The 3 controls you need for payment risk management

As the payment risk landscape gets more complex, so does payment risk management. Use this three-pronged approach to protect customers and your bottom line.

July 27, 2023

Danielle Antosz

Danielle is a fintech industry writer who covers topics related to payments, identity verification, lending, and more. She's been writing about tech for over a decade and is passionate about the impact of tech on everyday life.

The payment landscape has witnessed a significant transformation in recent years. Gone are the days when cards and cash were the sole options for same-day settlement. Now, consumers and businesses have a variety of payment options, like same-day ACH and Real-Time Payments. However, the emergence of new payment rails and faster payment types also brings an increased risk of payment fraud.  

This article sheds light on the growing risk of payment fraud and explores effective payment risk management practices to help businesses stay ahead of emerging threats.

The growing risk of payment fraud 

With the growth of digital transactions and the emergence of new payment rails, fraudsters have found new ways to exploit vulnerabilities in digital payments. The consequences of payment fraud can be severe, resulting in financial losses, a poor customer experience, and a decrease in trust. 

While fraud isn’t a new problem, it is a growing challenge. A recent study found 65 percent of organizations fell victim to payment fraud attacks or attempts in 2022. New FTC data reported consumers lost nearly $8.8 billion to fraud in 2022, a 30 percent increase from 2021. For businesses, the losses can be even higher—every $1 in fraud results in $4.23 in losses for financial services companies. 

One of the best ways to reduce payment fraud risk is to gather more customer information. However, this creates friction in the onboarding process. Shahar Ronen, Plaid’s Product Manager for Fraud and Identity, suggests incentivizing users to share additional information for risk assessment by offering product benefits:   

"For example, the customer signs up and can use the account right away, but to access other benefits, like higher payment limits, they must connect a bank account or add a direct deposit source." 

Payment fraud doesn't just impact businesses' bottom line; it also poses a threat to the overall integrity and security of the payment ecosystem. By staying proactive and implementing robust payment risk management controls, businesses can mitigate the risk of payment fraud, safeguard their financial interests, and maintain customer trust.

Reduce fraud risk: 3 payment risk management controls 

Reducing payment fraud requires a proactive approach to safeguard customer information and filter out bad actors. Businesses often wait until a transaction happens to assess risk. But in doing so they may miss useful signals—and the opportunity to remove fraudsters from their platform before they cause issues. 

For example, by letting a fraudster open a deposit account you're wasting money to create a card for a user who may never use it. And by not protecting against account takeovers at the time of login, you enable a fraudster to collect information from the account, which can then can be used to commit fraud elsewhere. 

Instead, businesses need a proactive process that assesses risk at every step of the customer journey, including managing risk at sign-up, during account verification, when transactions occur, and beyond.

User risk 

Upstream verification (before sign-up) verifies customer information during the account creation process to determine if a user poses a risk. This step mitigates risk by verifying users' identities before any transactions occur. 

Through the Know Your Customer (KYC) process, customers provide essential details such as their name, address, ID, phone number, and email address when creating an account. This information enables active verification, such as validating the authenticity of provided phone numbers or comparing information the customer provided with information available from other sources. However, it is not enough to simply meet compliance and regulatory requirements. Limiting user risk includes understanding the changes to the user account and monitoring to understand if the risk profile changes over time

This verification can be carried out either manually, where human intervention is involved, or automatically. Plaid's Identity Verification achieves this by verifying the information needed to reduce user risk without causing friction in the onboarding process. With Plaid Beacon, you can go a step further to screen if that identity information has been reported as associated with fraud by other apps in the network.

To effectively reduce payment risk, however, user risk should be just the first step in the payment risk management process. The next step in the process is limiting risks during bank account verification. 

→ Want to reduce payment risk through upstream user verification? Plaid Identity Verification quickly verifies identity data without adding friction to the onboarding process.

Bank account verification

Account verification involves confirming the authenticity and validity of a customer's financial account information to reduce payment risk. By verifying account details, businesses can better assess the associated risks, such as the source of funds or payer/payee risk. 

However, building a robust internal identity-matching algorithm requires time and extensive developer resources. Also, adding fraud checks at this step often increases user friction and churn.

Plaid Identity verifies and matches a customer’s account ownership information with what’s on file with the financial institution. By using Plaid’s matching algorithm (which is just as good as a trained human reviewer), businesses can better identify data mismatches while ensuring true account owners are not misclassified. 

Email address and phone number changes are the second most common method (after password changes) fraudsters use to take over accounts. And 24% of account takeover victims had contact information changed before the incident. 

Organizations should also keep an eye out for fraudsters who might exploit the system by seemingly providing this additional information and then making fraudulent purchases later. Active verification processes can mitigate this risk. Verifying new information, analyzing customer behavior patterns, and conducting active checks at periodic intervals can ensure the legitimacy of account ownership. For instance, if a customer wants to change their phone number several months down the line, the account can be reverified to reassess the risk. 

Plaid's 2023 Fintech Effect Survey

Navigate the latest consumer trends, create lifetime customers, and grow your business

Transaction risk detection

Transaction risk detection, the third step in the payment risk process, is the process of identifying, assessing, and mitigating risks associated with financial transactions. Risk is detected through transaction attributes, such as amounts, time, date, sender, receiver, and transaction patterns. 

Analyzing these details allows businesses to reduce risks related to account takeover, money laundering, fraud, and regulatory non-compliance. For example, monitoring transaction amounts can identify unusually high-value transactions that may indicate fraudulent activities or money laundering attempts. Analyzing the time and date of transactions can reveal potentially suspicious behavior. For example, it might be suspicious if a customer tries to empty their account at 3 a.m. local time. Furthermore, scrutinizing the sender and receiver information can help detect unauthorized transactions. 

To enhance transaction risk management at scale, businesses can leverage machine learning solutions. Plaid Signal is a machine-learning risk engine that predicts ACH payment risks. It can flag suspicious activities, unusual transaction patterns, and potential risks in real time—enabling businesses to analyze risk in real-time and create dynamic payment flows. For example, for low-risk transactions, you can make funds available immediately to a customer so they can start making the most of your app. For high-risk transactions, you can put additional checks in place. 

Uphold, a digital wallet and trading platform, used Plaid Signal to reduce ACH return risk and flag low-risk customers for faster processing than higher-risk ones. They were able to process low-risk transactions nearly instantly—rather than forcing customers to wait several days to withdraw funds.

Using Plaid Signal helped Uphold achieve the following:

Reduce return losses by 80%

Decrease customer complaints by 77%

Process 83% of transactions almost immediately

By effectively managing transaction risks, businesses use the Signal score to protect against financial losses and stay compliant with the Nacha ACH return thresholds. 

→ Want to enhance transaction risk management? Plaid Signal helps businesses predict ACH return risk and optimizes payment flows. 

Protect customers and your bottom line with payment risk management 

The best way to fight payment fraud is to detect and mitigate risk throughout the user journey and the customer’s lifetime. As new payment rails like FedNow are introduced, businesses need to stay proactive and adaptable to address emerging fraud trends. Enacting robust controls supported by tech solutions offers the greatest reduction of risk and enhances the overall security of payment processes.

Learn more about how Plaid Identity and Signal help businesses reduce payment risk, optimize the payment process, and keep customer information safe. 

Find out how Plaid can help your business grow

By submitting this form, I confirm that I have read and understood Plaid’s Privacy Statement.

This form goes to our sales team. If you have questions about connecting your financial accounts to a Plaid-powered app, visit our consumer help center for more information.