Executive Fraud Forum October 30, 2013



Similar documents
Payment Processor Relationships Revised Guidance

FDIC Updates Guidance on Payment Processor Relationships

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

Third Party Payment Processors Job Aid

Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers.

THIRD PARTY PAYMENT PROVIDERS

Managing TPPPs and TPSs in the Current Regulatory Environment

ACH and Third Party Payment Processors

Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008

Office of Audits and Evaluations Report No. AUD

Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper

Third-Party Senders Risks and Best Practices

Electronic Transactions Association Guidelines on Merchant and ISO Underwriting and Risk Monitoring

Third Party Payment Processors: Relationships, Guidance, and Case Examples

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections

Payment Systems Today: Latest Legal and Regulatory Challenges

Executive Summary. Guidelines on Merchant and ISO Underwriting and Risk Monitoring MARCH 2014 COUNSEL DEVELOPED BY

Information Technology

October 9, Re: Comments on Third-Party Sender Registration Proposal. Dear Ms. Bondoc,

KYCC Strategies for Managing Third-Party Payment Processor (TPPP) and Third-Party Sender (TPS) Risk

In This Presentation:

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control

ACH Operations Bulletin #1-2014

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think

STATEMENT STUART F. DELERY ASSISTANT ATTORNEY GENERAL CIVIL DIVISION

RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions

Identifying Key Risk Indicator

ACH Operations Bulletin #2-2013

O OCC BULLETIN OCC Automated Clearing House Activities. Risk Management Guidance

NCUA LETTER TO CREDIT UNIONS

Knowing your customers and their customers and their customers and so on and so on

Do You Know Who Your Closing Agent is? MBA's Risk Management and Quality Assurance Forum September 9-11, 2012 Omni Dallas Hotel Dallas, TX

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.

Facts About FACTA Red Flag Identity Theft Prevention Program

Evolving Legal and Regulatory Landscape for Lead Generation

Legal Ramifications of Operation Choke Point By Peter Weinstock, Hunton & Williams LLP 1

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Identity theft prevention program and red flag compliance policy.

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

Compliance and Operational Services for Online Lenders

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

Regulatory Compliance - What You Need to Know. John Zasada Principal CliftonLarsonAllen John.zasada@claconnect.com

IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF NORTH CAROLINA

Risk Management of Remote Deposit Capture

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

WiFiAccessCode: LEADSPEDIA Follow at #leadscon Thursday, 4:00 4:45PM

Red Flag Rules and Aging Services: What You Need to Know

8 Hour MA SAFE Comprehensive: Key Topics for MLO s. Syllabus. Course Provider

Chicago Region Regulatory Conference Call July 29, 2014 DON T FORGET ABOUT DEPOSIT REGULATIONS

Unlawful Internet Gambling Enforcement Act of 2006 Overview

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

Client Update FinCEN Proposes Anti-Money Laundering Rules for Investment Advisers

Selecting a Secure and Compliant Prepaid Reloadable Card Program

Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation

IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE OF ADDRESS REGULATIONS Examination Procedures

Going All In on Board Reporting

Credit Repair: Self-Help May Be Best

CREDIT REPAIR SERVICES (California Civil Code et seq.; 15 U.S.C.A et seq.)

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions

UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP)

I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

Bank Secrecy Act/ Anti-Money Laundering Examination Manual

CONFERENCE OF STATE BANK SUPERVISORS AMERICAN ASSOCIATION OF RESIDENTIAL MORTGAGE REGULATORS NATIONAL ASSOCIATION OF CONSUMER CREDIT ADMINISTRATORS

A Cautionary Tale Plus Cross-Channel Risk

Transcription:

Executive Fraud Forum October 30, 2013 Payments Fraud Trends Mary Kepler, Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta Judy Long, Executive Vice President, First Citizens National Bank Michael Blume, Director, U.S. Department of Justice Josh Burke, Trial Attorney, U.S. Department of Justice Charles Baxter, Special Agent, United States Secret Service The views expressed in this presentation are those of the presenters and do not necessarily reflect the views of the Federal Reserve Bank of Atlanta, First Citizens National Bank, the U.S. Department of Justice, or the U.S. Secret Service. 1

The Problem: Changing players, changing risks Agenda: Third Party Payment Processors Risks & Regulatory Considerations Bank Risk Controls Case Studies Building Relationships with Law Enforcement 2

Third Party Payment Processors Perform payment services for businesses and stand between the bank and merchant Brick and mortar or online and mobile merchants Legitimate, high risk, and illegal merchants Provide various payment transactions, particularly ACH Remotely created checks HIGH RISK MERCHANTS/ACTIVITIES: Ammo sales Gov t grants Pharma sales As seen on TV Gambling Pornography Credit repair services Pay day loans Telemarketing Other payment processors (nested processors) 3

Remotely Created Checks: Volumes unknown but risk high Check created by merchant or third party payment processor with buyer s account number, no signature Difficult to identify no MICR identifier After the fact: mounting returns indicate trouble 4

KYC and KYCC TPPP Due Diligence and Monitoring Onboarding and due diligence: Know business line of TPPP s customers Visit TPPP, review website and marketing materials Understand TPPP s procedures for due diligence and monitoring of its customers Ongoing monitoring: Consumer complaints and returns, set thresholds Set transaction volume limits Audit processor periodically Require reports from TPPP on new customers and return rates of customers RED FLAGS: TPPP splitting volume between multiple banks or history of moving from bank to bank Consumer complaints re: unauthorized, misrepresented, strong arm tactics High rates of unauthorized returns 5

Regulatory Responses and Resources Responses: Require bank to terminate relationship with TPPP Take informal or formal enforcement actions Impose civil money penalties Invoke Section 5 of the FTC Act: prohibits unfair or deceptive acts or practices affecting commerce, and bank may be viewed as facilitating TPPP s or merchant s fraudulent activity Resources: FDIC Supervisory Approach to Payment Processing Relationships with Merchant Customers that Engage in Higher-Risk Activities (FIL-43-2013) September 27, 2013 FDIC Revised Guidance on Payment Processor Relationships (FIL-3-2012) January 31, 2012 FinCEN Advisory on Risks Associated with Third-Party Payment Processors (FIN- 2012-A010) October 22, 2012 6

Bank Risk Controls Financial Institutions should assess risk tolerance in overall risk assessment program & develop policies & procedures addressing due diligence, underwriting, & ongoing monitoring of high risk payment processor relationships. FI should ensure agreements with payment processors provide terms and conditions of overall program. 7

Bank Risk Controls - ACH Know Your Customer Enhance Due Diligence Effective Underwriting Increased Scrutiny & Monitoring of High Risk Accounts for an Increase in Unauthorized Returns Charge Backs Suspicious Activity and/or Consumer Complaints 8

Bank Risk Controls Implement risk mitigation policies & procedures that include oversight & controls appropriate for the risk & transaction types of the payment processing activities. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information