David Kurrasch, President of Global Payment Advisors and a Financial Service consultant with decades of experience in the payments industry, recently sat down with us for a lively and far ranging conversation around ACH, banks and payments fraud risk. Excerpts are below.
Dave Kurrasch, President of Global Payments Advisors, has worked in corporate treasury, banking and consulting for over 40 years. His career started as a cash manager at a large, diversified corporation where he ran the day-to-day cash desk, short term borrowings and investment, and bank relationships. Dave joined Wells Fargo Bank as Vice President and National Sales Manager for the Bank’s Treasury Management Division and later was promoted to Senior Vice President in charge of the Bank’s Treasury Management Product Development and Management operations. Dave and his team were responsible for all product development, risk and fraud management, unit costing and profitability analysis.
After 15 years at Wells Fargo, Dave founded Global Payments Advisors in 1997 and has provided consulting advice and contracting services to banks, corporations, universities, governments and FINTECH start-ups in the United States, Canada, Europe and Asia. He has deep experience in all facets of treasury management, payments, risk and fraud management and their statutory/regulatory compliance.
ON WHAT HE HAS SEEN
I was there with PayPal at the beginning and I was at eBay. I built eBay's payment platform to start when they first began and all these technologists were building all these things and they go, "Oh, payments, ah, that's easy." It takes a lot to get people to realize that payments is really tough and requires eyes in the back of your head.
My business is all about trying to stop the bad guys, but the bad guys tend to be a lot faster on the trigger than the good guys in terms of finding ways to penetrate people's bank accounts. If fraud was easy to solve, it would have been solved 40 years ago, but it just keeps evolving into new and different ways of making it happen.
| The actual vendor called up and said, "Where's my money?" They said, "Well, we paid you." He said, "You didn't pay me." |
WHERE THE RISK IS FOR PAYMENTS FRAUD
Most [large] corporations either are good at fraud control because they've built firewalls around their systems or they've had a lesson that made them fix the problem. The real issue is that when you go downstream to the next tier of corporations -- under a billion dollars in sales a year, maybe $750 million down to $20 million -- those guys are really susceptible to this and they tend to choose the less sophisticated banks and they tend not to understand how to protect themselves.
A lot of [the risk] has to do with how much control there is around how a vendor gets approved, how a vendor gets boarded into the system, how vendor changes are managed, how invoices are approved and paid. All that's around how much control there is.
Payments fraud is allowed to occur sometimes due to laziness and an unwillingness to properly put authentication in place, and a level of skepticism. Everybody's very trusting and, I mean, you take <client name redacted> for instance. They got hit with several hundred thousand dollars in losses from somebody who asked them to change a bank account. The actual vendor called up and said, "Where's my money?" They said, "Well, we paid you." He said, "You didn't pay me."
ON WHETHER WORKING REMOTELY HAS INCREASED RISK
Collaboration and carefulness ... superior care of the workflow and process tends to get compromised in this environment. In theory, having people working remotely in a dispersed fashion can cause controls to get compromised. Because controls sometimes are just a process of saying to the person in the cubicle next to you 'hey, have you seen this and what do you think of this?' That just doesn't happen as well in these remote environments.
I'm sure that the fraudsters out there are trying to take advantage of the fact that some targeted person is sitting at home being a little less careful than they should be.
WHY BANKS WON’T SOLVE THIS PROBLEM
Well, [right now] I think everybody is looking for somebody else to solve that problem other than the banks because the banks tend not to be in that business, so corporations have to really protect themselves from somebody trying to falsify bank account data on an ACH payment switch.
A bank can't really get involved in that other than to try to encourage them to manage their vendor database with lots of controls and most of my customers that I've had over the years, bank with the B of As, the Morgans, the Wells', that class of banks and my experience is, those banks really hammer away at risk. They offer pretty good controls against the bank account itself, but they can't work their way back into the vendor management process.
ON WHERE THE PAYMENTS FRAUD PREVENTION INDUSTRY WILL BE IN FIVE YEARS
I don't think the problem's going to go away in five years. It may go downstream. The Fortune 1000 may put a bullet through this either by their own internal controls or working with folks like PaymentWorks. Then the fraudsters will move down to the Fortune 4000-5000 and they'll just keep moving down to a level where people can't afford to protect themselves. I don't think the problem's going to go away. The ability to perpetrate large dollar frauds will probably change but there's 30 million small businesses in this country. That's a big target.
