Executive Profile Series With John Canfield From WePay

by John Canfield 0

WePay’s payments API is built specifically for platform businesses like marketplaces, crowdfunding sites and small business software. These platforms are empowering millions of users worldwide to unlock all kinds of creative commerce. Through its proprietary Veda social risk engine, WePay gives platforms a flexible payments API that provides a great user experience while still being able to take on all their fraud risk and compliance burdens.

The payments industry has typically fought fraud by making merchants go through a lengthy and involved process to prove they aren’t risky before they accept their first cent from customers. Yet in today’s digital economy, that just doesn’t cut it anymore. The platform businesses that are the real drivers of growth in the new economy — things like crowdfunding sites, marketplaces, and small business software providers — need to sign on new merchants fast and start processing payments immediately. That requires a new kind of payments system — one that’s faster, more secure, more flexible and backed by more machine intelligence than ever before.

PJ: What is the scale of the “fake seller” scam?

John:According to the U.S. Justice Department, credit fraud now costs businesses $5.5. billion a year.

PJ: How are platform businesses currently vetting merchants?

John:First, let’s define what we mean when we say platforms. When we talk about platforms, what we really mean is any website or app that’s acting as a facilitator for transactions between its users. Unlike traditional merchants, they don’t maintain inventory or provide services directly. Rather, they make finding and doing business with individual merchants easier for consumers, and usually earn money by taking a small cut of every transaction. Airbnb is a platform, as are eBay, Uber, Etsy, GoFundMe and most other high-flying e-commerce companies you can name.

Many platforms use a simple payment scheme called “aggregation” they settle all funds paid into an account they control, keeping track of who’s owed what, and then make the payouts to the merchants themselves. This makes signing up new merchants easy, but it also makes them the merchant of record for all transactions from a liability standpoint. That means that they, and not the end merchant, are the ones that are first in the line of fire when a chargeback occurs.

This means they accept fraud risk from payer and merchant side of the transaction, including risk for some types fraud that are unique to platforms — such as shell selling and collusion fraud.

A platform can mitigate some of its risk by extensively vetting a merchant before enabling them to accept payments. Banks have been doing this for years — it’s why you have to fill out a multi-page application and submit to a background check to open a merchant account. Unfortunately, there’s an inverse relationship between how onerous you make the sign-up process and how many potential users actually complete it, so there’s a practical limit on how much data a tech company can ask for up front. Most settle on a compromise that leaves them vulnerable to some fraud risk, but which lets them hit the aggressive growth they need to achieve the goals set for them by their investors.

PJ: How do platform businesses currently manage their risk?

John:Since user experience concerns make it undesirable to collect a ton of data up front about a user’s identity, most platforms looking to stop fraud must rely on another source of data about that user: how they’re using the service. Fraudsters tend to behave differently than legitimate users in measurable ways, which can help platforms spot them. A good example of this comes from crowdfunding: legitimate crowdfunders tend to broadcast their campaigns widely on social media sites, hoping to drum up donations, while fraudsters who are just looking for a way to turn stolen credit cards into cash keep things quiet, hoping to not get caught.

Over time, a platform can put together a good understanding of what a good user looks like vs. a bad one, and put measures into place to protect themselves against the ones that look bad — such as by holding a fraction of their money in reserve or even banning them entirely. But doing so well takes a lot of technology investment in risk technology, third party data integrations, investigation tools, and decisioning systems.

It is important to have experienced risk professionals who can design your systems and controls, monitor performance, and iterate. You also need analysts trained at spotting fraud to manually review those cases where a computer might make a mistake. Increasingly, the industry is also making use of machine learning algorithms that help the system to automatically adjust as fraudsters change their tactics, as well as spot patterns in the data that a human wouldn’t spot.

PJ: Is this a problem that is growing primarily due to the new role of Payment Facilitators?

John:It’s less a problem that’s growing because of payment facilitators, and more a problem that is growing because platforms are growing to account for more and more online commerce. An online platform like a e-commerce marketplace, crowdfunding site, or invoicing system removes most of the friction of connecting with others and transacting business. Unfortunately, the less friction there is for legitimate business, the less friction there is for fraudsters.

Thus, online platforms are inherently risky. Someone has to bear that risk — whether it’s a bank providing the merchant account, as in the case of very traditional payment providers, the platform itself, as is the case with many payment facilitators, or the payment facilitator itself, as is the case with WePay.

PJ: Should new regulations be promulgated to mitigate this problem?

John:We don’t think fraud is a problem that can be solved with regulation, which is mostly useful when the market doesn’t provide enough incentives to align the behavior of businesses with the interests of consumers. In this case, it is ultimately the platform, or their payment provider, that ends up footing the bill when collusion fraud happens. That means they already have a strong interest in preventing fraud — in some ways, they’re even more invested in preventing credit fraud than consumers, who are insulated from the fallout by federally-mandated consumer protections like chargebacks. In other words, it’s not the case that credit fraud happens because payment processors are negligent; credit fraud happens because it is extremely hard to stop, even with modern technology.

Beyond that, it’s not as though the industry isn’t already well regulated. Payment processors are actually already well-regulated at both the state and federal level, as well as being subject to rules regarding risk mitigation by the credit card networks themselves.