| |
|
Closing the Phishing Hole – Fraud, Risk and Nonbanks |
|
|
Topic: Technology |
12:10 am EDT, May 13, 2007 |
A new paper by Ross Anderson. May be of interest. Online fraudsters use a variety of nonbank payment services to launder the proceeds of crime. People had assumed that traceability was the key. However, investigation reveals that revocability is more important. Fraudulent payments within the banking system can be pursued and recovered with a reasonable probability of success; but once stolen funds are used to buy transferable financial assets such as eGold, recovery becomes much harder. This suggests that much of the benefit that could be obtained from regulating nonbanks more closely can be got by greater transparency about counterparty risks. I also look at broader issues; just as adequately regulated offshore financial centres can benefit the global financial system by providing competition, so also nonbank payment systems can play a useful competitive role. A further issue is the confusion between identity and traceability that has crept into compliance procedures since 9/11; I argue that there has been too much emphasis on the former at the expense of the latter. The current FATF rules impose unnecessary burdens, particularly on the poor, while not doing enough to facilitate rapid recovery of stolen assets. Future regulation of nonbank payment services must take account of this. Anonymous or unverified payment mechanisms can be tolerated, particularly for low value instruments, so long as stolen funds can be quickly traced and recovered. One must also be cautious about liability. Many nonbank payment systems use contracts that attempt to make them judge and jury in disputes with customers – risking a race to the bottom that would undermine consumer protection, and moral hazard which exacerbates operational risks. Only payment service providers can fight fraud effectively, as only they have access to all the data, and the ability to evolve their systems. Consumer protection thus cannot be ignored in payment system resilience.
Closing the Phishing Hole – Fraud, Risk and Nonbanks |
|