Best Practices in Merchant Onboarding and Monitoring
If you’re a merchant acquirer or payment service provider (PSP), onboarding merchants is key to your growth. Of course, you want more merchants, bringing in more transactions. However, onboarding questionable merchants that authorize fraudulent transactions results in charges and losses that impact the bottom line.
How can you balance the trade-offs, ensuring that you can quickly and seamlessly onboard good merchants while preventing bad merchants from hurting your business? In a new report, the Aite Group looks at: Balancing Risk and Return: Best Practices in Merchant Onboarding and Monitoring. The global payments space is growing rapidly and changing quickly as the sophistication of both the technology and fraud attacks advances. The report looks at best methods and technologies that you can use now to improve risk assessment, monitoring and management.
Before jumping into the report, let’s consider other, related best practices. For US banks, the Office of the Comptroller of the Currency (OCC) provides Risk Management Guidance. One of the major recommendations of the guidance is to “adopt risk management processes commensurate with the level of risk and complexity of its third-party relationships .”
This risk management approach is very applicable for onboarding merchants:
- What is the transaction level of the merchant and their network?
- What industry and segments do they do business in?
- What transaction amounts and range?
- What channels are they going to use?
- What countries are they operating in?
- What resources are necessary to properly vet and monitor the merchant?
As not all merchants are the same, the level of risk and amount of due diligence checks necessary change accordingly.
While there are differences in the level of due diligence, there are standards that must be met. There are legal compliance factors, such as AML, KYC and KYCC. There are standards and rules of the card networks; they demand that there are specific legal contracts with all merchants that control the relationship with all 3rd parties. There are also rules for credit underwriting, as the merchants are in effect offering unsecured loans.
There’s a seven-step process to successfully onboard a merchant:
- Identity verification/KYC
- Merchant history check
- Business and operational model analysis
- Web content analysis
- Information security compliance
- Credit risk underwriting
One key component to creating a more successful onboarding process is automation. A major pain point for the industry is manual work, such as data entry, which might have to be done multiple times. Manual work slows the process down and also introduces points of failure in the system. Manual work also adds a significant cost to the process. This is not to say that people should not be in the process at all. Rather, people should focus on spotting fraud, not on data entry.
Automation also enables smoother integration between the steps. If data is digital from the start, then the entire process has the potential for automation, especially in the case of smaller merchants. New risk assessment automation, as well as integration and optimization tools, are on the market, so dramatic improvements are already possible.
Merchant acquirer’s or PSPs can’t stop their risk management after onboarding . What if a merchant fundamentally changes the nature of their business, or the volume of transactions or transaction amounts dramatically change? A change in the risk criteria requires reassessing the merchant; as they can already be doing damage, the quicker, the better.
Ongoing monitoring should watch for:
- Spikes in activities
- Exceeding thresholds
- Out of area or unusual cross-border activities
- Changing website products or links
- Inclusion of people on sanction lists
- Adverse media mentions
While monitoring automation has already seen great success, there’s an issue with false positives. It’s difficult to fine-tune the matches, so the industry seems to accept that it’s better than the alternative. There’s also issues when merchants go into new segments, or offer new channels as the technology doesn’t seem to keep up with these changes.
The industry is getting tougher to compete in. There’s more competition, encouraging growth in higher-risk segments and markets. There’s a rise in CNP fraud, as counterfeit fraud becomes more difficult . There’s a demand for new channels as eCommerce and mobile commerce gains ground. The complexity and breadth of compliance requirements are expanding. As Aite notes: “Risk and compliance projects will take an increasing share of the investment budget available for business innovation .”
Technology though, offers hope to the situation. The ability to digitize procedures that were previously paper driven, to automate manual processes, and to analyze and assess risk using advanced data analysis tools provides opportunities to dramatically improve the merchant onboarding process. Merchant acquirer’s and PSPs that embrace new technologies can lower costs and generate better returns while successfully managing risk.
If you’re interesting in learning more about this topic, consider attending the K(NO)W Identity Conference on May 15th – 17th in Washington, DC). Stephen Ufford, Trulioo’s CEO, will be on a panel, Facilitating eCommerce in a World Where Everyone is a Merchant. As the payments space continues to grow in size and complexity, merchant acquirers and their partners face new challenges to manage risk. On a global level, fraud continues to migrate from the physical world to the fast-growing CNP environment. At the same time, the acquiring value chain has become more complex with the growth of payment facilitators and marketplaces. It promises to be an enlightening panel and will help point you to the future of merchant onboarding.