Blogs

Risk, Verticals and Supporting Law Enforcement Efforts

By Sean Carter AAP, APRP, NCP posted 01-29-2019 17:35

  

I recently had the pleasure of attending the Cybersecurity Conference and Roundtable in Bridgeport, CT. I’m always thrilled to be invited to industry events focusing on payments and found this event particularly fascinating as the attendees were primarily municipalities, towns and state government employees, all focusing on cybersecurity.

 

When looking at risks related to processing payments, there is sometimes a habit of focusing on risk solely by the payment or type of payment – especially if you’re comfortable with pushing out credits and less comfortable with debits.  This discussion at the event, however, looked at payments risk by vertical market to determine what is unique about these different environments and how these differences may increase risk. As an example, this vertical (state and local government) is a high target simply because they “check a lot of the bad guy boxes”. Looking at this vertical, you can see very specific risk areas because they: have personal data, send and receive a lot of payments, and use processes and systems that have been in place for a long time. When you look at payments risk by verticals it may actually make your risk management program more efficient.  Debits and credits will always matter in payments but this approach identifies who and what is behind the debits and credits – all worth exploring as a pillar of your risk management program.

 

What part can you play? Timeframes for returns and disputes under payment system rules and regulations are often more like road blocks than solutions when helping consumers and corporates who have been targets and victims of payments fraud. The speakers, two law enforcement members, were discussing how an FBI Taskforce they participate in, investigates cybercrime and how they are having unprecedented success in retrieving funds for victims. The team treats cybersecurity like a management project and rely heavily on a collaborative site – www.ic3.gov. The site accepts online Internet crime complaints from either victims or third parties.

 

I have heard from a number of members how frustrating it can be to tell account holders you cannot help but sometimes your hands are tied due to rules and regulations. Getting creative and not being averse to collaboration, you may now have a very helpful tool. In terms of cybersecurity, the law enforcement speakers felt that sharing this tool with your account holder might be giving them all the help they need.

 

 

2 comments
43 views

Related Content

Permalink

Comments

Sean Carter AAP, APRP, NCP
01-30-2019 12:14

Hi Karen,

This would be the grouping of like businesses or customers.   You could have a vertical like Healthcare customers that has a different risk profile then say a trash collection company.  Looking at them the same by payment type debit vs. credit is not wrong or insufficient but is there a better way to looking at payments risk and focus on the end user as well as credit vs. debit or payment channel they are using.

Karen Bradway NCP
01-30-2019 11:21

In the paragraph below you lose me, I am not familiar with the term vertical market, can you give me the definition of what a vertical market is? Is this just another term used when creating groups when putting together data? "​This discussion at the event, however, looked at payments risk by vertical market to determine what is unique about these different environments and how these differences may increase risk. As an example, this vertical (state and local government) is a high target simply because they “check a lot of the bad guy boxes”. Looking at this vertical, you can see very specific risk areas because they: have personal data, send and receive a lot of payments, and use processes and systems that have been in place for a long time."