Simone Aurighi, Credit and Risk Manager, EMS: "Proactivity: The best approach for payment security"

Simone Aurighi is the Credit and Risk Manager of European Merchant Services since 2010. EMS is part of the First Data Group and it is the fastest growing e-commerce acquirer in the Netherlands. Simone is in charge of the risk management of the entire merchants portfolio, from boarding and underwriting to fraud management and periodic review, as well as collections. Prior to joining EMS, Simone worked within the Risk Management Team of First Data, where he held several roles with a broad scope of responsibilities

What is the core business target markets and vision of EMS?
Simone Aurighi: The core business of European Merchant Services (EMS) is processing credit card payments. However, we are expanding the scope of our activity with the addition of new products. We acquire Visa, MasterCard and Diners/Discover; currently we are implementing JCB and China UnionPay as well. We are also acquiring Maestro and exploring the possibility of acquiring iDEAL, because it is a popular payment method in the Netherlands.

EMS is a joint Venture between First Data, a worldwide payment processor and ABN Amro owned ICS, which is the leading Dutch Credit Card issuer. The joint venture began seven years ago as a POS company, focusing on POS payments and soon afterwards started with the ecommerce platform. We have since developed in this area through the integration of more and more payment service providers. Today, we support 26 payment service providers, all with their niche focus in verticals, sectors and regions. We process more volumes in ecommerce than we do in POS and we have ecommerce merchants from across Europe, including the UK. We are able to support smaller countries where many ecommerce merchants are based such as Isle of Man, the Channel Islands, Malta, Gibraltar and Cyprus.

Our ambition is to become the preferred European acquirer within the ecommerce and multichannel landscape. In order to achieve this we want to become a customer-focused acquirer. If you compare us to the other European organizations we are small, we are around number 50 in Europe, in terms of volume. However, we are able to win more and more merchants because we are able to establish close relationships and act on the needs of our customers as well as our potential customers, rather than processing huge numbers in a faceless environment.

What are the biggest payment security challenges for the retailer/customer now?
Simone Aurighi: If we are taking into account the fraud aspects of payments, the biggest challenge for customers is the ability to maximize their revenue, while minimizing the impact of fraud. The easier you make it on your website to enable a payment, the easier it is for a fraudster to take advantage of that payment page. Therefore, the main challenge is to be able to find a solution to keep the balance and help e-tailers obtain the highest conversion rate in the most secure way. But it is also very important to keep it simple for customers. Ideally, the payment should be easy for the good (trustworthy) cardholders, but as difficult as possible for the fraudsters. The large e-commerce companies have the financial and human resources to handle this. In fact, entire departments are analyzing payments and behavior patterns and gathering information to educating themselves on the new trends in fraud. This means they have the power of protection against fraudsters. When it comes to the small to medium sized companies they need to rely on external support, they do not have the knowledge or resources to identify the best solution for keeping the balance, support can come from the acquirer for credit card related payments. At EMS, we put a great effort into helping our customers and for all other payment methods PSP’s can help in these areas.

What exactly is the kind of support that EMS provides for payments security?
Simone Aurighi: The best approach is to be proactive, trying to detect processing elements, which can cause an issue later on. There are many acquirers who only interact with a merchant when there is a problem, when there has already been too much fraud. However, from our point of view this approach does not work, because you are only taking action when it is already too late. Of course, fraud happens to us as well, we have systems in place to help us identify patterns that lead to the issue before the issue can manifest in actuality. In case of fraud, we contact merchants and we try to suggest the right solutions that will help to educate them in the prevention of fraud happening again. For us, as an acquirer the core focus is on making sure we protect our own business first and foremost, because if the merchant has fraud, we also have fraud.

One of the many advantages we have at EMS is being part of First Data, giving us much wider exposure to issues and problems that can occur. As First Data is a worldwide payment processor with alliances all over the world. They have a broad view on what is happening within the ecosystem concerning payments and fraud, which gives a competitive advantage to us at EMS, because we are able to access a huge knowledge on the basis of the trends in payments, fraud and risk. First Data acquirers that deal with any given issue are then able to share with other acquirers in the First Data family, preventing the same problem. Acquirers are not allowed to share privileged information within the group, only when it comes to fraud they are encouraged to help each other, because there is no allowance for a fellow company to be defrauded, which is why we take great efforts to share as much information as possible when fighting fraud.

In the early days of EMS, we did not have easy access to fraud data and I spent the first couple of years trying to put in place an internal system and to build a database with the fraud information we were able to obtain from the uncovered schemes. Once the database was stable enough we started sharing fraud reports with our customers. We are currently trying to share these reports on a weekly basis, because the information is vital for our merchants.

Payment security is perceived in general as an IT problem, but it is not only about IT it’s about culture. How does your company work with an organization and or retailer in transforming their culture regarding fraud?
Simone Aurighi: This is related to the education process. We started by sharing the information via newsletters and we improved the distribution of knowledge by organizing the annual EMS Risk Event. I think that the Risk Event is a very good tool to educate merchants, to convince them that they need to protect their business and their own interest. When an issue of fraud arises, there are some merchants that complain they weren’t adequately informed or properly educated beforehand despite our best efforts. In these cases we make them aware there were prevention measures they could have taken and that their responsibility was and is to put these recommended prevention measures in place. It is important to change their perspective, that is why we send our newsletter. It is difficult to draw the attention to something that might be a future problem when it is not a current one.

Looking at it from this point of view, we see a large variance between small merchants and large corporations. Large corporations pay attention to the potential future problem and try to make efforts in prevention of these issues because they know it may have financial impact. A small company will take the chance by not taking preventative action towards these issues in hopes that they never face a problem.

In your opinion, what are the top five trends that are now dominating the payments industry?
Simone Aurighi: I think this is a difficult question. In my perspective, the major trend that drives the payments industry would be the simplicity of the payment. I have recently attended a conference and they were talking about the possibility to pay via the phone with your telecom provider instead of the credit card. Both merchants and consumers really liked this solution. For merchants these payments generate a lot of volumes without much trouble, there is low fraud involved (for the time being) and the consumers appreciate the simplicity of the method. Just one click makes the customer spend more, this is just an example of which I am sure both the technology, as well as the players involved in the payments industry will ultimately make it easier for cardholders to pay with increasingly less effort.

You have just stated that effortless payments are what drive innovation and on the other hand, we have the need to increase the security level, how can the balance be found between these two?
Simone Aurighi: It is my personal opinion that the Internet should be controlled. If you want a secure environment, you need to be able to control it. Why would you need to hide what you do, unless you are doing something wrong? I believe that in the near future everyone will have his/her own online identity and this will make it harder to perpetrate online fraud, as we know it today. However, it will lead to new types of fraud, such as e-identity fraud, but I believe the Internet will eventually become a regulated environment despite all the pressure people put in trying to avoid it.

In your opinion, is this development the future of online fraud prevention?
Simone Aurighi: I think this development will be implemented later on by a regulator, however, I believe the players in the payments industry will take action sooner and they are already taking action. The way forward to prevent fraud is to better identify the customer. Device fingerprinting, IP verification, geo-location are only some examples the industry has developed to make sure a cardholder is who he/she says they are. After all, cards were created for the card present environment, not the online one. This is why it has been easier for fraudsters to take advantage of the online payment platform.