Scaling is the dream of every startup — but doing so without adapting and expanding fraud indicators means that dream can quickly become a nightmare.
According to Experian data, financial fraud against small businesses has increased by 70% since the start of the Covid pandemic, costing them billions annually.
So, how do you stay ahead of fraud? In the latest Sifted Talks, we explored how operational strategies can drive growth for startups while building and maintaining customer confidence.
Our panel of industry experts were:
- Nida Sattar, product director for payments and current accounts at Allica Bank
- Shaun Puckrin, chief product officer at GoCardless
- Adrian Jenkins, general manager EMEA at Seon
- Dmitrii Vasin, head of compliance products at Anna Money
1/ Rapid growth introduces new fraud risks
Sattar said if you're a business looking at new cohorts of customers, entering new markets or launching new features, it’s important to think about how that might interact with existing internal systems and their management of fraud.
This, she said, is key because some systems might not be set up in a way that will effectively catch fraud it hasn’t seen before.
“Rapid growth is widening the attack surface. Criminals might actively be targeting companies like this because they think there are vulnerabilities they can exploit.” — Nida Sattar, Allica Bank
2/ Adapt your compliance approach to the user profile
Futureproofing compliance networks is particularly crucial for fintechs, and an end-to-end approach is key. From onboarding to their ongoing customer journey, it’s a constantly evolving situation and relationship. The panel agreed that user profiles must be considered when planning an approach to this.
Puckrin recommended businesses keep atop of the ecosystem by talking to suppliers and keeping the dialogue open at all times.
“Naturally, companies will acquire different types of profiles, from SMEs or individuals. Based on how you acquire them or who you are targeting, you need to understand and see potential patterns and use them later down the road.” — Dmitrii Vasin, ANNA Money
3/ The industry could benefit from expanded communication infrastructure
Vasin noted how invaluable it would be to Anna Money and the industry as a whole if there was a system in place that allows fintechs to communicate with potential victims that are outside their client base — indeed, if the fraudster was actually their client.
Puckrin said this infrastructure not being in place is a “classic network problem”, where finding the central point is tricky, especially when those holding the information are looking to monetise it.
However, he also noted that he’s starting to see bilateral agreements, particularly between acquirers and issuers, where they are willing to share their full scores, and say 'here's a transaction that's coming through, I've scored it like this, what do you think?' Puckrin said he thinks this is a positive move.
“It's hard, it's valuable information, and there's asymmetry within the ecosystem as to what the value of that information looks like.” — Shaun Puckrin, GoCardless
4/ Hiring relationship managers can be invaluable
Sattar said Allica Bank uses relationship managers in its approach to client communication. The bank’s clients have a dedicated relationship manager, which she said helps them to understand regular behaviours and then flag anything that might look suspicious or not in line with general customer activity.
Examples of red flags include trading in many more countries than noted during onboarding and having a significantly higher turnover than predicted. There are also biometric-related indicators like new IP addresses or device pairings and different keystrokes.
“The fundamental point is that you have to connect the signals because in isolation, they wouldn't tell the full story.” — Sattar
5/ New regulation makes businesses double down on fraud protocol
From October last year, the Payments Services Regulator (PSR) enforced new rules that mean payment systems providers (PSP) must compensate APP fraud victims up to £85k within five days, with certain exceptions.
The panel agreed that while the new ruling hasn’t changed their already-stringent fraud protocols, it has reinforced the service they want to provide to their customers. Sattar noted it’s a good thing that fintechs now have to follow similar sets of rules, uplifting some of the compliance and control framework that exists in the industry as a whole.
“A lot of companies will have various signals and controls in place [to detect fraud] but they're not necessarily always complete. Those incremental differences can have a massive impact on specific fraud use cases.” — Adrian Jenkins, SEON
