Safeguarding Against Payment Fraud through Strategic Perspectives

Eric Bonnell, SVP, Risk Management, Atlantic Union Bank

Eric Bonnell, SVP, Risk Management, Atlantic Union Bank

“Good tactics can save even the worst strategy.Bad tactics will destroy even the best strategy.” - General George S. Patton Jr.

Military strategy is built from different perspectives: the natural formation of the battlefield, the skills of the soldiers, the intelligence available about the enemy, etc. The tactics used in battle are also based upon this perspective and need to be rehearsed and adjusted as more information is available and the conditions change.

In a similar way, understanding payment fraud from different perspectives is the key to building a mature strategy and executing tactical controls.The objective is to delay questionable transactions from going through before they can be verified and processed safely or rejected. Considering the perspectives below is key to building a layered strategy and tactical procedures to address payment fraud at your organization.

Perspective: How the Game Is Played – Policies, Standards, and Procedures

Set clear and reasonable expectations within your policy and procedures, including customer identification and authentication rules, tiered transaction limits, transaction review criteria, and a strict approval structure. With these rules in place,design the controls for the remaining protection layers.

Regularly review the policies, standards, and procedures in line with the organization's fraud trending report, business model strategy, and the current fraud risk assessment to address improvements and updates for new payment types and scenarios.

Perspective: The Wild Card – Your Customer

A compromise could and often does start with the customer and the customer’s technology. While the customer is directly out of your control, you should provide awareness and training to guide the customer in making safer choices.

Awareness topics include being vigilant against cyber compromise and social engineering as well as maintaining end-user and browser security. Also, having regular reminders and strong multifactor authentication in place will assist the customer and bring security top of mind when making transactions.

Perspective:Knocking on The Front Door – Know Your Customer (KYC)

Besides being a regulatory requirement, knowing your customer and your customer’s behavior can assist in validating the authenticity of payment transaction requests. KYC is the first line of defense in servicing a transaction and customer validation criteria should be strong and clearly defined in procedures.

“It takes a combination of technology and human inspection to be successful at finding fraud and expediting valid transactions.”

While I speak of data and technology later in this article, its impact begins here. Your data management system,along with its quality and integrity, isthe key to successful payment fraud management.Successful data management includes controls for validating the correctness of the KYC data captured during customer onboarding and throughout the customer relationship. Without good data, the conclusions made that are based upon subsequent reporting and models will be flawed or questionable at best.

In short, bad data is a primary driver of fraud loss. Failure to maintain this data is a key bad tactic and according to General Patton, it will destroy your best strategy.An organization that firmly commits to this principle, even with no other controls in place, will be more effective in the long run than an organization that may have advanced technology but bad or missing data.

Perspective: The Service Request – Submitting the Transaction

Being able to correlate recent customer activities with usual transaction types and amounts can help to identify red flags to verify before processing. For instance, a customer instituting a password change at the same time as requesting a large payment just under the approval limit may be a red flag requiring a courtesy call to verify before processing. Other red flags may include multiple transactions of the same amount to different sources, large transactions to a new payee, and a transaction sent from a newly established business approver with a personal email address.

Perspective: Technology and Analytics - AI with Big Data

It takes a combination of technology and human inspection to be successful at finding fraud and expediting valid transactions. Artificial Intelligence technology is available to pull data from multiple sources to compare a transaction against different scenarios and conditions. This data covers the different perspectives I have described. It includes customer identity and profile data, transaction history, dispute, and fraud event investigations and resolution information, and the same from other institutions. Having this information easily accessible in a big data ecosystem, rather than disparately maintained manually in a sea of spreadsheets and reports, will allow you to unlock the power of this information.

Invest in a quality fraud system and make sure to take advantage of all its functionality. Calibrating the models within this technology is an ongoing task to minimize false matches of fraud. Being staffed tomaintain the system and its models while also being able to quickly respond to potential fraudulent alerts is key to success and customer service excellence.

The Status Report: Performance Metrics, Risks, and Opportunities

Another great benefit of leveraging technology is that the results can be gathered in a single location to review and query. Data mining transactional data, includes approved transactions, prevented transactions, disputed transactions, and recovered transactions.Mining this data can provide emerging trends, top types of fraud for immediate action, and insights into what is happening. This drives policy updates, emerging alerts and controls to implement, and targeted awareness topics for your customers and your organization.


Combating payment fraud requires a comprehensive strategy that implements controls that establish reasonable limits and approvals, provide customer and employee awareness and training, establish mature identification and authentication, detect questionable situations,identifyconcerns with quality technology solutions, and specify specific procedural actions to take to deny fraudulent transactions.

An effective strategy includes gathering data from various sources and pulling queries together for identifyingemerging trends, common root causes of fraud prevention failure, and the impacts of customer and organizational financial loss. Use this data to refine your strategy, which will in turn fine-tune your tactical execution of fraud prevention. Take the words of General Patton to heart with these recommendations and build the discipline needed to prevent payment fraud.

Read Also

Leveraging Effective Communications for Strengthening Cybersecurity

Leveraging Effective Communications for Strengthening Cybersecurity

Grant McKechnie, Chief Information Security Officer, Endeavour Group
How To Think Digitally And Transform Your Organization To Win The Digital Customer

How To Think Digitally And Transform Your Organization To Win The...

Dobyl Malubane, CX Business Dev & Strategy Director, Oracle Africa
The Future Of Cloud Is Mobile

The Future Of Cloud Is Mobile

Rudi Strydom, Head of IT Operations, Technology and Architecture, Imperial South Africa
Exploring New Technological Impacts

Exploring New Technological Impacts

Melissa Orchard, Digital Hub & PDC Director, Marketing; CMI, Unilever Africa
The Human Reality Of Cyber Security

The Human Reality Of Cyber Security

Henry Denner, ICT Security Officer, Gautrain Management Agency
Zelle Fraud! Or is it?

Zelle Fraud! Or is it?

Karen Boyer, Vice President Fraud, People's United Bank, N.A.