Creating Strategic Partnerships to Combat Payment Fraud
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting those individuals working in information security to protect data and transactions at credit unions and other financial institutions.
Ted Kirk, vice president of strategic partnerships at payment fraud detection firm Advanced Fraud Solutions (AFS), based in High Point, N.C., is a Tar Heel through and through. The native North Carolinian grew up where he currently resides, Winston Salem, N.C., went to college at the University of North Carolina at Chapel Hill; and began his career working for ShareFile, a startup in Raleigh, N.C.
It is also safe to say cybersecurity and fraud prevention have always been part of Kirk’s professional life. “I became involved with information security with my first job and have been my entire career,” Kirk recalled.
At ShareFile (acquired by Citrix ShareFile in 2011), which provides data sharing space, he worked with credit unions, banks, accountants, financial advisers, and healthcare facilities to provide them with a secure way to safely exchange data with clients. He remained with ShareFile (then Citrix) for five-plus years until landing with AFS in early 2016.
AFS’s singular focus is helping financial institutions mitigate any type of payment fraud through detection software, including TrueChecks, its check fraud database and prevention solution; TrueCards, a card fraud detection tool that uses dark web sources to pinpoint at-risk cards; AFS Positive Pay, which helps financial institutions and businesses mitigate vendor and payroll fraud; and TrueACH, an account validation instrument that confirms the accounts owner or authorized user.
As vice president of strategic partnerships with AFS, Kirk works to build, maintain and grow a network of fintech resellers, integration partners and data sources. He oversees relationships with fintech companies like Jack Henry, FIS, Fiserv, Corelation, Vertifi, and Urban Ft; corporate credit unions; and threat intelligence companies, such as Q6 Cyber and Gemini Advisory. “We're doing a lot of different things with those companies, but it's focused around either building integrations to deliver our fraud prevention in an automated midstream fashion to their end users; or to grow our databases and increase the depth and breadth of the data.”
Kirk said, “I'm involved with the soup to nuts with all of those partnerships, sourcing and prospecting, and talking to clients to figure out other tech companies they're working with, where it would be nice if we had some sort of partnership.” His role is to also provide security support through product management, scoping development work, defining client requirements, and ensuring tight, properly coded integration. “How do we help those financial institutions stop fraud when they roll out our two products together?”
Checking Against Payment Fraud
AFS started in 2007 when a group of regional credit unions and banks pooled information to create a counterfeit check database to fight fraud. That database became an alpha version of AFS’s flagship product, TrueChecks. Kirk pointed out today AFS works with over 750 banks and credit unions of all shapes and sizes. “From one-branch community institutions to some national names and super regional banks. We are also working with over half of the top 100 credit unions in the country.”
Even though paper check volume is half of what it was when AFS began, Kirk called attention to how the dollar loss from fraudulent checks has either remained steady or risen over time since then. “What it nets out to is for every check that a financial institution does see, there is a much greater likelihood that there is going to be some fraud, problem or loss associated with that check. It’s definitely still a stubborn problem for financial institutions.”
Kirk pointed out 70% of U.S. organizations (according to the Association for Financial Professionals 2019 payments fraud and control survey) reported check fraud, which was responsible for more than $18 billion in losses. Kirk also cited an Aite Group survey in which 59% of credit unions referred to check fraud (along with debit card fraud) as its primary fraud threat.
AFS evaluates deposits across multiple channels by scanning check data against the TrueChecks database, which contains more than 10 years of historical data from thousands of credit unions, banks and payment processor sources, Kirk explained. This database integrates with existing systems and offers real-time responses on duplicates (effective against double presentment ploys), counterfeits, non-sufficient funds, and closed accounts, which helps reduce manual workload, manager intervention and check fraud losses.
“The database we maintain has millions of records related to all the various ways fraudsters undertake to steal money,” said Kirk. He added, “We absolutely are handling any type of transaction that leverages a demand deposit or draftable account.” That includes paper and electronic checks, and mobile, interactive teller machine, ATM, ACH and wire transactions.
How Protection Works
“Probably a majority of our clients today are coming to us through some sort of API (application programming interface) integration,” said Kirk. “Most typically on TrueChecks, we're seeing (clients) coming to us via API integrations built within their check imaging providers. The best practice for these financial institutions is getting fraud prevention as close to the point of presentment as possible.” That process, he added, strips relevant details, like the routing and account number, off the check, before the imaging providers run it though TrueChecks. “We return an instantaneous response back to the financial institution, essentially giving them a risk score on that check.”
It is a similar process when it comes to ACH. “If I bank with ABC Credit Union and I want to send you an ACH transaction, I am going to enroll you as a designated recipient in my ACH platform.” The designated recipient’s name and other related data travel with bank account information during the confirmation process. TrueACH also helps financial institutions comply with the new WEB Debit Account Validation Rule, that Nacha, which governs the ACH network, introduced in March 2021 (with a year grace period) to strengthen anti-fraud measures and help ensure payments landed in the correct accounts.
For TrueCards, AFS pulls dark web and cyberthreat data into the backend of its solution via partners, described Kirk. So AFS receives any crime information along with a list of compromised cards for sale on the dark web. AFS uses that data to alert financial institutions using TrueCards if any of its cards were involved in suspicious activities, such as account takeovers, identity theft. “We are typically leveraging our partners via API to automate the way that we ingest their data and then use that as a starting point for our workflow within the TrueCards tool.”
Pulling it All Together
One of the top challenges that Kirk observes is from a financial institution’s perspective. “There are a lot of competitive pressures in the FI landscape today. So, figuring out a way to take a cooperative approach, and pool data amongst financial institutions, can be pretty difficult without a trusted partner like AFS kind of sitting in the middle to help with that.”
Kirk added that making information security more difficult requires staying up to date with the scam tactics. “Trying to keep up with the latest and greatest fraud trends is a real struggle because as we all know, fraudsters by and large make a full-time job out of coming up with new ways to steal money, right? So, if I am doing member service and running operations, and then I also have to try to keep up with all the latest trends, that can be a real struggle.”