QR Code Fraud Growing Fast in China

I am so very surprised:

a) This did not happen long ago.

b) China had adopted this so widely with AliPay and put everything into QR so readily given the risks / exposures that are starting to emerge here.

c) That there are still strong proponents of the QR code (anywhere).

It will be interesting to see if this is the beginning of the end of QR codes in payments now that the fraudster community has (finally) woken-up on the possibilities. It will be interesting to see how easily and how quickly the Chinese payments and AliPay in particular migrate to something else. My money is upon a world-class mobile solution.

In the interim, they ***may*** just limp along with a ‘closed-loop’ APP development that has limited execution of ‘QR code’ code.QRCode

For more information visit here.

This article was originally published by Bill Trueman at https://www.linkedin.com/pulse/qr-code-fraud-growing-fast-china-bill-trueman

Advertisements

Risk-Based Approach for Due Diligence in Anti-corruption Issues

Points of Discussion in this Article

1. Importance of due diligence in corporate transactions
2. Framework finalized in U.S. Jurisdiction
3. Aim of Diligence
4. Risk Profile

1. Precis

Transactions related to investment and acquisition pose significant risks concerning anti-corruption affairs. Although there is huge financial opportunities in the corporate business but it comes along with a set of corruption risks, that, if ignored, can bring consequential risks to the company. So, the corporate sector is now moving ahead under the wave of anti-corruption due diligence that will mitigate risks in the corporate transactions. This stream might not guarantee 100% security but it will definitely find the compliance vulnerabilities and structural risks, provided the execution of diligence process is courteous, well programed, and well accomplished.

2. U.S. Jurisdiction

A framework has been drafted and rooted by U.S. Department of Justice and U.S. Securities and Exchange Commission for probable liability. Its requirement arose due to the high risks involved in corporate transactions, specially amidst the international boundaries. The drafting and confirmation of this framework is done under the Foreign Corrupt Practices Act (FCPA). For details, click here.

3. Aim of Diligence

The framework finalized in U.S. Jurisdiction covers successor liability and in line with this, there are several aim of the transactional diligence. These are given below:

Investigation of risks that might result in liability. These risks include weakness in control, inaccuracy in accounting entries, or suspicious payments. Satisfaction of acquirer in terms of it undertaking suitable steps for identifying the potential risk. Before the transaction, there might not be any risk. However, in case a risk is faced later on, the procedures of due diligence will help in ensuring that there is no liability imposed at the completion of transaction.

4. Risk Profile

An approach which is risk-based is highly preferable to due diligence – this is confirmed by seasoned and reputed regulators. The diligence resources lay complete focus on high-risk interactions with government, regulators and customers. Risk profile is impacted by various factors such as the corporate constitution of parties, suitable geographies, industries and history of compliance. Herein, there are a couple of possible scenarios with multinational transactions.

First is the parties are looking to emphasize on anti-corruption reviews along with undertaking due diligence of heightened level on their subsidiaries and affiliates that are globally operational. Second is parties engaged in various industries must be accountant to the possible regulatory scurrility which making the risk profile. Herein, the said parties might already be focused by anti-corruption authorities.

Second is parties engaged in various industries must be accountant to the possible regulatory scurrility which making the risk profile. Herein, the said parties might already be focused by anti-corruption authorities.

While creating the profile, the acquirer must calculate whether imposing of required steps will result in loss, license or some asset.

While creating the profile, the acquirer must calculate whether imposing of required steps will result in loss, license or some asset.

Some other high risk areas are:

A target whose profit are dependent mainly on big government contracts.

A target whose major part of assets depend on government concessions (in past or present).

Such cases can be oil fields, mining rights etc.

Businesses that are extremely regulated. For instance, where timely inspection approvals are required by local authorities.

Organizations that rely on instruction and demonstration of a product

5. Are due diligence procedures helpful?

It is imperative to implement Risk-Based Approach for Due Diligence in Anti-Corruption Issues from the beginning as it helps in reducing the chances of risks. These procedures can be done along with the standard financial postulations of due diligence. Remember that in this case, the access to information will be restricted and so you should scan multiple sources to compile exhaustive data. You can try various sources to gather the information such as assessment of financial ledger, interviews, material of data room and public sources (direct parties or indirect sources).

At this point if you wondering whether due diligence procedures are helpful for your business, then its answer is clear YES! Their implementation will help you reduce the risks and hence safeguard our company’s reliability and credibility in the industry. When we talk about risks, then its types should be trekked in the following areas:

1. Discipline of employees in terms of breaching the policies or norms of anti-corruption.

2. Investigations that are in process or complete (internal as well as government)

3. Policies, training, auditing and topics that can be exposed by whistle blower. All these falls under the control environment of an entity.

4. Side agreements, payments through cash and faulty commissions. All these falls under the tenders / contracts of an entity.

5. Unfavorable findings in the internal or external audits

6. Other Areas of Risk Finding under Due Diligence Procedures

Regulatory relationship of an entity is also one of the main areas, wherein auditing should be done. Herein, important points or resources that should be assessed are approvals like permits and licenses. These can be further elaborated to cover benefits like gifts, expediting payments, fees etc. provided to government inspectors. Another such area is the expenses related to marketing processes such as gifts, travel, entertainment etc. While working on diligence in this area, one should investigate the expense records, conference attendance and trips details. Other areas are:

1) Entity’s relationship with various intermediaries and third parties such as sales agents, distributors, consultants and others. Emphasize must be given on those individuals who directly engage with the government’s clients and regulators. Herein, there are 3 sub areas that require assessment:

(i) Whether an entity is following procedures to review and approve the contracts

(ii) Whether an entity needs written consulting agreements and if these are needed to be

included in various legal clauses viz compliance, audit.

(iii) Whether an entity needs to authorize payments after the completion of documentation.

2) Entity’s teaming arrangements such as its involvement in joint ventures etc., wherein government regulations must be followed.

7. Due Diligence Procedures and their Timing – Both are Important

The discussed anti-corruption procedures are effective only when they are done at the correct time. An entity must discuss the timing part with the other party to implement it before the signing of deal or after it. In most of the cases, parties prefer anti-corruption due diligence procedures to be implemented after the contract signing. One key jeopardy with this timing is that in case a risk is detected after deal- signing, then it might result in price negotiation and/or disclosures at some level, thereby delaying or preventing closing.

For more information on Due Diligence and Due Diligence Service one can contact Bill Trueman a highly experienced specialist in risk review and due diligence. He is permanent member of AIRFA, and director of RiskSkill and UKFraud.

How Due Diligence Can Reduce Third Party Corruption

Due Diligence Investigation Advantages

It is a common practice for businesses to implement internal policies and established a positive and goal-oriented team in order to safeguard their practices from corruption. However, one loophole that still exists and is often overlooked is the outside factors, such as those people, who have a different ideology than that of businesses. This can also be understood as the unethical practices of the 3rd parties that can negatively impact the company’s existence and credibility in the industry. In line with this, UK introduced the Bribery Act 2010 in July 2011 with the aim of combating frauds and corruption related to 3rd parties. One odd concern with this act is that it holds the principal organization fully accountable for the corruption. This has been condemned by Neil Swift, who works for Peters & Peters Solicitors. He cites that even if the main organization is not involved, still they could be held liable for it.

International Corruption Data

Transparency International published The Corruption Perceptions Index (CPI) 2015. Herein, all the countries are rated on the scale of 0 to 100, maximum rating meaning that the country is very clean in terms of corruption.

Highlights:

  • On the rating scale, 53% of G20 Countries acquired less than 50 points.
  • EU and Western Europe scored an average lower than 50 points
  • Denmark scored 91 points
  • UK scored 81 points
  • India scored 38 points
  • China scored 37 points
  • North Korea and Somalia scored 8 points

The publication must be considered by businesses, who desire to expand overseas. Less CPI score does not means that business in those countries should be altogether avoided, it just tells that one should take extra measures while expanding their businesses.

Businesses Should Improve Diligence on Third Parties

By now, it should be clear to you that there is no such foolproof method that guarantee that the third parties would comply with your business-related procedures for corruption and anti-bribery. However, it is important to implement due diligence irrespective to the reputation of third party. Here, we will mention some good practices for the same:

1. Risk Assessment to Find Amount of Due Diligence

Here, note down the possible points (make a checklist) that can make the third party risky. For instance, their ranking by CPI (personally owned or open to communication with government entities), their commercial terms etc.

This checklist can help you in the identification of potential risk areas. So, whenever you decided to make a deal with that third party, make sure to consider it.

2. Questionnaire on anti-corruption guidelines

As a business organization, you should prepare a questionnaire for third parties asking whether they have drafted a policy in concern with bribes or not. In addition, you may include questions that relate to the types of reporting systems they follow.

In case, you are not satisfied with their answers (satisfaction can be related to inconsistency, absence of details or indirect replies), you can just pull out of the deal.

3. Provide Suitable Training to the third party

If you have made the decision to undergo a business contract with a third party, then first thing you should do is to give them training on policies related to anti-bribery and corruption. This will make you both on the same level on this aspect. In addition, the importance of training is increased manifolds as every country has a different set of attitudes and laws concerning the corruption. Therefore, it is important to be at par all those guidelines while doing business overseas.

4. Vetting and Auditing

You should take enough time in accumulating information and verifying the reliability & credibility of the third party, as a part of your due diligence process. Some decisive constraints to consider in vetting and auditing process are:

  • Reputation
  • Public records resources
  • Payment of contract
  • Financial background
  • Competency of the third party
  • Beneficial Ownership

Once you are in contract with the overseas business, then you should NOT rest on ones laurels else you might end up in a difficult situation. There are always risks related to third party, even after the contract is finalized. You can develop a framework, wherein you should keep an eye on the performance of the third party via inspections/reviews, site visits, and consistent contact.

Bill Trueman and Kevin Smith are eminent due diligence experts who provide their consultancy services to card issuers, banks, corporates and business organizations globally; and help in comprehensive appraisal of a business/organization before undertaking by a prospective buyer to evaluate its commercial potential. They are chief executives of RiskSkill, & UKFraud and full time member of AIRFA which is a worldwide known independent organization of risk and fraud advisors.

After Ban PayPal Halts Operation in Turkey

paypalIn a strange sequence of events, we read that Paypal has been unsuccessful in securing a payments processing license in Turkey. This means that it will not be able to send or receive money for Paypal customers in Turkey. Furthermore, existing payment funds will have to be paid back to Turkish bank accounts. This does not bode well for Paypal, other global payments systems or the cross-border processing of payments in Turkey and Europe overall.

Why is this? It seems that the BDDK (www.bddk.org.tr), i.e. the Turkish Banking Regulation and Supervision Agency introduced a law (June 2013) that required Paypal and others to base their IT systems in Turkey.

We all recognise the need and support for individual markets to protect themselves with appropriate controls, particularly in processing ‘sensitive data’, but requiring all operators to process and retain all data ‘locally’ in Turkey, seems overly reactive and more of a deliberate way of preventing international players from operating in the Turkish market. This will force ‘new’ international entrants to the market to take a more local presence in Turkey – both for governance and for where the IT systems are based. And what about other existing non-compliant entities?

It appears that Paypal have been very gallant and relatively quiet publicly about this situation in commentary since the decision; so it begs more questions:

a) With Turkey’s ambitions to join the EU (negotiations started in 2005), is this really going to help in the spirit of economic collaboration and delivering global commerce?

b) Turkish authorities have enough bigger challenges – so can they really want this to further hinder their campaign?

c) Who else will this impact? Will other and existing companies that are not complying with the same requirements be required to leave the country if they do not meet the requirements that IT systems be located in Turkey?

d) Did no one at Paypal see this coming?

e) Has no-one in the European monolith raised this as an issue with Turkish authorities and explained to them how far away from the spirit and intent of the EU marketplace this really is?

Kevin Smith, author of the news is Joint Chief Executive at AIRFA, and director of RiskSkill. He is highly experienced and independent payment services, risk management and compliance consultant. For more information visit website www.airfa.net

Source: Banking

RBS Announces Trial of Cryptocurrency

Royal Bank of Scotland has just announces that it is trialling its own cryptocurrency – which of course, will resonate on the news-lines significantly.

But let’s stop and work out why they are doing this and why they are announcing this?

MOTIVATIONS

With around 1000 cryptocurrencies globally and with the market leading cryptocurrency being 100s times bigger than all the others, it seems like a strange thing to do from a marketing, sales, competitive basis. RBS have certainly not said that they intend in any way to ‘corner the market’ or to be a ‘world leader’ in this area – so this is not their motivation. So let’s not get hung up on this, or expect them to start sending you and me application forms any time soon.

Will RBS be creating a gateway for audited and trackable payments to its correspondence banks and across its own network? Maybe. However it is unlikely that it will be replacing its very lucrative payments transmission businesses, but there is an option for it to reduce the costs and increase the audibility of its own internal ‘group’ payments – as it has stated that the trial that it has been progressing with have involved its different banks within the group.

So if it is not going to sell me and you (as customers) a new payments service at lower costs, and it is not going to compete in the alternative currency markets, then we have to read this move by the RBS as follows:

We are a big bank and government run; but we want to demonstrate that we are forward-thinking and are reviewing seriously ALL the new and latest ideas and technologies.

Blockchain and Crypto-currency media gets a good reading and positive reactions from the public so we need to be announcing this to the world.

It is really just work that we are doing in our own laboratories within the RBS group. We are testing these things so that we understand all about them and can then work out where we can use them and where we can adopt them.

So, if this is the case, we can simply read this with interest and forget it; until RBS then follow this with a notification of how they are going to use it in the ‘real world’ – and then we can start to think harder.

In the meantime, it is worth noting that there are so many things that can be done with the Blockchain technology and so many great new business start-ups that are using the technology to evolve real-world business solutions that the banks that will survive in the next 10 years will be those that embrace the new, take the best of what is on-offer and move forward as if they are small agile businesses rather than the big banks that they are.

RBS are seemingly doing the right things in the market (or starting to do so), but this is nothing that we need to get excited about or worry about as consumers. Not just yet.

But this should worry all the banks that are not doing these things.

For further information, please contact Bill Trueman or Kevin Smith (eminent risk and fraud specialists) both are member of AIRFA.

Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

I read with interest that news in Finextra and elsewhere that the banks have been given the go-ahead to sue Target for $30m for the reissue costs associated with the data compromise in 2013. This puzzles me, as I then want to know how the figure of $1200 per card is calculated.

The cost of re-issue will be less than a tenth of that per card. How they can justify that size of loss based upon a reissue alone is not conceivable.

To read more visit here

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Recently Bill Trueman, director of UKFraud and RiskSkill, a globally famous eminent risk and fraud specialist published a post about the effect of EMV on Retailers which many retailers are concerned of in USA. Below is that post…

Before saying “EMV Return on Investment Unlikely for Retailers” we should consider some points. The only thing that surprises me about this “glass half-empty and cracked” view is that we did not see it earlier. Surprise surprise, everything has a business case. Sometimes it is clearly positive, others more difficult.

EMV has always been in the more difficult bucket. It is an infrastructure change, not just a few tweaks. It should have been treated more seriously and realistically. Of course it comes down to how you measure this and what you want to prove. It is easy to prove a negative position. More challenging to demonstrate a closer to break-even or soft benefit. We have known about it coming for a long time.

Visit Here to Continue Reading…

Thanks