Data as Enabler of Risk Mitigation
Context
Data is essential to understanding and reacting to fraud
The ability to mitigate fraud risk is dependent on ecosystem stakeholders having a clear understanding of the types of frauds that are occurring, a shared language to describe them, and an awareness of the vectors and methods through which fraud is perpetrated. The ability to appropriately capture, analyze, and responsibly share this data is essential to successful fraud risk management. For example, regulators often require DFSPs to submit fraud data for analysis and to better understand fraud trends and use these to inform standards and policies.
Role of the IIPS
IIPSs provide data-sharing guidelines, methods, and environments to affect fraud risk mitigation
The effectiveness of tools implemented by DFSPs and IIPSs is highly dependent on the availability and quality of the inputs (data and information). Appropriate data and information sharing increases fraud mitigation efficacy.
DFSPs should have mechanisms in place to capture and analyze transaction data to identify patterns that may indicate a transaction is suspicious; a transaction may be assigned a risk score to indicate the likelihood that it may be suspicious.
IIPSs can also benefit from receiving DFSP data. For example, access to DFSPs’ ON- and OFF-US transaction data, including which transactions are confirmed by DFSPs to be fraudulent, is critical for the IIPS to evolve effective transaction monitoring tools since the data informs what constitutes a typical versus unusual payment pattern.
Similarly, DFSPs can benefit from IIPS data. Expanding and complementing DFSPs’ activities, IIPSs should have rules and procedures that allow them to identify suspicious payment patterns and notify DFSPs accordingly. Similarly, they may identify bad actors with goal of preventing a bad actor from holding accounts at multiple DFSPs.
Balance data and information sharing with necessary security and privacy measures
Data security and privacy guidelines are critical to ensure data is protected and used responsibly. More specifically, data security controls need to be in place to ensure that all data is collected, stored, and transmitted in a way that prevents access and use by unauthorized parties. Data privacy controls ensure that consumer data is collected in a transparent manner and used with consumers’ express consent.
Regulators play a vital role in defining consumer and data protection guidelines that the scheme rules should echo and potentially, build upon. Together with law enforcement entities, they also must ensure that the laws and regulations are followed, that fraudsters face repercussions, and that end users and their data are protected.
Data sharing is a powerful tool in fraud mitigation. But in the wrong hands, consumer data can also be used to commit fraud and undermine consumers’ trust in digital financial services. As a result, fraud data collection and sharing approaches must be supported with strong consumer and data protection regulations.
Next Topic in this Section: Spotlight on Brazil’s Pix