Safeguarding Against Payment Fraud Through Strategic Perspectives
CIOREVIEW >> Payment and Card >>

Safeguarding Against Payment Fraud Through Strategic Perspectives

Eric Bonnell, Senior Vice President, Technology Risk, Atlantic Union Bank
Eric Bonnell, Senior Vice President, Technology Risk, Atlantic Union Bank

Eric Bonnell, Senior Vice President, Technology Risk, Atlantic Union Bank

Military strategy is built from different perspectives: the natural formation of the battlefield, the skills of the soldiers, the intelligence available about the enemy, and so many other factors. The tactics used in battle are also based upon this perspective and need to be rehearsed and adjusted as more information is available and the conditions change.

In a similar way, understanding payment fraud from different perspectives is the key to building a mature strategy and executing tactical controls. The objective is to delay questionable transactions from going through before they can be verified and processed safely or rejected. Considering the perspectives below is key to building a layered strategy and tactical procedures to address payment fraud at your organization.

Perspective: How the Game Is Played – Policies, Standards, and Procedures

Set clear and reasonable expectations within your policy and procedures, including customer identification and authentication rules, tiered transaction limits, transaction review criteria, and a strict approval structure. With these rules in place, design the controls for the remaining protection layers.

Regularly review the policies, standards, and procedures in line with the organization’s fraud trending report, business model strategy, and the current fraud risk assessment to address improvements and updates for new payment types and scenarios.

Perspective: The Wild Card – Your Customer

A compromise could and often does start with the customer and the customer’s technology. While the customer is directly out of your control, you should provide awareness and training to guide the customer in making safer choices.

Awareness topics include being vigilant against cyber compromise and social engineering as well as maintaining end-user and browser security. Also, having regular reminders and strong multifactor authentication in place will assist the customer and bring security top of mind when making transactions.

Perspective: Knocking on The Front Door – Know Your Customer (KYC)

Besides being a regulatory requirement, knowing your customer and your customer’s behavior can assist in validating the authenticity of payment transaction requests. KYC is the first line of defense in servicing a transaction and customer validation criteria should be strong and clearly defined in procedures.

While I speak of data and technology later in this article, its impact begins here. Your data management system, along with its quality and integrity, is the key to successful payment fraud management. Successful data management includes controls for validating the correctness of the KYC data captured during customer onboarding and throughout the customer relationship. Without good data, the conclusions made that are based upon subsequent reporting and models will be flawed or questionable at best.

In short, bad data is a primary driver of fraud loss. Failure to maintain this data is a key bad tactic and according to General Patton, it will destroy your best strategy. An organization that firmly commits to this principle, even with no other controls in place, will be more effective in the long run than an organization that may have advanced technology but bad or missing data.

Perspective: The Service Request – Submitting the Transaction

Being able to correlate recent customer activities with usual transaction types and amounts can help to identify red flags to verify before processing. For instance, a customer instituting a password change at the same time as requesting a large payment just under the approval limit may be a red flag requiring a courtesy call to verify before processing. Other red flags may include multiple transactions of the same amount to different sources, large transactions to a new payee, and a transaction sent from a newly established business approver with a personal email address.

Perspective: Technology and Analytics - AI with Big Data

It takes a combination of technology and human inspection to be successful at finding fraud and expediting valid transactions. Artificial Intelligence technology is available to pull data from multiple sources to compare a transaction against different scenarios and conditions. This data covers the different perspectives I have described. It includes customer identity and profile data, transaction history, dispute, and fraud event investigations and resolution information, and the same from other institutions. Having this information easily accessible in a big data ecosystem, rather than disparately maintained manually in a sea of spreadsheets and reports, will allow you to unlock the power of this information.

  KYC is the first line of defense in servicing a transaction
and customer validation criteria should be strong and clearly defined in


Invest in a quality fraud system and make sure to take advantage of all its functionality. Calibrating the models within this technology is an ongoing task to minimize false matches of fraud. Being staffed to maintain the system and its models while also being able to quickly respond to potential fraudulent alerts is key to success and customer service excellence.

The Status Report: Performance Metrics, Risks, and Opportunities

Another great benefit of leveraging technology is that the results can be gathered in a single location to review and query. Data mining transactional data, includes approved transactions, prevented transactions, disputed transactions, and recovered transactions. Mining this data can provide emerging trends, top types of fraud for immediate action, and insights into what is happening. This drives policy updates, emerging alerts and controls to implement, and targeted awareness topics for your customers and your organization.


Combating payment fraud requires a comprehensive strategy that implements controls that establish reasonable limits and approvals, provide customer and employee awareness and training, establish mature identification and authentication, detect questionable situations, identify concerns with quality technology solutions, and specify specific procedural actions to take to deny fraudulent transactions.

An effective strategy includes gathering data from various sources and pulling queries together for identifying emerging trends, common root causes of fraud prevention failure, and the impacts of customer and organizational financial loss. Use this data to refine your strategy, which will in turn fine-tune your tactical execution of fraud prevention. Take the words of General Patton to heart with these recommendations and build the discipline needed to prevent payment fraud.

Read Also

Digital Transformation & Innovation

Carlos Andre Sant'Anna, Chief Digital Officer, JHSF

Digital Transformation and technological advancements in a NEO Bank

Matthias Fengler, Head of Finance & Controlling, N26

Digitising your businesses DNA

Fraser Collins, Group Head of Commercial Finance, International Personal Finance (IPF)

The Bank's Experience: How a Company's Use of Fintech Can Accelerate...

Mārtiņš Bērziņš, Head of Digital Customer Experience, Deputy Business Development, Citadele Bank

Fintech solutions for the exploding savings market: How banks can...

Paul Knodel, CEO and Managing Director, Raisin US Inc.

Looking to Finance a Tech Startup? Your Timing May Be Just Right

Kurt Nichols, Managing Director, Portfolio Manager, CIBC Innovation Banking