How 8 Countries Are Tackling Authorized Payment FraudBanking Researcher Ken Palla Shares New Report on Authorized Payment Scams
Banks and banking regulators are looking into ways to tackle authorized payment scams, from spreading the risk to other institutions to holding social media companies partially responsible. In a new report on how eight countries are handling this fraud, Ken Palla, former director at MUFG Union Bank, says banks need to focus on both reimbursing victims and stopping the problem.
Palla, who recently authored the BioCatch-sponsored report, "Authorized Payment Fraud - A Global Guide to Customer Reimbursement Models for Financial Scams," says online scams are so new that banking regulators around the world are just starting to look at rules for reimbursing victims.
In some countries, such as the United Kingdom, the definition of reimbursable authorized payment fraud is very broad, ranging from bank impersonation to fraudulent transactions and romance scams. The Netherlands, in contrast, focuses on bank impersonation scams as a reason for reimbursement.
Some countries, such as the United Kingdom and Singapore, are poised to move from voluntary rules to regulatory guidance that requires "equitable reimbursement" between the consumer, the sending bank and the receiving bank, as well as "prescriptive controls" to help prevent the fraud, Palla says.
In fact, the United Kingdom is looking into holding social media companies partially responsible because many victims are taken in on their social media accounts. "And so the U.K. is saying, 'Well, these social media companies are part of the problem,'" he says.
Ultimately, Palla says, regulators need to focus on creating reimbursement rules as well as requirements for banks to beef up security.
In this video interview with Information Security Media Group, Palla discusses:
- How various countries are currently handling authorized payment scams and how that may change;
- The benefits of holding receiving banks, social media firms and telecommunication companies responsible for reimbursement;
- Why more effort needs to be put into remediation, such as using analytics to identify mule accounts at receiving banks;
Palla helped shape the initial responses to the U.S. 2005 and 2011 FFIEC Regulatory Guidance to improve online security for U.S. banks and served as an adviser to the RSA Conference eFraud Global Forum. He also serves on the program committee for the annual RSA Conference in San Francisco.