two-day conference in November, thought leaders and industry experts come together to discuss the newest challenges facing the industry and provide hands-on knowledge. If risk, fraud and compliance in card acquiring are your cup of tea, RiskConnect is for you.
This completes the list – for the moment. Of course, it is far from exhaustive and we will undoubtedly add new points in the future as well as expand on existing ones, but from our perspective if you follow the points above, you should get you on the right track pretty quickly.