Trends in Ecommerce: Globalization and Digital Transformation
Skip to content
July 5, 2023

As financial crime schemes and tactics evolve rapidly, the ability for payment providers customize risk assessment becomes more and more critical. A one-size-fits-all attitude is not viable for financial institutions, payment providers, and marketplaces looking to mitigate risk, ensure compliance, and position their businesses for growth. That’s why, over time, many PSPs and acquirers have turned to a risk-based approach.

What is a risk-based approach?

A risk-based approach requires payment providers to identify the financial crime risks inherent to their particular business, and determine a set of actions to mitigate and manage those risks. This methodology enables you to allocate resources based on areas of risk: applying more enhanced controls where the risk is greater, and fewer controls where the potential risks are lower.

The ability to customize your risk tolerance, categories, and even how you view and sort your findings (which is where the EverC Rules Customizer really shines) are essential to implementing a risk-based approach effectively.

Here are 3 key reasons why:

1. RBA alignment: Industry experts widely support a risk-based approach as the best strategy for mitigating risk in today’s complex threat landscape.

Even more importantly, taking a risk-based approach is required under financial regulations, and is included in the recommendations from the Financial Action Task Force (FATF). FATF is a global watchdog organization that sets international standards for mitigating the risk of financial crimes like money laundering.

In order to take a risk-based approach, each organization must first complete a risk assessment to determine the types of adverse risks that are present. Then it should take these identified risks as a basis for its risk appetite. This process will inform the risk management framework, which includes setting compliance controls, policies, and procedures to align with its risk appetite.

Risk management technology must be dynamic to align with an organization’s risk management framework. The solution must not only assess risk at onboarding, but provide continuous, ongoing monitoring to detect new issues as they arise, with the flexibility to evolve as threats, RBA, regulations, and other parameters change.

2. Rapidly evolving threats: Today’s threat landscape is made up of financial criminal networks collaborating to develop tactics that inflict the most damage or get away with the most money.

In our recent publication The 2023 Threat Landscape: A Report on Trends in Illicit Ecommerce Activity, we described the new, unified threat landscape: “It’s not just a criminal. It’s a criminal network that can levy a disastrous impact on everyone in the ecommerce chain — from buyers, to sellers, to the banks and acquirers that enable payment processing, to the giant marketplace platforms where all these players join up to conduct business.”

We’re fighting criminal entities that are fast, persistent, and adept. Your risk management solution must be customizable to keep pace with threats as they change, as well as be able to handle new threats as they emerge.

3. Changing regulations and card scheme guidelines: Regulations aimed at protecting consumers from bad actors are being strengthened. Regulatory scrutiny continues to intensify at the international, national, and regional levels.

In addition, card schemes like Mastercard and Visa have their own rules in place that must be followed in order to use their services.

The consequences of regulatory or card scheme non-compliance can be devastating, ranging from heavy fines and penalties, to off-boarding by banking partners, to irreversible brand and reputational damage.

Again, this is where having a customizable solution is essential -- an organization must be able to assess specific risk and maintain compliance with in every region where business is conducted.

Customization and innovation 

As part of our MerchantView platform, the EverC Rules Customizer offers the capability to continuously monitor merchant risk, while taking into account your organization’s RBA and unique needs.